Backport of website: content updates for developer into release/1.11.x

website/Makefile

@@ -13,7 +13,8 @@ DOCKER_RUN_FLAGS=-it \
 		--volume "$(PWD)/redirects.js:/app/redirects.js" \
 		--volume "next-dir:/app/website-preview/.next" \
 		--volume "$(PWD)/.env:/app/.env" \
-		-e "REPO=vault"
+		-e "REPO=vault" \
+		-e "PREVIEW_MODE=io"
 
 # Default: run this if working on the website locally to run in watch mode.
 .PHONY: website

website/content/api-docs/auth/jwt.mdx

@@ -303,7 +303,7 @@ Obtain an authorization URL from Vault to start an OIDC login flow.
 - `role` `(string: <optional>)` - Name of the role against which the login is being
   attempted. Defaults to configured `default_role` if not provided.
 - `redirect_uri` `(string: <required>)` - Path to the callback to complete the login. This will be
-  of the form, "https://.../oidc/callback" where the leading portion is dependent on your Vault
+  of the form, "https&#x3A;//.../oidc/callback" where the leading portion is dependent on your Vault
   server location, port, and the mount of the JWT plugin. This must be configured with Vault and the
   provider. See [Redirect URIs](/docs/auth/jwt#redirect-uris) for more information.
 - `client_nonce` `(string: <optional>)` - Optional client-provided nonce that

website/content/api-docs/index.mdx

@@ -196,7 +196,7 @@ To retrieve the help for any API within Vault, including mounted backends, auth
 methods, etc. then append `?help=1` to any URL. If you have valid permission to
 access the path, then the help text will be return a markdown-formatted block in the `help` attribute of the response.
 
-Additionally, with the [OpenAPI generation](/api/system/internal-specs-openapi) in Vault, you will get back a small
+Additionally, with the [OpenAPI generation](/api-docs/system/internal-specs-openapi) in Vault, you will get back a small
 OpenAPI document in the `openapi` attribute. This document is relevant for the path you're looking up and any paths under it - also note paths in the OpenAPI document are relative to the initial path queried.
 
 Example request:

website/content/api-docs/relatedtools.mdx

@@ -8,7 +8,7 @@ description: Short list of third-party tools that work with or are related to Va
 
 ## Hashicorp Tools
 
-- The [Terraform Vault provider](https://www.terraform.io/docs/providers/vault/index.html) can read from, write to, and configure Vault from [HashiCorp Terraform](https://www.terraform.io/)
+- The [Terraform Vault provider](https://registry.terraform.io/providers/hashicorp/vault/latest/docs) can read from, write to, and configure Vault from [HashiCorp Terraform](https://www.terraform.io/)
 - [consul-template](https://github.com/hashicorp/consul-template) is a template renderer, notifier, and supervisor for HashiCorp Consul and Vault data
 - [envconsul](https://github.com/hashicorp/envconsul) allows you to read and set environmental variables for processes from Consul and Vault data
 - The [vault-ssh-helper](https://github.com/hashicorp/vault-ssh-helper) can be used to enable one-time passwords for SSH authentication via Vault
@@ -31,7 +31,6 @@ The following list of tools is maintained by the community of Vault users; Hashi
 - [Docker credential helper](https://github.com/morningconsult/docker-credential-vault-login) - A program that automatically reads Docker credentials from your Vault server and passes them to the Docker daemon to authenticate to your Docker registry when pulling an image
 - [Cruise Daytona](https://github.com/cruise-automation/daytona) - An alternative implementation of the Vault client CLI for services and containers. Its core features are the ability to automate authentication, fetching of secrets, and automated token renewal. Support for AWS, GCP, & Kubernetes Vault Auth Backends.
 - [Vault-CRD](https://vault.koudingspawn.de/) - Synchronize secrets stored in HashiCorp Vault to Kubernetes Secrets for better GitOps without secrets stored in git manifest files.
-- [nc-vault-env](https://github.com/namecheap/nc-vault-env) - JS CLI tool that fetches secrets in parallel, puts them into the environment and then `exec`s the process that needs them. Supports auth token renewal, multiple auth backends, verbose logging and dummy mode.
 - [vsh](https://github.com/fishi0x01/vsh) - Interactive shell with tab-completion. Allows recursive operations on paths. Allows migration of secrets between both KV versions.
 - [HashiBox](https://github.com/nunchistudio/hashibox) - Vagrant environment to simulate highly-available cloud with Consul, Nomad, Vault, and optional support for Waypoint. OSS & Enterprise supported.
 

website/content/api-docs/secret/azure.mdx

@@ -360,7 +360,7 @@ $ vault read azure/creds/my-role
 
 ## Revoking/Renewing Secrets
 
-See docs on how to [renew](/api/system/leases#renew-lease) and [revoke](/api/system/leases#revoke-lease) leases.
+See docs on how to [renew](/api/system/leases#renew-lease) and [revoke](/api-docs/system/leases#revoke-lease) leases.
 
 [docs]: /docs/secrets/azure
 [roles]: /docs/secrets/azure#roles

website/content/api-docs/secret/cassandra.mdx

@@ -11,12 +11,12 @@ description: This is the API documentation for the Vault Cassandra secrets engin
 ~> **Deprecation Note:** This backend is deprecated in favor of the
 combined databases backend added in v0.7.1. See the API documentation for
 the new implementation of this backend at
-[Cassandra database plugin HTTP API](/api/secret/databases/cassandra).
+[Cassandra database plugin HTTP API](/api-docs/secret/databases/cassandra).
 
 This is the API documentation for the Vault Cassandra secrets engine. For
 general information about the usage and operation of the Cassandra backend,
 please see the
-[Vault Cassandra backend documentation](/docs/secrets/cassandra).
+[Vault Cassandra backend documentation](/docs/secrets/databases/cassandra).
 
 This documentation assumes the Cassandra backend is mounted at the `/cassandra`
 path in Vault. Since it is possible to enable secrets engines at any location,
@@ -197,7 +197,7 @@ $ curl \
 
 This endpoint deletes the role definition.
 
-| Method   | Path                     |
+| Method   | Path                     |                 |
 | :------- | :----------------------- | --------------- |
 | `DELETE` | `/cassandra/roles/:name` | `204 (no body)` |
 

website/content/api-docs/secret/consul.mdx

@@ -159,11 +159,11 @@ To create a client token with service identities attached:
 - `token_type` <sup>DEPRECATED (1.11)</sup> `(string: "client")` - Specifies the type of token to create
   when using this role. Valid values are `"client"` or `"management"`. If a `"management"`
   token, the `policy` parameter is not required. Defaults to `"client`". [Deprecated from Consul as of 1.4 and
-  removed as of Consul 1.11.](https://www.consul.io/api/acl/legacy)
+  removed as of Consul 1.11.](https://www.consul.io/api-docs/acl/legacy)
 
 - `policy` <sup>DEPRECATED (1.11)</sup> `(string: "")` – Specifies the base64-encoded ACL policy.
   This is required unless the `token_type` is `"management"`. [Deprecated from Consul as of 1.4 and
-  removed as of Consul 1.11.](https://www.consul.io/api/acl/legacy)
+  removed as of Consul 1.11.](https://www.consul.io/api-docs/acl/legacy)
 
 - `policies` <sup>DEPRECATED (1.11)</sup> `(list: <policy or policies>)` - Same as `consul_policies`.
   Deprecated in favor of using `consul_policies`.

website/content/api-docs/secret/databases/cassandra.mdx

@@ -173,7 +173,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/couchbase.mdx

@@ -102,7 +102,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/elasticdb.mdx

@@ -68,7 +68,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/hanadb.mdx

@@ -77,7 +77,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/influxdb.mdx

@@ -107,7 +107,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/mongodb.mdx

@@ -103,7 +103,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/mongodbatlas.mdx

@@ -56,7 +56,7 @@ $ curl \
 
 Statements are configured during Vault role creation and are used by the plugin to
 determine what is sent to MongoDB Atlas upon user creation, renewal, and
-revocation. For more information on configuring roles see the [Role API](/api/secret/databases#create-role)
+revocation. For more information on configuring roles see the [Role API](/api-docs/secret/databases#create-role)
 in the Database Secrets Engine docs.
 
 ### Parameters

website/content/api-docs/secret/databases/mssql.mdx

@@ -109,7 +109,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/mysql-maria.mdx

@@ -144,7 +144,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/oracle.mdx

@@ -102,7 +102,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/postgresql.mdx

@@ -107,7 +107,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/redshift.mdx

@@ -79,7 +79,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/databases/snowflake.mdx

@@ -79,7 +79,7 @@ $ curl \
 Statements are configured during role creation and are used by the plugin to
 determine what is sent to the database on user creation, renewing, and
 revocation. For more information on configuring roles see the [Role
-API](/api/secret/databases#create-role) in the database secrets engine docs.
+API](/api-docs/secret/databases#create-role) in the database secrets engine docs.
 
 ### Parameters
 

website/content/api-docs/secret/gcp.mdx

@@ -594,5 +594,5 @@ $ curl \
 
 ## Revoking/Renewing Secrets
 
-See docs on how to [renew](/api/system/leases#renew-lease) and [revoke](/api/system/leases#revoke-lease) leases.
+See docs on how to [renew](/api/system/leases#renew-lease) and [revoke](/api-docs/system/leases#revoke-lease) leases.
 Note this only applies to service account keys.

website/content/api-docs/secret/identity/mfa/duo.mdx

@@ -10,7 +10,7 @@ description: >-
 This endpoint defines an MFA method of type Duo.
 
 | Method | Path                           |
-| :----- |:-------------------------------|
+| :----- | :----------------------------- |
 | `POST` | `/identity/mfa/method/duo/:id` |
 
 ### Parameters
@@ -26,7 +26,9 @@ This endpoint defines an MFA method of type Duo.
 - `api_hostname` `(string: <required>)` - API hostname for Duo.
 
 - `push_info` `(string)` - Push information for Duo.
+
 -
+
 - `use_passcode` `(bool: false)` - If true, the user is reminded to use the passcode upon MFA validation.
 
 ### Sample Payload
@@ -64,7 +66,7 @@ This endpoint queries the MFA configuration of Duo type for a given method
 ID.
 
 | Method | Path                           |
-| :----- |:-------------------------------|
+| :----- | :----------------------------- |
 | `GET`  | `/identity/mfa/method/duo/:id` |
 
 ### Parameters
@@ -101,10 +103,10 @@ $ curl \
 ## Delete Duo MFA Method
 
 This endpoint deletes a Duo MFA method. MFA methods can only be deleted if they're not currently in use
-by a [login enforcement](/api/secret/identity/mfa/login-enforcement).
+by a [login enforcement](/api-docs/secret/identity/mfa/login-enforcement).
 
 | Method   | Path                           |
-| :------- |:-------------------------------|
+| :------- | :----------------------------- |
 | `DELETE` | `/identity/mfa/method/duo/:id` |
 
 ### Parameters
@@ -126,7 +128,7 @@ $ curl \
 This endpoint lists Duo MFA methods that are visible in the current namespace or in parent namespaces.
 
 | Method | Path                       |
-|:-------|:---------------------------|
+| :----- | :------------------------- |
 | `LIST` | `/identity/mfa/method/duo` |
 
 ### Sample Request

website/content/api-docs/secret/identity/mfa/index.mdx

@@ -9,18 +9,18 @@ description: >-
 
 ## Supported MFA types.
 
-- [TOTP](/api/secret/identity/mfa/totp)
+- [TOTP](/api-docs/secret/identity/mfa/totp)
 
-- [Okta](/api/secret/identity/mfa/okta)
+- [Okta](/api-docs/secret/identity/mfa/okta)
 
-- [Duo](/api/secret/identity/mfa/duo)
+- [Duo](/api-docs/secret/identity/mfa/duo)
 
-- [PingID](/api/secret/identity/mfa/pingid)
+- [PingID](/api-docs/secret/identity/mfa/pingid)
 
 ## Other
 
-- [Login Enforcement](/api/secret/identity/mfa/login-enforcement)
-- [MFA Validate](/api/system/mfa/validate)
+- [Login Enforcement](/api-docs/secret/identity/mfa/login-enforcement)
+- [MFA Validate](/api-docs/system/mfa/validate)
 
 While the above endpoints are available in both the open source and Enterprise versions of Vault,
 they are namespace aware. MFA methods and login enforcements created in one namespace are separate from other

website/content/api-docs/secret/identity/mfa/okta.mdx

@@ -10,7 +10,7 @@ description: >-
 This endpoint defines an MFA method of type Okta.
 
 | Method | Path                            |
-| :----- |:--------------------------------|
+| :----- | :------------------------------ |
 | `POST` | `/identity/mfa/method/okta/:id` |
 
 ### Parameters
@@ -61,7 +61,7 @@ This endpoint queries the MFA configuration of Okta type for a given method
 name.
 
 | Method | Path                            |
-| :----- |:--------------------------------|
+| :----- | :------------------------------ |
 | `GET`  | `/identity/mfa/method/okta/:id` |
 
 ### Parameters
@@ -96,10 +96,10 @@ $ curl \
 ## Delete Okta MFA Method
 
 This endpoint deletes a Okta MFA method. The MFA methods can only be deleted if they're not currently in use
-by a [login enforcement](/api/secret/identity/mfa/login-enforcement).
+by a [login enforcement](/api-docs/secret/identity/mfa/login-enforcement).
 
 | Method   | Path                            |
-| :------- |:--------------------------------|
+| :------- | :------------------------------ |
 | `DELETE` | `/identity/mfa/method/okta/:id` |
 
 ### Parameters
@@ -121,7 +121,7 @@ $ curl \
 This endpoint lists Okta MFA methods that are visible in the current namespace or in parent namespaces.
 
 | Method | Path                        |
-|:-------|:----------------------------|
+| :----- | :-------------------------- |
 | `LIST` | `/identity/mfa/method/okta` |
 
 ### Sample Request

website/content/api-docs/secret/identity/mfa/pingid.mdx

@@ -10,7 +10,7 @@ description: >-
 This endpoint defines an MFA method of type PingID.
 
 | Method | Path                              |
-| :----- |:----------------------------------|
+| :----- | :-------------------------------- |
 | `POST` | `/identity/mfa/method/pingid/:id` |
 
 ### Parameters
@@ -54,7 +54,7 @@ This endpoint queries the MFA configuration of PingID type for a given method
 name.
 
 | Method | Path                              |
-| :----- |:----------------------------------|
+| :----- | :-------------------------------- |
 | `GET`  | `/identity/mfa/method/pingid/:id` |
 
 ### Parameters
@@ -90,10 +90,10 @@ $ curl \
 ## Delete PingID MFA Method
 
 This endpoint deletes a PingID MFA method. MFA methods can only be deleted if they're not currently in use
-by a [login enforcement](/api/secret/identity/mfa/login-enforcement).
+by a [login enforcement](/api-docs/secret/identity/mfa/login-enforcement).
 
 | Method   | Path                              |
-| :------- |:----------------------------------|
+| :------- | :-------------------------------- |
 | `DELETE` | `/identity/mfa/method/pingid/:id` |
 
 ### Parameters
@@ -115,7 +115,7 @@ $ curl \
 This endpoint lists PingID MFA methods that are visible in the current namespace or in parent namespaces.
 
 | Method | Path                          |
-|:-------|:------------------------------|
+| :----- | :---------------------------- |
 | `LIST` | `/identity/mfa/method/pingid` |
 
 ### Sample Request