diff --git a/website/content/docs/commands/session-recordings/download.mdx b/website/content/docs/commands/session-recordings/download.mdx
index 96567fbc66..d37da7e29b 100644
--- a/website/content/docs/commands/session-recordings/download.mdx
+++ b/website/content/docs/commands/session-recordings/download.mdx
@@ -7,6 +7,8 @@ description: |-
# session-recordings download
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary session-recordings download`
The `boundary session-recordings download` command lets you download a Boundary session recording.
diff --git a/website/content/docs/commands/session-recordings/index.mdx b/website/content/docs/commands/session-recordings/index.mdx
index 1775243cd9..85416f60cf 100644
--- a/website/content/docs/commands/session-recordings/index.mdx
+++ b/website/content/docs/commands/session-recordings/index.mdx
@@ -7,6 +7,8 @@ description: |-
# session-recordings
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary session-recordings`
The `session-recordings` command lets you perform operations on Boundary session recording resources.
diff --git a/website/content/docs/commands/session-recordings/list.mdx b/website/content/docs/commands/session-recordings/list.mdx
index 53a7b378ec..3f286ef4a1 100644
--- a/website/content/docs/commands/session-recordings/list.mdx
+++ b/website/content/docs/commands/session-recordings/list.mdx
@@ -7,6 +7,8 @@ description: |-
# session-recordings list
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary session-recordings list`
The `boundary session-recordings list` command lets you list the Boundary session recordings within a given scope or resource.
diff --git a/website/content/docs/commands/session-recordings/read.mdx b/website/content/docs/commands/session-recordings/read.mdx
index 708974a19f..96a818e984 100644
--- a/website/content/docs/commands/session-recordings/read.mdx
+++ b/website/content/docs/commands/session-recordings/read.mdx
@@ -7,6 +7,8 @@ description: |-
# session-recordings read
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary session-recordings read`
The `boundary session-recordings read` command lets you read information about a Boundary session recording by providing the ID.
diff --git a/website/content/docs/commands/storage-buckets/create.mdx b/website/content/docs/commands/storage-buckets/create.mdx
index 1d81ed8678..901c84799d 100644
--- a/website/content/docs/commands/storage-buckets/create.mdx
+++ b/website/content/docs/commands/storage-buckets/create.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets create
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets create`
The `boundary storage-buckets create` command lets you create Boundary storage buckets.
diff --git a/website/content/docs/commands/storage-buckets/delete.mdx b/website/content/docs/commands/storage-buckets/delete.mdx
index 26210d7d79..62dd47a8bf 100644
--- a/website/content/docs/commands/storage-buckets/delete.mdx
+++ b/website/content/docs/commands/storage-buckets/delete.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets delete
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets delete`
The `boundary storage-buckets delete` command lets you delete Boundary storage buckets.
diff --git a/website/content/docs/commands/storage-buckets/index.mdx b/website/content/docs/commands/storage-buckets/index.mdx
index 155de5ef0b..6d6e1005bf 100644
--- a/website/content/docs/commands/storage-buckets/index.mdx
+++ b/website/content/docs/commands/storage-buckets/index.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets`
The `storage-buckets` command lets you perform operations on Boundary storage bucket resources.
diff --git a/website/content/docs/commands/storage-buckets/list.mdx b/website/content/docs/commands/storage-buckets/list.mdx
index 758ea8d6ae..f1567fa2ab 100644
--- a/website/content/docs/commands/storage-buckets/list.mdx
+++ b/website/content/docs/commands/storage-buckets/list.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets list
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `storage-buckets list`
The `storage-buckets list` command lets you list the storage buckets within a given scope or resource.
diff --git a/website/content/docs/commands/storage-buckets/read.mdx b/website/content/docs/commands/storage-buckets/read.mdx
index 21c8f404e0..1148473e98 100644
--- a/website/content/docs/commands/storage-buckets/read.mdx
+++ b/website/content/docs/commands/storage-buckets/read.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets read
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets read`
The `boundary storage-buckets read` command lets you read information about Boundary storage buckets.
diff --git a/website/content/docs/commands/storage-buckets/update.mdx b/website/content/docs/commands/storage-buckets/update.mdx
index f112fee622..0b0941a9b2 100644
--- a/website/content/docs/commands/storage-buckets/update.mdx
+++ b/website/content/docs/commands/storage-buckets/update.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets update
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets update`
The `boundary storage-buckets update` command lets you update Boundary storage buckets by ID.
diff --git a/website/content/docs/concepts/auditing.mdx b/website/content/docs/concepts/auditing.mdx
index 1a434ef90a..786c6fc687 100644
--- a/website/content/docs/concepts/auditing.mdx
+++ b/website/content/docs/concepts/auditing.mdx
@@ -25,6 +25,8 @@ Further, security teams seek to prevent incidents and proactively identify poten
## Session recording
+This feature requires HCP Boundary or Boundary Enterprise
+
Boundary provides auditing capabilities via [session recording](/boundary/docs/concepts/domain-model/session-recordings).
In Boundary, a session represents a set of connections between a user and a host from a target.
The session begins when an authorized user requests access to a target, and it ends when that access is terminated.
@@ -72,6 +74,8 @@ Boundary emits audit events for actions performed by users. Here are **some** of
## Storage buckets
+This feature requires HCP Boundary or Boundary Enterprise
+
A resource known as a [storage bucket](/boundary/docs/concepts/domain-model/storage-buckets) is used to store the recorded sessions.
The storage bucket represents a bucket in an external object store.
At this time, the only supported storage for storage buckets is AWS S3.
@@ -92,6 +96,8 @@ Any session recording metadata that is attached to the storage bucket is deleted
## BSR directory structure
+This feature requires HCP Boundary or Boundary Enterprise
+
The BSR (Boundary Session Recording) defines a hierarchical directory structure of files and a binary file format.
It contains all the data transmitted between a user and a target during a single session.
diff --git a/website/content/docs/concepts/credential-management.mdx b/website/content/docs/concepts/credential-management.mdx
index 4c650bfd0a..71dcce2ab0 100644
--- a/website/content/docs/concepts/credential-management.mdx
+++ b/website/content/docs/concepts/credential-management.mdx
@@ -65,7 +65,9 @@ Learn more about [credential brokering](/boundary/tutorials/hcp-getting-started/
Learn more about the [Vault dynamic secrets engine](/vault/docs/secrets).
-## Credential injection HCP/ENT
+## Credential injection
+
+This feature requires HCP Boundary or Boundary Enterprise
Credential injection is the process by which a credential is fetched from a credential store and then passed on to a worker for authentication to a remote machine.
With credential injection, the user never sees the credential required to authenticate to the target.
diff --git a/website/content/docs/concepts/domain-model/credential-libraries.mdx b/website/content/docs/concepts/domain-model/credential-libraries.mdx
index 979f962ecb..fc6807ef17 100644
--- a/website/content/docs/concepts/domain-model/credential-libraries.mdx
+++ b/website/content/docs/concepts/domain-model/credential-libraries.mdx
@@ -34,7 +34,9 @@ The default value is `GET`.
- `vault-http-request-body` - (optional) The body of the HTTP request the library sends to Vault when it requests credentials.
Only valid if `http_method` is set to `POST`.
-### Vault SSH certificate credential library attributes HCP/ENT
+### Vault SSH certificate credential library attributes
+
+This feature requires HCP Boundary or Boundary Enterprise
As of Boundary 0.12.0, you can configure SSH credential injection using [Vault's SSH secrets engine](/vault/docs/secrets/ssh) to create the SSH certificate credentials.
SSH certificate-based authentication extends key-based authentication using digital signatures.
diff --git a/website/content/docs/concepts/domain-model/session-recordings.mdx b/website/content/docs/concepts/domain-model/session-recordings.mdx
index 053e60e3e8..6a09ca45e5 100644
--- a/website/content/docs/concepts/domain-model/session-recordings.mdx
+++ b/website/content/docs/concepts/domain-model/session-recordings.mdx
@@ -5,8 +5,9 @@ description: |-
The anatomy of a Boundary session recording
---
-# Session recordings HCP/ENT
+# Session recordings
+This feature requires HCP Boundary or Boundary Enterprise
A session recording represents a directory structure of
files in an external object store that together are the
diff --git a/website/content/docs/concepts/domain-model/storage-buckets.mdx b/website/content/docs/concepts/domain-model/storage-buckets.mdx
index 5702c302bd..b759328321 100644
--- a/website/content/docs/concepts/domain-model/storage-buckets.mdx
+++ b/website/content/docs/concepts/domain-model/storage-buckets.mdx
@@ -5,8 +5,9 @@ description: |-
The anatomy of a Boundary storage bucket
---
-# Storage buckets HCP/ENT
+# Storage buckets
+This feature requires HCP Boundary or Boundary Enterprise
A resource known as a storage bucket is used to store the [session recordings][].
The storage bucket represents a bucket in an external object store.
diff --git a/website/content/docs/concepts/domain-model/targets.mdx b/website/content/docs/concepts/domain-model/targets.mdx
index 1f1b32dc26..797e321857 100644
--- a/website/content/docs/concepts/domain-model/targets.mdx
+++ b/website/content/docs/concepts/domain-model/targets.mdx
@@ -92,7 +92,9 @@ TCP targets have the following additional attribute:
- `default_port` - (required)
The default port to set on this target.
-### SSH target attributes HCP/ENT
+### SSH target attributes
+
+This feature requires HCP Boundary or Boundary Enterprise
SSH targets use injected application credentials to authenticate an SSH session between the client and end host.
Injected credentials allow users to securely connect to remost hosts using SSH, while never being in the possession of a valid credential for that target host.
diff --git a/website/content/docs/concepts/filtering/worker-tags.mdx b/website/content/docs/concepts/filtering/worker-tags.mdx
index d9101b645c..95fe0ebcaa 100644
--- a/website/content/docs/concepts/filtering/worker-tags.mdx
+++ b/website/content/docs/concepts/filtering/worker-tags.mdx
@@ -148,7 +148,10 @@ The `ingress_worker_filter`HCP/ENT attribute controls which workers a
This is the worker a client connects to when initiating a connection to a target.
-## Vault workers HCP/ENT
+## Vault workers
+
+This feature requires HCP Boundary or Boundary Enterprise
+
Tags are used to control which [PKI workers] can manage Vault requests by specifying
a `worker_filter`attribute when configuring [credential stores].
diff --git a/website/content/docs/concepts/security/data-encryption.mdx b/website/content/docs/concepts/security/data-encryption.mdx
index 26a7b5c3fd..3ec6f246d3 100644
--- a/website/content/docs/concepts/security/data-encryption.mdx
+++ b/website/content/docs/concepts/security/data-encryption.mdx
@@ -105,7 +105,10 @@ $ boundary scopes list-key-version-destruction-jobs -scope-id p_A4jfDjZ9jf
Once the job disappears from this list, the associated key version will have
been destroyed and any existing data will have been re-encrypted.
-## The `bsr` KMS key HCP/ENT
+## The `bsr` KMS key
+
+This feature requires HCP Boundary or Boundary Enterprise
+
The `bsr` KMS key is required for [session recording](/boundary/docs/configuration/session-recording).
If you do not add a `bsr` key to your controller configuration, you will receive an error when you attempt to enable session recording.
The key is used for encrypting data and checking the integrity of recordings.
diff --git a/website/content/docs/concepts/workers.mdx b/website/content/docs/concepts/workers.mdx
index e9f58f1f24..2183e9c0c7 100644
--- a/website/content/docs/concepts/workers.mdx
+++ b/website/content/docs/concepts/workers.mdx
@@ -52,7 +52,10 @@ with tag “A,” to connect to targets in “Network A.”
-## Multi-hop sessions HCP/ENT
+## Multi-hop sessions
+
+This feature requires HCP Boundary or Boundary Enterprise
+
Most organizations want to provide access to infrastructure without exposing private networks. Many organizations also have complex network topologies requiring
inbound traffic to route through multiple network enclaves in order to reach the target system.
[Multi-hop](/boundary/docs/configuration/worker#multi-hop-worker-capabilities-hcp-ent) sessions allow you to chain together two or more workers
diff --git a/website/content/docs/configuration/session-recording/create-storage-bucket.mdx b/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
index f6af947c8d..0f2ca125d4 100644
--- a/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
+++ b/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
@@ -7,6 +7,8 @@ description: |-
# Create a storage bucket
+This feature requires HCP Boundary or Boundary Enterprise
+
As of Boundary 0.13.0, you can record and audit user sessions.
A Boundary resource known as a [storage bucket](/boundary/docs/concepts/domain-model/storage-buckets) is used to store the recorded sessions.
The storage bucket represents a bucket in an external store.
diff --git a/website/content/docs/configuration/session-recording/enable-session-recording.mdx b/website/content/docs/configuration/session-recording/enable-session-recording.mdx
index b52e466057..b1ec2f4080 100644
--- a/website/content/docs/configuration/session-recording/enable-session-recording.mdx
+++ b/website/content/docs/configuration/session-recording/enable-session-recording.mdx
@@ -7,6 +7,8 @@ description: |-
# Enable session recording on a target
+This feature requires HCP Boundary or Boundary Enterprise
+
You must enable session recording for any targets that you want to record sessions on.
When you [create a storage bucket](/boundary/docs/configuration/session-recording/create-storage-bucket), Boundary provides you with an ID.
You use the storage bucket's ID to associate a target with the storage bucket.
diff --git a/website/content/docs/configuration/session-recording/index.mdx b/website/content/docs/configuration/session-recording/index.mdx
index bc45348bd0..edb0ce883d 100644
--- a/website/content/docs/configuration/session-recording/index.mdx
+++ b/website/content/docs/configuration/session-recording/index.mdx
@@ -7,6 +7,8 @@ description: |-
# Overview
+This feature requires HCP Boundary or Boundary Enterprise
+
Boundary provides auditing capabilities via session recording.
In Boundary, a session represents a set of connections between a user and a host from a target.
The session begins when an authorized user requests access to a target, and it ends when that access is terminated.
diff --git a/website/content/docs/configuration/worker/index.mdx b/website/content/docs/configuration/worker/index.mdx
index ec3470b486..12f3b73904 100644
--- a/website/content/docs/configuration/worker/index.mdx
+++ b/website/content/docs/configuration/worker/index.mdx
@@ -104,7 +104,9 @@ Any other updated values are ignored.
The `SIGTERM` and `SIGINT` signals initiate a graceful shutdown on a worker. The worker waits for any sessions to drain
before shutting down. Workers in a graceful shutdown state do not receive any new work, including session proxying, from the control plane.
-## Multi-hop worker capabilities HCP/ENT
+## Multi-hop worker capabilities
+
+This feature requires HCP Boundary or Boundary Enterprise
Multi-hop capabilities, including multi-hop sessions and Vault private access,
is when a session or Vault credential request goes through more than one worker.
diff --git a/website/content/docs/configuration/worker/pki-worker.mdx b/website/content/docs/configuration/worker/pki-worker.mdx
index 933e1cbe47..6d60a2a687 100644
--- a/website/content/docs/configuration/worker/pki-worker.mdx
+++ b/website/content/docs/configuration/worker/pki-worker.mdx
@@ -77,7 +77,9 @@ kms "aead" {
}
```
-## Session recording (HCP/ENT)
+## Session recording
+
+This feature requires HCP Boundary or Boundary Enterprise
[Session recording](/boundary/docs/configuration/session-recording) requires at least one PKI worker with access to local and remote storage.
PKI workers used for session recording require an accessible directory defined by `recording_storage_path` for
diff --git a/website/content/docs/operations/session-recordings/index.mdx b/website/content/docs/operations/session-recordings/index.mdx
index 5479d626a9..62e343d873 100644
--- a/website/content/docs/operations/session-recordings/index.mdx
+++ b/website/content/docs/operations/session-recordings/index.mdx
@@ -7,6 +7,8 @@ description: |-
# Recorded sessions operations
+This feature requires HCP Boundary or Boundary Enterprise
+
Boundary provides [auditing](/boundary/docs/concepts/auditing) capabilities via [session recording](/boundary/docs/configuration/session-recording).
In Boundary, a session represents a set of connections between a user and a host from a target.
The session begins when an authorized user requests access to a target, and it ends when that access is terminated.
diff --git a/website/content/docs/operations/session-recordings/manage-recorded-sessions.mdx b/website/content/docs/operations/session-recordings/manage-recorded-sessions.mdx
index ad694927de..c51c79d824 100644
--- a/website/content/docs/operations/session-recordings/manage-recorded-sessions.mdx
+++ b/website/content/docs/operations/session-recordings/manage-recorded-sessions.mdx
@@ -7,6 +7,8 @@ description: |-
# Find and view recorded sessions
+This feature requires HCP Boundary or Boundary Enterprise
+
You can view a list of all recorded sessions, or if you know the ID of a specific recorded session, you can find any channels associated with that recording.
diff --git a/website/content/docs/operations/session-recordings/validate-data-store.mdx b/website/content/docs/operations/session-recordings/validate-data-store.mdx
index 7eb0dda060..142a257d63 100644
--- a/website/content/docs/operations/session-recordings/validate-data-store.mdx
+++ b/website/content/docs/operations/session-recordings/validate-data-store.mdx
@@ -6,6 +6,8 @@ description: |-
---
# How Boundary validates data integrity in the external object store
+This feature requires HCP Boundary or Boundary Enterprise
+
When a Boundary worker uploads a BSR file to AWS S3 through the Boundary AWS plugin, the plugin calculates the SHA256 checksum of the contents of the BSR file and attaches this information to the object that is uploaded to S3.
The SHA256 checksum value attached to the S3 object is returned to the Boundary worker.
The Boundary worker calculates the SHA256 checksum value of the BSR file's content from
diff --git a/website/content/docs/operations/session-recordings/validate-session-recordings.mdx b/website/content/docs/operations/session-recordings/validate-session-recordings.mdx
index fb0913ed16..de6cf958ba 100644
--- a/website/content/docs/operations/session-recordings/validate-session-recordings.mdx
+++ b/website/content/docs/operations/session-recordings/validate-session-recordings.mdx
@@ -5,7 +5,9 @@ description: |-
How to validate the integrity of Boundary's recorded sessions
---
-# Validate the integrity of session recordings
+# Validate the integrity of session Recordings
+
+This feature requires HCP Boundary or Boundary Enterprise
BSR directories are validated based on the contents in the directory.
Boundary cryptographically verifies each individual Boundary Session Recording (BSR) file.
diff --git a/website/content/docs/troubleshoot/troubleshoot-recorded-sessions.mdx b/website/content/docs/troubleshoot/troubleshoot-recorded-sessions.mdx
index fa6cc4f722..4e7b06755d 100644
--- a/website/content/docs/troubleshoot/troubleshoot-recorded-sessions.mdx
+++ b/website/content/docs/troubleshoot/troubleshoot-recorded-sessions.mdx
@@ -7,6 +7,8 @@ description: |-
# Troubleshoot session recordings
+This feature requires HCP Boundary or Boundary Enterprise
+
Refer to the following for information about how to troubleshoot recorded sessions.
## Known bugs
diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json
index 13d38327c6..b773ed8812 100644
--- a/website/data/docs-nav-data.json
+++ b/website/data/docs-nav-data.json
@@ -264,10 +264,20 @@
},
{
"title": "Session recordings",
+ "badge": {
+ "text": "HCP/ENT",
+ "type": "outlined",
+ "color": "neutral"
+ },
"path": "concepts/domain-model/session-recordings"
},
{
"title": "Storage buckets",
+ "badge": {
+ "text": "HCP/ENT",
+ "type": "outlined",
+ "color": "neutral"
+ },
"path": "concepts/domain-model/storage-buckets"
},
{
@@ -391,6 +401,11 @@
},
{
"title": "Session recordings",
+ "badge": {
+ "text": "HCP/ENT",
+ "type": "outlined",
+ "color": "neutral"
+ },
"routes": [
{
"title": "Overview",
@@ -454,6 +469,11 @@
},
{
"title": "Session recordings",
+ "badge": {
+ "text": "HCP/ENT",
+ "type": "outlined",
+ "color": "neutral"
+ },
"routes": [
{
"title": "Overview",
@@ -488,7 +508,12 @@
},
{
"title": "Recorded sessions",
- "path": "troubleshoot/troubleshoot-recorded-sessions"
+ "path": "troubleshoot/troubleshoot-recorded-sessions",
+ "badge": {
+ "text": "HCP/ENT",
+ "type": "outlined",
+ "color": "neutral"
+ }
}
]
},
@@ -1084,6 +1109,11 @@
},
{
"title": "session-recordings",
+ "badge": {
+ "text": "HCP/ENT",
+ "type": "outlined",
+ "color": "neutral"
+ },
"routes": [
{
"title": "Overview",
@@ -1126,6 +1156,11 @@
},
{
"title": "storage-buckets",
+ "badge": {
+ "text": "HCP/ENT",
+ "type": "outlined",
+ "color": "neutral"
+ },
"routes": [
{
"title": "Overview",