DOCS-892: GW 4.53.0 and CLI 1.146.0

[harrison-akeyless]

Summary

This PR reapplies the DOCS-892 documentation updates from #309.

• PR DOCS-892: integrate 4.53.0/1.146 updates into existing docs pages #309 was merged and then reverted by Revert PR #309 (DOCS-892) #311
• This branch reintroduces the same content by reverting commit be7437bb (the PR Revert PR #309 (DOCS-892) #311 revert commit)

Traceability

• Original content PR: DOCS-892: integrate 4.53.0/1.146 updates into existing docs pages #309
• Revert PR: Revert PR #309 (DOCS-892) #311
• Reapply approach: revert the revert

Validation

• Change set matches the intended restoration of DOCS-892: integrate 4.53.0/1.146 updates into existing docs pages #309 content.

Summary by CodeRabbit

• Documentation
  • Added documentation for HashiCorp Vault rotated secrets
  • Expanded Universal Secrets Connector with folder-level sync commands
  • Added MySQL interactive flag support for Akeyless Connect
  • Documented TokenReview rate limiting configuration for Kubernetes authentication
  • Updated SRA file transfer mechanism to SFTP-based transfers
  • Enhanced documentation for SRA access request workflows, proactive caching, and audit logs
  • Clarified various authentication methods, permission scopes, and integration capabilities

[coderabbitai]

Warning

Review limit reached

@harrison-akeyless, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 53 minutes and 8 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8fe92b16-c924-4c5d-b697-64cee5148618

📥 Commits

Reviewing files that changed from the base of the PR and between ecbc909 and a8bbc14.

📒 Files selected for processing (3)

• docs/Integrations & Plugins/cli-reference/cli-reference-universal-secrets-connector.md
• docs/Universal Secret Connector/sync-secret/index.md
• docs/Universal Secret Connector/universal-secrets-connector/hc-vault-universal-secrets-connector.md

Walkthrough

This PR adds a new HashiCorp Vault rotated secret documentation page, introduces USC folder-sync CLI commands (folder-sync, folder-sync-all, folder-delete-sync), updates SRA file transfers from scp/ssh to SFTP-over-SRA-tunnel, documents MySQL -C pre: flag support for akeyless connect, and adds Gateway 4.53.0 features including K8s TokenReview rate limiting, proactive caching 429/leadership-loss handling, SRA access request flow, and reverse-RBAC --type sra/ara support.

Changes

Documentation Updates

Layer / File(s)	Summary
HashiCorp Vault Rotated Secret — new page and permissions docs/Secrets Management/rotated-secrets/create-a-hashicorp-vault-rotated-secret.md, docs/Secrets Management/rotated-secrets/_order.yaml, docs/Secrets Management/rotated-secrets/index.md, docs/Secrets Management/rotated-secrets/create-a-database-rotated-secret.md, docs/Integrations & Plugins/cli-reference/cli-reference-rotated-secrets.md	New complete documentation page for HashiCorp Vault rotated secret (prerequisites, console workflow, CLI command, version history), registered in nav order and supported types index; list-only permissions note added to database rotated secret and shared CLI flags reference.
USC folder-sync CLI commands and HC Vault guidance docs/Integrations & Plugins/cli-reference/cli-reference-universal-secrets-connector.md, docs/Universal Secret Connector/sync-secret/index.md, docs/Universal Secret Connector/universal-secrets-connector/hc-vault-universal-secrets-connector.md, docs/Universal Secret Connector/universal-secrets-connector/index.md	Documents folder-sync, folder-sync-all, and folder-delete-sync CLI commands with flags and examples; adds "Sync Entire Folder Contents" sections to HC Vault USC and sync-secret pages; expands USC overview with syncing and folder-level operation details.
SRA file transfer — SFTP-over-tunnel mechanism docs/Integrations & Plugins/cli-reference/cli-reference-gateway/cli-reference-sra.md, docs/Secure Remote Access/sra-user-guides/sra-akeyless-scp.md	Bumps minimum CLI version to 1.146, rewrites transfer mechanism from scp/ssh to SFTP over SRA tunnel, replaces PATH-missing failure with SFTP-capability failure condition, updates prerequisites to ssh-with-SFTP.
SRA MySQL pre-connect flags, portal access request, and RBAC SRA/ARA docs/Secure Remote Access/sra-admin-guides/sra-akeyless-connect.md, docs/Integrations & Plugins/cli-reference/cli-reference-gateway/cli-reference-connect.md, docs/Secure Remote Access/sra-user-guides/sra-portal.md, docs/Accessing Akeyless/rbac/index.md, docs/Integrations & Plugins/cli-reference/cli-reference-access-roles.md	Documents MySQL -C pre: prefix for akeyless connect (CLI 1.146+) with examples; adds SRA portal Access Request Flow section for Gateway 4.53.0+; extends reverse-rbac --type with sra/ara; changes --reverse-rbac-access accepted values from own/all to scoped/all.
Gateway 4.53.0 — K8s TokenReview rate limiting, proactive caching, and permissions docs/Accessing Akeyless/access-and-authentication-methods/auth-with-kubernetes/dedicated-k8s-auth-service-accounts.md, docs/Integrations & Plugins/cli-reference/cli-ref-auth/cli-reference-k8s-auth-method.md, docs/Akeyless Gateway/configure-gateway/gateway-caching/proactive-caching.md, docs/Akeyless Gateway/configure-gateway/gateway-caching/index.md, docs/Akeyless Gateway/gateway-best-practices.md, docs/Akeyless Gateway/configure-gateway/gateway-access-permissions-reference.md, docs/Akeyless Gateway/configure-gateway/gateway-log-forwarding.md	Adds K8S_TOKEN_REVIEW_QPS/K8S_TOKEN_REVIEW_BURST env var docs for native_k8s flows; expands proactive caching with 429 shared-backoff, Leadership-Loss Handling, and startup continuity note; adds Console Gateway visibility permission scope; documents JSON format requirement for stdout structured logs.
Audit logs table, sub-claims uid_comment, and auth method descriptions docs/Advanced Functionality/audit-logs/index.md, docs/Accessing Akeyless/access-and-authentication-methods/index.md, docs/Accessing Akeyless/rbac/sub-claims.md	Replaces raw logs table with a new formatted table including seq_num and component fields plus a console screenshot; rewrites Audit Log Sub-Claims description with uid_comment example; adds uid_comment sub-claim key note to the sub-claims reference.
Akeyless Agent dynamic secrets, AI Security, KMIP TTL, and account settings docs/Advanced Functionality/akeyless-agent.md, docs/AI Security/akeyless-ai-insight.md, docs/AI Security/identity-and-secrets-intelligence.md, docs/Encryption & KMS/kmip-server/index.md, docs/Advanced Functionality/account-settings/index.md	Adds Dynamic Secrets to Agent supported types, agent.toml template, and example subsection; extends AI Insights walkthrough with chat history/search; replaces single-sentence scanner coverage with GCP/AWS bullet details; documents certificate-ttl flag for KMIP server and client; adds force-new-version note to Secret Versions setting.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• akeylesslabs/technical-documentation#309: Directly overlaps with this PR across the same files and sections — identical Gateway 4.53.0/CLI 1.146 integration set including AI Insights chat history, TokenReview env vars, reverse-RBAC/SRA scope, proactive caching, audit logs, KMIP, and USC docs.

Poem

🐇 Hopping through the docs at night,
New Vault secrets, syncing right,
SFTP tunnels, MySQL flags too,
Rate limits set, the Gateway flew,
Folder sync and uid_comment glow —
Every rabbit needs their secrets to flow! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'DOCS-892: GW 4.53.0 and CLI 1.146.0' clearly summarizes the main documentation updates for these two version releases.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v1.0_remerge-pr-309

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Avi-Akeyless]

@harrison-akeyless akeyless folder sync

[Avi-Akeyless]

@harrison-akeyless akeyless folder sync-all

[Avi-Akeyless]

@harrison-akeyless The users can approve the requests from the Access Requests page.

[hasherwi]

Rechecked this against the current code before changing it. The approval flow still routes through Event Center in the current frontend implementation, and I could not find a current Access Requests page implementation in the checked-in frontend sources, so I left the docs wording unchanged for now.

[Avi-Akeyless]

@harrison-akeyless Not only Hashi, it's supported for all of the USC's.

[Avi-Akeyless]

@harrison-akeyless This should be set as an env var when deploying the gw - https://akeyless.atlassian.net/browse/ASM-18177

[hasherwi]

Rechecked this against the current implementation before editing. Gateway supports deploy-time initialization through the LOG_FORWARDING env var, but the current runtime config path also persists stdout/JSON selection through the log-forwarding configuration itself, so I left the note unchanged to avoid implying that env-var setup is the only supported way to enable JSON stdout output.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

docs/Advanced Functionality/akeyless-agent.md (1)

126-131: ⚡ Quick win

Missing code block label on Dynamic Secret template example.

All other template examples in the "Template Examples" section include a filename label (e.g., static.tmpl, rotated.tmpl, ssh_cert.tmpl), but the new Dynamic Secret example lacks one. For consistency and clarity, add the dynamic.tmpl label to the code block, matching the source = "path_to/dynamic.tmpl" reference in the agent.toml configuration (line 63).

✏️ Proposed fix

 ### Dynamic Secret
 
-```shell
+```shell dynamic.tmpl
 {{- with dynamicSecret "/my_dynamic_secret" -}}
 username={{ .Data.user }}
 password={{ .Data.password }}
 {{- end -}}

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @docs/Advanced Functionality/akeyless-agent.md around lines 126 - 131, Add
the filename label dynamic.tmpl to the code block containing the dynamicSecret
template example. Change the opening code fence from shell` to shell
dynamic.tmplto match the consistent labeling pattern used by other template examples in the Template Examples section (such asstatic.tmpl, rotated.tmpl, and ssh_cert.tmpl), and to align with the source =
"path_to/dynamic.tmpl"` reference shown in the agent.toml configuration.

</details>

<!-- cr-comment:v1:3019a3b6e669b6b0fea5e72f -->

_Source: Coding guidelines_

</blockquote></details>
<details>
<summary>docs/Universal Secret Connector/universal-secrets-connector/hc-vault-universal-secrets-connector.md (1)</summary><blockquote>

`166-170`: _⚡ Quick win_

**Move general account-level versioning information outside HC Vault–specific section.**

Line 168 describes "Account-level secret versioning [that] applies across Akeyless item types such as Static Secrets, Rotated Secrets, and Targets" — this is a general Akeyless capability, not specific to HashiCorp Vault. It may be more appropriate in the parent [Universal Secrets Connector overview](https://docs.akeyless.io/docs/universal-secrets-connector#hashicorp-vault-universal-secrets-details) or a shared capabilities section rather than in the HC Vault–specific page.

<details>
<summary>🤖 Prompt for AI Agents</summary>

```
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/Universal` Secret
Connector/universal-secrets-connector/hc-vault-universal-secrets-connector.md
around lines 166 - 170, The bullet point describing account-level secret
versioning that applies across Akeyless item types (Static Secrets, Rotated
Secrets, and Targets) is currently in the HashiCorp Vault-specific section but
represents a general Akeyless capability, not HC Vault-specific functionality.
Remove this bullet point from the HC Vault-specific section in
hc-vault-universal-secrets-connector.md and relocate it to the Universal Secrets
Connector overview page or a shared capabilities section where it more
appropriately documents this cross-platform feature. Keep only the truly HC
Vault-specific information (folder sync commands and provider-specific version
details variation) in the current location.
```

</details>

<!-- cr-comment:v1:cc96f47437e0f658025031f9 -->

</blockquote></details>

</blockquote></details>

<details>
<summary>🤖 Prompt for all review comments with AI agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @docs/Integrations &
Plugins/cli-reference/cli-reference-universal-secrets-connector.md:

• Around line 133-198: Update the HashiCorp Vault documentation page to clarify
  that folder-sync commands are universal features, not Vault-exclusive. The
  current language misleadingly suggests these commands are specific to Vault
  targets. Reference the evidence from the CLI reference that demonstrates
  universal capability: the folder-sync command description explicitly states it
  syncs "through Universal Secrets Connector" with no target-type restriction, and
  the --usc-name flag documentation confirms it can be omitted to "process all
  attached USCs for the folder." Revise the language to indicate that folder-sync
  is being documented in a Vault-specific context as an example use case, not as a
  Vault-only feature.

In @docs/Secrets
Management/rotated-secrets/create-a-hashicorp-vault-rotated-secret.md:

• Around line 1-12: The frontmatter in this documentation file has empty values
  for metadata.title and metadata.description (lines 7-8). Populate these fields
  with descriptive content that accurately represents the page topic (HashiCorp
  Vault Rotated Secret) to meet the complete frontmatter requirement for
  ReadMe.com pages. The metadata.title should be a clear page title and
  metadata.description should provide a brief summary suitable for SEO and
  documentation discoverability.

---

Nitpick comments:
In @docs/Advanced Functionality/akeyless-agent.md:

• Around line 126-131: Add the filename label dynamic.tmpl to the code block
  containing the dynamicSecret template example. Change the opening code fence
  from shell` to shell dynamic.tmplto match the consistent labeling pattern used by other template examples in the Template Examples section (such asstatic.tmpl, rotated.tmpl, and ssh_cert.tmpl), and to align with the source = "path_to/dynamic.tmpl"` reference shown in the agent.toml
  configuration.

In @docs/Universal Secret
Connector/universal-secrets-connector/hc-vault-universal-secrets-connector.md:

• Around line 166-170: The bullet point describing account-level secret
  versioning that applies across Akeyless item types (Static Secrets, Rotated
  Secrets, and Targets) is currently in the HashiCorp Vault-specific section but
  represents a general Akeyless capability, not HC Vault-specific functionality.
  Remove this bullet point from the HC Vault-specific section in
  hc-vault-universal-secrets-connector.md and relocate it to the Universal Secrets
  Connector overview page or a shared capabilities section where it more
  appropriately documents this cross-platform feature. Keep only the truly HC
  Vault-specific information (folder sync commands and provider-specific version
  details variation) in the current location.

</details>

<details>
<summary>🪄 Autofix (Beta)</summary>

Fix all unresolved CodeRabbit comments on this PR:

- [ ] <!-- {"checkboxId": "4b0d0e0a-96d7-4f10-b296-3a18ea78f0b9"} --> Push a commit to this branch (recommended)
- [ ] <!-- {"checkboxId": "ff5b1114-7d8c-49e6-8ac1-43f82af23a33"} --> Create a new PR with the fixes

</details>

---

<details>
<summary>ℹ️ Review info</summary>

<details>
<summary>⚙️ Run configuration</summary>

**Configuration used**: Path: .coderabbit.yaml

**Review profile**: CHILL

**Plan**: Pro

**Run ID**: `d1dc2350-6d18-4533-8776-b80126834a73`

</details>

<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between d906941f799444da6d64324f6f70bcd23899931a and ecbc909746129d7cfdf17d5ea6e3b7f23ca8f300.

</details>

<details>
<summary>📒 Files selected for processing (31)</summary>

* `docs/AI Security/akeyless-ai-insight.md`
* `docs/AI Security/identity-and-secrets-intelligence.md`
* `docs/Accessing Akeyless/access-and-authentication-methods/auth-with-kubernetes/dedicated-k8s-auth-service-accounts.md`
* `docs/Accessing Akeyless/access-and-authentication-methods/index.md`
* `docs/Accessing Akeyless/rbac/index.md`
* `docs/Accessing Akeyless/rbac/sub-claims.md`
* `docs/Advanced Functionality/account-settings/index.md`
* `docs/Advanced Functionality/akeyless-agent.md`
* `docs/Advanced Functionality/audit-logs/index.md`
* `docs/Akeyless Gateway/configure-gateway/gateway-access-permissions-reference.md`
* `docs/Akeyless Gateway/configure-gateway/gateway-caching/index.md`
* `docs/Akeyless Gateway/configure-gateway/gateway-caching/proactive-caching.md`
* `docs/Akeyless Gateway/configure-gateway/gateway-log-forwarding.md`
* `docs/Akeyless Gateway/gateway-best-practices.md`
* `docs/Encryption & KMS/kmip-server/index.md`
* `docs/Integrations & Plugins/cli-reference/cli-ref-auth/cli-reference-k8s-auth-method.md`
* `docs/Integrations & Plugins/cli-reference/cli-reference-access-roles.md`
* `docs/Integrations & Plugins/cli-reference/cli-reference-gateway/cli-reference-connect.md`
* `docs/Integrations & Plugins/cli-reference/cli-reference-gateway/cli-reference-sra.md`
* `docs/Integrations & Plugins/cli-reference/cli-reference-rotated-secrets.md`
* `docs/Integrations & Plugins/cli-reference/cli-reference-universal-secrets-connector.md`
* `docs/Secrets Management/rotated-secrets/_order.yaml`
* `docs/Secrets Management/rotated-secrets/create-a-database-rotated-secret.md`
* `docs/Secrets Management/rotated-secrets/create-a-hashicorp-vault-rotated-secret.md`
* `docs/Secrets Management/rotated-secrets/index.md`
* `docs/Secure Remote Access/sra-admin-guides/sra-akeyless-connect.md`
* `docs/Secure Remote Access/sra-user-guides/sra-akeyless-scp.md`
* `docs/Secure Remote Access/sra-user-guides/sra-portal.md`
* `docs/Universal Secret Connector/sync-secret/index.md`
* `docs/Universal Secret Connector/universal-secrets-connector/hc-vault-universal-secrets-connector.md`
* `docs/Universal Secret Connector/universal-secrets-connector/index.md`

</details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Populate empty metadata fields in frontmatter.

The frontmatter has the required keys present but metadata.title and metadata.description (lines 7-8) are empty strings. Per the coding guidelines, ReadMe.com pages require "complete front matter" with populated metadata values for proper documentation discoverability and SEO. These should be filled with descriptive content.

📝 Suggested metadata content

 metadata:
-  title: ''
-  description: ''
+  title: 'Create a HashiCorp Vault Rotated Secret'
+  description: 'Set up automatic password rotation for HashiCorp Vault secrets using Akeyless'
   robots: index

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	---
	title: HashiCorp Vault Rotated Secret
	excerpt: ''
	deprecated: false
	hidden: false
	metadata:
	title: ''
	description: ''
	robots: index
	next:
	description: ''
	---
	---
	title: HashiCorp Vault Rotated Secret
	excerpt: ''
	deprecated: false
	hidden: false
	metadata:
	title: 'Create a HashiCorp Vault Rotated Secret'
	description: 'Set up automatic password rotation for HashiCorp Vault secrets using Akeyless'
	robots: index
	next:
	description: ''
	---

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/Secrets`
Management/rotated-secrets/create-a-hashicorp-vault-rotated-secret.md around
lines 1 - 12, The frontmatter in this documentation file has empty values for
metadata.title and metadata.description (lines 7-8). Populate these fields with
descriptive content that accurately represents the page topic (HashiCorp Vault
Rotated Secret) to meet the complete frontmatter requirement for ReadMe.com
pages. The metadata.title should be a clear page title and metadata.description
should provide a brief summary suitable for SEO and documentation
discoverability.

Source: Coding guidelines