The trust model for HCP Vault protects the operations invoked in the root
admin), including all system configurations.
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. For more information, refer to the Cross-Origin Resource Sharing (CORS) documentation.
Vault allows you to manage CORS settings for your UI. Refer to the Vault API
documentation to learn
/sys/config/cors API endpoint.
You can manage the CORS settings for your UI using the HCP portal or via API.
Some security systems may require that the UI serves custom headers to improve the security of the underlying system. Vault allows you to manage custom headers to be served by the UI. See the Vault API documentation for details.
You can manage those UI header settings using the HCP portal or the API.
HCP Vault allows you to change your clusters in place while maintaining the current configurations. The only current limitations are that no production-grade clusters can be scaled down to the Development tier and you must have enough resources to scale down or delete them accordingly.
You can use the HCP Portal or Terraform to resize a current cluster up or down or change tiers.