en-us.yaml

# Copyright IBM Corp. 2021, 2026
# SPDX-License-Identifier: BUSL-1.1

account:
  title: Account
  title_plural: Accounts
  description: An account allows a user to log into Boundary with a particular auth method. Users may have multiple accounts for different auth methods.
  messages:
    welcome:
      title: Welcome to Accounts
      description: Create and manage accounts for an auth method.
    set-password:
      description: Set a password for the account.
  types:
    password: Password
    oidc: OIDC
    ldap: LDAP
  titles:
    new: New Account
  actions:
    create: Create Account
    delete: Delete Account
  form:
    login_name:
      label: Login Name
    email:
      label: Email
    dn:
      label: Dn
    member_of_groups:
      label: Group Names
    full_name:
      label: Full Name
auth-method:
  title: Auth Method
  title_plural: Auth Methods
  description: Auth methods allow users to authenticate within a scope.
  messages:
    welcome:
      title: Welcome to Auth Methods
      description: Auth methods are configurations to authenticate users.
    none:
      title: No Auth Methods
      description: No auth methods were found for this scope.
    no-primary-auth-method:
      title: 'Recommendation: Select a Primary Auth Method'
      description: A primary auth method auto-creates users when they authenticate for the first time.  Scopes without primary auth methods may experience authentication failures.
    pending:
      title: Authentication Pending
      description: Complete authentication in the newly-opened window.
  titles:
    new: New Auth Method
    new-signing-algorithm: New Signing Algorithm
    new-allowed-audience: New Allowed Audience
    new-claims-scope: New Claims Scope
    new-from-claim: New From Claim
    new-to-claim: New To Claim
    new-certificate: New Certificate
    from-attr: From Attribute
    to-attr: To Attribute
    never: Never
    searching: Searching
    finding: Finding
    always: Always
    primary: Primary
    primary-method: Primary method?
  types:
    password: Password
    oidc: OIDC
    ldap: LDAP
  actions:
    create: Create Auth Method
    delete: Delete Auth Method
    make-primary: Make Primary
    remove-as-primary: Remove as Primary
    no-new-window-retry: Don't see the new window? Retry
  notifications:
    make-primary-success: Auth method successfully elected to primary.
    remove-as-primary-success: Auth method successfully removed as primary.
  questions:
    make-primary: Make primary auth method?
    remove-as-primary: Remove primary auth method?
    make-primary-confirm: 'A primary auth method auto-creates users on their first authentication attempt if needed.  Note:  if you change the primary auth method, the previous primary will no longer auto-create users.'
    remove-as-primary-confirm: Removing the primary auth method may lead to authentication failures for this scope.
  form:
    urls:
      label: Server address (URL and port)
      help: 'The domain name or IP address of the LDAP server. (Example: ldaps://ldap.example.com:636)'
    certificates:
      label: Certificates
      help: PEM encoded x509 certificates in ASN.1 DER form that can be used as trust anchors when connecting to an LDAP provider.
    client_certificate:
      label: Client TLS Certificate
      help: Used to provide to the LDAP server for mTLS connections. Must be x509 PEM encoded.
    client_certificate_key:
      label: Client TLS Key
      help: Used with the ClientTLSCert for mTLS connections to the LDAP server. Must be x509 PEM encoded. We will not show this data after it is saved, but you can replace it.
    start_tls:
      label: Use StartTLS
      help: Use StartTLS to create a secure connection.
    insecure_tls:
      label: Skip SSL Verification
      help: Skip SSL certificate verification for LDAP server. Use with caution!
    bind_dn:
      label: Bind DN
      help: Distinguished name of entry to bind when performing user and group search.
    bind_password:
      label: Bind Password
      help: Password to use with BindDN when searching for user. We will not show this data after it is saved, but you can replace it.
    upn_domain:
      label: UPN Domain
      help: Add this domain to the username when authenticating.
    discover_dn:
      label: Discover DN
      help: Use anonymous bind to discover the bind DN of a user.
    anon_group_search:
      label: Anonymous Group Search
      help: Use anonymous binds when searching for LDAP groups.
    user_dn:
      label: User DN
      help: Base DN for user search.
    user_attr:
      label: User Attribute
      help: Attribute on user entry matching the username passed during authentication.
    user_filter:
      label: User Filter
      help: Go template used to filter users based on LDAP attributes.
    group_dn:
      label: Group DN
      help: LDAP search base to use for group membership search.
    group_attr:
      label: Group Attribute
      help: LDAP attribute to follow to enumerate user group membership. Default is “cn”.
    group_filter:
      label: Group Filter
      help: Template used when constructing the group membership query.
    enable_groups:
      label: Enable Groups
      help: Find an authenticated user's groups during authentication.
    use_token_groups:
      label: Use Token Groups
      help: Active Directory only. Uses a user's tokenGroups attribute to find their group memberships.
    maximum_page_size:
      label: Maximum Page Size
      help: Maximum search result size to use when retrieving the authenticated user's groups
    dereference_aliases:
      label: Deference Aliases
      help: Control how aliases are dereferenced when performing the search
    account_attribute_maps:
      label: Account Attribute Maps
      help: Attribute maps from custom attributes to the standard fullname and email account attributes. These maps are represented as key=value where the key equals the from_attribute, and the value equals the to_attribute. For example, "preferredName=fullName".
    consent:
      label: Consent
      help: Always require the user to explicitly consent to scopes requested
    select_account:
      label: Select Account
      help: Allow the user to select from multiple accounts from this provider
    login:
      label: Login
      help: Always require the user to log in to this auth provider
    none:
      label: Skip Prompts
      help: Skip prompts if the user is already signed in and has granted consent
  section:
    connection:
      title: Connection
      help: This group includes inputs for configuring the LDAP server itself, such as the server name, port, and authentication settings.
    authenticated-search:
      title: Authenticated search
      help: Used when Boundary authenticates to the LDAP server.
    anonymous-search:
      title: Anonymous search
      help: Allows you to bind anonymously to the directory when searching for user entries.
    user-entries:
      title: User entries
      help: Before authenticating an end user, Boundary must first find the end user’s entry in the directory.
    group-entries:
      title: Group entries
      help: After authenticating an end user, we need to find out which groups the user is a member of. The configuration for this can vary depending on your LDAP server and your directory schema.
group:
  title: Group
  title_plural: Groups
  description: Groups are collections of users. Groups may be assigned to roles to receive the role’s grants.
  messages:
    welcome:
      title: Welcome to Groups
    members:
      title: Members
      description: Members are the users assigned to a group.
    add-members:
      title: Add Members
      description: Select users to add users to this group.
    no-members:
      title: No Members Available
      description: There are no members available to add to this group.
  titles:
    new: New Group
  actions:
    add-members: Add Members
    delete: Delete Group
host-catalog:
  title: Host Catalog
  title_plural: Host Catalogs
  description: A host catalog is a collection of hosts and host sets.
  type: Type
  messages:
    welcome:
      title: Welcome to Host Catalogs
  titles:
    new: New Host Catalog
  actions:
    delete: Delete Host Catalog
  help:
    static: Provide a list of hosts and host sets with static addresses
    plugin: Automate discovery of target hosts and services on Azure, AWS, or GCP
    role_arn: The ARN (Amazon Resource Name) used by this instance.
    disable_credential_rotation: Credential rotation is automatically disabled when you use dynamic credentials.
  types:
    static: Static
    unknown: Plugin
    aws: AWS
    azure: Azure
    plugin: Dynamic
    gcp: GCP
    credential:
      label: Credential type
      help: Select the credential type that you want to use.
      static-credential:
        edit: Static Credentials
        label: Use an access key (Static Credentials)
        help: Use an access key that you have generated in AWS to use with this AWS Host Catalog.
      dynamic-credential:
        edit: Dynamic Credentials
        label: Use Assume Role (Dynamic Credentials)
        help: Specify a role used to generate credentials to use with this AWS Host Catalog.
  form:
    aws_region:
      label: AWS Region
      help: AWS region of the hosts to be added to this AWS Host Catalog.
    azure_client_id:
      label: Client/Application ID
      help: The client (application) ID of an Azure service principal that Boundary will use to authenticate and discover hosts from Azure.
    worker_filter:
      help: Insert a worker filter in order to select the correct worker.
    project_id:
      label: Project ID
      help: Project ID of the instances you want to add to this GCP Host Catalog.
    zone:
      label: Zone
      help: Zone of the instances you want to add to this GCP Host Catalog.
    client_email:
      label: Client Email
      help: The email address used to uniquely identify the service account.
    target_service_account_id:
      label: Target Service Account ID
      help: The unique identifier for the service account that will be impersonated. This is only used when authenticating with service account impersonation.
    private_key_id:
      label: Private Key ID
      help: The unique identifier of private key.
    private_key:
      label: Private Key
      help: The private key used to obtain a OAuth 2.0 access token. Key must be PEM encoded.
host-set:
  title: Host Set
  title_plural: Host Sets
  description: A host set is a collection of hosts within a host catalog.
  titles:
    new: New Host Set
  actions:
    add: Add Host Set
    create: New Host Set
    delete: Delete Host Set
    create-and-add-host: Create and Add Host
    add-hosts: Add Existing Host
  form:
    filter:
      label: Filter
      aws:
        help: 'Create a filter to select resources using values such as tag name or tag value. The AWS filter format is tag:<tag-name>=<tag-value>. For example: tag:application=production'
      azure:
        help: Create a filter to select resources using values such as tag name or tag value. The Azure filter format is:tagName eq ‘<tag-name>’ and tagValue eq ‘<tag-value>'. For example:tagName eq 'application' and tagValue eq 'production'
      gcp:
        help: 'Create a filter to select resources using values such as label name or label value. The GCP filter format is labels.<label-name>=<label-value>. For example: labels.application=production'
    preferred_endpoints:
      label: Preferred Endpoints
      help: Preferred address at which the host should be accessed when multiple options are present, in cidr:<valid IPv4/6 CIDR> or dns:<globbed name> format.
  messages:
    welcome:
      title: Welcome to Host Sets
  host:
    messages:
      none:
        title: No Hosts
        description: No hosts available in this host set.
      add:
        title: Add Hosts
        description: Select hosts that belong to this host set.
      add-none:
        title: No Hosts Available
        description: No hosts available for selection.
host:
  title: Host
  title_plural: Hosts
  no_name_title: Unnamed Host
  description: A host is a resource that may be accessed by a Boundary target.
  details: Host Details
  messages:
    welcome:
      title: Welcome to Hosts
    none:
      title: No Hosts
      description: No hosts available in this scope.
    none-friendly:
      title: No Hosts Available
      description: No hosts available to display yet.
  titles:
    new: New Host
  actions:
    add: Add Host
    create: New Host
    delete: Delete Host
session:
  title: Session
  title_plural: Sessions
  active_plural: Active Sessions
  description: A session is a connection to a target initiated through Boundary.
  remaining: remaining
  status:
    active: Active
    pending: Pending
    canceling: Canceling
    terminated: Terminated
  messages:
    none:
      title: No Sessions
      description: There are no active sessions within the current scope.
    none-friendly:
      title: No Sessions Available
      description: No sessions available to display yet.
    none-active-friendly:
      title: No Active Sessions Available
      description: No active sessions available to display yet.
    connected:
      title: Connected
      description: You can now access {targetDisplayName}
    stop-sessions-and-signout:
      title: Sign out of Boundary?
      description: Signing out will stop all active and pending target sessions. Are you sure you want to sign out?
    stop-sessions-before-quit:
      title: Close sessions before quitting?
      description: Quitting the app will stop all active and pending sessions. Are you sure you want to quit?
  actions:
    connect: Connect
    end: End session
    host: Choose a Host
    quick-connect: Quick Connect
  credential:
    title: Credential
    title_plural: Credentials
    description: These credentials have been provided for services on this server.
    secret:
      label: Secret
    credential_source:
      title: Credential Source
    actions:
      raw-api:
        show: View API output
        hide: Hide API output
  proxy-url:
    address-port: Address & port
    ssh: SSH
    rdp: RDP
  shell: Shell
global:
  title: Global
  description: The global scope is the outermost scope. There is always a single global scope and it cannot be deleted.
  messages:
    settings:
      title: Global Settings
org:
  title: Org
  title_plural: Orgs
  description: An org is a type of scope used to organize projects and IAM resources.  Orgs are child scopes of the global scope.
  messages:
    welcome:
      title: Welcome to Orgs
    settings:
      title: Org Settings
  titles:
    new: New Org
  actions:
    delete: Delete Org
session-recording:
  title: Session Recording
  title_plural: Session Recordings
  description: Protocol-aware recordings capture data and actions during user sessions.  Operators may review recordings for auditing and analysis.
  details: Session details
  related: Related
  up: '{bytes} up'
  down: '{bytes} down'
  duration: '{time} duration'
  questions:
    delete: Are you sure you want to delete this recording?
  filters:
    time:
      title: Time
      last-twenty-four-hours: Last 24 hours
      last-three-days: Last 3 days
      last-seven-days: Last 7 days
  connection:
    title: Connection
    title_index: Connection {index}
    title_plural: Connections
    form:
      channel:
        label: Channel
      summary:
        label: Summary
  channels-by-connection:
    title: Channels by connection
    messages:
      no-channels: There are no channels for this connection
      started-no-connections:
        title: Session Recording In Progress
        description: The Session has started but no connections have been made.
      unknown-no-connections:
        title: Session Recording Failure
        description: This Session cannot be played back because no connections were established, and the Session has failed.
  channel:
    title: Channel
    title_index: Channel {index}
    title_plural: Channels
    details: Channel details
    messages:
      none:
        title: Channel Playback
      error:
        title: Playback error
        description: This may mean the connected storage bucket is misconfigured, the file was deleted, or integrity validation failed.
        link: Retrieving lost session recordings
      not-supported:
        title: Playback is not supported for this channel
        description: The contents of this channel cannot be replayed.
    player:
      back-navigation: Back to channels
      loading: Loading recording…
  session:
    title: Session Playback
  form:
    time:
      label: Time
    user:
      label: User
    target:
      label: Target
    duration:
      label: Duration
    status:
      label: Status
  messages:
    none:
      title: Welcome to session recording
      description: Review, playback, and download recorded sessions.  To get started, configure recording on a target and start a session.
      no-storage-bucket-description: To start using session recordings, create a storage bucket and configure recording on a target.
storage-bucket:
  title: Storage Bucket
  title_plural: Storage Buckets
  description: External services store data from session recordings.
  messages:
    none:
      title: No storage buckets yet
      description: To start using session recording, you need to have a storage bucket.
      link: Add a new storage bucket
  titles:
    new: New Storage Bucket
    amazon_s3: Amazon S3
    minio: MinIO
  actions:
    delete: Delete Storage Bucket
  types:
    aws_s3: AWS S3
    credential: Credential type
    static:
      title: Static
      description: Use an access key generated by AWS to use with this storage bucket
    dynamic:
      title: Dynamic
      description: Specify an Assume Role used to generate credentials to use with this AWS bucket
  plugin-types:
    aws: Amazon S3
    minio: MinIO
    unknown: Unknown
  form:
    scope:
      label: Scope
      help: Specify the scope this storage bucket will be available in.
      help_global: This storage bucket will be available for use with all targets.
      help_org: This storage bucket will be available for use with targets within this org.
    provider:
      label: Provider
    endpoint_url:
      label: Endpoint URL
      help: Cannot be changed later.
    bucket_name:
      label: Bucket name
      help: The name of this storage bucket.
    bucket_prefix:
      label: Bucket prefix
      help: The base path where session recordings will be stored.
    role_arn:
      label: Role ARN
      help: The ARN (Amazon Resource Name) used by this instance that the worker runs on.
    role_external_id:
      label: Role external ID
      help: Used to provide access to this account if you have this configured.
    role_tags:
      label: Role tags
      help: Attributes to pass to AWS.
    role_session_name:
      label: Role session name
      help: Unique identifier for the AWS session to help identify it in your logs.
    region:
      label: Region
      help: The region that this storage bucket is in.
    access_key_id:
      label: Access key ID
      help: The Access key ID generated by your storage provider for the IAM User to use with this storage bucket. We will not show this data after it is saved, but you can replace it.
    secret_access_key:
      label: Secret access key
      help: The secret access key generated by your storage provider for the IAM user to use with this storage bucket. We will not show this data after it is saved, but you can replace it.
    worker_filter:
      help: Filters to the worker(s) that can handle requests for this storage bucket.
    disable_credential_rotation:
      label: Disable credential rotation
      help: Disabling credential rotation could allow entities outside of Boundary to know the client secret in use.
  questions:
    delete-storage-bucket:
      title: Delete associated recordings?
      message: This storage bucket may have session recordings associated with it. Deleting this storage bucket will delete these recordings when you save your changes.
project:
  title: Project
  title_plural: Projects
  description: A project is a type of scope used to organize resources such as targets and host catalogs.
  messages:
    welcome:
      title: Welcome to Projects
    settings:
      title: Project Settings
  titles:
    new: New Project
  actions:
    delete: Delete Project
user:
  title: User
  title_plural: Users
  description: Users are entities authorized to access Boundary.  Users may be assigned to roles as principals, thus receiving role grants.
  messages:
    welcome:
      title: Welcome to Users
    accounts:
      title: Accounts
      description: Users may be associated with any number of accounts.
    add-accounts:
      title: Add Accounts
      description: Select accounts to associate with this user.
    no-accounts:
      title: No Accounts Available
      description: There are no accounts available to add to this user.
  titles:
    new: New User
  actions:
    add-accounts: Add Accounts
    delete: Delete User
role:
  title: Role
  title_plural: Roles
  description: Roles are collections of capability grants and the principals (users and groups) assigned to them.
  messages:
    welcome:
      title: Welcome to Roles
    tooltips:
      yes: The grants on this role have been applied to this scope.
      no: The grants on this role have not been applied to this scope.
  titles:
    new: New Role
    grants-applied: Grants applied on this scope?
  actions:
    create: Create Role
    delete: Delete Role
  principal:
    title: Principal
    title_plural: Principals
    description: Principals are the users and groups assigned to a role and bounded by a role’s grants.
    messages:
      welcome:
        title: Welcome to Principals
        description: Principals are not assigned in this role.
      none:
        title: No Principals Available
        description: Principals are not available for assignment.
      add-principals:
        title: Add Principals
        description: Select users and groups to assign to this role.
    types:
      user: User
      group: Group
      managed-group: Managed Group
    actions:
      add-principals: Add Principals
  grant:
    title: Grant
    title_plural: Grants
    description: Grants are permissions which allow roles to take actions and access resources.
    actions:
      create: New Grant
  grant-templates:
    title_plural: Grant Templates
    actions:
      add-grant-templates: Add Grant Templates
    messages:
      add-grant-templates:
        title: Add Grant Templates
        description: Select grant templates to add to this role.
    titles:
      grant-strings: Grant Strings
    templates:
      global-admin:
        name: Global Admin
        description: Full administrative access to all resources in Boundary
      org-admin:
        name: Org Admin
        description: Administrative access to all resources within an organization
      project-admin:
        name: Project Admin
        description: Administrative access to all resources within a project
      session-manager:
        name: Session Manager
        description: Can view and cancel sessions
      target-manager:
        name: Target Manager
        description: Can create and manage targets
      host-resource-manager:
        name: Host Resource Manager
        description: Can manage hosts and host catalogs
      credential-manager:
        name: Credential Manager
        description: Can manage credentials and credential stores
      user-manager:
        name: User Manager
        description: Can manage users, groups, and accounts
      auth-method-manager:
        name: Auth Method Manager
        description: Can manage auth methods and managed groups
      session-auditor:
        name: Session Auditor
        description: Can view session recordings
      target-user:
        name: Target User
        description: Can connect to targets but cannot manage anything
      read-only-user:
        name: Read-Only User
        description: Can view but not modify any resources
  edit-grants:
    title: Edit Grants
    description: Modify existing grant strings or add new grant strings to this role.
  scope:
    title: Scope
    title_plural: Scopes
    description:
      global: Role grant sets can be applied to multiple descendants underneath this scope.
      org: Role grant sets can be applied to multiple children underneath this scope.
      project: Role grant sets can only be applied to this scope.
    titles:
      parent_scope: Parent scope
      resource_type: Resource type
      projects_selected: Projects selected
    messages:
      none:
        title: No scopes added
        description: You haven't added any scopes to this role's grant sets.
        action: Add scopes to this role
      manage-scopes:
        title: Manage Scopes
        description: Select which scopes you want to add to this role.
        success: Scope selection saved
      keywords-selected:
        description: Just a heads up, you can't select both <strong>add all descendants</strong> and <strong>add all children</strong>. You can only choose one or the other.
        link: You can read more about it here
      manage-custom-scopes:
        title: Manage Custom Scopes
        description:
          0: Select which specific orgs you want to apply to this role's grant sets.
          1: Select specific projects from each org to apply to this role's grant sets. You cannot add specific orgs because applying "children" has already added them to this role.
        success: Custom scope selection saved
        tooltip: The org this project is under.
      manage-org-projects:
        title: Manage Projects in {orgDisplayName}
        description: Select which projects in this org you want to apply to this role's grant sets.
        success: Projects in org have been updated
      no-scopes:
        title: No {type} Scopes Available
        description: '{type} scopes are not available for assignment.'
    keywords:
      this:
        sub-title: This scope
      children:
        title: All Children
        sub-title: All children under this scope
      descendants:
        title: All Descendants
        sub-title: Add all of the orgs and the projects in the orgs that are underneath this scope
    actions:
      manage-scopes: Manage Scopes
      manage-custom-scopes:
        text: Manage custom scopes
        help: Customize which scopes are associated with this role.
      view-projects: '{selected}/{total} total projects'
      apply: Apply changes to org
      remove-org-and-projects: Remove org and projects
      remove-org-only: Remove just the org
      remove-orgs-and-projects: Remove orgs and projects
      remove-orgs-only: Remove just the orgs
    form:
      this:
        label: Add this scope
        help: Add {scopeDisplayName} scope.
      children:
        label: Add all children
        help:
          0: Add all of the orgs underneath this scope.
          1: Add all of the projects underneath this org.
      descendants:
        label: Add all descendants
        help: Add all of the orgs and the projects in the orgs that are underneath this scope.
    remove-org:
      title: Remove this org?
      description: You're about to remove {orgDisplayName}. Do you want to remove the projects under {orgDisplayName} as well? Or do you just want to remove {orgDisplayName} from this project?
    remove-all-orgs:
      title: Remove all selected orgs?
      description: You're about to remove all the selected orgs. Do you want to remove the projects under these orgs as well? Or do you just want to remove just the orgs?
target:
  title: Target
  title_plural: Targets
  description: A target is a logical collection of host sets which may be used to initiate sessions.
  details: Target details
  messages:
    welcome:
      title: Welcome to Targets
    none:
      title: No Targets Available
      description: No Targets to display yet. Contact your Boundary admin if you don't see a Target you expect access to.
    connection-success:
      title: Successfully Connected
    connection-details:
      title: Target Connection Details
    proxy_url:
      title: Proxy URL
    connect-more-info:
      title: Connect for more info
      description: Additional information for this target will be provided here after your session is established.
  titles:
    new: New Target
    active-sessions: Active sessions
    sessions-flyout: Active sessions for {targetDisplayName}
    aliases-flyout: Aliases for {targetDisplayName}
  actions:
    create: New Target
    delete: Delete Target
    add-host-sources: Add Host Sources
    add-brokered-credential-sources: Add Brokered Credentials
    add-injected-application-credential-sources: Add Injected Application Credentials
    remove-address: Remove address and save
    enable-session-recording: Enable Session Recording
    enable-recording: Enable recording
    view-more-sessions: View more sessions
    add-an-alias: Add an alias
    view-more-aliases: View more aliases
  types:
    tcp: Generic TCP
    ssh: SSH
    rdp: RDP
  help:
    tcp: Generic TCP supports a broad range of connection types.
    ssh: Protocol-aware SSH with support for credential injection.
    rdp: Remote Desktop Protocol for Windows servers.
  filter:
    active-sessions:
      yes: Has active sessions
      no: No active sessions
  form:
    type:
      label: Type
      help: Target type is the protocol with which end users should connect to this target.  Choose Generic TCP for broad support of common protocols including RDP, K8s, many databases, and more.
    target-address:
      label: Target Address
      help: Must be a valid IP address or DNS name. We recommend leaving this blank and using host catalogs and host sets instead if you want to use this target on multiple hosts.
    default_port:
      label: Default Port
      help: The default port on which to connect.
    default_client_port:
      label: Default Client Port
      help: The local proxy port on which to listen by default when a session is started on a client.
      rdp-windows-notice: 'Note: Windows OS prevents port 3389 from being used.'
    sidebar:
      label: Session Recording
      help: Record SSH sessions on this target and save them to a storage bucket.
      link: Session Recording settings
  questions:
    delete-host-sources:
      title: Remove associated host sources?
      message: You have {hostSourceCount, plural, one {# host source} other {# host sources}} associated with this target. Adding an address will remove {hostSourceCount, plural, one {this host source} other {these host sources }} when you save your changes.
  host-source:
    title: Host Source
    title_plural: Host Sources
    messages:
      welcome:
        title: Welcome to Host Sources
        description: No hosts sources in this target.
      none:
        title: No Host Sources Available
        description: No hosts sources available to add to target.
      add:
        title: Add Host Sources
        description: Select host sources to assign to this target.
    questions:
      delete-address:
        title: Remove target address?
        message: This target has an assigned address. Adding a host source will remove the assigned address from the target when you save your changes.
  enable-session-recording:
    title: Enable Session Recording
    messages:
      add:
        title: Enable Session Recording for Target
    form:
      filter:
        label: Record sessions for this target
      select:
        label: Storage buckets
        description: Sessions will be recorded and stored in this location.
  brokered-credential-source:
    title: Brokered Credential
    title_plural: Brokered Credentials
    messages:
      welcome:
        title: Welcome to brokered credentials
        description: No brokered credential sources in this target.
      none:
        title: No Brokered Credential Sources Available
        description: No brokered credential sources available to add to this target.
      add:
        title: Add Brokered Credential Sources
        description: Select brokered credential sources to assign to this target.
  injected-application-credential-source:
    title: Injected Application Credential
    title_plural: Injected Application Credentials
    messages:
      welcome:
        title: Welcome to Injected Application credentials
        description: No Injected application credential sources in this target.
      none:
        title: No Injected Application Credential Sources Available
        description: No Injected Application credential sources available to add to this target.
      add:
        title: Add Injected Application Credential Sources
        description: Select injected Application credential sources to assign to this target.
      alert:
        title: Cannot connect to this target without injected application credentials
        description: Injected application credentials are used by Boundary to sign in to remote resources without showing them to the end-user.
        action: Add injected application credentials
  workers:
    description: You can customize how your workers route traffic to this target by setting up a filter that matches specific worker tags. If your target is in a private network, we recommend setting up an egress filter to specify a worker inside the network so that Boundary can access the host. Ingress and egress filters are allowed to select the same worker.
    messages:
      none:
        description: You haven't added an {type} worker filter yet.
    diagram:
      client: Client
      any-worker: Any worker
      frontline-worker: Frontline worker
      hcp-worker: HCP worker
      egress-worker: Egress worker
      ingress-worker: Ingress worker
      host: Host
      network: Private network
    filter-explainer:
      any-worker: In this configuration, the client will attempt to connect through any client-accessible worker.
      egress-worker: In this configuration, the client will attempt to connect through any filtered egress worker.
      ingress-worker: In this configuration, the client will attempt to connect through any filtered ingress worker.
      hcp-worker: In this configuration, the client will attempt to connect through any HCP-managed worker.
      dual-egress-on: In this configuration, the client will attempt to  connect through any client-accessible "frontline" worker and reach the host through any filtered egress worker.
      dual-egress-on-ingress-on: In this configuration, the client will attempt to connect through any filtered ingress worker and reach the host through any filtered egress worker.
      hcp-dual-egress-on: In this configuration, the client will attempt to connect through any HCP-managed worker and reach the host through any filtered egress worker.
    edit-egress-worker-filter:
      title: Edit Egress Worker Filter
      description: Specify workers that have access to the target (such as within a private network).
    edit-ingress-worker-filter:
      title: Edit Ingress Worker Filter
      description: Specify workers Boundary should use to start the route to this target.
    worker-filter:
      description: The worker filter format for this target.
    accordion-label:
      egress-workers: Egress workers
      ingress-workers: Ingress workers
credential-store:
  title: Credential Store
  title_plural: Credential Stores
  description: A credential store is a collection of credentials and credential libraries.
  messages:
    welcome:
      title: Welcome to Credential Stores
  titles:
    new: New Credential Store
  worker-filter:
    description: A filter used to control which PKI workers can handle Vault requests, allowing the use of private Vault instances with Boundary.
    messages:
      none:
        description: You haven't added a worker filter yet.
      edit:
        description: Specify workers that have access to the credential store.
  actions:
    delete: Delete Credential Store
  types:
    vault: Vault
    static: Static
  help:
    vault: The host details are brokered by a Vault server.
    static: This host uses static credentials, such as a username and password or key pair.
  form:
    address:
      label: Address
      help: The address of the Vault server. This should be a complete URL such as https://127.0.0.1:8200.
    namespace:
      label: Namespace
      help: A Vault namespace. Requires Vault Enterprise.
    ca_cert:
      label: CA Certificate
      help: A PEM-encoded CA certificate to verify the Vault server's TLS certificate.
    tls_server_name:
      label: TLS Server Name
      help: Name to use as the SNI host when connecting to Vault via TLS.
    tls_skip_verify:
      label: TLS Skip Verify
      help: Disable verification of TLS certificates. Using this option is highly discouraged as it decreases the security of data transmissions to and from the Vault server.
    token:
      label: Token
      help: A token used for accessing Vault.
    token_hmac:
      label: Token HMAC
    client_certificate:
      label: Client Certificate
      help: A PEM-encoded client certificate to use for TLS authentication to the Vault server.
    client_certificate_key:
      label: Client Certificate Key
      help: A PEM-encoded private key matching the client certificate from Client Certificate.
    client_certificate_key_hmac:
      label: Client Certificate Key HMAC
credential-library:
  title: Credential Library
  title_plural: Credential Libraries
  description: A credential library is a resource that provides credentials.
  titles:
    new: New Credential Library
    ssh_private_key: SSH Private Key
    username_password: Username & Password
    username_password_domain: Username, Password & Domain
    password: Password
    username_attribute: username_attribute
    password_attribute: password_attribute
    private_key_passphrase_attribute: private_key_passphrase_attribute
    private_key_attribute: private_key_attribute
    domain_attribute: domain_attribute
  actions:
    create: New Credential Library
    delete: Delete Credential Library
  messages:
    none:
      title: No Credential Libraries Available
      description: No Credential Libraries available in this credential store.
  form:
    vault_path:
      label: Vault Path
      help: The path the library uses when requesting credentials from Vault.
    credential_type:
      label: Credential Type
      help: Specify the type of credential this library will issue. This must be set to use credential injection. After this data is saved, it cannot be changed later.
      description: The type of credential the library uses for credential injection.
    credential_mapping_overrides:
      label: Credential mapping overrides
      help: Specify the credential fields to use instead of the defaults
    http_method:
      label: HTTP Method
      help: The HTTP method the library uses when requesting credentials from Vault.
    http_request_body:
      label: HTTP Method POST Request Body
      help: The body of the HTTP request the library sends to Vault when requesting credentials. Only allowed when HTTP method is set to POST.
    username:
      label: Username
      help: The username to use when making an SSH connection. This can be templated to use the requesting user's name. This will be included in the valid_principals when making the request to Vault.
    key_type:
      label: Key Type
      help: Specifies the desired key type to use when generating a private key.
    key_bits:
      label: Key Bits
      help: Specifies the number of bits used generating the private key.
    ttl:
      label: TTL
      help: Specifies the Requested Time to Live for the certificate.
    key_id:
      label: Key ID
      help: Specifies the key id that the created certificate should have.
    critical_options:
      label: Critical Options
      help: Specifies a map of the critical options that the certificate should be signed for.
    extensions:
      label: Extensions
      help: Specifies a map of the extensions that the certificate should be signed for.
  types:
    vault-generic: Generic Secrets
    vault-ssh-certificate: SSH Certificates
    vault-ldap: LDAP
  help:
    vault-generic: Authorize sessions using credentials brokered by Vault
    vault-ssh-certificate: Authorize sessions using the SSH Secrets Engine in Vault
    vault-ldap: Authorize sessions using the LDAP Secrets Engine in Vault
credential:
  title: Credential
  title_plural: Credentials
  description: Credentials are static resources like usernames and passwords.
  titles:
    new: New Credential
  actions:
    create: New Credential
    delete: Delete Credential
  messages:
    none:
      title: No Credentials Available
      description: No Credentials available in this credential store.
  types:
    username_password: Username & Password
    ssh_private_key: Username & Key Pair
    username_password_domain: Username, Password & Domain
    json: JSON
    password: Password
    unknown: Unknown
  help:
    username_password: Connect using the provided username and password.
    ssh_private_key: Connect using a username, public key, and private key.
    json: Connect using a JSON blob containing the credentials.
    username_password_domain: Includes a domain field for Active Directory.
    password: Connect using only a provided password.
  form:
    username:
      label: Username
      help: The username to use when connecting with this credential store.
    password:
      label: Password
      help: The password to use when signing in with this credential store.
    domain:
      label: Domain
      help: The Active Directory domain or FQDN (e.g., contoso.local)
    private_key:
      label: SSH Private Key
      help: The private key to use when connecting with this credential store.
    private_key_passphrase:
      label: Passphrase
    json:
      label: JSON
      help: This is the JSON blob that provides credentials to the host. After this data is saved, you will not be able to edit it again without replacing it.
scope:
  title: Scope
  title_plural: Scopes
  messages:
    cannot_read: While you do not have permission to read this scope, you may have permission to view resources within it.
  types:
    global: Global
    org: Org
    project: Project
managed-group:
  title: Managed Group
  title_plural: Managed Groups
  titles:
    new: New Managed Group
  description: A managed group represents a collection of accounts.
  actions:
    delete: Delete Managed Group
    create: Create Managed Group
  messages:
    welcome:
      title: Welcome to Managed Groups
      description: Create and manage managed groups for an auth method.
  member:
    title: Member
    title_plural: Members
    messages:
      title: Welcome to Members
      description: No members in this managed group.
  form:
    group_names:
      label: Group Names
      help: The list of groups that this Managed Group belongs to.
worker:
  title: Worker
  titles:
    new: New PKI Worker
  description: Workers are the server components that perform the session handling.
  actions:
    register: Register Worker
    delete: Remove Worker
    create_tags: Create New Tags
  messages:
    welcome:
      title: Welcome to Workers
  tooltip:
    hcp: This is a HCP managed worker, you cannot edit or delete this worker’s tags.
    self: To edit config tags, edit them in your worker config file.
  table:
    session_count: Session Count
    ip_address: IP Address
    release_version: Release Version
    tag_count: '{tagCount, plural, =1 {# tag} other {# tags}}'
    tag: Tag
    key: Key
    value: Value
    type: Type
  tags:
    title_plural: Tags
    create:
      title: Create New Tags
      description: Create new API tags. You can only add API tags in the admin UI or CLI.
      link: Config tags are added in the worker config file.
      success: Tag(s) successfully created
    description: Tags are used to define the type of worker and to make it distinguishable amongst other workers.
    messages:
      no-tags:
        title: No tags added
        body: You haven’t added any tags to this worker yet
    remove:
      title: Remove worker tag?
      success: Tag successfully removed
      warning: will be removed but removing these may affect certain targets
      confirm:
        label: Confirm removal
        help: 'Enter “REMOVE” to confirm — this is case-sensitive.'
    edit:
      title: Edit Tag
      description: Edit the existing worker tag
      success: Tag successfully edited
      helper-text: Separate multiple values by comma
    actions:
      remove: Remove Tag
      add: Add tags to this worker
  flyout:
    title: Tags in {workerName}
    action:
      view_more: View more tags
  form:
    cluster_id:
      label: Boundary Cluster ID
      help: The cluster ID is the UUID in the HCP Boundary Controller URL.
    ip_address:
      label: Worker public address
      help: Public IP or address.
    initial_upstreams:
      label: Initial Upstreams
      help: A list of hosts/IP addresses and optionally ports for reaching Boundary cluster.  The port will default to :9201 if not specified.
    config_file_path:
      label: Config file path
      help: The path on your server where you will store your configuration file.
    worker_tags:
      label: Worker Tags
      help: Boundary can use tags to define key-value pairs which targets can use to determine where they should route connections.
    local_session_recording_storage:
      label: Local Session Recording Storage
      help: To record sessions using this worker, specify a local storage path and ensure that it is provisioned with sufficient capacity. In progress recordings are stored locally until they complete, and then moved to the remote storage bucket associated with their target.
    enable_recording_storage_path:
      label: Enable Recording Storage
    recording_storage_path:
      label: Recording Storage Path
      help: Local path on the worker node for temporary file storage.
    steps:
      1:
        title: 1. Configure your new worker
        create_directory: Create a configuration file in a new directory on your server
        create_config: 'Open the file with a text editor, such as Vi. Paste the following configuration into the worker config file:'
        save_config: Save the configuration in your <code>pki-worker.hcl</code> file.
      2:
        title: 2. Install & start Boundary on your server
        run_command: 'Run this command on your server to install Boundary:'
        copy_registration_request: When the server starts, it will print details related to this worker. Copy the value for
      3:
        title: 3. Confirm the worker when they connect
        worker_auth_registration_request:
          label: Worker Auth Registration Request
          help: The registration key provided by this worker when it started
        registered: Registered
policy:
  title: Storage Policy
  title_plural: Storage Policies
  description: A Storage Policy defines how long Session Recordings must be kept and when they should be deleted.
  titles:
    new: New Storage Policy
    policy_name: Policy name
    retain_for: Retain for
    delete_after: Delete after
    do_not_delete: Do not delete
    forever: Forever
    days: days
    policy_description: Store recorded sessions for at least this long.
    create_policy_description: Enable session recording for projects in this org.
    retain_until: Retain until
  actions:
    detach: Detach Storage Policy
    delete: Delete Storage Policy
    add: Add Storage Policy
    apply: Apply the storage policy to this scope and its children
    new: Add a new storage policy
    update: Re-apply storage policy
    delete_recording: Delete recording
  questions:
    detach: Are you sure you want to detach this storage policy?
  messages:
    detach: Successfully detached
    reapply: Successfully reapplied
    later: Policy will be reapplied after the recording has completed
    none:
      title: No storage policies yet
      description: A Storage Policy defines how long Session Recordings must be kept and when they should be deleted. We recommend checking your data retention policies for compliance requirements.
      link: Create a new storage policy
  form:
    retention_policy:
      label: Retention Policy
      help: Specifies how long a recording must be stored.
    deletion_policy:
      label: Deletion Policy
      help: Specifies when to delete a recording
    overridable:
      label: Allow orgs to override
    retention_policy_options:
      forever:
        label: Forever
      custom:
        label: Custom
      do_not_protect:
        label: Do not protect, allow deletion any time
      hipaa:
        label: HIPAA (6 years)
      soc:
        label: SOC 2 (7 years)
    deletion_policy_options:
      do_not_delete:
        label: Do not delete
      custom:
        label: Custom
alias:
  title: Alias
  title_plural: Aliases
  description: An Alias is a DNS-like string associated with a destination resource.
  details: Alias Details
  titles:
    new: New Alias
    resource_id: Resource ID
    points_to: Points to
  messages:
    none:
      title: Welcome to Aliases
      description: No Aliases yet
      link: Create a new alias
    delete: Deleting this alias may break any workflows using it. You can also clear the alias of the resource it points to without deleting it and then edit it to point it to a new resource.
  form:
    options:
      label: Alias options
    type:
      label: Target
      help: Servers, API Endpoints, and network devices
    destination_id:
      label: Target ID
      help: Specify any target across your deployment to associate this alias with
    value:
      label: Alias Value
      help: The alias you would like to use for this resource. If using Windows, using a "." in the hostname is recommended.
    authorize_session_arguments:
      label: Host ID
      help: Always use this host when connecting using this alias
    sidebar:
      help: Use a domain name as a shortcut for anyone with access to this target.
    alias:
      label: Aliases
      help: You can create aliases for this target that will make it easier to reach. Users must have access to this project to use aliases.