diff --git a/website/_redirects b/website/_redirects
index 37296c8cb87..cccc7b7a303 100644
--- a/website/_redirects
+++ b/website/_redirects
@@ -89,6 +89,10 @@
/docs/vault-enterprise/mfa/mfa-totp.html /docs/enterprise/mfa/mfa-totp 301!
/docs/vault-enterprise/replication/index.html /docs/enterprise/replication 301!
/docs/vault-enterprise/ui/index.html /docs/configuration/ui 301!
+/docs/secrets/cassandra /docs/secrets/databases/cassandra 301!
+/docs/secrets/mongodb /docs/secrets/databases/mongodb 301!
+/docs/secrets/mssql /docs/secrets/databases/mssql 301!
+/docs/secrets/mysql /docs/secrets/databases/mysql-maria 301!
/guides/authentication.html /guides/identity/authentication 301!
/guides/configuration/authentication.html /guides/identity/authentication 301!
/guides/configuration/generate-root.html /guides/operations/generate-root 301!
diff --git a/website/data/api-navigation.js b/website/data/api-navigation.js
index 9115fa4d969..588284b15af 100644
--- a/website/data/api-navigation.js
+++ b/website/data/api-navigation.js
@@ -32,15 +32,15 @@ export default [
'mysql-maria',
'oracle',
'postgresql',
- 'redshift'
- ]
+ 'redshift',
+ ],
},
{ category: 'gcp' },
{ category: 'gcpkms' },
{ category: 'kmip' },
{
category: 'kv',
- content: ['kv-v1', 'kv-v2']
+ content: ['kv-v1', 'kv-v2'],
},
{
category: 'identity',
@@ -50,8 +50,8 @@ export default [
'group',
'group-alias',
'tokens',
- 'lookup'
- ]
+ 'lookup',
+ ],
},
{ category: 'mongodbatlas' },
{ category: 'nomad' },
@@ -62,13 +62,7 @@ export default [
{ category: 'totp' },
{ category: 'transform' },
{ category: 'transit' },
- '-----------------------',
- { category: 'cassandra' },
- { category: 'mongodb' },
- { category: 'mssql' },
- { category: 'mysql' },
- { category: 'postgresql' }
- ]
+ ],
},
{
category: 'auth',
@@ -90,8 +84,8 @@ export default [
{ category: 'cert' },
{ category: 'token' },
{ category: 'userpass' },
- { category: 'app-id' }
- ]
+ { category: 'app-id' },
+ ],
},
{
category: 'system',
@@ -122,7 +116,7 @@ export default [
'metrics',
{
category: 'mfa',
- content: ['duo', 'okta', 'pingid', 'totp']
+ content: ['duo', 'okta', 'pingid', 'totp'],
},
'mounts',
'namespaces',
@@ -137,7 +131,7 @@ export default [
'remount',
{
category: 'replication',
- content: ['replication-performance', 'replication-dr']
+ content: ['replication-performance', 'replication-dr'],
},
'rotate',
'seal',
@@ -146,14 +140,14 @@ export default [
'step-down',
{
category: 'storage',
- content: ['raft']
+ content: ['raft'],
},
'tools',
'unseal',
'wrapping-lookup',
'wrapping-rewrap',
'wrapping-unwrap',
- 'wrapping-wrap'
- ]
- }
+ 'wrapping-wrap',
+ ],
+ },
]
diff --git a/website/data/docs-navigation.js b/website/data/docs-navigation.js
index 74dc5e819bc..f5096373e3c 100644
--- a/website/data/docs-navigation.js
+++ b/website/data/docs-navigation.js
@@ -7,7 +7,7 @@
export default [
{
- category: 'install'
+ category: 'install',
},
{
category: 'internals',
@@ -20,8 +20,8 @@ export default [
'token',
'rotation',
'replication',
- 'plugins'
- ]
+ 'plugins',
+ ],
},
{
category: 'concepts',
@@ -36,15 +36,15 @@ export default [
'ha',
'integrated-storage',
'pgp-gpg-keybase',
- 'recovery-mode'
- ]
+ 'recovery-mode',
+ ],
},
{
category: 'configuration',
content: [
{
category: 'listener',
- content: ['tcp']
+ content: ['tcp'],
},
{
category: 'seal',
@@ -55,8 +55,8 @@ export default [
'gcpckms',
'ocikms',
'pkcs11',
- 'transit'
- ]
+ 'transit',
+ ],
},
{
category: 'storage',
@@ -81,20 +81,17 @@ export default [
'raft',
's3',
'swift',
- 'zookeeper'
- ]
+ 'zookeeper',
+ ],
},
{
category: 'service-registration',
- content: [
- 'consul',
- 'kubernetes'
- ]
+ content: ['consul', 'kubernetes'],
},
'telemetry',
{ category: 'ui' },
- { category: 'entropy-augmentation' }
- ]
+ { category: 'entropy-augmentation' },
+ ],
},
{
category: 'commands',
@@ -102,11 +99,11 @@ export default [
'agent',
{
category: 'audit',
- content: ['disable', 'enable', 'list']
+ content: ['disable', 'enable', 'list'],
},
{
category: 'auth',
- content: ['disable', 'enable', 'help', 'list', 'tune']
+ content: ['disable', 'enable', 'help', 'list', 'tune'],
},
'debug',
'delete',
@@ -122,12 +119,12 @@ export default [
'patch',
'put',
'rollback',
- 'undelete'
- ]
+ 'undelete',
+ ],
},
{
category: 'lease',
- content: ['renew', 'revoke']
+ content: ['renew', 'revoke'],
},
'list',
'login',
@@ -144,35 +141,35 @@ export default [
'rotate',
'seal',
'step-down',
- 'unseal'
- ]
+ 'unseal',
+ ],
},
'path-help',
{
category: 'plugin',
- content: ['deregister', 'info', 'list', 'register']
+ content: ['deregister', 'info', 'list', 'register'],
},
{
category: 'policy',
- content: ['delete', 'fmt', 'list', 'read', 'write']
+ content: ['delete', 'fmt', 'list', 'read', 'write'],
},
'read',
{
category: 'secrets',
- content: ['disable', 'enable', 'list', 'move', 'tune']
+ content: ['disable', 'enable', 'list', 'move', 'tune'],
},
'server',
'ssh',
'status',
{
category: 'token',
- content: ['capabilities', 'create', 'lookup', 'renew', 'revoke']
+ content: ['capabilities', 'create', 'lookup', 'renew', 'revoke'],
},
'unwrap',
'version',
'write',
- 'token-helper'
- ]
+ 'token-helper',
+ ],
},
{
category: 'agent',
@@ -192,18 +189,18 @@ export default [
'gcp',
'jwt',
'kerberos',
- 'kubernetes'
- ]
+ 'kubernetes',
+ ],
},
{
category: 'sinks',
- content: ['file']
- }
- ]
+ content: ['file'],
+ },
+ ],
},
{ category: 'caching' },
- { category: 'template' }
- ]
+ { category: 'template' },
+ ],
},
'----------------',
{
@@ -229,15 +226,15 @@ export default [
'oracle',
'postgresql',
'redshift',
- 'custom'
- ]
+ 'custom',
+ ],
},
{ category: 'gcp' },
{ category: 'gcpkms' },
{ category: 'kmip' },
{
category: 'kv',
- content: ['kv-v1', 'kv-v2']
+ content: ['kv-v1', 'kv-v2'],
},
{ category: 'identity' },
{ category: 'mongodbatlas' },
@@ -250,19 +247,14 @@ export default [
content: [
'signed-ssh-certificates',
'one-time-ssh-passwords',
- 'dynamic-ssh-keys'
- ]
+ 'dynamic-ssh-keys',
+ ],
},
{ category: 'totp' },
{ category: 'transform' },
{ category: 'transit' },
{ category: 'venafi' },
- '------------------------',
- { category: 'cassandra' },
- { category: 'mongodb' },
- { category: 'mssql' },
- { category: 'mysql' }
- ]
+ ],
},
{
category: 'auth',
@@ -286,25 +278,25 @@ export default [
'userpass',
'---------',
'app-id',
- 'mfa'
- ]
+ 'mfa',
+ ],
},
{
category: 'audit',
- content: ['file', 'syslog', 'socket']
+ content: ['file', 'syslog', 'socket'],
},
{
- category: 'plugin'
+ category: 'plugin',
},
'----------------',
{
- category: 'what-is-vault'
+ category: 'what-is-vault',
},
{
- category: 'use-cases'
+ category: 'use-cases',
},
{
- category: 'partnerships'
+ category: 'partnerships',
},
'----------------',
{
@@ -332,22 +324,22 @@ export default [
'enterprise-with-raft',
'enterprise-dr-with-raft',
'enterprise-perf-with-raft',
- 'enterprise-best-practice'
- ]
+ 'enterprise-best-practice',
+ ],
},
],
},
{
category: 'injector',
- content: ['annotations', 'installation', 'examples']
- }
- ]
+ content: ['annotations', 'installation', 'examples'],
+ },
+ ],
},
{
category: 'aws-mp',
- content: ['run']
- }
- ]
+ content: ['run'],
+ },
+ ],
},
'----------------',
{
@@ -386,8 +378,8 @@ export default [
'upgrade-to-1.3.3',
'upgrade-to-1.3.4',
'upgrade-to-1.3.5',
- 'upgrade-to-1.4.0'
- ]
+ 'upgrade-to-1.4.0',
+ ],
},
'----------------',
{
@@ -396,7 +388,7 @@ export default [
{ category: 'replication' },
{
category: 'hsm',
- content: ['behavior', 'security']
+ content: ['behavior', 'security'],
},
{ category: 'entropy-augmentation' },
{ category: 'sealwrap' },
@@ -405,12 +397,12 @@ export default [
{ category: 'control-groups' },
{
category: 'mfa',
- content: ['mfa-duo', 'mfa-okta', 'mfa-pingid', 'mfa-totp']
+ content: ['mfa-duo', 'mfa-okta', 'mfa-pingid', 'mfa-totp'],
},
{
category: 'sentinel',
- content: ['examples', 'properties']
- }
- ]
- }
+ content: ['examples', 'properties'],
+ },
+ ],
+ },
]
diff --git a/website/pages/api-docs/secret/mongodb/index.mdx b/website/pages/api-docs/secret/mongodb/index.mdx
deleted file mode 100644
index 45fcee8a61e..00000000000
--- a/website/pages/api-docs/secret/mongodb/index.mdx
+++ /dev/null
@@ -1,346 +0,0 @@
----
-layout: api
-page_title: MongoDB - Secrets Engines - HTTP API
-sidebar_title: MongoDB DEPRECATED
-description: This is the API documentation for the Vault MongoDB secrets engine.
----
-
-# MongoDB Secrets Engine (API)
-
-~> **Deprecation Note:** This secrets engine is deprecated in favor of the
-combined databases secrets engine added in v0.7.1. See the API documentation for
-the new implementation of this secrets engine at
-[MongoDB database plugin HTTP API](/api/secret/databases/mongodb).
-
-This is the API documentation for the Vault MongoDB secrets engine. For general
-information about the usage and operation of the MongoDB secrets engine, please
-see the
-[Vault MongoDB secrets engine documentation](/docs/secrets/mongodb).
-
-This documentation assumes the MongoDB secrets engine is enabled at the
-`/mongodb` path in Vault. Since it is possible to enable secrets engines at any
-location, please update your API calls accordingly.
-
-## Configure Connection
-
-This endpoint configures the standard connection string (URI) used to
-communicate with MongoDB.
-
-| Method | Path |
-| :----- | :--------------------------- |
-| `POST` | `/mongodb/config/connection` |
-
-### Parameters
-
-- `url` `(string: )` – Specifies the MongoDB standard connection
- string (URI).
-
-- `verify_connection` `(bool: true)` – Specifies if the connection is verified
- during initial configuration.
-
-### Sample Payload
-
-```json
-{
- "url": "mongodb://db1.example.net,db2.example.net:2500/?replicaSet=test"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/mongodb/config/connection
-```
-
-### Sample Response
-
-```json
-{
- "lease_id": "",
- "renewable": false,
- "lease_duration": 0,
- "data": null,
- "wrap_info": null,
- "warnings": [
- "Read access to this endpoint should be controlled via ACLs as it will return the connection URI as it is, including passwords, if any."
- ],
- "auth": null
-}
-```
-
-## Read Connection
-
-This endpoint queries the connection configuration. Access to this endpoint
-should be controlled via ACLs as it will return the connection URI as it is,
-including passwords, if any.
-
-| Method | Path |
-| :----- | :--------------------------- |
-| `GET` | `/mongodb/config/connection` |
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/mongodb/config/connection
-```
-
-### Sample Response
-
-```json
-{
- "lease_id": "",
- "renewable": false,
- "lease_duration": 0,
- "data": {
- "uri": "mongodb://admin:Password!@mongodb.acme.com:27017/admin?ssl=true"
- },
- "wrap_info": null,
- "warnings": null,
- "auth": null
-}
-```
-
-## Configure Lease
-
-This endpoint configures the default lease TTL settings for credentials
-generated by the mongodb secrets engine.
-
-| Method | Path |
-| :----- | :---------------------- |
-| `POST` | `/mongodb/config/lease` |
-
-### Parameters
-
-- `lease` `(string: )` – Specifies the lease value provided as a
- string duration with time suffix. "h" (hour) is the largest suffix.
-
-- `lease_max` `(string: )` – Specifies the maximum lease value
- provided as a string duration with time suffix. "h" (hour) is the largest
- suffix.
-
-### Sample Payload
-
-```json
-{
- "lease": "12h",
- "lease_max": "24h"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/mongodb/config/lease
-```
-
-## Read Lease
-
-This endpoint queries the lease configuration.
-
-| Method | Path |
-| :----- | :---------------------- |
-| `GET` | `/mongodb/config/lease` |
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/mongodb/config/lease
-```
-
-### Sample Response
-
-```json
-{
- "lease_id": "",
- "renewable": false,
- "lease_duration": 0,
- "data": {
- "max_ttl": 60,
- "ttl": 60
- },
- "wrap_info": null,
- "warnings": null,
- "auth": null
-}
-```
-
-## Create Role
-
-This endpoint creates or updates a role definition.
-
-| Method | Path |
-| :----- | :--------------------- |
-| `POST` | `/mongodb/roles/:name` |
-
-### Parameters
-
-- `db` `(string: )` – Specifies the name of the database users should
- be created in for this role.
-
-- `roles` `(string: "")` – Specifies the MongoDB roles to assign to the users
- generated for this role.
-
-### Sample Payload
-
-```json
-{
- "db": "my-db",
- "roles": "[\"readWrite\",{\"db\":\"bar\",\"role\":\"read\"}]"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/mongodb/roles/my-role
-```
-
-## Read Role
-
-This endpoint queries the role definition.
-
-| Method | Path |
-| :----- | :--------------------- |
-| `GET` | `/mongodb/roles/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to read. This
- is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/mongodb/roles/my-role
-```
-
-### Sample Response
-
-```json
-{
- "lease_id": "",
- "renewable": false,
- "lease_duration": 0,
- "data": {
- "db": "foo",
- "roles": "[\"readWrite\",{\"db\":\"bar\",\"role\":\"read\"}]"
- },
- "wrap_info": null,
- "warnings": null,
- "auth": null
-}
-```
-
-## List Roles
-
-This endpoint returns a list of available roles. Only the role names are
-returned, not any values.
-
-| Method | Path |
-| :----- | :--------------- |
-| `LIST` | `/mongodb/roles` |
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request LIST \
- http://127.0.0.1:8200/v1/mongodb/roles
-```
-
-### Sample Response
-
-```json
-{
- "lease_id": "",
- "renewable": false,
- "lease_duration": 0,
- "data": {
- "keys": ["dev", "prod"]
- },
- "wrap_info": null,
- "warnings": null,
- "auth": null
-}
-```
-
-## Delete Role
-
-This endpoint deletes the role definition.
-
-| Method | Path |
-| :------- | :--------------------- |
-| `DELETE` | `/mongodb/roles/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to delete. This
- is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request DELETE \
- http://127.0.0.1:8200/v1/mongodb/roles/my-role
-```
-
-## Generate Credentials
-
-This endpoint generates a new set of dynamic credentials based on the named
-role.
-
-| Method | Path |
-| :----- | :--------------------- |
-| `GET` | `/mongodb/creds/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to create
- credentials against. This is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/mongodb/creds/my-role
-```
-
-### Sample Response
-
-```json
-{
- "lease_id": "mongodb/creds/readonly/e64e79d8-9f56-e379-a7c5-373f9b4ee3d8",
- "renewable": true,
- "lease_duration": 3600,
- "data": {
- "db": "foo",
- "password": "de0f7b50-d700-54e5-4e81-5c3724283999",
- "username": "vault-token-b32098cb-7ff2-dcf5-83cd-d5887cedf81b"
- },
- "wrap_info": null,
- "warnings": null,
- "auth": null
-}
-```
diff --git a/website/pages/api-docs/secret/mssql/index.mdx b/website/pages/api-docs/secret/mssql/index.mdx
deleted file mode 100644
index f596988ccb4..00000000000
--- a/website/pages/api-docs/secret/mssql/index.mdx
+++ /dev/null
@@ -1,248 +0,0 @@
----
-layout: api
-page_title: MSSQL - Secrets Engines - HTTP API
-sidebar_title: MSSQL DEPRECATED
-description: This is the API documentation for the Vault MSSQL secrets engine.
----
-
-# MSSQL Secrets Engine (API)
-
-~> **Deprecation Note:** This secrets engine is deprecated in favor of the
-combined databases secrets engine added in v0.7.1. See the API documentation for
-the new implementation of this secrets engine at
-[MSSQL database plugin HTTP API](/api/secret/databases/mssql).
-
-This is the API documentation for the Vault MSSQL secrets engine. For general
-information about the usage and operation of the MSSQL secrets engine, please
-see the [Vault MSSQL documentation](/docs/secrets/mssql).
-
-This documentation assumes the MSSQL secrets engine is enabled at the `/mssql`
-path in Vault. Since it is possible to enable secrets engines at any location,
-please update your API calls accordingly.
-
-## Configure Connection
-
-This endpoint configures the connection DSN used to communicate with Microsoft
-SQL Server.
-
-| Method | Path |
-| :----- | :------------------------- |
-| `POST` | `/mssql/config/connection` |
-
-### Parameters
-
-- `connection_string` `(string: )` – Specifies the MSSQL DSN.
-
-- `max_open_connections` `(int: 2)` – Specifies the maximum number of open
- connections to the database.
-
-- `max_idle_connections` `(int: 0)` – Specifies the maximum number of idle
- connections to the database. A zero uses the value of `max_open_connections`
- and a negative value disables idle connections. If larger than
- `max_open_connections` it will be reduced to be equal.
-
-### Sample Payload
-
-```json
-{
- "connection_string": "Server=myServerAddress;Database=myDataBase;User Id=myUsername; Password=myPassword;"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/mssql/config/connection
-```
-
-## Configure Lease
-
-This endpoint configures the lease settings for generated credentials.
-
-| Method | Path |
-| :----- | :-------------------- |
-| `POST` | `/mysql/config/lease` |
-
-### Parameters
-
-- `lease` `(string: )` – Specifies the lease value provided as a
- string duration with time suffix. "h" (hour) is the largest suffix.
-
-- `lease_max` `(string: )` – Specifies the maximum lease value
- provided as a string duration with time suffix. "h" (hour) is the largest
- suffix.
-
-### Sample Payload
-
-```json
-{
- "lease": "12h",
- "lease_max": "24h"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/mssql/config/lease
-```
-
-## Create Role
-
-This endpoint creates or updates the role definition.
-
-| Method | Path |
-| :----- | :------------------- |
-| `POST` | `/mssql/roles/:name` |
-
-### Parameters
-
-- `sql` `(string: )` – Specifies the SQL statements executed to create
- and configure the role. The '{{name}}' and '{{password}}' values will be
- substituted. Must be a semicolon-separated string, a base64-encoded
- semicolon-separated string, a serialized JSON string array, or a
- base64-encoded serialized JSON string array.
-
-### Sample Payload
-
-```json
-{
- "sql": "CREATE LOGIN ..."
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/mssql/roles/my-role
-```
-
-## Read Role
-
-This endpoint queries the role definition.
-
-| Method | Path |
-| :----- | :------------------- |
-| `GET` | `/mssql/roles/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to read. This
- is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/mssql/roles/my-role
-```
-
-### Sample Response
-
-```json
-{
- "data": {
- "sql": "CREATE LOGIN..."
- }
-}
-```
-
-## List Roles
-
-This endpoint returns a list of available roles. Only the role names are
-returned, not any values.
-
-| Method | Path |
-| :----- | :------------- |
-| `LIST` | `/mssql/roles` |
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request LIST \
- http://127.0.0.1:8200/v1/mssql/roles
-```
-
-### Sample Response
-
-```json
-{
- "auth": null,
- "data": {
- "keys": ["dev", "prod"]
- },
- "lease_duration": 2764800,
- "lease_id": "",
- "renewable": false
-}
-```
-
-## Delete Role
-
-This endpoint deletes the role definition.
-
-| Method | Path |
-| :------- | :------------------- |
-| `DELETE` | `/mssql/roles/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to delete. This
- is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request DELETE \
- http://127.0.0.1:8200/v1/mssql/roles/my-role
-```
-
-## Generate Credentials
-
-This endpoint generates a new set of dynamic credentials based on the named
-role.
-
-| Method | Path |
-| :----- | :------------------- |
-| `GET` | `/mssql/creds/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to create
- credentials against. This is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/mssql/creds/my-role
-```
-
-### Sample Response
-
-```json
-{
- "data": {
- "username": "root-a147d529-e7d6-4a16-8930-4c3e72170b19",
- "password": "ee202d0d-e4fd-4410-8d14-2a78c5c8cb76"
- }
-}
-```
diff --git a/website/pages/api-docs/secret/mysql/index.mdx b/website/pages/api-docs/secret/mysql/index.mdx
deleted file mode 100644
index b85c8959af0..00000000000
--- a/website/pages/api-docs/secret/mysql/index.mdx
+++ /dev/null
@@ -1,269 +0,0 @@
----
-layout: api
-page_title: MySQL - Secrets Engines - HTTP API
-sidebar_title: MySQL DEPRECATED
-description: This is the API documentation for the Vault MySQL secrets engine.
----
-
-# MySQL Secrets Engine (API)
-
-~> **Deprecation Note:** This secrets engine is deprecated in favor of the
-combined databases secrets engine added in v0.7.1. See the API documentation for
-the new implementation of this secrets engine at
-[MySQL/MariaDB database plugin HTTP API](/api/secret/databases/mysql-maria).
-
-This is the API documentation for the Vault MySQL secrets engine. For general
-information about the usage and operation of the MySQL secrets engine, please
-see the [Vault MySQL documentation](/docs/secrets/mysql).
-
-This documentation assumes the MySQL secrets engine is enabled at the `/mysql`
-path in Vault. Since it is possible to enable secrets engines at any location,
-please update your API calls accordingly.
-
-## Configure Connection
-
-This endpoint configures the connection DSN used to communicate with MySQL.
-
-| Method | Path |
-| :----- | :------------------------- |
-| `POST` | `/mysql/config/connection` |
-
-### Parameters
-
-- `connection_url` `(string: )` – Specifies the MySQL DSN.
-
-- `max_open_connections` `(int: 2)` – Specifies the maximum number of open
- connections to the database.
-
-- `max_idle_connections` `(int: 0)` – Specifies the maximum number of idle
- connections to the database. A zero uses the value of `max_open_connections`
- and a negative value disables idle connections. If larger than
- `max_open_connections` it will be reduced to be equal.
-
-- `verify_connection` `(bool: true)` – Specifies if the connection is verified
- during initial configuration.
-
-### Sample Payload
-
-```json
-{
- "connection_url": "mysql:host=localhost;dbname=testdb"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/mysql/config/connection
-```
-
-## Configure Lease
-
-This endpoint configures the lease settings for generated credentials. If not
-configured, leases default to 1 hour. This is a root protected endpoint.
-
-| Method | Path |
-| :----- | :-------------------- |
-| `POST` | `/mysql/config/lease` |
-
-### Parameters
-
-- `lease` `(string: )` – Specifies the lease value provided as a
- string duration with time suffix. "h" (hour) is the largest suffix.
-
-- `lease_max` `(string: )` – Specifies the maximum lease value
- provided as a string duration with time suffix. "h" (hour) is the largest
- suffix.
-
-### Sample Payload
-
-```json
-{
- "lease": "12h",
- "lease_max": "24h"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/mysql/config/lease
-```
-
-## Create Role
-
-This endpoint creates or updates the role definition.
-
-| Method | Path |
-| :----- | :------------------- |
-| `POST` | `/mysql/roles/:name` |
-
-### Parameters
-
-- `sql` `(string: )` – Specifies the SQL statements executed to create
- and configure a user. Must be a semicolon-separated string, a base64-encoded
- semicolon-separated string, a serialized JSON string array, or a
- base64-encoded serialized JSON string array. The '{{name}}' and
- '{{password}}' values will be substituted.
-
-- `revocation_sql` `(string: "")` – Specifies the SQL statements executed to
- revoke a user. Must be a semicolon-separated string, a base64-encoded
- semicolon-separated string, a serialized JSON string array, or a
- base64-encoded serialized JSON string array. The '{{name}}' value will be
- substituted.
-
-- `rolename_length` `(int: 4)` – Specifies how many characters from the role
- name will be used to form the mysql username interpolated into the '{{name}}'
- field of the sql parameter.
-
-- `displayname_length` `(int: 4)` – Specifies how many characters from the token
- display name will be used to form the mysql username interpolated into the
- '{{name}}' field of the sql parameter.
-
-- `username_length` `(int: 16)` – Specifies the maximum total length in
- characters of the mysql username interpolated into the '{{name}}' field of the
- sql parameter.
-
-### Sample Payload
-
-```json
-{
- "sql": "CREATE USER ..."
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/mysql/roles/my-role
-```
-
-## Read Role
-
-This endpoint queries the role definition.
-
-| Method | Path |
-| :----- | :------------------- |
-| `GET` | `/mysql/roles/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to read. This
- is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/mysql/roles/my-role
-```
-
-### Sample Response
-
-```json
-{
- "data": {
- "sql": "CREATE USER..."
- }
-}
-```
-
-## List Roles
-
-This endpoint returns a list of available roles. Only the role names are
-returned, not any values.
-
-| Method | Path |
-| :----- | :------------- |
-| `LIST` | `/mysql/roles` |
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request LIST \
- http://127.0.0.1:8200/v1/mysql/roles
-```
-
-### Sample Response
-
-```json
-{
- "auth": null,
- "data": {
- "keys": ["dev", "prod"]
- },
- "lease_duration": 2764800,
- "lease_id": "",
- "renewable": false
-}
-```
-
-## Delete Role
-
-This endpoint deletes the role definition.
-
-| Method | Path |
-| :------- | :------------------- |
-| `DELETE` | `/mysql/roles/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to delete. This
- is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request DELETE \
- http://127.0.0.1:8200/v1/mysql/roles/my-role
-```
-
-## Generate Credentials
-
-This endpoint generates a new set of dynamic credentials based on the named
-role.
-
-| Method | Path |
-| :----- | :------------------- |
-| `GET` | `/mysql/creds/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to create
- credentials against. This is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/mysql/creds/my-role
-```
-
-### Sample Response
-
-```json
-{
- "data": {
- "username": "user-role-aefa63",
- "password": "132ae3ef-5a64-7499-351e-bfe59f3a2a21"
- }
-}
-```
diff --git a/website/pages/api-docs/secret/postgresql/index.mdx b/website/pages/api-docs/secret/postgresql/index.mdx
deleted file mode 100644
index 9f7ef9fe927..00000000000
--- a/website/pages/api-docs/secret/postgresql/index.mdx
+++ /dev/null
@@ -1,263 +0,0 @@
----
-layout: api
-page_title: PostgreSQL - Secrets Engines - HTTP API
-sidebar_title: PostgreSQL DEPRECATED
-description: This is the API documentation for the Vault PostgreSQL secrets engine.
----
-
-# PostgreSQL Secrets Engine (API)
-
-~> **Deprecation Note:** This secrets engine is deprecated in favor of the
-combined databases secrets engine added in v0.7.1. See the API documentation for
-the new implementation of this secrets engine at
-[PostgreSQL database plugin HTTP API](/api/secret/databases/postgresql).
-
-This is the API documentation for the Vault PostgreSQL secrets engine. For
-general information about the usage and operation of the PostgreSQL secrets
-engine, please see the [PostgreSQL
-documentation](/docs/secrets/postgresql).
-
-This documentation assumes the PostgreSQL secrets engine is enabled at the
-`/postgresql` path in Vault. Since it is possible to enable secrets engines at
-any location, please update your API calls accordingly.
-
-## Configure Connection
-
-This endpoint configures the connection string used to communicate with
-PostgreSQL.
-
-| Method | Path |
-| :----- | :------------------------------ |
-| `POST` | `/postgresql/config/connection` |
-
-### Parameters
-
-- `connection_url` `(string: )` – Specifies the PostgreSQL connection
- URL or PG-style string, for example `"user=foo host=bar"`.
-
-- `max_open_connections` `(int: 2)` – Specifies the maximum number of open
- connections to the database. A negative value means unlimited.
-
-- `max_idle_connections` `(int: 0)` – Specifies the maximum number of idle
- connections to the database. A zero uses the value of `max_open_connections`
- and a negative value disables idle connections. If this is larger than
- `max_open_connections` it will be reduced to be equal.
-
-- `verify_connection` `(bool: true)` – Specifies if the connection is verified
- during initial configuration.
-
-### Sample Payload
-
-```json
-{
- "connection_url": "postgresql://user:pass@localhost/my-db"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/postgresql/config/connection
-```
-
-## Configure Lease
-
-This configures the lease settings for generated credentials. If not configured,
-leases default to 1 hour. This is a root protected endpoint.
-
-| Method | Path |
-| :----- | :------------------------- |
-| `POST` | `/postgresql/config/lease` |
-
-### Parameters
-
-- `lease` `(string: )` – Specifies the lease value provided as a
- string duration with time suffix. "h" (hour) is the largest suffix.
-
-- `lease_max` `(string: )` – Specifies the maximum lease value
- provided as a string duration with time suffix. "h" (hour) is the largest
- suffix.
-
-### Sample Payload
-
-```json
-{
- "lease": "12h",
- "lease_max": "24h"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/postgresql/config/lease
-```
-
-## Create Role
-
-This endpoint creates or updates a role definition.
-
-| Method | Path |
-| :----- | :------------------------ |
-| `POST` | `/postgresql/roles/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to create. This
- is specified as part of the URL.
-
-- `sql` `(string: )` – Specifies the SQL statements executed to create
- and configure the role. Must be a semicolon-separated string, a base64-encoded
- semicolon-separated string, a serialized JSON string array, or a
- base64-encoded serialized JSON string array. The '{{name}}', '{{password}}'
- and '{{expiration}}' values will be substituted.
-
-- `revocation_sql` `(string: "")` – Specifies the SQL statements to be executed
- to revoke a user. Must be a semicolon-separated string, a base64-encoded
- semicolon-separated string, a serialized JSON string array, or a
- base64-encoded serialized JSON string array. The '{{name}}' value will be
- substituted.
-
-### Sample Payload
-
-```json
-{
- "sql": "CREATE USER WITH ROLE {{name}}"
-}
-```
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request POST \
- --data @payload.json \
- http://127.0.0.1:8200/v1/postgresql/roles/my-role
-```
-
-## Read Role
-
-This endpoint queries the role definition.
-
-| Method | Path |
-| :----- | :------------------------ |
-| `GET` | `/postgresql/roles/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to read. This
- is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/postgresql/roles/my-role
-```
-
-### Sample Response
-
-```json
-{
- "data": {
- "sql": "CREATE USER..."
- }
-}
-```
-
-## List Roles
-
-This endpoint returns a list of available roles. Only the role names are
-returned, not any values.
-
-| Method | Path |
-| :----- | :------------------ |
-| `LIST` | `/postgresql/roles` |
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request LIST \
- http://127.0.0.1:8200/v1/postgresql/roles
-```
-
-### Sample Response
-
-```json
-{
- "auth": null,
- "data": {
- "keys": ["dev", "prod"]
- },
- "lease_duration": 2764800,
- "lease_id": "",
- "renewable": false
-}
-```
-
-## Delete Role
-
-This endpoint deletes the role definition.
-
-| Method | Path |
-| :------- | :------------------------ |
-| `DELETE` | `/postgresql/roles/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to delete. This
- is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- --request DELETE \
- http://127.0.0.1:8200/v1/postgresql/roles/my-role
-```
-
-## Generate Credentials
-
-This endpoint generates a new set of dynamic credentials based on the named
-role.
-
-| Method | Path |
-| :----- | :------------------------ |
-| `GET` | `/postgresql/creds/:name` |
-
-### Parameters
-
-- `name` `(string: )` – Specifies the name of the role to create
- credentials against. This is specified as part of the URL.
-
-### Sample Request
-
-```
-$ curl \
- --header "X-Vault-Token: ..." \
- http://127.0.0.1:8200/v1/postgresql/creds/my-role
-```
-
-### Sample Response
-
-```json
-{
- "data": {
- "username": "root-1430158508-126",
- "password": "132ae3ef-5a64-7499-351e-bfe59f3a2a21"
- }
-}
-```
diff --git a/website/pages/docs/secrets/mongodb/index.mdx b/website/pages/docs/secrets/mongodb/index.mdx
deleted file mode 100644
index d72ef049183..00000000000
--- a/website/pages/docs/secrets/mongodb/index.mdx
+++ /dev/null
@@ -1,129 +0,0 @@
----
-layout: docs
-page_title: MongoDB - Secrets Engines
-sidebar_title: MongoDB DEPRECATED
-description: >-
- The mongodb secrets engine for Vault generates database credentials to access
- MongoDB.
----
-
-# MongoDB Secrets Engine
-
-~> **Deprecation Note:** This secrets engine is deprecated in favor of the
-combined databases secrets engine added in v0.7.1. See the documentation for
-the new implementation of this secrets engine at
-[MongoDB database plugin](/docs/secrets/databases/mongodb).
-
-The `mongodb` secrets engine for Vault generates MongoDB database credentials
-dynamically based on configured roles. This means that services that need
-to access a MongoDB database no longer need to hard-code credentials: they
-can request them from Vault and use Vault's leasing mechanism to more easily
-roll them.
-
-Additionally, it introduces a new ability: with every service accessing
-the database with unique credentials, it makes auditing much easier when
-questionable data access is discovered: you can track it down to the specific
-instance of a service based on the MongoDB username.
-
-Vault makes use of its own internal revocation system to ensure that users
-become invalid within a reasonable time of the lease expiring.
-
-This page will show a quick start for this secrets engine. For detailed documentation
-on every path, use `vault path-help` after mounting the secrets engine.
-
-## Quick Start
-
-The first step to using the mongodb secrets engine is to mount it. Unlike the
-`kv` secrets engine, the `mongodb` secrets engine is not mounted by default.
-
-```
-$ vault secrets enable mongodb
-Success! Enabled the mongodb secrets engine at: mongodb/
-```
-
-Next, we must tell Vault how to connect to MongoDB. This is done by providing
-a standard connection string (URI):
-
-```
-$ vault write mongodb/config/connection uri="mongodb://admin:Password!@mongodb.acme.com:27017/admin?ssl=true"
-Key Value
---- -----
-
-The following warnings were returned from the Vault server:
-* Read access to this endpoint should be controlled via ACLs as it will return the connection URI as it is, including passwords, if any.
-```
-
-In this case, we've configured Vault with the username `admin` and password
-`Password!`, connecting to an instance at `mongodb.acme.com` on port `27017`
-with TLS. The user must have privileges to manage users and their roles in the
-databases Vault will manage users in. The built-in role `userAdminAnyDatabase`
-is the simplest way to grant the necessary permissions if we want Vault to
-manage all users in all databases.
-
-Optionally, we can configure the lease settings for the credentials generated
-by Vault. This is done by writing to the `config/lease` key:
-
-```
-$ vault write mongodb/config/lease ttl=1h max_ttl=24h
-Success! Data written to: mongodb/config/lease
-```
-
-This restricts each user to being valid or leased for 1 hour at a time, with
-a maximum total use period of 24 hours. This forces an application to renew
-its credentials at least hourly and to recycle them once per day.
-
-The next step is to configure a role. A role is a logical name that maps
-to a policy used to generate MongoDB credentials for that role.
-
-Note that MongoDB also uses roles. The roles you define in Vault are distinct
-from the built-in and user-defined roles in MongoDB. In fact, when defining
-a Vault role you may specify the MongoDB roles that should be assigned to
-users created for that Vault role.
-
-For example, let's create a "readonly" role:
-
-```
-$ vault write mongodb/roles/readonly db=foo roles='[ "readWrite", { "role": "read", "db": "bar" } ]'
-Success! Data written to: mongodb/roles/readonly
-```
-
-By writing to the `roles/readonly` path we are defining the `readonly` role.
-Each time Vault is asked for credentials for this role, it will create a
-user in the specified MongoDB database with the MongoDB roles provided. The
-username and password of each user created will be dynamically generated by
-Vault. Just like when creating a user directly using `db.createUser`, the
-`roles` JSON array can specify both built-in roles and user-defined roles
-for both the database the user is created in and for other databases. Please
-consult the MongoDB documentation for more details on Role-Based Access
-Control in MongoDB. In this example, Vault will create a user in the `foo`
-database with the `readWrite` built-in role on that database and the `read`
-built-in role on the `bar` database.
-
-To generate a new set of credentials for a given role, we simply read from
-the credentials path for that role:
-
-```
-$ vault read mongodb/creds/readonly
-Key Value
---- -----
-lease_id mongodb/creds/readonly/91685212-3040-7dde-48b1-df997c5dc8e7
-lease_duration 3600
-lease_renewable true
-db foo
-password c3faa86d-0f93-9649-de91-c431765e62dd
-username vault-token-48729def-b0ca-2b17-d7b9-3ca7cb86f0ae
-```
-
-By reading from the `creds/readonly` path, Vault has generated a new set of
-credentials using the `readonly` role configuration. Here we see the
-dynamically generated username and password, along with a one hour lease.
-
-Using ACLs, it is possible to restrict using the `mongodb` secrets engine such that
-trusted operators can manage the role definitions, and both users and
-applications are restricted in the credentials they are allowed to read.
-
-## API
-
-The MongoDB secrets engine has a full HTTP API. Please see the
-[MongoDB secrets engine API](/api/secret/mongodb) for more
-details.
diff --git a/website/pages/docs/secrets/mssql/index.mdx b/website/pages/docs/secrets/mssql/index.mdx
deleted file mode 100644
index f6cc37d5c86..00000000000
--- a/website/pages/docs/secrets/mssql/index.mdx
+++ /dev/null
@@ -1,120 +0,0 @@
----
-layout: docs
-page_title: MSSQL - Secrets Engines
-sidebar_title: MSSQL DEPRECATED
-description: >-
- The MSSQL secrets engine for Vault generates database credentials to access
- Microsoft Sql Server.
----
-
-# MSSQL Secrets Engine
-
-~> **Deprecation Note:** This secrets engine is deprecated in favor of the
-combined databases secrets engine added in v0.7.1. See the documentation for
-the new implementation of this secrets engine at
-[MSSQL database plugin](/docs/secrets/databases/mssql).
-
-The MSSQL secrets engine for Vault generates database credentials
-dynamically based on configured roles. This means that services that need
-to access a database no longer need to hardcode credentials: they can request
-them from Vault, and use Vault's leasing mechanism to more easily roll keys.
-
-Additionally, it introduces a new ability: with every service accessing
-the database with unique credentials, it makes auditing much easier when
-questionable data access is discovered: you can track it down to the specific
-instance of a service based on the SQL username.
-
-Vault makes use of its own internal revocation system to ensure that users
-become invalid within a reasonable time of the lease expiring.
-
-This page will show a quick start for this secrets engine. For detailed documentation
-on every path, use `vault path-help` after mounting the secrets engine.
-
-## Quick Start
-
-The first step to using the mssql secrets engine is to mount it. Unlike the `kv`
-secrets engine, the `mssql` secrets engine is not mounted by default.
-
-```
-$ vault secrets enable mssql
-Success! Enabled the mssql secrets engine at: mssql/
-```
-
-Next, we must configure Vault to know how to connect to the MSSQL
-instance. This is done by providing a DSN (Data Source Name):
-
-```
-$ vault write mssql/config/connection \
- connection_string="server=localhost;port=1433;user id=sa;password=Password!;database=AdventureWorks;app name=vault;"
-Success! Data written to: mssql/config/connection
-```
-
-In this case, we've configured Vault with the user "sa" and password "Password!",
-connecting to an instance at "localhost" on port 1433. It is not necessary
-that Vault has the sa login, but the user must have privileges to create
-logins and manage processes. The fixed server roles `securityadmin` and
-`processadmin` are examples of built-in roles that grant these permissions. The
-user also must have privileges to create database users and grant permissions in
-the databases that Vault manages. The fixed database roles `db_accessadmin` and
-`db_securityadmin` are examples or built-in roles that grant these permissions.
-
-Optionally, we can configure the lease settings for credentials generated
-by Vault. This is done by writing to the `config/lease` key:
-
-```
-$ vault write mssql/config/lease \
- ttl=1h \
- max_ttl=24h
-Success! Data written to: mssql/config/lease
-```
-
-This restricts each credential to being valid or leased for 1 hour
-at a time, with a maximum use period of 24 hours. This forces an
-application to renew their credentials at least hourly, and to recycle
-them once per day.
-
-The next step is to configure a role. A role is a logical name that maps
-to a policy used to generate those credentials. For example, lets create
-a "readonly" role:
-
-```
-$ vault write mssql/roles/readonly \
- sql="CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}'; USE AdventureWorks; CREATE USER [{{name}}] FOR LOGIN [{{name}}]; GRANT SELECT ON SCHEMA::dbo TO [{{name}}]"
-Success! Data written to: mssql/roles/readonly
-```
-
-By writing to the `roles/readonly` path we are defining the `readonly` role.
-This role will be created by evaluating the given `sql` statements. By
-default, the `{{name}}` and `{{password}}` fields will be populated by
-Vault with dynamically generated values. This SQL statement is creating
-the named login on the server, user on the AdventureWorks database, and
-then granting it `SELECT` on the `dbo` schema. More complex `GRANT` queries
-can be used to customize the privileges of the role.
-
-To generate a new set of credentials, we simply read from that role:
-
-```
-$ vault read mssql/creds/readonly
-Key Value
---- -----
-lease_id mssql/creds/readonly/cdf23ac8-6dbd-4bf9-9919-6acaaa86ba6c
-lease_duration 3600
-password ee202d0d-e4fd-4410-8d14-2a78c5c8cb76
-username root-a147d529-e7d6-4a16-8930-4c3e72170b19
-```
-
-By reading from the `creds/readonly` path, Vault has generated a new
-set of credentials using the `readonly` role configuration. Here we
-see the dynamically generated username and password, along with a one
-hour lease.
-
-Using ACLs, it is possible to restrict using the mssql secrets engine such
-that trusted operators can manage the role definitions, and both
-users and applications are restricted in the credentials they are
-allowed to read.
-
-## API
-
-The MSSQL secrets engine has a full HTTP API. Please see the
-[MSSQL secrets engine API](/api/secret/mssql) for more
-details.
diff --git a/website/pages/docs/secrets/mysql/index.mdx b/website/pages/docs/secrets/mysql/index.mdx
deleted file mode 100644
index d086382fa19..00000000000
--- a/website/pages/docs/secrets/mysql/index.mdx
+++ /dev/null
@@ -1,131 +0,0 @@
----
-layout: docs
-page_title: MySQL - Secrets Engines
-sidebar_title: MySQL DEPRECATED
-description: >-
- The MySQL secrets engine for Vault generates database credentials to access
- MySQL.
----
-
-# MySQL Secrets Engine
-
-Name: `mysql`
-
-~> **Deprecation Note:** This secrets engine is deprecated in favor of the
-combined databases secrets engine added in v0.7.1. See the documentation for
-the new implementation of this secrets engine at
-[MySQL/MariaDB database plugin](/docs/secrets/databases/mysql-maria).
-
-The MySQL secrets engine for Vault generates database credentials
-dynamically based on configured roles. This means that services that need
-to access a database no longer need to hardcode credentials: they can request
-them from Vault, and use Vault's leasing mechanism to more easily roll keys.
-
-Additionally, it introduces a new ability: with every service accessing
-the database with unique credentials, it makes auditing much easier when
-questionable data access is discovered: you can track it down to the specific
-instance of a service based on the SQL username.
-
-Vault makes use of its own internal revocation system to ensure that users
-become invalid within a reasonable time of the lease expiring.
-
-This page will show a quick start for this secrets engine. For detailed documentation
-on every path, use `vault path-help` after mounting the secrets engine.
-
-## Quick Start
-
-The first step to using the mysql secrets engine is to mount it. Unlike the `kv`
-secrets engine, the `mysql` secrets engine is not mounted by default.
-
-```
-$ vault secrets enable mysql
-Success! Enabled the mysql secrets engine at: mysql/
-```
-
-Next, we must configure Vault to know how to connect to the MySQL
-instance. This is done by providing a [DSN (Data Source Name)](https://github.com/go-sql-driver/mysql#dsn-data-source-name):
-
-```
-$ vault write mysql/config/connection \
- connection_url="root:root@tcp(192.168.33.10:3306)/"
-Success! Data written to: mysql/config/connection
-```
-
-In this case, we've configured Vault with the user "root" and password "root,
-connecting to an instance at "192.168.33.10" on port 3306. It is not necessary
-that Vault has the root user, but the user must have privileges to create
-other users, namely the `GRANT OPTION` privilege.
-
-For using UNIX socket use: `root:root@unix(/path/to/socket)/`.
-
-Optionally, we can configure the lease settings for credentials generated
-by Vault. This is done by writing to the `config/lease` key:
-
-```
-$ vault write mysql/config/lease \
- lease=1h \
- lease_max=24h
-Success! Data written to: mysql/config/lease
-```
-
-This restricts each credential to being valid or leased for 1 hour
-at a time, with a maximum use period of 24 hours. This forces an
-application to renew their credentials at least hourly, and to recycle
-them once per day.
-
-The next step is to configure a role. A role is a logical name that maps
-to a policy used to generate those credentials. For example, lets create
-a "readonly" role:
-
-```
-$ vault write mysql/roles/readonly \
- sql="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';"
-Success! Data written to: mysql/roles/readonly
-```
-
-By writing to the `roles/readonly` path we are defining the `readonly` role.
-This role will be created by evaluating the given `sql` statements. By
-default, the `{{name}}` and `{{password}}` fields will be populated by
-Vault with dynamically generated values. This SQL statement is creating
-the named user, and then granting it `SELECT` or read-only privileges
-to tables in the database. More complex `GRANT` queries can be used to
-customize the privileges of the role. See the [MySQL manual](https://dev.mysql.com/doc/refman/5.7/en/grant.html)
-for more information.
-
-To generate a new set of credentials, we simply read from that role:
-
-```
-$ vault read mysql/creds/readonly
-Key Value
---- -----
-lease_id mysql/creds/readonly/bd404e98-0f35-b378-269a-b7770ef01897
-lease_duration 3600
-password 132ae3ef-5a64-7499-351e-bfe59f3a2a21
-username readonly-aefa635a-18
-```
-
-By reading from the `creds/readonly` path, Vault has generated a new
-set of credentials using the `readonly` role configuration. Here we
-see the dynamically generated username and password, along with a one
-hour lease.
-
-Using ACLs, it is possible to restrict using the mysql secrets engine such
-that trusted operators can manage the role definitions, and both
-users and applications are restricted in the credentials they are
-allowed to read.
-
-Optionally, you may configure both the number of characters from the role name
-that are truncated to form the display name portion of the mysql username
-interpolated into the `{{name}}` field: the default is 10.
-
-You may also configure the total number of characters allowed in the entire
-generated username (the sum of the display name and uuid portions); the
-default is 16. Note that versions of MySQL prior to 5.8 have a 16 character
-total limit on user names, so it is probably not safe to increase this above
-the default on versions prior to that.
-
-## API
-
-The MySQL secrets engine has a full HTTP API. Please see the
-[MySQL secrets engine API](/api/secret/mysql) for more
-details.
diff --git a/website/pages/docs/secrets/postgresql/postgres-deprecated.mdx b/website/pages/docs/secrets/postgresql/postgres-deprecated.mdx
deleted file mode 100644
index 08a64ca6565..00000000000
--- a/website/pages/docs/secrets/postgresql/postgres-deprecated.mdx
+++ /dev/null
@@ -1,122 +0,0 @@
----
-layout: docs
-page_title: PostgreSQL - Secrets Engines
-sidebar_title: PostgreSQL DEPRECATED
-deprecated: true
-description: >-
- The PostgreSQL secrets engine for Vault generates database credentials to
- access PostgreSQL.
----
-
-# PostgreSQL Secrets Engine
-
-Name: `postgresql`
-
-~> **Deprecation Note:** This secrets engine is deprecated in favor of the
-combined databases secrets engine added in v0.7.1. See the documentation for
-the new implementation of this secrets engine at
-[PostgreSQL database plugin](/docs/secrets/databases/postgresql).
-
-The PostgreSQL secrets engine for Vault generates database credentials
-dynamically based on configured roles. This means that services that need
-to access a database no longer need to hardcode credentials: they can request
-them from Vault, and use Vault's leasing mechanism to more easily roll keys.
-
-Additionally, it introduces a new ability: with every service accessing
-the database with unique credentials, it makes auditing much easier when
-questionable data access is discovered: you can track it down to the specific
-instance of a service based on the SQL username.
-
-Vault makes use both of its own internal revocation system as well as the
-`VALID UNTIL` setting when creating PostgreSQL users to ensure that users
-become invalid within a reasonable time of the lease expiring.
-
-This page will show a quick start for this secrets engine. For detailed documentation
-on every path, use `vault path-help` after mounting the secrets engine.
-
-## Quick Start
-
-The first step to using the PostgreSQL secrets engine is to mount it. Unlike the
-`kv` secrets engine, the `postgresql` secrets engine is not mounted by default.
-
-```text
-$ vault secrets enable postgresql
-Success! Enabled the postgresql secrets engine at: postgresql/
-```
-
-Next, Vault must be configured to connect to the PostgreSQL. This is done by
-writing either a PostgreSQL URL or PG connection string:
-
-```text
-$ vault write postgresql/config/connection \
- connection_url="postgresql://root:vaulttest@vaulttest.ciuvljjni7uo.us-west-1.rds.amazonaws.com:5432/postgres"
-```
-
-In this case, we've configured Vault with the user "root" and password "vaulttest",
-connecting to a PostgreSQL instance in AWS RDS. The "postgres" database name is being used.
-It is important that the Vault user have the `GRANT OPTION` privilege to manage users.
-
-Optionally, we can configure the lease settings for credentials generated
-by Vault. This is done by writing to the `config/lease` key:
-
-```
-$ vault write postgresql/config/lease lease=1h lease_max=24h
-Success! Data written to: postgresql/config/lease
-```
-
-This restricts each credential to being valid or leased for 1 hour
-at a time, with a maximum use period of 24 hours. This forces an
-application to renew their credentials at least hourly, and to recycle
-them once per day.
-
-The next step is to configure a role. A role is a logical name that maps
-to a policy used to generated those credentials. For example, lets create
-a "readonly" role:
-
-```text
-$ vault write postgresql/roles/readonly \
- sql="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';
- GRANT SELECT ON ALL TABLES IN SCHEMA public TO \"{{name}}\";"
-Success! Data written to: postgresql/roles/readonly
-```
-
-By writing to the `roles/readonly` path we are defining the `readonly` role.
-This role will be created by evaluating the given `sql` statements. By
-default, the `{{name}}`, `{{password}}` and `{{expiration}}` fields will be populated by
-Vault with dynamically generated values. This SQL statement is creating
-the named user, and then granting it `SELECT` or read-only privileges
-to tables in the database. More complex `GRANT` queries can be used to
-customize the privileges of the role. See the [PostgreSQL manual](http://www.postgresql.org/docs/9.4/static/sql-grant.html)
-for more information.
-
-To generate a new set of credentials, we simply read from that role:
-Vault is now configured to create and manage credentials for Postgres!
-
-```text
-$ vault read postgresql/creds/readonly
-Key Value
---- -----
-lease_id postgresql/creds/readonly/c888a097-b0e2-26a8-b306-fc7c84b98f07
-lease_duration 3600
-password 34205e88-0de1-68b7-6267-72d8e32c5d3d
-username root-1430162075-7887
-```
-
-By reading from the `creds/readonly` path, Vault has generated a new
-set of credentials using the `readonly` role configuration. Here we
-see the dynamically generated username and password, along with a one
-hour lease.
-
-Using ACLs, it is possible to restrict using the postgresql secrets engine such
-that trusted operators can manage the role definitions, and both
-users and applications are restricted in the credentials they are
-allowed to read.
-
-If you get stuck at any time, simply run `vault path-help postgresql` or with a
-subpath for interactive help output.
-
-## API
-
-The PostgreSQL secrets engine has a full HTTP API. Please see the
-[PostgreSQL secrets engine API](/api/secret/postgresql) for more
-details.