»Administrative Capabilities

The trust model for HCP Vault protects the operations invoked in the root namespace (admin), including all system configurations.

»CORS settings

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. For more information, refer to the Cross-Origin Resource Sharing (CORS) documentation.

Vault allows you to manage CORS settings for your UI. Refer to the Vault API documentation to learn about the /sys/config/cors API endpoint.

You can manage the CORS settings for your UI using the HCP portal or via API.

»Custom UI headers

Some security systems may require that the UI serves custom headers to improve the security of the underlying system. Vault allows you to manage custom headers to be served by the UI. See the Vault API documentation for details.

You can manage those UI header settings using the HCP portal or the API.