diff --git a/docs/admin/external-auth.md b/docs/admin/external-auth.md
index afd370ab0f068..bbb479ecf2d00 100644
--- a/docs/admin/external-auth.md
+++ b/docs/admin/external-auth.md
@@ -168,8 +168,7 @@ CODER_EXTERNAL_AUTH_0_REGEX=github\.company\.org
## JFrog Artifactory
-See [this](../admin/integrations/jfrog-artifactory.md) guide on instructions on
-how to set up for JFrog Artifactory.
+Visit the [JFrog Artifactory](../admin/integrations/jfrog-artifactory.md) guide for instructions on how to set up for JFrog Artifactory.
## Custom scopes
@@ -190,6 +189,16 @@ Multiple providers is an Enterprise and Premium feature.
Below is an example configuration with multiple providers:
+
+
+**Note:** To support regex matching for paths like `github\.com/org`, add the following `git config` line to the [Coder agent startup script](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#startup_script):
+
+```shell
+git config --global credential.useHttpPath true
+```
+
+
+
```env
# Provider 1) github.com
CODER_EXTERNAL_AUTH_0_ID=primary-github
@@ -208,11 +217,3 @@ CODER_EXTERNAL_AUTH_1_AUTH_URL="https://github.example.com/login/oauth/authorize
CODER_EXTERNAL_AUTH_1_TOKEN_URL="https://github.example.com/login/oauth/access_token"
CODER_EXTERNAL_AUTH_1_VALIDATE_URL="https://github.example.com/api/v3/user"
```
-
-To support regex matching for paths (e.g. `github\.com/org`), you'll need to add
-this to the
-[Coder agent startup script](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#startup_script):
-
-```shell
-git config --global credential.useHttpPath true
-```
diff --git a/docs/admin/integrations/island.md b/docs/admin/integrations/island.md
index 157385376962a..d5159e9e28868 100644
--- a/docs/admin/integrations/island.md
+++ b/docs/admin/integrations/island.md
@@ -10,16 +10,15 @@ April 24, 2024
---
-[Island](https://www.island.io/) is an enterprise-grade browser, offering a
-Chromium-based experience similar to popular web browsers like Chrome and Edge.
-It includes built-in security features for corporate applications and data,
-aiming to bridge the gap between consumer-focused browsers and the security
-needs of the enterprise.
+[Island](https://www.island.io/) is an enterprise-grade browser, offering a Chromium-based experience
+similar to popular web browsers like Chrome and Edge. It includes built-in
+security features for corporate applications and data, aiming to bridge the gap
+between consumer-focused browsers and the security needs of the enterprise.
-Coder natively integrates with Island's feature set, which include data loss
-protection (DLP), application awareness, browser session recording, and single
-sign-on (SSO). This guide intends to document these feature categories and how
-they apply to your Coder deployment.
+Coder natively integrates with Island's feature set, which include data
+loss protection (DLP), application awareness, browser session recording, and
+single sign-on (SSO). This guide intends to document these feature categories
+and how they apply to your Coder deployment.
## General Configuration
@@ -33,90 +32,85 @@ creating browser policies.
## Advanced Data Loss Protection
-Integrate Island's advanced data loss prevention (DLP) capabilities with Coder's
-cloud development environment (CDE), enabling you to control the “last mile”
-between developers’ CDE and their local devices, ensuring that sensitive IP
-remains in your centralized environment.
+Integrate Island's advanced data loss prevention (DLP) capabilities with
+Coder's cloud development environment (CDE), enabling you to control the
+"last mile" between developers' CDE and their local devices,
+ensuring that sensitive IP remains in your centralized environment.
### Block cut, copy, paste, printing, screen share
-1. [Create a Data Sandbox Profile](https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile)
+1. [Create a Data Sandbox Profile](https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile).
1. Configure the following actions to allow/block (based on your security
- requirements):
+ requirements).
-- Screenshot and Screen Share
-- Printing
-- Save Page
-- Clipboard Limitations
+ - Screenshot and Screen Share
+ - Printing
+ - Save Page
+ - Clipboard Limitations
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the Data Sandbox Profile
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the Data Sandbox Profile.
-1. Define the Coder Application group as the Destination Object
+1. Define the Coder Application group as the Destination Object.
1. Define the Data Sandbox Profile as the Action in the Last Mile Protection
- section
+ section.
### Conditionally allow copy on Coder's CLI authentication page
-1. [Create a URL Object](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- with the following configuration:
+1. [Create a URL Object](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) with the following configuration.
-- **Include**
-- **URL type**: Wildcard
-- **URL address**: `coder.example.com/cli-auth`
-- **Casing**: Insensitive
+ - **Include**
+ - **URL type**: Wildcard
+ - **URL address**: `coder.example.com/cli-auth`
+ - **Casing**: Insensitive
-1. [Create a Data Sandbox Profile](https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile)
+1. [Create a Data Sandbox Profile](https://documentation.island.io/docs/create-and-configure-a-data-sandbox-profile).
-1. Configure action to allow copy/paste
+1. Configure action to allow copy/paste.
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the Data Sandbox Profile
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the Data Sandbox Profile.
-1. Define the URL Object you created as the Destination Object
+1. Define the URL Object you created as the Destination Object.
1. Define the Data Sandbox Profile as the Action in the Last Mile Protection
- section
+ section.
### Prevent file upload/download from the browser
-1. Create a Protection Profiles for both upload/download
+1. Create a Protection Profiles for both upload/download.
-- [Upload documentation](https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile)
-- [Download documentation](https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile)
+ - [Upload documentation](https://documentation.island.io/docs/create-and-configure-an-upload-protection-profile)
+ - [Download documentation](https://documentation.island.io/v1/docs/en/create-and-configure-a-download-protection-profile)
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the Protection Profiles
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the Protection Profiles.
-1. Define the Coder Application group as the Destination Object
+1. Define the Coder Application group as the Destination Object.
1. Define the applicable Protection Profile as the Action in the Data Protection
- section
+ section.
### Scan files for sensitive data
-1. [Create a Data Loss Prevention scanner](https://documentation.island.io/docs/create-a-data-loss-prevention-scanner)
+1. [Create a Data Loss Prevention scanner](https://documentation.island.io/docs/create-a-data-loss-prevention-scanner).
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the DLP Scanner
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the DLP Scanner.
-1. Define the Coder Application group as the Destination Object
+1. Define the Coder Application group as the Destination Object.
-1. Define the DLP Scanner as the Action in the Data Protection section
+1. Define the DLP Scanner as the Action in the Data Protection section.
## Application Awareness and Boundaries
Ensure that Coder is only accessed through the Island browser, guaranteeing that
-your browser-level DLP policies are always enforced, and developers can’t
+your browser-level DLP policies are always enforced, and developers can't
sidestep such policies simply by using another browser.
### Configure browser enforcement, conditional access policies
-1. Create a conditional access policy for your configured identity provider.
+Create a conditional access policy for your configured identity provider.
-> Note: the configured IdP must be the same for both Coder and Island
+Note that the configured IdP must be the same for both Coder and Island.
- [Azure Active Directory/Entra ID](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-azure-ad#create-and-apply-a-conditional-access-policy)
- [Okta](https://documentation.island.io/docs/configure-browser-enforcement-for-island-with-okta)
@@ -129,35 +123,34 @@ screenshots, mouse clicks, and keystrokes.
### Activity Logging Module
-1. [Create an Activity Logging Profile](https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile)
+1. [Create an Activity Logging Profile](https://documentation.island.io/docs/create-and-configure-an-activity-logging-profile). Supported browser
+ events include:
-Supported browser events include:
+ - Web Navigation
+ - File Download
+ - File Upload
+ - Clipboard/Drag & Drop
+ - Print
+ - Save As
+ - Screenshots
+ - Mouse Clicks
+ - Keystrokes
-- Web Navigation
-- File Download
-- File Upload
-- Clipboard/Drag & Drop
-- Print
-- Save As
-- Screenshots
-- Mouse Clicks
-- Keystrokes
+1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general) to apply the Activity Logging Profile.
-1. [Create a Policy Rule](https://documentation.island.io/docs/create-and-configure-a-policy-rule-general)
- to apply the Activity Logging Profile
-
-1. Define the Coder Application group as the Destination Object
+1. Define the Coder Application group as the Destination Object.
1. Define the Activity Logging Profile as the Action in the Security &
- Visibility section
+ Visibility section.
## Identity-aware logins (SSO)
-Integrate Island's identity management system with Coder's authentication
-mechanisms to enable identity-aware logins.
+Integrate Island's identity management system with Coder's
+authentication mechanisms to enable identity-aware logins.
### Configure single sign-on (SSO) seamless authentication between Coder and Island
Configure the same identity provider (IdP) for both your Island and Coder
-deployment. Upon initial login to the Island browser, the user's session token
-will automatically be passed to Coder and authenticate their Coder session.
+deployment. Upon initial login to the Island browser, the user's session
+token will automatically be passed to Coder and authenticate their Coder
+session.
diff --git a/docs/admin/integrations/jfrog-artifactory.md b/docs/admin/integrations/jfrog-artifactory.md
index 74200cf597f0b..afc94d6158b94 100644
--- a/docs/admin/integrations/jfrog-artifactory.md
+++ b/docs/admin/integrations/jfrog-artifactory.md
@@ -36,14 +36,11 @@ two type of modules that automate the JFrog Artifactory and Coder integration.
### JFrog-OAuth
This module is usable by JFrog self-hosted (on-premises) Artifactory as it
-requires configuring a custom integration. This integration benefits from
-Coder's [external-auth](../../admin/external-auth.md) feature and allows each
-user to authenticate with Artifactory using an OAuth flow and issues user-scoped
-tokens to each user.
+requires configuring a custom integration. This integration benefits from Coder's [external-auth](../../admin/external-auth.md) feature allows each user to authenticate with Artifactory using an OAuth flow and issues user-scoped tokens to each user.
To set this up, follow these steps:
-1. Modify your Helm chart `values.yaml` for JFrog Artifactory to add,
+1. Add the following to your Helm chart `values.yaml` for JFrog Artifactory. Replace `CODER_URL` with your JFrog Artifactory base URL:
```yaml
artifactory:
@@ -62,17 +59,12 @@ To set this up, follow these steps:
scope: "applied-permissions/user"
```
- > Note Replace `CODER_URL` with your Coder deployment URL, e.g.,
- >
-
1. Create a new Application Integration by going to
- and select the
+ `https://JFROG_URL/ui/admin/configuration/integrations/new` and select the
Application Type as the integration you created in step 1.
- 
-
-1. Add a new [external authentication](../../admin/external-auth.md) to Coder by
- setting these env variables,
+1. Add a new [external authentication](../../admin/external-auth.md) to Coder by setting these
+ environment variables in a manner consistent with your Coder deployment. Replace `JFROG_URL` with your JFrog Artifactory base URL:
```env
# JFrog Artifactory External Auth
@@ -86,12 +78,7 @@ To set this up, follow these steps:
CODER_EXTERNAL_AUTH_1_SCOPES="applied-permissions/user"
```
- > Note Replace `JFROG_URL` with your JFrog Artifactory base URL, e.g.,
- >
-
-1. Create or edit a Coder template and use the
- [JFrog-OAuth](https://registry.coder.com/modules/jfrog-oauth) module to
- configure the integration.
+1. Create or edit a Coder template and use the [JFrog-OAuth](https://registry.coder.com/modules/jfrog-oauth) module to configure the integration:
```tf
module "jfrog" {
@@ -100,7 +87,7 @@ To set this up, follow these steps:
agent_id = coder_agent.example.id
jfrog_url = "https://jfrog.example.com"
configure_code_server = true # this depends on the code-server
- username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
+ username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
package_managers = {
"npm": "npm",
"go": "go",
@@ -111,22 +98,17 @@ To set this up, follow these steps:
### JFrog-Token
-This module makes use of the
-[Artifactory terraform provider](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs)
-and an admin-scoped token to create user-scoped tokens for each user by matching
-their Coder email or username with Artifactory. This can be used for both SaaS
-and self-hosted(on-premises) Artifactory instances.
+This module makes use of the [Artifactory terraform
+provider](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs) and an admin-scoped token to create
+user-scoped tokens for each user by matching their Coder email or username with
+Artifactory. This can be used for both SaaS and self-hosted (on-premises)
+Artifactory instances.
To set this up, follow these steps:
-1. Get a JFrog access token from your Artifactory instance. The token must be an
- [admin token](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token)
- with scope `applied-permissions/admin`.
-1. Create or edit a Coder template and use the
- [JFrog-Token](https://registry.coder.com/modules/jfrog-token) module to
- configure the integration and pass the admin token. It is recommended to
- store the token in a sensitive terraform variable to prevent it from being
- displayed in plain text in the terraform state.
+1. Get a JFrog access token from your Artifactory instance. The token must be an [admin token](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token) with scope `applied-permissions/admin`.
+
+1. Create or edit a Coder template and use the [JFrog-Token](https://registry.coder.com/modules/jfrog-token) module to configure the integration and pass the admin token. It is recommended to store the token in a sensitive Terraform variable to prevent it from being displayed in plain text in the terraform state:
```tf
variable "artifactory_access_token" {
@@ -150,24 +132,21 @@ To set this up, follow these steps:
```
+
The admin-level access token is used to provision user tokens and is never exposed to developers or stored in workspaces.
+
-If you do not want to use the official modules, you can check example template
-that uses Docker as the underlying compute
-[here](https://github.com/coder/coder/tree/main/examples/jfrog/docker). The same
-concepts apply to all compute types.
+If you don't want to use the official modules, you can read through the [example template](https://github.com/coder/coder/tree/main/examples/jfrog/docker), which uses Docker as the underlying compute. The
+same concepts apply to all compute types.
## Offline Deployments
-See the
-[offline deployments](../templates/extending-templates/modules.md#offline-installations)
-section for instructions on how to use coder-modules in an offline environment
-with Artifactory.
+See the [offline deployments](../templates/extending-templates/modules.md#offline-installations) section for instructions on how to use Coder modules in an offline environment with Artifactory.
+
+## Next Steps
-## More reading
+- See the [full example Docker template](https://github.com/coder/coder/tree/main/examples/jfrog/docker).
-- See the full example template
- [here](https://github.com/coder/coder/tree/main/examples/jfrog/docker).
- To serve extensions from your own VS Code Marketplace, check out
[code-marketplace](https://github.com/coder/code-marketplace#artifactory-storage).
diff --git a/docs/admin/integrations/jfrog-xray.md b/docs/admin/integrations/jfrog-xray.md
index 3f4fcebcba681..bb1b9db106611 100644
--- a/docs/admin/integrations/jfrog-xray.md
+++ b/docs/admin/integrations/jfrog-xray.md
@@ -11,61 +11,63 @@ March 17, 2024
---
-This guide will walk you through the process of adding
-[JFrog Xray](https://jfrog.com/xray/) integration to Coder Kubernetes workspaces
-using Coder's [JFrog Xray Integration](https://github.com/coder/coder-xray).
+This guide describes the process of integrating [JFrog Xray](https://jfrog.com/xray/) to Coder Kubernetes-backed
+workspaces using Coder's [JFrog Xray Integration](https://github.com/coder/coder-xray).
## Prerequisites
- A self-hosted JFrog Platform instance.
- Kubernetes workspaces running on Coder.
-## Deploying the Coder - JFrog Xray Integration
+## Deploy the **Coder - JFrog Xray** Integration
-1. Create a JFrog Platform
- [Access Token](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens)
- with a user that has the read
- [permission](https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions)
+1. Create a JFrog Platform [Access Token](https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens) with a user that has the `read` [permission](https://jfrog.com/help/r/jfrog-platform-administration-documentation/permissions)
for the repositories you want to scan.
-1. Create a Coder [token](../../reference/cli/tokens_create.md#tokens-create)
- with a user that has the [`owner`](../users/index.md#roles) role.
+
+1. Create a Coder [token](../../reference/cli/tokens_create.md#tokens-create) with a user that has the [`owner`](../users#roles) role.
+
1. Create Kubernetes secrets for the JFrog Xray and Coder tokens.
```bash
- kubectl create secret generic coder-token --from-literal=coder-token=''
- kubectl create secret generic jfrog-token --from-literal=user='' --from-literal=token=''
+ kubectl create secret generic coder-token \
+ --from-literal=coder-token=''
+ ```
+
+ ```bash
+ kubectl create secret generic jfrog-token \
+ --from-literal=user='' \
+ --from-literal=token=''
```
-1. Deploy the Coder - JFrog Xray integration.
+1. Deploy the **Coder - JFrog Xray** integration.
```bash
helm repo add coder-xray https://helm.coder.com/coder-xray
+ ```
+ ```bash
helm upgrade --install coder-xray coder-xray/coder-xray \
- --namespace coder-xray \
- --create-namespace \
- --set namespace="" \ # Replace with your Coder workspaces namespace
- --set coder.url="https://" \
- --set coder.secretName="coder-token" \
- --set artifactory.url="https://" \
- --set artifactory.secretName="jfrog-token"
+ --namespace coder-xray \
+ --create-namespace \
+ --set namespace="" \
+ --set coder.url="https://" \
+ --set coder.secretName="coder-token" \
+ --set artifactory.url="https://" \
+ --set artifactory.secretName="jfrog-token"
```
-### Updating the Coder template
+
+
+ To authenticate with the Artifactory registry, you may need to
+ create a [Docker config](https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics) and use it in the
+ `imagePullSecrets` field of the Kubernetes Pod. See the [Defining ImagePullSecrets for Coder workspaces](../../tutorials/image-pull-secret.md) guide for more
+ information.
-[`coder-xray`](https://github.com/coder/coder-xray) will scan all kubernetes
-workspaces in the specified namespace. It depends on the `image` available in
-Artifactory and indexed by Xray. To ensure that the images are available in
-Artifactory, update the Coder template to use the Artifactory registry.
+
-```tf
-image = "//:"
-```
+## Validate your installation
-> **Note**: To authenticate with the Artifactory registry, you may need to
-> create a
-> [Docker config](https://jfrog.com/help/r/jfrog-artifactory-documentation/docker-advanced-topics)
-> and use it in the `imagePullSecrets` field of the kubernetes pod. See this
-> [guide](../../tutorials/image-pull-secret.md) for more information.
+Once installed, configured workspaces will now have a banner appear on any
+workspace with vulnerabilities reported by JFrog Xray.
-
+
diff --git a/docs/admin/integrations/prometheus.md b/docs/admin/integrations/prometheus.md
index dc469aeb77f01..9440d90a19bd0 100644
--- a/docs/admin/integrations/prometheus.md
+++ b/docs/admin/integrations/prometheus.md
@@ -3,9 +3,8 @@
Coder exposes many metrics which can be consumed by a Prometheus server, and
give insight into the current state of a live Coder deployment.
-If you don't have an Prometheus server installed, you can follow the Prometheus
-[Getting started](https://prometheus.io/docs/prometheus/latest/getting_started/)
-guide.
+If you don't have a Prometheus server installed, you can follow the Prometheus
+[Getting started](https://prometheus.io/docs/prometheus/latest/getting_started/) guide.
## Enable Prometheus metrics
@@ -19,7 +18,7 @@ use either the environment variable `CODER_PROMETHEUS_ADDRESS` or the flag
address.
If `coder server --prometheus-enable` is started locally, you can preview the
-metrics endpoint in your browser or by using curl:
+metrics endpoint in your browser or with `curl`:
```console
$ curl http://localhost:2112/
@@ -31,13 +30,12 @@ coderd_api_active_users_duration_hour 0
### Kubernetes deployment
-The Prometheus endpoint can be enabled in the
-[Helm chart's](https://github.com/coder/coder/tree/main/helm) `values.yml` by
-setting the environment variable `CODER_PROMETHEUS_ADDRESS` to `0.0.0.0:2112`.
-The environment variable `CODER_PROMETHEUS_ENABLE` will be enabled
-automatically. A Service Endpoint will not be exposed; if you need to expose the
-Prometheus port on a Service, (for example, to use a `ServiceMonitor`), create a
-separate headless service instead:
+The Prometheus endpoint can be enabled in the [Helm chart's](https://github.com/coder/coder/tree/main/helm)
+`values.yml` by setting the environment variable `CODER_PROMETHEUS_ADDRESS` to
+`0.0.0.0:2112`. The environment variable `CODER_PROMETHEUS_ENABLE` will be
+enabled automatically. A Service Endpoint will not be exposed; if you need to
+expose the Prometheus port on a Service, (for example, to use a
+`ServiceMonitor`), create a separate headless service instead.
```yaml
apiVersion: v1
@@ -62,21 +60,22 @@ spec:
To allow Prometheus to scrape the Coder metrics, you will need to create a
`scape_config` in your `prometheus.yml` file, or in the Prometheus Helm chart
-values. Below is an example `scrape_config`:
+values. The following is an example `scrape_config`.
```yaml
scrape_configs:
- job_name: "coder"
scheme: "http"
static_configs:
- - targets: [":2112"] # replace with the the IP address of the Coder pod or server
+ # replace with the the IP address of the Coder pod or server
+ - targets: [":2112"]
labels:
apps: "coder"
```
To use the Kubernetes Prometheus operator to scrape metrics, you will need to
-create a `ServiceMonitor` in your Coder deployment namespace. Below is an
-example `ServiceMonitor`:
+create a `ServiceMonitor` in your Coder deployment namespace. The following is
+an example `ServiceMonitor`.
```yaml
apiVersion: monitoring.coreos.com/v1
@@ -96,7 +95,7 @@ spec:
## Available metrics
-`coderd_agentstats_*` metrics must first be enabled with the flag
+You must first enable `coderd_agentstats_*` with the flag
`--prometheus-collect-agent-stats`, or the environment variable
`CODER_PROMETHEUS_COLLECT_AGENT_STATS` before they can be retrieved from the
deployment. They will always be available from the agent.
diff --git a/docs/admin/integrations/vault.md b/docs/admin/integrations/vault.md
index c1f126890e4f0..4894a7ebda0a1 100644
--- a/docs/admin/integrations/vault.md
+++ b/docs/admin/integrations/vault.md
@@ -11,22 +11,19 @@ August 05, 2024
---
-This guide will walk you through the process of adding
-[HashiCorp Vault](https://www.vaultproject.io/) integration to Coder workspaces.
+This guide describes the process of integrating [HashiCorp Vault](https://www.vaultproject.io/) into Coder workspaces.
Coder makes it easy to integrate HashiCorp Vault with your workspaces by
-providing official terraform modules to integrate Vault with Coder. This guide
+providing official Terraform modules to integrate Vault with Coder. This guide
will show you how to use these modules to integrate HashiCorp Vault with Coder.
-## `vault-github`
+## The `vault-github` module
-[`vault-github`](https://registry.coder.com/modules/vault-github) is a terraform
-module that allows you to authenticate with Vault using a GitHub token. This
-modules uses the existing GitHub [external authentication](../external-auth.md)
-to get the token and authenticate with Vault.
+The [`vault-github`](https://registry.coder.com/modules/vault-github) module is a Terraform module that allows you to
+authenticate with Vault using a GitHub token. This module uses the existing
+GitHub [external authentication](../external-auth.md) to get the token and authenticate with Vault.
-To use this module, you need to add the following code to your terraform
-configuration:
+To use this module, add the following code to your Terraform configuration.
```tf
module "vault" {
@@ -38,11 +35,10 @@ module "vault" {
}
```
-This module will install and authenticate the `vault` CLI in your Coder
-workspace.
+This module installs and authenticates the `vault` CLI in your Coder workspace.
-Users then can use the `vault` CLI to interact with the vault, e.g., to het a kv
-secret,
+Users then can use the `vault` CLI to interact with Vault; for example, to fetch
+a secret stored in the KV backend.
```shell
vault kv get -namespace=YOUR_NAMESPACE -mount=MOUNT_NAME SECRET_NAME
diff --git a/docs/admin/monitoring/health-check.md b/docs/admin/monitoring/health-check.md
index 969bee4e03e21..0a5c135c6d50f 100644
--- a/docs/admin/monitoring/health-check.md
+++ b/docs/admin/monitoring/health-check.md
@@ -117,14 +117,15 @@ Coder's current activity and usage. It may be necessary to increase the
resources allocated to Coder's database. Alternatively, you can raise the
configured threshold to a higher value (this will not address the root cause).
-> [!TIP]
->
-> - You can enable
-> [detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics)
-> in Coder's Prometheus endpoint.
-> - If you have [tracing enabled](../../reference/cli/server.md#--trace), these
-> traces may also contain useful information regarding Coder's database
-> activity.
+
+
+You can enable
+[detailed database metrics](../../reference/cli/server.md#--prometheus-collect-db-metrics)
+in Coder's Prometheus endpoint. If you have
+[tracing enabled](../../reference/cli/server.md#--trace), these traces may also
+contain useful information regarding Coder's database activity.
+
+
## DERP
@@ -149,8 +150,12 @@ This is not necessarily a fatal error, but a possible indication of a
misconfigured reverse HTTP proxy. Additionally, while workspace users should
still be able to reach their workspaces, connection performance may be degraded.
-> **Note:** This may also be shown if you have
-> [forced websocket connections for DERP](../../reference/cli/server.md#--derp-force-websockets).
+
+
+**Note:** This may also be shown if you have
+[forced websocket connections for DERP](../../reference/cli/server.md#--derp-force-websockets).
+
+
**Solution:** ensure that any proxies you use allow connection upgrade with the
`Upgrade: derp` header.
@@ -300,8 +305,12 @@ that they are able to successfully connect to Coder. Otherwise, ensure
[`--provisioner-daemons`](../../reference/cli/server.md#--provisioner-daemons)
is set to a value greater than 0.
-> Note: This may be a transient issue if you are currently in the process of
-> updating your deployment.
+
+
+**Note:** This may be a transient issue if you are currently in the process of
+updating your deployment.
+
+
### EPD02
@@ -315,8 +324,12 @@ of API incompatibility.
**Solution:** Update the provisioner daemon to match the currently running
version of Coder.
-> Note: This may be a transient issue if you are currently in the process of
-> updating your deployment.
+
+
+**Note:** This may be a transient issue if you are currently in the process of
+updating your deployment.
+
+
### EPD03
@@ -330,8 +343,12 @@ connect to Coder.
**Solution:** Update the provisioner daemon to match the currently running
version of Coder.
-> Note: This may be a transient issue if you are currently in the process of
-> updating your deployment.
+
+
+**Note:** This may be a transient issue if you are currently in the process of
+updating your deployment.
+
+
### EUNKNOWN
diff --git a/docs/contributing/frontend.md b/docs/contributing/frontend.md
index ea1a80aac639d..fd9d7ff0a64fe 100644
--- a/docs/contributing/frontend.md
+++ b/docs/contributing/frontend.md
@@ -23,14 +23,16 @@ You can run the UI and access the Coder dashboard in two ways:
In both cases, you can access the dashboard on `http://localhost:8080`. If using
`./scripts/develop.sh` you can log in with the default credentials.
-> [!TIP]
->
-> **Default Credentials:** `admin@coder.com` and `SomeSecurePassword!`.
+
+
+**Default Credentials:** `admin@coder.com` and `SomeSecurePassword!`.
+
+
## Tech Stack Overview
-All our dependencies are described in `site/package.json` but the following are
-the most important:
+All our dependencies are described in `site/package.json`, but the following are
+the most important.
- [React](https://reactjs.org/) for the UI framework
- [Typescript](https://www.typescriptlang.org/) to keep our sanity