Skip to content

docs(what-is): rewrite HashiCorp Vault page#18813

Open
alexleventer wants to merge 2 commits intomasterfrom
improve/what-is-hashicorp-vault
Open

docs(what-is): rewrite HashiCorp Vault page#18813
alexleventer wants to merge 2 commits intomasterfrom
improve/what-is-hashicorp-vault

Conversation

@alexleventer
Copy link
Copy Markdown
Contributor

@alexleventer alexleventer commented May 6, 2026

Summary

Rewrites /what-is/what-is-hashicorp-vault/ to match the AWS Secrets Manager peer convention and address several quality issues.

Structural / style fixes

  • Fix heading hierarchy (top-level was ###, should be ##)
  • Fix "Hashicorp" → "HashiCorp" capitalization
  • Drop the duplicate ### What is HashiCorp Vault? heading that mirrored the H1 generated from page_title

Content improvements

  • Add an intro paragraph that leads with a definition (Answer Engine Optimization)
  • Tighten the use-cases list from 8 bullets to 5 stronger ones
  • Add Best practices and Challenges and considerations sections (matching the AWS Secrets Manager page)
  • Add a Pulumi code chooser (TypeScript, Python, Go, C#) using the Pulumi Vault provider's Mount and kv.SecretV2 resources — previously the page promoted Pulumi but contained zero Pulumi code

Style-guide cleanup

  • Trim em-dash usage from 8 to 4
  • Remove "easier" per STYLE-GUIDE ("avoid easy/simple")
  • Use bash instead of shell for the CLI fence

Test plan

  • CI passes
  • Spot-check /what-is/what-is-hashicorp-vault/ rendering, including the language chooser
  • Verify all four code samples reference the right provider package and SDK version (Go SDK is v7)

🤖 Generated with Claude Code

@alexleventer @claude
docs(what-is): rewrite HashiCorp Vault page
944a4af 
Restructures the Vault what-is page to match the AWS Secrets Manager
peer convention and fix several quality issues:

- Fix heading hierarchy (h3 → h2 for top-level sections)
- Fix "Hashicorp" → "HashiCorp" capitalization
- Drop the duplicate "What is HashiCorp Vault?" heading that mirrored
  the H1 generated from page_title
- Add an intro paragraph that leads with a definition (AEO)
- Tighten the use-cases list from 8 bullets to 5 stronger ones
- Add Best practices and Challenges and considerations sections
- Add a Pulumi code chooser (TypeScript, Python, Go, C#) using the
  Pulumi Vault provider's Mount and kv.SecretV2 resources
- Trim em-dash usage and remove "easier" per STYLE-GUIDE

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@alexleventer alexleventer requested review from CamSoper and sicarul May 6, 2026 03:39
@claude
Copy link
Copy Markdown
Contributor

claude Bot commented May 6, 2026

Docs review

Solid rewrite that brings the page in line with the AWS Secrets Manager peer convention. Heading hierarchy is fixed, "HashiCorp" is now consistently capitalized, em-dash usage is reasonable across the article, and the Pulumi code chooser is a real improvement on a page that previously promoted Pulumi without showing any. A few things worth a closer look before merge:

Issues

1. "Open-source" framing (line 14)

The intro paragraph for the H2 calls Vault "an open-source tool." HashiCorp relicensed Vault Community Edition from MPL 2.0 to BUSL 1.1 (Business Source License) in August 2023, which the OSI does not classify as open source. "Source-available" is the more accurate label, and several other Pulumi pages have already been updated this way.

HashiCorp Vault is a source-available tool for securely storing, generating, and tightly controlling access to secrets such as tokens, passwords, certificates, and encryption keys. Vault encrypts secrets at rest, brokers access through identity-based policies, and produces a detailed audit log of every access — giving teams a single, centralized way to manage sensitive data across applications, infrastructure, and clouds.

2. Bulleted list interrupted by the language chooser (lines 97–229)

The Conclusion ends with what reads as a three-item bulleted list of next steps, but the chooser block sits between bullet 1 ("Manage Vault as code with Pulumi") and bullets 2–3 ("Centralize secrets…", "Advanced configuration management"). Hugo's renderer is likely to treat that as two separate lists, breaking the visual continuity and the numbering of next steps. Worth confirming in a local build that the three items still render as a single list, or consider restructuring — for example, lift the code chooser into its own "Manage Vault as code with Pulumi" subsection above the conclusion, then keep the next-steps list intact at the end.

3. Em-dash density inside the "What is HashiCorp Vault?" section (lines 14, 20, 22)

Three em-dashes appear within ten lines of each other. The total of four across the article is fine, but clustering three in one short section reads a bit AI-flavored. Consider rephrasing one or two — for example, on line 22:

- **Revocation**: Vault can revoke individual secrets or entire trees of secrets. For example, every credential a compromised application has accessed can be revoked at once.

Minor

  • Line 18 mixes "key/value" with the later "KV v2 mount" terminology (line 97). Consider standardizing on one form on first reference, or briefly clarify the relationship (KV is the secrets engine; KV v2 is the versioned variant).
  • Line 78: "Rotate Vault's encryption key (rotate) and re-key the master/recovery keys (rekey)" — these are operator subcommands, so wrapping them as vault operator rotate / vault operator rekey would be more discoverable for readers who want to look them up.
  • Line 86 introduces "HCP Vault" without expanding the acronym. First-mention expansion ("HashiCorp Cloud Platform (HCP) Vault") would help readers unfamiliar with the term.

Things I confirmed

  • Heading hierarchy is now correct (H2 for top sections, H3 for "Key features").
  • All four code samples use the right Pulumi Vault provider resources (Mount, kv.SecretV2) with appropriate language idioms.
  • The chooser shortcode usage ({{< chooser language \"typescript,python,go,csharp\" / >}} plus {{% choosable language X %}} blocks) follows the pattern used elsewhere in the docs.
  • Internal links use the canonical full-path style (/docs/pulumi-cloud/esc/, /registry/packages/vault/).
  • First-mention links are present for HashiCorp Vault, Pulumi ESC, the Pulumi Vault provider, and HCP Vault.

If you'd like me to take another pass after these are addressed, mention @claude.

@pulumi-bot
Copy link
Copy Markdown
Collaborator

pulumi-bot commented May 6, 2026

Your site preview for commit 944a4af is ready! 🎉

http://www-testing-pulumi-docs-origin-pr-18813-944a4af0.s3-website.us-west-2.amazonaws.com

CamSoper
CamSoper requested changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@CamSoper CamSoper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Building on @claude's review with a few items I caught that weren't in there. Defer to @claude on the BSL/source-available fix — they posted a clean suggestion block for it.

Broken-ish link: HCP Vault pricing

Line 86 links "HCP Vault" to https://www.hashicorp.com/products/vault/pricing. The URL resolves, but the destination is HashiCorp's generic product-pricing page, currently centered on Terraform tiers — there's no dedicated Vault pricing on it. Either drop the link (just say "HCP Vault") or point at the actual product page (https://www.hashicorp.com/products/vault, no /pricing).

Marketing tone in two spots

A couple of lines lean further into superlatives/editorializing than the rest of the page:

  • Line 10: "is one of the most widely adopted tools for that job" — unsourced superlative. Could be tightened to "is a popular tool for this" or just dropped, since the rest of the intro already establishes the use case.
  • Line 19: "drastically reducing the blast radius of a leak" — editorial flourish; something like "limiting exposure if a credential leaks" reads closer to the docs voice used in the rest of the page.

Stale (but working) HashiCorp URLs

Both vaultproject.io URLs 308-redirect to developer.hashicorp.com. They work, but worth updating to the canonical destinations:

  • Line 28: https://www.vaultproject.io/downloadshttps://developer.hashicorp.com/vault/downloads/
  • Line 41: https://www.vaultproject.io/docs/secrets/kv/kv-v2https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2

Things I confirmed that aren't in @claude's review

  • All four code samples verified against the live Pulumi Vault provider docs (v7.8.0): resource types, property names, package imports, and Go SDK v7 import paths all match.
  • All internal Pulumi links (/registry/packages/vault/, /docs/pulumi-cloud/esc/, /docs/pulumi-cloud/esc/providers/vault-secrets/, /docs/concepts/config/) resolve, two via aliases.
  • Vault CLI claims (operator rotate, operator rekey, transit engine, audit devices) are all accurate.

On @claude's "bulleted list interrupted by the chooser" concern — worth a quick visual check on the preview, but the AWS Secrets Manager peer page uses the same bullet → chooser → bullet pattern in production, so Hugo seems to handle it. Probably not blocking.

@pulumi-bot
Copy link
Copy Markdown
Collaborator

pulumi-bot commented May 6, 2026
edited
Loading

Claude finished @CamSoper's task in 2m 20s —— View job

Applied review feedback

Pushed 8bd5f81 addressing the items you flagged plus the BSL fix you asked me to call.

  • BSL/source-available (line 14): swapped "open-source" for "source-available" per the Aug 2023 BUSL relicense.
  • Marketing tone, line 10: tightened to "is a popular tool for this" — kept the link.
  • Marketing tone, line 19: "drastically reducing the blast radius of a leak" → "limiting exposure if a credential leaks".
  • HCP Vault link (line 86): dropped the link rather than redirecting to the product page, since line 10 already links the same /products/vault URL at first mention; a second link to the same destination would be redundant. Happy to swap to the product page instead if you'd rather keep a link there.
  • Stale vaultproject.io URLs (lines 28, 41): updated to developer.hashicorp.com.

A couple of items from my earlier review I left alone since they weren't in your list and you didn't flag them as blocking — happy to address any of these on request:

  • Em-dash density inside the "What is HashiCorp Vault?" section
  • KV vs. KV v2 terminology mixing on first reference
  • vault operator rotate / vault operator rekey qualifier
  • HCP acronym expansion at first mention

Local lint isn't allowed in this sandbox; CI will run it on the new commit.
• Branch: improve/what-is-hashicorp-vault

@github-actions @CamSoper
docs(what-is): address PR review feedback on Vault page
8bd5f81 
- Apply source-available framing per BSL relicense (Aug 2023)
- Soften unsourced superlative in intro
- Replace editorial "blast radius" phrasing with docs voice
- Drop link from HCP Vault (pricing page was Terraform-centric;
  product link already used at first mention)
- Update vaultproject.io URLs to canonical developer.hashicorp.com

Co-authored-by: Cam Soper <CamSoper@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CamSoper CamSoper CamSoper requested changes

@sicarul sicarul Awaiting requested review from sicarul

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alexleventer @pulumi-bot @CamSoper