The trust model for HCP Vault protects the operations invoked in the root
admin), including all system configurations.
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. For more information, refer to the Cross-Origin Resource Sharing (CORS) documentation.
Vault allows you to manage CORS settings for your UI. Refer to the Vault API
documentation to learn
/sys/config/cors API endpoint.
You can manage the CORS settings for your UI using the HCP portal or via API.
Custom UI headers
Some security systems may require that the UI serves custom headers to improve the security of the underlying system. Vault allows you to manage custom headers to be served by the UI. See the Vault API documentation for details.
You can manage those UI header settings using the HCP portal or the API.
Cluster resizing and changing tiers
HCP Vault allows you to change your clusters in place while maintaining the current configurations. The only current limitations are that no production-grade clusters can be scaled down to the Development tier and you must have enough resources to scale down or delete them accordingly.
You can use the HCP Portal or Terraform to resize a current cluster up or down or change tiers.
You can soft delete HCP Vault clusters and recover the deleted clusters within the grace period.
The project's Active resources page will not list the soft-deleted HCP Vault clusters. If no active resources exist, users can delete the project with no issue. However, once the project is deleted, HCP Support will not be able to restore the HCP Vault clusters.