Merge branch 'main' into gerardma77/ssync-disable_strict_networking

Author: gerardma77

CODEOWNERS

@@ -2,6 +2,7 @@
 * @hashicorp/web-devdot
 
 # Content CODEOWNERS
+/docs @hashicorp/vault-education-approvers @hashicorp/education
 
 # Terraform documentation ownership
 /content/terraform-plugin-framework @hashicorp/terraform-devex @hashicorp/terraform-education
@@ -20,7 +21,7 @@
 /content/terraform/*/docs/language/backend/s3.mdx  @hashicorp/terraform-education @hashicorp/terraform-core @hashicorp/team-docs-packer-and-terraform @hashicorp/terraform-aws
 
 /content/terraform-docs-common/ @hashicorp/team-docs-packer-and-terraform
-/content/terraform-docs-common/docs/plugin/ @hashicorp/terraform-devex 
+/content/terraform-docs-common/docs/plugin/ @hashicorp/terraform-devex
 /content/terraform-docs-common/data/plugin-nav-data.json @hashicorp/terraform-devex
 
 /content/terraform-enterprise @hashicorp/team-docs-packer-and-terraform @hashicorp/ptfe-review

content/terraform-docs-common/docs/cloud-docs/run/run-environment.mdx

@@ -124,6 +124,7 @@ HCP Terraform automatically injects the following environment variables for each
 | `TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA` | The full commit hash of the commit that the associated Terraform configuration version was ingressed from.                           | `abcd1234...`                   |
 | `TFC_CONFIGURATION_VERSION_GIT_TAG`        | The name of the tag that the associated Terraform configuration version was ingressed from.                                          | `v0.1.0`                        |
 | `TFC_PROJECT_NAME`                         | The name of the project used in this run.                                                                                            | `proj-name`                     |
+| `TFC_PROJECT_ID`.                          | The id of the project used in this run.                                                                                              | `proj-91XJpbLvbdohC6RD`         |
 
 They are also available as Terraform input variables by defining a variable with the same name. For example:
 

content/terraform-enterprise/1.0.x/docs/enterprise/releases/1.0.x/index.mdx

@@ -64,6 +64,7 @@ Flexible Deployment Options `terraform-enterprise` container digest: amd64/linux
 
 ## Known Issues
 1. (Updated 08/15/2025) You may experience failures when using an S3-compatible storage solution. An AWS library we upgraded in this release is triggering authentication issues with some third-party storage solutions. As a result, you may experience errors when running plans and applies or when accessing Terraform state files. Refer to [issue 2960](https://github.com/aws/aws-sdk-go-v2/discussions/2960) on the AWS SDK GitHub issues page for more information. We will resolve this issue in a patch release. 
+1. (Updated 8/27/2025) For Terraform Enterprise installs that make use of Redis with mTLS, you may experience [a failure](https://support.hashicorp.com/hc/en-us/articles/44197346705427-Terraform-Enterprise-not-able-to-connect-to-Redis-with-mTLS) where the archivist service exits early. A fix for this bug will be shipped in the 1.0.1 release.  
 
 ## Deprecations
 1. PostgreSQL v13 will reach end of life on November 13 2025 and will no longer be supported in Terraform Enterprise after that date. Refer to the requirements for [connecting to an external PostgreSQL database](/terraform/enterprise/deploy/configuration/storage/connect-database/postgres#server) for a complete list of supported versions.

content/terraform-enterprise/1.0.x/docs/enterprise/users-teams-organizations/users.mdx

@@ -209,9 +209,11 @@ To create a GitHub App token, click **Create a GitHub App token**. The **GitHub
 #### Revoking a GitHub app token
 
 To revoke the GitHub App token, click the **ellipses button (...)**. The dropdown menu appears. Click the **Delete Token** option. This triggers a confirmation window to appear, which asks you to confirm that you want to revoke the token. Once confirmed, the token is revoked and you can no longer view GitHub App installations.
-<!--BEGIN: tfc:only name:github-permissions>
+
+<!-- BEGIN: TFC:only name:github-permissions -->
+
 #### Additional resources
 
 -   [GitHub App permissions in HCP Terraform](/terraform/cloud-docs/vcs/github-app#github-permissions)
 
-<!--END: tfc:only name:github-permissions>
+<!-- END: TFC:only name:github-permissions -->

content/terraform-enterprise/1.0.x/docs/partials/replicated-and-fdo/architecture/security-model-partial.mdx

@@ -4,9 +4,7 @@ In addition to those listed in [HCP Terraform Security model](/terraform/cloud-d
 
 ### Infrastructure Admin
 
-Outside of the application, administrators of the Terraform Enterprise deployment are responsible for managing the underlying infrastructure, upgrading the application, and configuring Terraform Enterprise either via the [Replicated admin console](/terraform/enterprise/deploy/replicated/install/interactive/config#system-configuration) or by editing the [application settings file](/terraform/enterprise/deploy/replicated/install/automated/automating-the-installer).
-
-Terraform Enterprise grants extensive permissions to this role, so we recommend limiting the number of users who are infrastructure admins in your organization.
+Outside of the application, administrators of the Terraform Enterprise deployment are responsible for managing the underlying infrastructure and upgrading the application. We recommend limiting the number of users who are infrastructure admins in your organization.
 
 ### Site Admin
 
@@ -28,42 +26,35 @@ We release security fixes, application features, and bug fixes for Terraform Ent
 
 ### You are Responsible for Availability, Backups, and Disaster Recovery
 
-Infrastructure admins are responsible for all aspects of reliability and availability. Refer to Terraform Enterprise documentation on [monitoring](/terraform/enterprise/deploy/replicated/monitoring/monitoring), [backups and restores](/terraform/enterprise/deploy/replicated/administration/infrastructure/backup-restore), and [high availability mode (active/active)](/terraform/enterprise/deploy/replicated/administration/infrastructure/admin-cli) for more guidance on this topic.
+Infrastructure admins are responsible for all aspects of reliability and availability. Refer to Terraform Enterprise documentation on [monitoring](/terraform/enterprise/deploy/manage/monitor), [backups and restores](/terraform/enterprise/deploy/manage/backup-restore), and [high availability mode (active/active)](/terraform/enterprise/deploy/configuration/storage/configure-mode) for more guidance on this topic.
 
 ### Terraform Enterprise Isolates Terraform Operations via Docker Containers
 
 Unlike HCP Terraform, Terraform Enterprise performs all Terraform operations in Docker containers on the Terraform Enterprise host. The containers are assigned to an isolated Docker network to prevent them from communicating with Terraform Enterprise backend services. However, Terraform Enterprise does not perform any egress filtering, so Terraform runs can still access available network resources.
 
-### Terraform Enterprise Relies on Third Party Software for Licensing, Delivery, Installation, and Management
-
-Terraform Enterprise is built on top of a software platform developed by [Replicated](https://www.replicated.com/). The components necessary for installing Terraform Enterprise are hosted by Replicated, and software developed by Replicated is used for bootstrapping, configuring, and managing every Terraform Enterprise deployment. For more information, see [Security at Replicated](https://www.replicated.com/security/).
-
 ## Recommendations for Securely Operating Terraform Enterprise
 
 In addition those provided in the [HCP Terraform security model](/terraform/cloud-docs/architectural-details/security-model), we recommend the following for Terraform Enterprise users.
 
 ### Run Terraform Enterprise in an Isolated Network, Limit Ingress Ports, and Restrict Access to Underlying Infrastructure
 
-To minimize attack surface, we recommend running Terraform Enterprise in an isolated network and limiting ingress ports to only 80 and 443, as documented in [Network Requirements for Terraform Enterprise](/terraform/enterprise/deploy/replicated/requirements/network).
+To minimize attack surface, we recommend running Terraform Enterprise in an isolated network and limiting ingress ports to only 80 and 443, as documented in [Network Requirements for Terraform Enterprise](/terraform/enterprise/deploy/configuration/network).
 
 Additionally, we recommend restricting access to the nodes that are running Terraform Enterprise. Terraform Enterprise can not ensure the security or integrity of your data if the underlying infrastructure is compromised.
 
 ### Enable Optional Security Features
 
 Once you are ready to use Terraform Enterprise for production workloads, we recommend enabling these optional security features.
 
-#### Secure secondary hostnames
+#### Secure Secondary Hostnames
 
 You can configure Terraform Enterprise to allow incoming connections at more than one hostname. Refer to [Configure network access](/terraform/enterprise/deploy/configuration/network) for instructions. 
 
 When configuring multiple hostnames, create and distribute TLS certificates for the secondary hostname in addition to the primary hostname. Refer to [TLS settings](/terraform/enterprise/deploy/reference/configuration#tls-settings) in the deployment configuration reference for additional information.
 
 #### Enable Strict Transport Security Header
 
-You can configure Terraform Enterprise to set the [Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) header by:
-
-- Visiting the installer dashboard "Settings" page and enabling “Force TLS” under the “SSL/TLS Configuration” section.
-- Setting [force_tls](/terraform/enterprise/deploy/replicated/install/automated/automating-the-installer#force_tls) in the application settings file.
+You can configure Terraform Enterprise to set the [Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) header by setting [TFE_TLS_ENFORCE](/terraform/enterprise/deploy/reference/configuration#tfe_tls_enforce) in the application environment.
 
 ~> **Note:** Once properly configured, the HSTS header cannot be disabled and will prevent clients from accessing your Terraform Enterprise domain via HTTP or HTTPS using a self-signed cert. We recommend only enabling this setting for production Terraform Enterprise deployments.
 

content/terraform-enterprise/v202507-1/docs/partials/replicated-and-fdo/architecture/security-model-partial.mdx

@@ -4,9 +4,7 @@ In addition to those listed in [HCP Terraform Security model](/terraform/cloud-d
 
 ### Infrastructure Admin
 
-Outside of the application, administrators of the Terraform Enterprise deployment are responsible for managing the underlying infrastructure, upgrading the application, and configuring Terraform Enterprise either via the [Replicated admin console](/terraform/enterprise/deploy/replicated/install/interactive/config#system-configuration) or by editing the [application settings file](/terraform/enterprise/deploy/replicated/install/automated/automating-the-installer).
-
-Terraform Enterprise grants extensive permissions to this role, so we recommend limiting the number of users who are infrastructure admins in your organization.
+Outside of the application, administrators of the Terraform Enterprise deployment are responsible for managing the underlying infrastructure and upgrading the application. We recommend limiting the number of users who are infrastructure admins in your organization.
 
 ### Site Admin
 
@@ -28,42 +26,35 @@ We release security fixes, application features, and bug fixes for Terraform Ent
 
 ### You are Responsible for Availability, Backups, and Disaster Recovery
 
-Infrastructure admins are responsible for all aspects of reliability and availability. Refer to Terraform Enterprise documentation on [monitoring](/terraform/enterprise/deploy/replicated/monitoring/monitoring), [backups and restores](/terraform/enterprise/deploy/replicated/administration/infrastructure/backup-restore), and [high availability mode (active/active)](/terraform/enterprise/deploy/replicated/administration/infrastructure/admin-cli) for more guidance on this topic.
+Infrastructure admins are responsible for all aspects of reliability and availability. Refer to Terraform Enterprise documentation on [monitoring](/terraform/enterprise/deploy/manage/monitor), [backups and restores](/terraform/enterprise/deploy/manage/backup-restore), and [high availability mode (active/active)](/terraform/enterprise/deploy/configuration/storage/configure-mode) for more guidance on this topic.
 
 ### Terraform Enterprise Isolates Terraform Operations via Docker Containers
 
 Unlike HCP Terraform, Terraform Enterprise performs all Terraform operations in Docker containers on the Terraform Enterprise host. The containers are assigned to an isolated Docker network to prevent them from communicating with Terraform Enterprise backend services. However, Terraform Enterprise does not perform any egress filtering, so Terraform runs can still access available network resources.
 
-### Terraform Enterprise Relies on Third Party Software for Licensing, Delivery, Installation, and Management
-
-Terraform Enterprise is built on top of a software platform developed by [Replicated](https://www.replicated.com/). The components necessary for installing Terraform Enterprise are hosted by Replicated, and software developed by Replicated is used for bootstrapping, configuring, and managing every Terraform Enterprise deployment. For more information, see [Security at Replicated](https://www.replicated.com/security/).
-
 ## Recommendations for Securely Operating Terraform Enterprise
 
 In addition those provided in the [HCP Terraform security model](/terraform/cloud-docs/architectural-details/security-model), we recommend the following for Terraform Enterprise users.
 
 ### Run Terraform Enterprise in an Isolated Network, Limit Ingress Ports, and Restrict Access to Underlying Infrastructure
 
-To minimize attack surface, we recommend running Terraform Enterprise in an isolated network and limiting ingress ports to only 80 and 443, as documented in [Network Requirements for Terraform Enterprise](/terraform/enterprise/deploy/replicated/requirements/network).
+To minimize attack surface, we recommend running Terraform Enterprise in an isolated network and limiting ingress ports to only 80 and 443, as documented in [Network Requirements for Terraform Enterprise](/terraform/enterprise/deploy/configuration/network).
 
 Additionally, we recommend restricting access to the nodes that are running Terraform Enterprise. Terraform Enterprise can not ensure the security or integrity of your data if the underlying infrastructure is compromised.
 
 ### Enable Optional Security Features
 
 Once you are ready to use Terraform Enterprise for production workloads, we recommend enabling these optional security features.
 
-#### Secure secondary hostnames
+#### Secure Secondary Hostnames
 
 You can configure Terraform Enterprise to allow incoming connections at more than one hostname. Refer to [Configure network access](/terraform/enterprise/deploy/configuration/network) for instructions. 
 
 When configuring multiple hostnames, create and distribute TLS certificates for the secondary hostname in addition to the primary hostname. Refer to [TLS settings](/terraform/enterprise/deploy/reference/configuration#tls-settings) in the deployment configuration reference for additional information.
 
 #### Enable Strict Transport Security Header
 
-You can configure Terraform Enterprise to set the [Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) header by:
-
-- Visiting the installer dashboard "Settings" page and enabling “Force TLS” under the “SSL/TLS Configuration” section.
-- Setting [force_tls](/terraform/enterprise/deploy/replicated/install/automated/automating-the-installer#force_tls) in the application settings file.
+You can configure Terraform Enterprise to set the [Strict Transport Security (HSTS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) header by setting [TFE_TLS_ENFORCE](/terraform/enterprise/deploy/reference/configuration#tfe_tls_enforce) in the application environment.
 
 ~> **Note:** Once properly configured, the HSTS header cannot be disabled and will prevent clients from accessing your Terraform Enterprise domain via HTTP or HTTPS using a self-signed cert. We recommend only enabling this setting for production Terraform Enterprise deployments.
 

content/terraform/v1.1.x/docs/intro/use-cases.mdx

@@ -75,7 +75,7 @@ For example, when a service registers with [HashiCorp Consul](https://www.consul
 
 ## Kubernetes
 
-Kubernetes is an open-source workload scheduler for containerized applications. Terraform lets you both deploy a Kubernetes cluster and manage its resources (e.g., pods, deployments, services, etc.). You can also use the [Kubernetes Operator for Terraform](https://github.com/hashicorp/terraform-k8s) to manage cloud and on-prem infrastructure through a Kubernetes Custom Resource Definition (CRD) and Terraform Cloud.
+Kubernetes is an open-source workload scheduler for containerized applications. Terraform lets you both deploy a Kubernetes cluster and manage its resources (e.g., pods, deployments, services, etc.). You can also use the [HCP Terraform Operator](https://github.com/hashicorp/hcp-terraform-operator) to manage cloud and on-prem infrastructure through a Kubernetes Custom Resource Definition (CRD) and Terraform Cloud.
 
 ### Resources
 

content/terraform/v1.10.x/docs/intro/use-cases.mdx

@@ -75,7 +75,7 @@ For example, when a service registers with [HashiCorp Consul](https://www.consul
 
 ## Kubernetes
 
-Kubernetes is an open-source workload scheduler for containerized applications. Terraform lets you both deploy a Kubernetes cluster and manage its resources (e.g., pods, deployments, services, etc.). You can also use the [Kubernetes Operator for Terraform](https://github.com/hashicorp/terraform-k8s) to manage cloud and on-prem infrastructure through a Kubernetes Custom Resource Definition (CRD) and HCP Terraform.
+Kubernetes is an open-source workload scheduler for containerized applications. Terraform lets you both deploy a Kubernetes cluster and manage its resources (e.g., pods, deployments, services, etc.). You can also use the [HCP Terraform Operator](https://github.com/hashicorp/hcp-terraform-operator) to manage cloud and on-prem infrastructure through a Kubernetes Custom Resource Definition (CRD) and HCP Terraform.
 
 ### Resources
 

content/terraform/v1.11.x/docs/intro/use-cases.mdx

@@ -75,7 +75,7 @@ For example, when a service registers with [HashiCorp Consul](https://www.consul
 
 ## Kubernetes
 
-Kubernetes is an open-source workload scheduler for containerized applications. Terraform lets you both deploy a Kubernetes cluster and manage its resources (e.g., pods, deployments, services, etc.). You can also use the [Kubernetes Operator for Terraform](https://github.com/hashicorp/terraform-k8s) to manage cloud and on-prem infrastructure through a Kubernetes Custom Resource Definition (CRD) and HCP Terraform.
+Kubernetes is an open-source workload scheduler for containerized applications. Terraform lets you both deploy a Kubernetes cluster and manage its resources (e.g., pods, deployments, services, etc.). You can also use the [HCP Terraform Operator](https://github.com/hashicorp/hcp-terraform-operator) to manage cloud and on-prem infrastructure through a Kubernetes Custom Resource Definition (CRD) and HCP Terraform.
 
 ### Resources
 

content/terraform/v1.12.x/docs/intro/use-cases.mdx

@@ -75,7 +75,7 @@ For example, when a service registers with [HashiCorp Consul](https://www.consul
 
 ## Kubernetes
 
-Kubernetes is an open-source workload scheduler for containerized applications. Terraform lets you both deploy a Kubernetes cluster and manage its resources (e.g., pods, deployments, services, etc.). You can also use the [Kubernetes Operator for Terraform](https://github.com/hashicorp/terraform-k8s) to manage cloud and on-prem infrastructure through a Kubernetes Custom Resource Definition (CRD) and HCP Terraform.
+Kubernetes is an open-source workload scheduler for containerized applications. Terraform lets you both deploy a Kubernetes cluster and manage its resources (e.g., pods, deployments, services, etc.). You can also use the [HCP Terraform Operator](https://github.com/hashicorp/hcp-terraform-operator) to manage cloud and on-prem infrastructure through a Kubernetes Custom Resource Definition (CRD) and HCP Terraform.
 
 ### Resources