Final changes to config sub-system (#8600)

- Introduces changes such as certain types of errors that can be ignored or which need to go into safe mode. - Update help text as per the review
2025-04-11 06:57:49 -04:00 · 2019-12-04 15:32:37 -08:00 · 2019-12-04 15:32:37 -08:00 · c9940d8c3f
commit c9940d8c3f
parent 794eb54da8
65 changed files with 605 additions and 1033 deletions
--- a/cmd/admin-handlers-config-kv.go
+++ b/cmd/admin-handlers-config-kv.go
@ -23,9 +23,17 @@ import (
 	"io"
 	"net/http"
 	"strconv"
 	"strings"
 	"github.com/gorilla/mux"
 	"github.com/minio/minio/cmd/config"
 	"github.com/minio/minio/cmd/config/cache"
 	"github.com/minio/minio/cmd/config/etcd"
 	xldap "github.com/minio/minio/cmd/config/identity/ldap"
 	"github.com/minio/minio/cmd/config/identity/openid"
 	"github.com/minio/minio/cmd/config/policy/opa"
 	"github.com/minio/minio/cmd/config/storageclass"
 	"github.com/minio/minio/cmd/crypto"
 	"github.com/minio/minio/cmd/logger"
 	iampolicy "github.com/minio/minio/pkg/iam/policy"
 	"github.com/minio/minio/pkg/madmin"
@ -417,15 +425,45 @@ func (a adminAPIHandlers) GetConfigHandler(w http.ResponseWriter, r *http.Reques
 		return
 	}
-	var buf = &bytes.Buffer{}
+	var s strings.Builder
-	cw := config.NewConfigWriteTo(cfg, "")
+	hkvs := config.HelpSubSysMap[""]
-	if _, err = cw.WriteTo(buf); err != nil {
+	for _, hkv := range hkvs {
-		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
+		v := cfg[hkv.Key]
-		return
+		for target, kv := range v {
 			off := kv.Get(config.Enable) == config.EnableOff
 			switch hkv.Key {
 			case config.EtcdSubSys:
 				off = !etcd.Enabled(kv)
 			case config.CacheSubSys:
 				off = !cache.Enabled(kv)
 			case config.StorageClassSubSys:
 				off = !storageclass.Enabled(kv)
 			case config.KmsVaultSubSys:
 				off = !crypto.Enabled(kv)
 			case config.PolicyOPASubSys:
 				off = !opa.Enabled(kv)
 			case config.IdentityOpenIDSubSys:
 				off = !openid.Enabled(kv)
 			case config.IdentityLDAPSubSys:
 				off = !xldap.Enabled(kv)
 			}
 			if off {
 				s.WriteString(config.KvComment)
 				s.WriteString(config.KvSpaceSeparator)
 			}
 			s.WriteString(hkv.Key)
 			if target != config.Default {
 				s.WriteString(config.SubSystemSeparator)
 				s.WriteString(target)
 			}
 			s.WriteString(config.KvSpaceSeparator)
 			s.WriteString(kv.String())
 			s.WriteString(config.KvNewline)
 		}
 	}
 	password := globalActiveCred.SecretKey
-	econfigData, err := madmin.EncryptData(password, buf.Bytes())
+	econfigData, err := madmin.EncryptData(password, []byte(s.String()))
 	if err != nil {
 		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
 		return
--- a/cmd/common-main.go
+++ b/cmd/common-main.go
@ -158,7 +158,7 @@ func handleCommonCmdArgs(ctx *cli.Context) {
 func handleCommonEnvVars() {
 	var err error
-	globalBrowserEnabled, err = config.ParseBool(env.Get(config.EnvBrowser, config.StateOn))
+	globalBrowserEnabled, err = config.ParseBool(env.Get(config.EnvBrowser, config.EnableOn))
 	if err != nil {
 		logger.Fatal(config.ErrInvalidBrowserValue(err), "Invalid MINIO_BROWSER value in environment variable")
 	}
@ -202,7 +202,7 @@ func handleCommonEnvVars() {
 	// In place update is true by default if the MINIO_UPDATE is not set
 	// or is not set to 'off', if MINIO_UPDATE is set to 'off' then
 	// in-place update is off.
-	globalInplaceUpdateDisabled = strings.EqualFold(env.Get(config.EnvUpdate, config.StateOn), config.StateOff)
+	globalInplaceUpdateDisabled = strings.EqualFold(env.Get(config.EnvUpdate, config.EnableOn), config.EnableOff)
 	if env.IsSet(config.EnvAccessKey) || env.IsSet(config.EnvSecretKey) {
 		cred, err := auth.CreateCredentials(env.Get(config.EnvAccessKey, ""), env.Get(config.EnvSecretKey, ""))
--- a/cmd/config-current.go
+++ b/cmd/config-current.go
@ -18,6 +18,7 @@ package cmd
 import (
 	"context"
 	"fmt"
 	"strings"
 	"sync"
@ -39,12 +40,11 @@ import (
 	"github.com/minio/minio/pkg/env"
 )
-func init() {
+func initHelp() {
 	var kvs = map[string]config.KVS{
 		config.EtcdSubSys:           etcd.DefaultKVS,
 		config.CacheSubSys:          cache.DefaultKVS,
 		config.CompressionSubSys:    compress.DefaultKVS,
 		config.StorageClassSubSys:   storageclass.DefaultKVS,
 		config.IdentityLDAPSubSys:   xldap.DefaultKVS,
 		config.IdentityOpenIDSubSys: openid.DefaultKVS,
 		config.PolicyOPASubSys:      opa.DefaultKVS,
@ -57,115 +57,123 @@ func init() {
 	for k, v := range notify.DefaultNotificationKVS {
 		kvs[k] = v
 	}
 	if globalIsXL {
 		kvs[config.StorageClassSubSys] = storageclass.DefaultKVS
 	}
 	config.RegisterDefaultKVS(kvs)
 	// Captures help for each sub-system
 	var helpSubSys = config.HelpKVS{
 		config.HelpKV{
 			Key:         config.RegionSubSys,
-			Description: "Configure to describe the physical location of the server",
+			Description: "label the location of the server",
 		},
 		config.HelpKV{
 			Key:         config.StorageClassSubSys,
 			Description: "Configure to control data and parity per object",
 		},
 		config.HelpKV{
 			Key:         config.CacheSubSys,
-			Description: "Configure to enable edge caching",
+			Description: "add caching storage tier",
 		},
 		config.HelpKV{
 			Key:         config.CompressionSubSys,
-			Description: "Configure to enable streaming on disk compression",
+			Description: "enable server side compression of objects",
 		},
 		config.HelpKV{
 			Key:         config.EtcdSubSys,
-			Description: "Configure to enable 'etcd' configuration",
+			Description: "federate multiple clusters for IAM and Bucket DNS",
 		},
 		config.HelpKV{
 			Key:         config.IdentityOpenIDSubSys,
-			Description: "Configure to enable OpenID SSO support",
+			Description: "enable OpenID SSO support",
 		},
 		config.HelpKV{
 			Key:         config.IdentityLDAPSubSys,
-			Description: "Configure to enable LDAP SSO support",
+			Description: "enable LDAP SSO support",
 		},
 		config.HelpKV{
 			Key:         config.PolicyOPASubSys,
-			Description: "Configure to enable external OPA policy support",
+			Description: "enable external OPA for policy enforcement",
 		},
 		config.HelpKV{
 			Key:         config.KmsVaultSubSys,
-			Description: "Configure to enable Vault based external KMS",
+			Description: "enable external HashiCorp Vault for KMS",
 		},
 		config.HelpKV{
 			Key:             config.LoggerWebhookSubSys,
-			Description:     "Configure to enable Webhook based logger",
+			Description:     "send server logs to webhook endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.AuditWebhookSubSys,
-			Description:     "Configure to enable Webhook based audit logger",
+			Description:     "send audit logs to webhook endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyWebhookSubSys,
-			Description:     "Configure to publish events to Webhook target",
+			Description:     "publish bucket notifications to webhook endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyAMQPSubSys,
-			Description:     "Configure to publish events to AMQP target",
+			Description:     "publish bucket notifications to AMQP endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyKafkaSubSys,
-			Description:     "Configure to publish events to Kafka target",
+			Description:     "publish bucket notifications to Kafka endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyMQTTSubSys,
-			Description:     "Configure to publish events to MQTT target",
+			Description:     "publish bucket notifications to MQTT endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyNATSSubSys,
-			Description:     "Configure to publish events to NATS target",
+			Description:     "publish bucket notifications to NATS endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyNSQSubSys,
-			Description:     "Configure to publish events to NSQ target",
+			Description:     "publish bucket notifications to NSQ endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyMySQLSubSys,
-			Description:     "Configure to publish events to MySQL target",
+			Description:     "publish bucket notifications to MySQL endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyPostgresSubSys,
-			Description:     "Configure to publish events to Postgres target",
+			Description:     "publish bucket notifications to Postgres endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyRedisSubSys,
-			Description:     "Configure to publish events to Redis target",
+			Description:     "publish bucket notifications to Redis endpoints",
 			MultipleTargets: true,
 		},
 		config.HelpKV{
 			Key:             config.NotifyESSubSys,
-			Description:     "Configure to publish events to Elasticsearch target",
+			Description:     "publish bucket notifications to Elasticsearch endpoints",
 			MultipleTargets: true,
 		},
 	}
 	if globalIsXL {
 		helpSubSys = append(helpSubSys, config.HelpKV{})
 		copy(helpSubSys[2:], helpSubSys[1:])
 		helpSubSys[1] = config.HelpKV{
 			Key:         config.StorageClassSubSys,
 			Description: "define object level redundancy",
 		}
 	}
 	var helpMap = map[string]config.HelpKVS{
 		"":                          helpSubSys, // Help for all sub-systems.
 		config.RegionSubSys:         config.RegionHelp,
 		config.StorageClassSubSys:   storageclass.Help,
 		config.EtcdSubSys:           etcd.Help,
 		config.CacheSubSys:          cache.Help,
 		config.CompressionSubSys:    compress.Help,
 		config.StorageClassSubSys:   storageclass.Help,
 		config.IdentityOpenIDSubSys: openid.Help,
 		config.IdentityLDAPSubSys:   xldap.Help,
 		config.PolicyOPASubSys:      opa.Help,
@ -249,6 +257,9 @@ func validateConfig(s config.Config) error {
 			if _, err = crypto.NewKMS(kmsCfg); err != nil {
 				return err
 			}
 			// Disable merging env values for the rest.
 			env.SetEnvOff()
 		}
 	}
@ -279,18 +290,18 @@ func lookupConfigs(s config.Config) (err error) {
 		// Env doesn't seem to be set, we fallback to lookup creds from the config.
 		globalActiveCred, err = config.LookupCreds(s[config.CredentialsSubSys][config.Default])
 		if err != nil {
-			return config.Errorf("Invalid credentials configuration: %s", err)
+			return fmt.Errorf("Invalid credentials configuration: %w", err)
 		}
 	}
 	etcdCfg, err := xetcd.LookupConfig(s[config.EtcdSubSys][config.Default], globalRootCAs)
 	if err != nil {
-		return config.Errorf("Unable to initialize etcd config: %s", err)
+		return fmt.Errorf("Unable to initialize etcd config: %w", err)
 	}
 	globalEtcdClient, err = xetcd.New(etcdCfg)
 	if err != nil {
-		return config.Errorf("Unable to initialize etcd config: %s", err)
+		return fmt.Errorf("Unable to initialize etcd config: %w", err)
 	}
 	if len(globalDomainNames) != 0 && !globalDomainIPs.IsEmpty() && globalEtcdClient != nil {
@ -301,51 +312,51 @@ func lookupConfigs(s config.Config) (err error) {
 			dns.CoreDNSPath(etcdCfg.CoreDNSPath),
 		)
 		if err != nil {
-			return config.Errorf("Unable to initialize DNS config for %s: %s", globalDomainNames, err)
+			return config.Errorf(config.SafeModeKind,
 				"Unable to initialize DNS config for %s: %s", globalDomainNames, err)
 		}
 	}
 	globalServerRegion, err = config.LookupRegion(s[config.RegionSubSys][config.Default])
 	if err != nil {
-		return config.Errorf("Invalid region configuration: %s", err)
+		return fmt.Errorf("Invalid region configuration: %w", err)
 	}
 	globalWORMEnabled, err = config.LookupWorm()
 	if err != nil {
-		return config.Errorf("Invalid worm configuration: %s", err)
+		return fmt.Errorf("Invalid worm configuration: %w", err)
 	}
 	if globalIsXL {
 		globalStorageClass, err = storageclass.LookupConfig(s[config.StorageClassSubSys][config.Default],
 			globalXLSetDriveCount)
 		if err != nil {
-			return config.Errorf("Unable to initialize storage class config: %s", err)
+			return fmt.Errorf("Unable to initialize storage class config: %w", err)
 		}
 	}
 	globalCacheConfig, err = cache.LookupConfig(s[config.CacheSubSys][config.Default])
 	if err != nil {
-		return config.Errorf("Unable to setup cache: %s", err)
+		return fmt.Errorf("Unable to setup cache: %w", err)
 	}
 	if globalCacheConfig.Enabled {
 		if cacheEncKey := env.Get(cache.EnvCacheEncryptionMasterKey, ""); cacheEncKey != "" {
 			globalCacheKMS, err = crypto.ParseMasterKey(cacheEncKey)
 			if err != nil {
-				return config.Errorf("Unable to setup encryption cache: %s", err)
+				return fmt.Errorf("Unable to setup encryption cache: %w", err)
 			}
 		}
 	}
 	kmsCfg, err := crypto.LookupConfig(s[config.KmsVaultSubSys][config.Default])
 	if err != nil {
-		return config.Errorf("Unable to setup KMS config: %s", err)
+		return fmt.Errorf("Unable to setup KMS config: %w", err)
 	}
 	GlobalKMS, err = crypto.NewKMS(kmsCfg)
 	if err != nil {
-		return config.Errorf("Unable to setup KMS with current KMS config: %s", err)
+		return fmt.Errorf("Unable to setup KMS with current KMS config: %w", err)
 	}
 	// Enable auto-encryption if enabled
@ -353,19 +364,19 @@ func lookupConfigs(s config.Config) (err error) {
 	globalCompressConfig, err = compress.LookupConfig(s[config.CompressionSubSys][config.Default])
 	if err != nil {
-		return config.Errorf("Unable to setup Compression: %s", err)
+		return fmt.Errorf("Unable to setup Compression: %w", err)
 	}
 	globalOpenIDConfig, err = openid.LookupConfig(s[config.IdentityOpenIDSubSys][config.Default],
 		NewCustomHTTPTransport(), xhttp.DrainBody)
 	if err != nil {
-		return config.Errorf("Unable to initialize OpenID: %s", err)
+		return fmt.Errorf("Unable to initialize OpenID: %w", err)
 	}
 	opaCfg, err := opa.LookupConfig(s[config.PolicyOPASubSys][config.Default],
 		NewCustomHTTPTransport(), xhttp.DrainBody)
 	if err != nil {
-		return config.Errorf("Unable to initialize OPA: %s", err)
+		return fmt.Errorf("Unable to initialize OPA: %w", err)
 	}
 	globalOpenIDValidators = getOpenIDValidators(globalOpenIDConfig)
@ -374,7 +385,7 @@ func lookupConfigs(s config.Config) (err error) {
 	globalLDAPConfig, err = xldap.Lookup(s[config.IdentityLDAPSubSys][config.Default],
 		globalRootCAs)
 	if err != nil {
-		return config.Errorf("Unable to parse LDAP configuration: %s", err)
+		return fmt.Errorf("Unable to parse LDAP configuration: %w", err)
 	}
 	// Load logger targets based on user's configuration
@ -382,7 +393,7 @@ func lookupConfigs(s config.Config) (err error) {
 	loggerCfg, err := logger.LookupConfig(s)
 	if err != nil {
-		return config.Errorf("Unable to initialize logger: %s", err)
+		return fmt.Errorf("Unable to initialize logger: %w", err)
 	}
 	for _, l := range loggerCfg.HTTP {
@ -420,24 +431,32 @@ func GetHelp(subSys, key string, envOnly bool) (Help, error) {
 	}
 	subSystemValue := strings.SplitN(subSys, config.SubSystemSeparator, 2)
 	if len(subSystemValue) == 0 {
-		return Help{}, config.Errorf("invalid number of arguments %s", subSys)
+		return Help{}, config.Errorf(
 			config.SafeModeKind,
 			"invalid number of arguments %s", subSys)
 	}
 	subSys = subSystemValue[0]
 	subSysHelp, ok := config.HelpSubSysMap[""].Lookup(subSys)
 	if !ok {
-		return Help{}, config.Errorf("unknown sub-system %s", subSys)
+		return Help{}, config.Errorf(
 			config.SafeModeKind,
 			"unknown sub-system %s", subSys)
 	}
 	h, ok := config.HelpSubSysMap[subSys]
 	if !ok {
-		return Help{}, config.Errorf("unknown sub-system %s", subSys)
+		return Help{}, config.Errorf(
 			config.SafeModeKind,
 			"unknown sub-system %s", subSys)
 	}
 	if key != "" {
 		value, ok := h.Lookup(key)
 		if !ok {
-			return Help{}, config.Errorf("unknown key %s for sub-system %s", key, subSys)
+			return Help{}, config.Errorf(
 				config.SafeModeKind,
 				"unknown key %s for sub-system %s", key, subSys)
 		}
 		h = config.HelpKVS{value}
 	}
--- a/cmd/config/cache/help.go
+++ b/cmd/config/cache/help.go
@ -23,30 +23,30 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         Drives,
-			Description: `List of mounted drives or directories delimited by ","`,
+			Description: `comma separated mountpoints e.g. "/optane1,/optane2"`,
 			Type:        "csv",
 		},
 		config.HelpKV{
 			Key:         Exclude,
 			Description: `List of wildcard based cache exclusion patterns delimited by ","`,
 			Optional:    true,
 			Type:        "csv",
 		},
 		config.HelpKV{
 			Key:         Expiry,
-			Description: `Cache expiry duration in days. eg: "90"`,
+			Description: `cache expiry duration in days e.g. "90"`,
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         Quota,
-			Description: `Maximum permitted usage of the cache in percentage (0-100)`,
+			Description: `limit cache drive usage in percentage e.g. "90"`,
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         Exclude,
 			Description: `comma separated wildcard exclusion patterns e.g. "bucket/*.tmp,*.exe"`,
 			Optional:    true,
 			Type:        "csv",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the 'cache' settings",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/config/cache/legacy.go
+++ b/cmd/config/cache/legacy.go
@ -34,10 +34,6 @@ func SetCacheConfig(s config.Config, cfg Config) {
 		return
 	}
 	s[config.CacheSubSys][config.Default] = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOn,
 		},
 		config.KV{
 			Key:   Drives,
 			Value: strings.Join(cfg.Drives, cacheDelimiter),
--- a/cmd/config/cache/lookup.go
+++ b/cmd/config/cache/lookup.go
@ -32,7 +32,6 @@ const (
 	MaxUse  = "maxuse"
 	Quota   = "quota"
 	EnvCacheState               = "MINIO_CACHE_STATE"
 	EnvCacheDrives              = "MINIO_CACHE_DRIVES"
 	EnvCacheExclude             = "MINIO_CACHE_EXCLUDE"
 	EnvCacheExpiry              = "MINIO_CACHE_EXPIRY"
@ -47,10 +46,6 @@ const (
 // DefaultKVS - default KV settings for caching.
 var (
 	DefaultKVS = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOff,
 		},
 		config.KV{
 			Key:   Drives,
 			Value: "",
@ -74,6 +69,12 @@ const (
 	cacheDelimiter = ","
 )
 // Enabled returns if cache is enabled.
 func Enabled(kvs config.KVS) bool {
 	drives := kvs.Get(Drives)
 	return drives != ""
 }
 // LookupConfig - extracts cache configuration provided by environment
 // variables and merge them with provided CacheConfiguration.
 func LookupConfig(kvs config.KVS) (Config, error) {
@ -84,28 +85,7 @@ func LookupConfig(kvs config.KVS) (Config, error) {
 	}
 	drives := env.Get(EnvCacheDrives, kvs.Get(Drives))
-	if len(drives) > 0 {
+	if len(drives) == 0 {
 		// Drives is not-empty means user wishes to enable this explicitly, but
 		// check if ENV is set to false to disable caching.
 		stateBool, err := config.ParseBool(env.Get(EnvCacheState, config.StateOn))
 		if err != nil {
 			return cfg, err
 		}
 		if !stateBool {
 			return cfg, nil
 		}
 	} else {
 		// Check if cache is explicitly disabled
 		stateBool, err := config.ParseBool(env.Get(EnvCacheState, kvs.Get(config.State)))
 		if err != nil {
 			if kvs.Empty() {
 				return cfg, nil
 			}
 			return cfg, err
 		}
 		if stateBool {
 			return cfg, config.Error("'drives' key cannot be empty to enable caching")
 		}
 		return cfg, nil
 	}
--- a/cmd/config/compress/compress.go
+++ b/cmd/config/compress/compress.go
@ -36,7 +36,7 @@ const (
 	Extensions = "extensions"
 	MimeTypes  = "mime_types"
-	EnvCompressState      = "MINIO_COMPRESS_STATE"
+	EnvCompressState      = "MINIO_COMPRESS_ENABLE"
 	EnvCompressExtensions = "MINIO_COMPRESS_EXTENSIONS"
 	EnvCompressMimeTypes  = "MINIO_COMPRESS_MIME_TYPES"
@ -49,8 +49,8 @@ const (
 var (
 	DefaultKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   Extensions,
@ -87,7 +87,7 @@ func LookupConfig(kvs config.KVS) (Config, error) {
 	compress := env.Get(EnvCompress, "")
 	if compress == "" {
-		compress = env.Get(EnvCompressState, kvs.Get(config.State))
+		compress = env.Get(EnvCompressState, kvs.Get(config.Enable))
 	}
 	cfg.Enabled, err = config.ParseBool(compress)
 	if err != nil {
--- a/cmd/config/compress/help.go
+++ b/cmd/config/compress/help.go
@ -23,19 +23,19 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         Extensions,
-			Description: `Comma separated file extensions to compress eg: ".txt,.log,.csv"`,
+			Description: `comma separated file extensions e.g. ".txt,.log,.csv"`,
 			Optional:    true,
 			Type:        "csv",
 		},
 		config.HelpKV{
 			Key:         MimeTypes,
-			Description: `Comma separate wildcard mime-types to compress eg: "text/*,application/json,application/xml"`,
+			Description: `comma separated wildcard mime-types e.g. "text/*,application/json,application/xml"`,
 			Optional:    true,
 			Type:        "csv",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the compression setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/config/compress/legacy.go
+++ b/cmd/config/compress/legacy.go
@ -36,8 +36,8 @@ func SetCompressionConfig(s config.Config, cfg Config) {
 	}
 	s[config.CompressionSubSys][config.Default] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   Extensions,
--- a/cmd/config/config.go
+++ b/cmd/config/config.go
@ -31,27 +31,39 @@ import (
 )
 // Error config error type
-type Error string
+type Error struct {
 	Kind ErrorKind
 	Err  string
 }
 // ErrorKind config error kind
 type ErrorKind int8
 // Various error kinds.
 const (
 	ContinueKind ErrorKind = iota + 1
 	SafeModeKind
 )
 // Errorf - formats according to a format specifier and returns
 // the string as a value that satisfies error of type config.Error
-func Errorf(format string, a ...interface{}) error {
+func Errorf(errKind ErrorKind, format string, a ...interface{}) error {
-	return Error(fmt.Sprintf(format, a...))
+	return Error{Kind: errKind, Err: fmt.Sprintf(format, a...)}
 }
 func (e Error) Error() string {
-	return string(e)
+	return e.Err
 }
 // Default keys
 const (
 	Default = madmin.Default
-	State   = madmin.StateKey
+	Enable  = madmin.EnableKey
 	Comment = madmin.CommentKey
-	// State values
+	// Enable values
-	StateOn  = madmin.StateOn
+	EnableOn  = madmin.EnableOn
-	StateOff = madmin.StateOff
+	EnableOff = madmin.EnableOff
 	RegionName = "name"
 	AccessKey  = "access_key"
@ -67,7 +79,7 @@ const (
 	CacheSubSys          = "cache"
 	RegionSubSys         = "region"
 	EtcdSubSys           = "etcd"
-	StorageClassSubSys   = "storageclass"
+	StorageClassSubSys   = "storage_class"
 	CompressionSubSys    = "compression"
 	KmsVaultSubSys       = "kms_vault"
 	LoggerWebhookSubSys  = "logger_webhook"
@ -195,19 +207,41 @@ func (kvs KVS) String() string {
 	var s strings.Builder
 	for _, kv := range kvs {
 		// Do not need to print if state is on
-		if kv.Key == State && kv.Value == StateOn {
+		if kv.Key == Enable && kv.Value == EnableOn {
 			continue
 		}
 		s.WriteString(kv.Key)
 		s.WriteString(KvSeparator)
-		s.WriteString(KvDoubleQuote)
+		spc := madmin.HasSpace(kv.Value)
 		if spc {
 			s.WriteString(KvDoubleQuote)
 		}
 		s.WriteString(kv.Value)
-		s.WriteString(KvDoubleQuote)
+		if spc {
 			s.WriteString(KvDoubleQuote)
 		}
 		s.WriteString(KvSpaceSeparator)
 	}
 	return s.String()
 }
 // Set sets a value, if not sets a default value.
 func (kvs *KVS) Set(key, value string) {
 	for i, kv := range *kvs {
 		if kv.Key == key {
 			(*kvs)[i] = KV{
 				Key:   key,
 				Value: value,
 			}
 			return
 		}
 	}
 	*kvs = append(*kvs, KV{
 		Key:   key,
 		Value: value,
 	})
 }
 // Get - returns the value of a key, if not found returns empty.
 func (kvs KVS) Get(key string) string {
 	v, ok := kvs.Lookup(key)
@ -230,25 +264,6 @@ func (kvs KVS) Lookup(key string) (string, bool) {
 // Config - MinIO server config structure.
 type Config map[string]map[string]KVS
 func (c Config) String() string {
 	var s strings.Builder
 	hkvs := HelpSubSysMap[""]
 	for _, hkv := range hkvs {
 		v := c[hkv.Key]
 		for target, kv := range v {
 			s.WriteString(hkv.Key)
 			if target != Default {
 				s.WriteString(SubSystemSeparator)
 				s.WriteString(target)
 			}
 			s.WriteString(KvSpaceSeparator)
 			s.WriteString(kv.String())
 			s.WriteString(KvNewline)
 		}
 	}
 	return s.String()
 }
 // DelFrom - deletes all keys in the input reader.
 func (c Config) DelFrom(r io.Reader) error {
 	scanner := bufio.NewScanner(r)
@ -303,10 +318,6 @@ func NewConfigWriteTo(cfg Config, key string) io.WriterTo {
 // WriteTo - implements io.WriterTo interface implementation for config.
 func (c *configWriteTo) WriteTo(w io.Writer) (int64, error) {
 	if c.filterByKey == "" {
 		n, err := w.Write([]byte(c.String()))
 		return int64(n), err
 	}
 	kvs, err := c.GetKVS(c.filterByKey, DefaultKVS)
 	if err != nil {
 		return 0, err
@ -329,10 +340,6 @@ func (c *configWriteTo) WriteTo(w io.Writer) (int64, error) {
 // Default KV configs for worm and region
 var (
 	DefaultCredentialKVS = KVS{
 		KV{
 			Key:   State,
 			Value: StateOff,
 		},
 		KV{
 			Key:   AccessKey,
 			Value: auth.DefaultAccessKey,
@ -344,10 +351,6 @@ var (
 	}
 	DefaultRegionKVS = KVS{
 		KV{
 			Key:   State,
 			Value: StateOff,
 		},
 		KV{
 			Key:   RegionName,
 			Value: "",
@ -384,7 +387,8 @@ func LookupRegion(kv KVS) (string, error) {
 		if validRegionRegex.MatchString(region) {
 			return region, nil
 		}
-		return "", Errorf("region '%s' is invalid, expected simple characters such as [us-east-1, myregion...]",
+		return "", Errorf(SafeModeKind,
 			"region '%s' is invalid, expected simple characters such as [us-east-1, myregion...]",
 			region)
 	}
 	return "", nil
@ -400,14 +404,16 @@ func CheckValidKeys(subSys string, kv KVS, validKVS KVS) error {
 		}
 	}
 	if len(nkv) > 0 {
-		return Errorf("found invalid keys (%s) for '%s' sub-system", nkv.String(), subSys)
+		return Errorf(
 			ContinueKind,
 			"found invalid keys (%s) for '%s' sub-system, use 'mc admin config reset myminio %s' to fix invalid keys", nkv.String(), subSys, subSys)
 	}
 	return nil
 }
 // LookupWorm - check if worm is enabled
 func LookupWorm() (bool, error) {
-	return ParseBool(env.Get(EnvWorm, StateOff))
+	return ParseBool(env.Get(EnvWorm, EnableOff))
 }
 // New - initialize a new server config.
@ -423,15 +429,15 @@ func New() Config {
 // GetKVS - get kvs from specific subsystem.
 func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (map[string]KVS, error) {
 	if len(s) == 0 {
-		return nil, Error("input cannot be empty")
+		return nil, Errorf(SafeModeKind, "input cannot be empty")
 	}
 	inputs := strings.Fields(s)
 	if len(inputs) > 1 {
-		return nil, Errorf("invalid number of arguments %s", s)
+		return nil, Errorf(SafeModeKind, "invalid number of arguments %s", s)
 	}
 	subSystemValue := strings.SplitN(inputs[0], SubSystemSeparator, 2)
 	if len(subSystemValue) == 0 {
-		return nil, Errorf("invalid number of arguments %s", s)
+		return nil, Errorf(SafeModeKind, "invalid number of arguments %s", s)
 	}
 	found := SubSystems.Contains(subSystemValue[0])
 	if !found {
@ -440,7 +446,7 @@ func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (map[string]KVS, err
 		found = !SubSystems.FuncMatch(strings.HasPrefix, subSystemValue[0]).IsEmpty() && len(subSystemValue) == 1
 	}
 	if !found {
-		return nil, Errorf("unknown sub-system %s", s)
+		return nil, Errorf(SafeModeKind, "unknown sub-system %s", s)
 	}
 	kvs := make(map[string]KVS)
@ -448,11 +454,11 @@ func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (map[string]KVS, err
 	subSysPrefix := subSystemValue[0]
 	if len(subSystemValue) == 2 {
 		if len(subSystemValue[1]) == 0 {
-			return nil, Errorf("sub-system target '%s' cannot be empty", s)
+			return nil, Errorf(SafeModeKind, "sub-system target '%s' cannot be empty", s)
 		}
 		kvs[inputs[0]], ok = c[subSysPrefix][subSystemValue[1]]
 		if !ok {
-			return nil, Errorf("sub-system target '%s' doesn't exist", s)
+			return nil, Errorf(SafeModeKind, "sub-system target '%s' doesn't exist", s)
 		}
 	} else {
 		for subSys, subSysTgts := range c {
@ -478,30 +484,32 @@ func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (map[string]KVS, err
 // DelKVS - delete a specific key.
 func (c Config) DelKVS(s string) error {
 	if len(s) == 0 {
-		return Error("input arguments cannot be empty")
+		return Errorf(SafeModeKind, "input arguments cannot be empty")
 	}
 	inputs := strings.Fields(s)
 	if len(inputs) > 1 {
-		return Errorf("invalid number of arguments %s", s)
+		return Errorf(SafeModeKind, "invalid number of arguments %s", s)
 	}
 	subSystemValue := strings.SplitN(inputs[0], SubSystemSeparator, 2)
 	if len(subSystemValue) == 0 {
-		return Errorf("invalid number of arguments %s", s)
+		return Errorf(SafeModeKind, "invalid number of arguments %s", s)
 	}
 	if !SubSystems.Contains(subSystemValue[0]) {
-		return Errorf("unknown sub-system %s", s)
+		// Unknown sub-system found try to remove it anyways.
 		delete(c, subSystemValue[0])
 		return nil
 	}
 	tgt := Default
 	subSys := subSystemValue[0]
 	if len(subSystemValue) == 2 {
 		if len(subSystemValue[1]) == 0 {
-			return Errorf("sub-system target '%s' cannot be empty", s)
+			return Errorf(SafeModeKind, "sub-system target '%s' cannot be empty", s)
 		}
 		tgt = subSystemValue[1]
 	}
 	_, ok := c[subSys][tgt]
 	if !ok {
-		return Errorf("sub-system %s already deleted", s)
+		return Errorf(SafeModeKind, "sub-system %s already deleted", s)
 	}
 	delete(c[subSys], tgt)
 	return nil
@ -522,23 +530,23 @@ func (c Config) Clone() Config {
 // SetKVS - set specific key values per sub-system.
 func (c Config) SetKVS(s string, defaultKVS map[string]KVS) error {
 	if len(s) == 0 {
-		return Error("input arguments cannot be empty")
+		return Errorf(SafeModeKind, "input arguments cannot be empty")
 	}
 	inputs := strings.SplitN(s, KvSpaceSeparator, 2)
 	if len(inputs) <= 1 {
-		return Errorf("invalid number of arguments '%s'", s)
+		return Errorf(SafeModeKind, "invalid number of arguments '%s'", s)
 	}
 	subSystemValue := strings.SplitN(inputs[0], SubSystemSeparator, 2)
 	if len(subSystemValue) == 0 {
-		return Errorf("invalid number of arguments %s", s)
+		return Errorf(SafeModeKind, "invalid number of arguments %s", s)
 	}
 	if !SubSystems.Contains(subSystemValue[0]) {
-		return Errorf("unknown sub-system %s", s)
+		return Errorf(SafeModeKind, "unknown sub-system %s", s)
 	}
 	if SubSystemsSingleTargets.Contains(subSystemValue[0]) && len(subSystemValue) == 2 {
-		return Errorf("sub-system '%s' only supports single target", subSystemValue[0])
+		return Errorf(SafeModeKind, "sub-system '%s' only supports single target", subSystemValue[0])
 	}
 	var kvs = KVS{}
@ -559,7 +567,7 @@ func (c Config) SetKVS(s string, defaultKVS map[string]KVS) error {
 			continue
 		}
 		if len(kv) == 1 {
-			return Errorf("key '%s', cannot have empty value", kv[0])
+			return Errorf(SafeModeKind, "key '%s', cannot have empty value", kv[0])
 		}
 		prevK = kv[0]
 		kvs = append(kvs, KV{
@ -574,21 +582,30 @@ func (c Config) SetKVS(s string, defaultKVS map[string]KVS) error {
 		tgt = subSystemValue[1]
 	}
-	// Save client sent kvs
+	_, ok := kvs.Lookup(Enable)
-	c[subSys][tgt] = kvs
+	// Check if state is required
-	_, ok := c[subSys][tgt].Lookup(State)
+	_, defaultOk := defaultKVS[subSys].Lookup(Enable)
-	if !ok {
+	if !ok && defaultOk {
 		// implicit state "on" if not specified.
-		c[subSys][tgt] = append(c[subSys][tgt], KV{
+		kvs = append(kvs, KV{
-			Key:   State,
+			Key:   Enable,
-			Value: StateOn,
+			Value: EnableOn,
 		})
 	}
-	for _, kv := range defaultKVS[subSys] {
+
-		_, ok := c[subSys][tgt].Lookup(kv.Key)
+	currKVS := c[subSys][tgt]
 	for _, kv := range kvs {
 		currKVS.Set(kv.Key, kv.Value)
 	}
 	for _, defaultKV := range defaultKVS[subSys] {
 		_, ok := c[subSys][tgt].Lookup(defaultKV.Key)
 		if !ok {
-			c[subSys][tgt] = append(c[subSys][tgt], kv)
+			currKVS.Set(defaultKV.Key, defaultKV.Value)
 		}
 	}
 	copy(c[subSys][tgt], currKVS)
 	return nil
 }
--- a/cmd/config/errors-utils.go
+++ b/cmd/config/errors-utils.go
--- a/cmd/config/etcd/etcd.go
+++ b/cmd/config/etcd/etcd.go
@ -19,7 +19,6 @@ package etcd
 import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"strings"
 	"time"
@ -44,7 +43,6 @@ const (
 	ClientCert    = "client_cert"
 	ClientCertKey = "client_cert_key"
 	EnvEtcdState         = "MINIO_ETCD_STATE"
 	EnvEtcdEndpoints     = "MINIO_ETCD_ENDPOINTS"
 	EnvEtcdPathPrefix    = "MINIO_ETCD_PATH_PREFIX"
 	EnvEtcdCoreDNSPath   = "MINIO_ETCD_COREDNS_PATH"
@ -55,10 +53,6 @@ const (
 // DefaultKVS - default KV settings for etcd.
 var (
 	DefaultKVS = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOff,
 		},
 		config.KV{
 			Key:   Endpoints,
 			Value: "",
@ -115,7 +109,8 @@ func parseEndpoints(endpoints string) ([]string, bool, error) {
 			return nil, false, err
 		}
 		if etcdSecure && u.Scheme == "http" {
-			return nil, false, fmt.Errorf("all endpoints should be https or http: %s", endpoint)
+			return nil, false, config.Errorf(config.SafeModeKind,
 				"all endpoints should be https or http: %s", endpoint)
 		}
 		// If one of the endpoint is https, we will use https directly.
 		etcdSecure = etcdSecure || u.Scheme == "https"
@ -124,39 +119,10 @@ func parseEndpoints(endpoints string) ([]string, bool, error) {
 	return etcdEndpoints, etcdSecure, nil
 }
-func lookupLegacyConfig(rootCAs *x509.CertPool) (Config, error) {
+// Enabled returns if etcd is enabled.
-	cfg := Config{}
+func Enabled(kvs config.KVS) bool {
-	endpoints := env.Get(EnvEtcdEndpoints, "")
+	endpoints := kvs.Get(Endpoints)
-	if endpoints == "" {
+	return endpoints != ""
 		return cfg, nil
 	}
 	etcdEndpoints, etcdSecure, err := parseEndpoints(endpoints)
 	if err != nil {
 		return cfg, err
 	}
 	cfg.Enabled = true
 	cfg.DialTimeout = defaultDialTimeout
 	cfg.DialKeepAliveTime = defaultDialKeepAlive
 	cfg.Endpoints = etcdEndpoints
 	cfg.CoreDNSPath = env.Get(EnvEtcdCoreDNSPath, "/skydns")
 	// Default path prefix for all keys on etcd, other than CoreDNSPath.
 	cfg.PathPrefix = env.Get(EnvEtcdPathPrefix, "")
 	if etcdSecure {
 		cfg.TLS = &tls.Config{
 			RootCAs: rootCAs,
 		}
 		// This is only to support client side certificate authentication
 		// https://coreos.com/etcd/docs/latest/op-guide/security.html
 		etcdClientCertFile := env.Get(EnvEtcdClientCert, "")
 		etcdClientCertKey := env.Get(EnvEtcdClientCertKey, "")
 		if etcdClientCertFile != "" && etcdClientCertKey != "" {
 			cfg.TLS.GetClientCertificate = func(unused *tls.CertificateRequestInfo) (*tls.Certificate, error) {
 				cert, err := tls.LoadX509KeyPair(etcdClientCertFile, etcdClientCertKey)
 				return &cert, err
 			}
 		}
 	}
 	return cfg, nil
 }
 // LookupConfig - Initialize new etcd config.
@ -166,34 +132,9 @@ func LookupConfig(kvs config.KVS, rootCAs *x509.CertPool) (Config, error) {
 		return cfg, err
 	}
 	if env.Get(EnvEtcdEndpoints, "") != "" && env.Get(EnvEtcdState, "") == "" {
 		// By default state is 'on' to honor legacy config.
 		var err error
 		cfg, err = lookupLegacyConfig(rootCAs)
 		if err != nil {
 			return cfg, err
 		}
 		// If old legacy config is enabled honor it.
 		if cfg.Enabled {
 			return cfg, nil
 		}
 	}
 	stateBool, err := config.ParseBool(env.Get(EnvEtcdState, kvs.Get(config.State)))
 	if err != nil {
 		if kvs.Empty() {
 			return cfg, nil
 		}
 		return cfg, err
 	}
 	if !stateBool {
 		return cfg, nil
 	}
 	endpoints := env.Get(EnvEtcdEndpoints, kvs.Get(Endpoints))
 	if endpoints == "" {
-		return cfg, config.Error("'endpoints' key cannot be empty to enable etcd")
+		return cfg, nil
 	}
 	etcdEndpoints, etcdSecure, err := parseEndpoints(endpoints)
--- a/cmd/config/etcd/help.go
+++ b/cmd/config/etcd/help.go
@ -23,35 +23,36 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         Endpoints,
-			Description: `Comma separated list of etcd endpoints eg: "http://localhost:2379"`,
+			Description: `comma separated list of etcd endpoints e.g. "http://localhost:2379"`,
 			Type:        "csv",
 		},
 		config.HelpKV{
 			Key:         PathPrefix,
-			Description: `Default etcd path prefix to populate all IAM assets eg: "customer/"`,
+			Description: `default etcd path prefix to populate all IAM assets eg: "customer/"`,
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         CoreDNSPath,
-			Description: `Default etcd path location to populate bucket DNS srv records eg: "/skydns"`,
+			Description: `default etcd path location to populate bucket DNS srv records eg: "/skydns"`,
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         ClientCert,
-			Description: `Etcd client cert for mTLS authentication`,
+			Description: `client cert for mTLS authentication`,
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         ClientCertKey,
-			Description: `Etcd client cert key for mTLS authentication`,
+			Description: `client cert key for mTLS authentication`,
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the etcd settings",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/config/help.go
+++ b/cmd/config/help.go
@ -41,19 +41,22 @@ func (hkvs HelpKVS) Lookup(key string) (HelpKV, bool) {
 	return HelpKV{}, false
 }
 // DefaultComment used across all sub-systems.
 const DefaultComment = "optionally add a comment to this setting"
 // Region and Worm help is documented in default config
 var (
 	RegionHelp = HelpKVS{
 		HelpKV{
 			Key:         RegionName,
 			Type:        "string",
-			Description: `Region name of this deployment, eg: "us-west-2"`,
+			Description: `name of the location of the server e.g. "us-west-rack2"`,
 			Optional:    true,
 		},
 		HelpKV{
 			Key:         Comment,
 			Type:        "sentence",
-			Description: "A comment to describe the region setting",
+			Description: DefaultComment,
 			Optional:    true,
 		},
 	}
--- a/cmd/config/identity/ldap/config.go
+++ b/cmd/config/identity/ldap/config.go
@ -65,7 +65,6 @@ const (
 	GroupSearchBaseDN  = "group_search_base_dn"
 	TLSSkipVerify      = "tls_skip_verify"
 	EnvLDAPState          = "MINIO_IDENTITY_LDAP_STATE"
 	EnvServerAddr         = "MINIO_IDENTITY_LDAP_SERVER_ADDR"
 	EnvSTSExpiry          = "MINIO_IDENTITY_LDAP_STS_EXPIRY"
 	EnvTLSSkipVerify      = "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY"
@ -78,10 +77,6 @@ const (
 // DefaultKVS - default config for LDAP config
 var (
 	DefaultKVS = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOff,
 		},
 		config.KV{
 			Key:   ServerAddr,
 			Value: "",
@ -108,7 +103,7 @@ var (
 		},
 		config.KV{
 			Key:   TLSSkipVerify,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 	}
 )
@ -130,25 +125,18 @@ func (l Config) GetExpiryDuration() time.Duration {
 	return l.stsExpiryDuration
 }
 // Enabled returns if jwks is enabled.
 func Enabled(kvs config.KVS) bool {
 	return kvs.Get(ServerAddr) != ""
 }
 // Lookup - initializes LDAP config, overrides config, if any ENV values are set.
 func Lookup(kvs config.KVS, rootCAs *x509.CertPool) (l Config, err error) {
 	l = Config{}
 	if err = config.CheckValidKeys(config.IdentityLDAPSubSys, kvs, DefaultKVS); err != nil {
 		return l, err
 	}
 	stateBool, err := config.ParseBool(env.Get(EnvLDAPState, kvs.Get(config.State)))
 	if err != nil {
 		if kvs.Empty() {
 			return l, nil
 		}
 		return l, err
 	}
 	ldapServer := env.Get(EnvServerAddr, kvs.Get(ServerAddr))
 	if stateBool {
 		if ldapServer == "" {
 			return l, config.Error("'serveraddr' cannot be empty if you wish to enable AD/LDAP support")
 		}
 	}
 	if ldapServer == "" {
 		return l, nil
 	}
--- a/cmd/config/identity/ldap/help.go
+++ b/cmd/config/identity/ldap/help.go
@ -23,47 +23,47 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         ServerAddr,
-			Description: `AD/LDAP server address eg: "myldapserver.com:636"`,
+			Description: `AD/LDAP server address e.g. "myldapserver.com:636"`,
 			Type:        "address",
 		},
 		config.HelpKV{
 			Key:         UsernameFormat,
-			Description: `AD/LDAP format of full username DN eg: "uid={username},cn=accounts,dc=myldapserver,dc=com"`,
+			Description: `AD/LDAP format of full username DN e.g. "uid={username},cn=accounts,dc=myldapserver,dc=com"`,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         GroupSearchFilter,
-			Description: `Search filter to find groups of a user (optional) eg: "(&(objectclass=groupOfNames)(member={usernamedn}))"`,
+			Description: `search filter to find groups of a user (optional) e.g. "(&(objectclass=groupOfNames)(member={usernamedn}))"`,
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         GroupNameAttribute,
-			Description: `Attribute of search results to use as group name (optional) eg: "cn"`,
+			Description: `attribute of search results to use as group name (optional) e.g. "cn"`,
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         GroupSearchBaseDN,
-			Description: `Base DN in AD/LDAP hierarchy to use in search requests (optional) eg: "dc=myldapserver,dc=com"`,
+			Description: `base DN in AD/LDAP hierarchy to use in search requests (optional) e.g. "dc=myldapserver,dc=com"`,
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         STSExpiry,
-			Description: `AD/LDAP STS credentials validity duration eg: "1h"`,
+			Description: `AD/LDAP STS credentials validity duration e.g. "1h"`,
 			Optional:    true,
 			Type:        "duration",
 		},
 		config.HelpKV{
 			Key:         TLSSkipVerify,
-			Description: "Set this to 'on', to disable client verification of server certificates",
+			Description: "enable this to disable client verification of server certificates",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the LDAP/AD identity setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/config/identity/ldap/legacy.go
+++ b/cmd/config/identity/ldap/legacy.go
@ -25,10 +25,6 @@ func SetIdentityLDAP(s config.Config, ldapArgs Config) {
 		return
 	}
 	s[config.IdentityLDAPSubSys][config.Default] = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOn,
 		},
 		config.KV{
 			Key:   ServerAddr,
 			Value: ldapArgs.ServerAddr,
--- a/cmd/config/identity/openid/help.go
+++ b/cmd/config/identity/openid/help.go
@ -23,24 +23,24 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         ConfigURL,
-			Description: `OpenID discovery documented endpoint. eg: "https://accounts.google.com/.well-known/openid-configuration"`,
+			Description: `openid discovery document e.g. "https://accounts.google.com/.well-known/openid-configuration"`,
 			Type:        "url",
 		},
 		config.HelpKV{
 			Key:         ClientID,
-			Description: `The client identifier of the authenticating party at the identity provider`,
+			Description: `client identifier of the authenticating party at the identity provider`,
 			Type:        "string",
 			Optional:    true,
 		},
 		config.HelpKV{
 			Key:         ClaimPrefix,
-			Description: `OpenID JWT claim namespace prefix. eg: "customer"`,
+			Description: `openid JWT claim namespace prefix e.g. "customer"`,
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the OpenID identity setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/config/identity/openid/jwt.go
+++ b/cmd/config/identity/openid/jwt.go
@ -212,7 +212,6 @@ const (
 	ClaimPrefix = "claim_prefix"
 	ClientID    = "client_id"
 	EnvIdentityOpenIDState       = "MINIO_IDENTITY_OPENID_STATE"
 	EnvIdentityOpenIDClientID    = "MINIO_IDENTITY_OPENID_CLIENT_ID"
 	EnvIdentityOpenIDJWKSURL     = "MINIO_IDENTITY_OPENID_JWKS_URL"
 	EnvIdentityOpenIDURL         = "MINIO_IDENTITY_OPENID_CONFIG_URL"
@ -264,10 +263,6 @@ func parseDiscoveryDoc(u *xnet.URL, transport *http.Transport, closeRespFn func(
 // DefaultKVS - default config for OpenID config
 var (
 	DefaultKVS = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOff,
 		},
 		config.KV{
 			Key:   ConfigURL,
 			Value: "",
@ -287,20 +282,17 @@ var (
 	}
 )
 // Enabled returns if jwks is enabled.
 func Enabled(kvs config.KVS) bool {
 	return kvs.Get(JwksURL) != ""
 }
 // LookupConfig lookup jwks from config, override with any ENVs.
 func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (c Config, err error) {
 	if err = config.CheckValidKeys(config.IdentityOpenIDSubSys, kvs, DefaultKVS); err != nil {
 		return c, err
 	}
 	stateBool, err := config.ParseBool(env.Get(EnvIdentityOpenIDState, kvs.Get(config.State)))
 	if err != nil {
 		if kvs.Empty() {
 			return c, nil
 		}
 		return c, err
 	}
 	jwksURL := env.Get(EnvIamJwksURL, "") // Legacy
 	if jwksURL == "" {
 		jwksURL = env.Get(EnvIdentityOpenIDJWKSURL, kvs.Get(JwksURL))
@ -330,12 +322,6 @@ func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io
 		jwksURL = c.DiscoveryDoc.JwksURI
 	}
 	if stateBool {
 		// This check is needed to ensure that empty Jwks urls are not allowed.
 		if jwksURL == "" {
 			return c, config.Error("'config_url' must be set to a proper OpenID discovery document URL")
 		}
 	}
 	if jwksURL == "" {
 		return c, nil
 	}
--- a/cmd/config/identity/openid/legacy.go
+++ b/cmd/config/identity/openid/legacy.go
@ -30,10 +30,6 @@ func SetIdentityOpenID(s config.Config, cfg Config) {
 		return
 	}
 	s[config.IdentityOpenIDSubSys][config.Default] = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOn,
 		},
 		config.KV{
 			Key:   JwksURL,
 			Value: cfg.JWKS.URL.String(),
--- a/cmd/config/legacy.go
+++ b/cmd/config/legacy.go
@ -31,10 +31,6 @@ func SetCredentials(c Config, cred auth.Credentials) {
 		return
 	}
 	c[CredentialsSubSys][Default] = KVS{
 		KV{
 			Key:   State,
 			Value: StateOn,
 		},
 		KV{
 			Key:   AccessKey,
 			Value: cred.AccessKey,
@ -56,9 +52,5 @@ func SetRegion(c Config, name string) {
 			Key:   RegionName,
 			Value: name,
 		},
 		KV{
 			Key:   State,
 			Value: StateOn,
 		},
 	}
 }
--- a/cmd/config/notify/help.go
+++ b/cmd/config/notify/help.go
@ -26,78 +26,78 @@ var (
 	HelpAMQP = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.AmqpURL,
-			Description: "AMQP server endpoint, e.g. `amqp://myuser:mypassword@localhost:5672`",
+			Description: "AMQP server endpoint e.g. `amqp://myuser:mypassword@localhost:5672`",
 			Type:        "url",
 		},
 		config.HelpKV{
 			Key:         target.AmqpExchange,
-			Description: "Name of the AMQP exchange",
+			Description: "name of the AMQP exchange",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.AmqpExchangeType,
-			Description: "Kind of AMQP exchange type",
+			Description: "kind of AMQP exchange type",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.AmqpRoutingKey,
-			Description: "Routing key for publishing",
+			Description: "routing key for publishing",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.AmqpMandatory,
-			Description: "Set this to 'on' for server to return an unroutable message with a Return method. If this flag is 'off', the server silently drops the message",
+			Description: "set this to 'on' for server to return an unroutable message with a Return method. If this flag is 'off', the server silently drops the message",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.AmqpDurable,
-			Description: "Set this to 'on' for queue to survive broker restarts",
+			Description: "set this to 'on' for queue to survive broker restarts",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.AmqpNoWait,
-			Description: "When no_wait is 'on', declare without waiting for a confirmation from the server",
+			Description: "when no_wait is 'on', declare without waiting for a confirmation from the server",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.AmqpInternal,
-			Description: "Set this to 'on' for exchange to be not used directly by publishers, but only when bound to other exchanges",
+			Description: "set this to 'on' for exchange to be not used directly by publishers, but only when bound to other exchanges",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.AmqpAutoDeleted,
-			Description: "Set this to 'on' for queue that has had at least one consumer is deleted when last consumer unsubscribes",
+			Description: "set this to 'on' for queue that has had at least one consumer is deleted when last consumer unsubscribes",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.AmqpDeliveryMode,
-			Description: "Delivery queue implementation use non-persistent (1) or persistent (2)",
+			Description: "delivery queue implementation use non-persistent (1) or persistent (2)",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         target.AmqpQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.AmqpQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the AMQP target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -106,66 +106,66 @@ var (
 	HelpKafka = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.KafkaBrokers,
-			Description: "Comma separated list of Kafka broker addresses",
+			Description: "comma separated list of Kafka broker addresses",
 			Type:        "csv",
 		},
 		config.HelpKV{
 			Key:         target.KafkaTopic,
-			Description: "The Kafka topic for a given message",
+			Description: "Kafka topic used for bucket notifications",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.KafkaSASLUsername,
-			Description: "Username for SASL/PLAIN  or SASL/SCRAM authentication",
+			Description: "username for SASL/PLAIN or SASL/SCRAM authentication",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.KafkaSASLPassword,
-			Description: "Password for SASL/PLAIN  or SASL/SCRAM authentication",
+			Description: "password for SASL/PLAIN or SASL/SCRAM authentication",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.KafkaTLSClientAuth,
-			Description: "ClientAuth determines the Kafka server's policy for TLS client auth",
+			Description: "clientAuth determines the Kafka server's policy for TLS client auth",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.KafkaSASL,
-			Description: "Set this to 'on' to enable SASL authentication",
+			Description: "set this to 'on' to enable SASL authentication",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.KafkaTLS,
-			Description: "Set this to 'on' to enable TLS",
+			Description: "set this to 'on' to enable TLS",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.KafkaTLSSkipVerify,
-			Description: "Set this to 'on' to disable client verification of server certificate chain",
+			Description: "set this to 'on' to disable client verification of server certificate chain",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.KafkaQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.KafkaQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the Kafka target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -174,59 +174,59 @@ var (
 	HelpMQTT = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.MqttBroker,
-			Description: "MQTT server endpoint, e.g. `tcp://localhost:1883`",
+			Description: "MQTT server endpoint e.g. `tcp://localhost:1883`",
 			Type:        "uri",
 		},
 		config.HelpKV{
 			Key:         target.MqttTopic,
-			Description: "Name of the MQTT topic to publish on, e.g. `minio`",
+			Description: "name of the MQTT topic to publish on, e.g. `minio`",
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.MqttUsername,
-			Description: "Username to connect to the MQTT server",
+			Description: "username to connect to the MQTT server",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.MqttPassword,
-			Description: "Password to connect to the MQTT server",
+			Description: "password to connect to the MQTT server",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.MqttQoS,
-			Description: "Set the Quality of Service Level for MQTT endpoint",
+			Description: "set the Quality of Service Level for MQTT endpoint",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         target.MqttKeepAliveInterval,
-			Description: "Keep alive interval for MQTT connections",
+			Description: "keep alive interval for MQTT connections",
 			Optional:    true,
 			Type:        "duration",
 		},
 		config.HelpKV{
 			Key:         target.MqttReconnectInterval,
-			Description: "Reconnect interval for MQTT connections",
+			Description: "reconnect interval for MQTT connections",
 			Optional:    true,
 			Type:        "duration",
 		},
 		config.HelpKV{
 			Key:         target.MqttQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.MqttQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the MQTT target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -235,34 +235,34 @@ var (
 	HelpES = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.ElasticURL,
-			Description: "The Elasticsearch server's address, with optional authentication info",
+			Description: "Elasticsearch server's address, with optional authentication info",
 			Type:        "url",
 		},
 		config.HelpKV{
 			Key:         target.ElasticFormat,
-			Description: "Either `namespace` or `access`, defaults to 'namespace'",
+			Description: "set this to `namespace` or `access`, defaults to 'namespace'",
 			Type:        "namespace*|access",
 		},
 		config.HelpKV{
 			Key:         target.ElasticIndex,
-			Description: "The name of an Elasticsearch index in which MinIO will store document",
+			Description: "the name of an Elasticsearch index in which MinIO will store document",
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.ElasticQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.ElasticQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the Elasticsearch target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -271,30 +271,30 @@ var (
 	HelpWebhook = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.WebhookEndpoint,
-			Description: "Webhook server endpoint eg: http://localhost:8080/minio/events",
+			Description: "webhook server endpoint e.g. http://localhost:8080/minio/events",
 			Type:        "url",
 		},
 		config.HelpKV{
 			Key:         target.WebhookAuthToken,
-			Description: "Authorization token used for webhook server endpoint",
+			Description: "authorization token used for webhook server endpoint",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.WebhookQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.WebhookQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the Webhook target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -303,40 +303,40 @@ var (
 	HelpRedis = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.RedisAddress,
-			Description: "The Redis server's address. For example: `localhost:6379`",
+			Description: "Redis server's address. For example: `localhost:6379`",
 			Type:        "address",
 		},
 		config.HelpKV{
 			Key:         target.RedisFormat,
-			Description: "Specify how data is populated, a hash is used in case of `namespace` format and a list in case of `access` format, defaults to 'namespace'",
+			Description: "specifies how data is populated, a hash is used in case of `namespace` format and a list in case of `access` format, defaults to 'namespace'",
-			Type:        "namespace|access",
+			Type:        "namespace*|access",
 		},
 		config.HelpKV{
 			Key:         target.RedisKey,
-			Description: "The name of the Redis key under which events are stored",
+			Description: "name of the Redis key under which events are stored",
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.RedisPassword,
-			Description: "The Redis server's password",
+			Description: "Redis server's password",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.RedisQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.RedisQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the Redis target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -345,64 +345,64 @@ var (
 	HelpPostgres = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.PostgresConnectionString,
-			Description: "Connection string parameters for the PostgreSQL server",
+			Description: "connection string parameters for the PostgreSQL server",
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.PostgresFormat,
-			Description: "Specify how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
+			Description: "specifies how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
-			Type:        "namespace|access",
+			Type:        "namespace*|access",
 		},
 		config.HelpKV{
 			Key:         target.PostgresTable,
-			Description: "Table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
+			Description: "table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.PostgresHost,
-			Description: "Host name of the PostgreSQL server. Defaults to `localhost`. IPv6 host should be enclosed with `[` and `]`",
+			Description: "host name of the PostgreSQL server. Defaults to `localhost`. IPv6 host should be enclosed with `[` and `]`",
 			Optional:    true,
 			Type:        "hostname",
 		},
 		config.HelpKV{
 			Key:         target.PostgresPort,
-			Description: "Port on which to connect to PostgreSQL server, defaults to `5432`",
+			Description: "port on which to connect to PostgreSQL server, defaults to `5432`",
 			Optional:    true,
 			Type:        "port",
 		},
 		config.HelpKV{
 			Key:         target.PostgresUsername,
-			Description: "Database username, defaults to user running the MinIO process if not specified",
+			Description: "database username, defaults to user running the MinIO process if not specified",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.PostgresPassword,
-			Description: "Database password",
+			Description: "database password",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.PostgresDatabase,
-			Description: "Postgres Database name",
+			Description: "postgres Database name",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.PostgresQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.PostgresQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the Postgres target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -411,64 +411,64 @@ var (
 	HelpMySQL = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.MySQLDSNString,
-			Description: "Data-Source-Name connection string for the MySQL server",
+			Description: "data source name connection string for the MySQL server",
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.MySQLTable,
-			Description: "Table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
+			Description: "table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.MySQLFormat,
-			Description: "Specify how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
+			Description: "specifies how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
-			Type:        "namespace|access",
+			Type:        "namespace*|access",
 		},
 		config.HelpKV{
 			Key:         target.MySQLHost,
-			Description: "Host name of the MySQL server (used only if `dsnString` is empty)",
+			Description: "host name of the MySQL server (used only if `dsnString` is empty)",
 			Optional:    true,
 			Type:        "hostname",
 		},
 		config.HelpKV{
 			Key:         target.MySQLPort,
-			Description: "Port on which to connect to the MySQL server (used only if `dsn_string` is empty)",
+			Description: "port on which to connect to the MySQL server (used only if `dsn_string` is empty)",
 			Optional:    true,
 			Type:        "port",
 		},
 		config.HelpKV{
 			Key:         target.MySQLUsername,
-			Description: "Database user-name (used only if `dsnString` is empty)",
+			Description: "database user-name (used only if `dsnString` is empty)",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.MySQLPassword,
-			Description: "Database password (used only if `dsnString` is empty)",
+			Description: "database password (used only if `dsnString` is empty)",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.MySQLDatabase,
-			Description: "Database name (used only if `dsnString` is empty)",
+			Description: "database name (used only if `dsnString` is empty)",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.MySQLQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.MySQLQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the MySQL target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -477,7 +477,7 @@ var (
 	HelpNATS = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.NATSAddress,
-			Description: "NATS server address eg: '0.0.0.0:4222'",
+			Description: "NATS server address e.g. '0.0.0.0:4222'",
 			Type:        "address",
 		},
 		config.HelpKV{
@ -487,91 +487,91 @@ var (
 		},
 		config.HelpKV{
 			Key:         target.NATSUsername,
-			Description: "Username to be used when connecting to the server",
+			Description: "username to be used when connecting to the server",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.NATSPassword,
-			Description: "Password to be used when connecting to a server",
+			Description: "password to be used when connecting to a server",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.NATSToken,
-			Description: "Token to be used when connecting to a server",
+			Description: "token to be used when connecting to a server",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.NATSSecure,
-			Description: "Set this to 'on', enables TLS secure connections that skip server verification (not recommended)",
+			Description: "set this to 'on', enables TLS secure connections that skip server verification (not recommended)",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.NATSPingInterval,
-			Description: "Client ping commands interval to the server, disabled by default",
+			Description: "client ping commands interval to the server, disabled by default",
 			Optional:    true,
 			Type:        "duration",
 		},
 		config.HelpKV{
 			Key:         target.NATSStreaming,
-			Description: "Set this to 'on', to use streaming NATS server",
+			Description: "set this to 'on', to use streaming NATS server",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.NATSStreamingAsync,
-			Description: "Set this to 'on', to enable asynchronous publish, process the ACK or error state",
+			Description: "set this to 'on', to enable asynchronous publish, process the ACK or error state",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.NATSStreamingMaxPubAcksInFlight,
-			Description: "Specifies how many messages can be published without getting ACKs back from NATS streaming server",
+			Description: "specifies how many messages can be published without getting ACKs back from NATS streaming server",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         target.NATSStreamingClusterID,
-			Description: "Unique ID for the NATS streaming cluster",
+			Description: "unique ID for the NATS streaming cluster",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.NATSQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         target.NATSQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.NATSCertAuthority,
-			Description: "Certificate chain of the target NATS server if self signed certs were used",
+			Description: "certificate chain of the target NATS server if self signed certs were used",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.NATSClientCert,
-			Description: "TLS Cert used to authenticate against NATS configured to require client certificates",
+			Description: "TLS Cert used for NATS configured to require client certificates",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         target.NATSClientKey,
-			Description: "TLS Key used to authenticate against NATS configured to require client certificates",
+			Description: "TLS Key used for NATS configured to require client certificates",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the NATS target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -580,7 +580,7 @@ var (
 	HelpNSQ = config.HelpKVS{
 		config.HelpKV{
 			Key:         target.NSQAddress,
-			Description: "NSQ server address eg: '127.0.0.1:4150'",
+			Description: "NSQ server address e.g. '127.0.0.1:4150'",
 			Type:        "address",
 		},
 		config.HelpKV{
@ -590,31 +590,31 @@ var (
 		},
 		config.HelpKV{
 			Key:         target.NSQTLS,
-			Description: "Set this to 'on', to enable TLS negotiation",
+			Description: "set this to 'on', to enable TLS negotiation",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.NSQTLSSkipVerify,
-			Description: "Set this to 'on', to disable client verification of server certificates",
+			Description: "set this to 'on', to disable client verification of server certificates",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         target.NSQQueueDir,
-			Description: "Local directory where events are stored eg: '/home/events'",
+			Description: "local directory where events are stored e.g. '/home/events'",
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         target.NSQQueueLimit,
-			Description: "Enable persistent event store queue limit, defaults to '10000'",
+			Description: "enable persistent event store queue limit, defaults to '10000'",
 			Optional:    true,
 			Type:        "number",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the NSQ target setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/config/notify/legacy.go
+++ b/cmd/config/notify/legacy.go
@ -21,8 +21,8 @@ func SetNotifyKafka(s config.Config, kName string, cfg target.KafkaArgs) error {
 	s[config.NotifyKafkaSubSys][kName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key: target.KafkaBrokers,
@ -86,8 +86,8 @@ func SetNotifyAMQP(s config.Config, amqpName string, cfg target.AMQPArgs) error
 	s[config.NotifyAMQPSubSys][amqpName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   target.AmqpURL,
@ -154,8 +154,8 @@ func SetNotifyES(s config.Config, esName string, cfg target.ElasticsearchArgs) e
 	s[config.NotifyESSubSys][esName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   target.ElasticFormat,
@ -194,8 +194,8 @@ func SetNotifyRedis(s config.Config, redisName string, cfg target.RedisArgs) err
 	s[config.NotifyRedisSubSys][redisName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   target.RedisFormat,
@ -238,8 +238,8 @@ func SetNotifyWebhook(s config.Config, whName string, cfg target.WebhookArgs) er
 	s[config.NotifyWebhookSubSys][whName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   target.WebhookEndpoint,
@ -274,8 +274,8 @@ func SetNotifyPostgres(s config.Config, psqName string, cfg target.PostgreSQLArg
 	s[config.NotifyPostgresSubSys][psqName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   target.PostgresFormat,
@ -334,8 +334,8 @@ func SetNotifyNSQ(s config.Config, nsqName string, cfg target.NSQArgs) error {
 	s[config.NotifyNSQSubSys][nsqName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   target.NSQAddress,
@ -378,8 +378,8 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error
 	s[config.NotifyNATSSubSys][natsName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   target.NATSAddress,
@ -433,9 +433,9 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error
 			Key: target.NATSStreaming,
 			Value: func() string {
 				if cfg.Streaming.Enable {
-					return config.StateOn
+					return config.EnableOn
 				}
-				return config.StateOff
+				return config.EnableOff
 			}(),
 		},
 		config.KV{
@ -467,8 +467,8 @@ func SetNotifyMySQL(s config.Config, sqlName string, cfg target.MySQLArgs) error
 	s[config.NotifyMySQLSubSys][sqlName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   target.MySQLFormat,
@ -527,8 +527,8 @@ func SetNotifyMQTT(s config.Config, mqttName string, cfg target.MQTTArgs) error
 	s[config.NotifyMQTTSubSys][mqttName] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   target.MqttBroker,
--- a/cmd/config/notify/parse.go
+++ b/cmd/config/notify/parse.go
@ -341,8 +341,8 @@ func mergeTargets(cfgTargets map[string]config.KVS, envname string, defaultKVS c
 var (
 	DefaultKafkaKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.KafkaTopic,
@ -366,15 +366,15 @@ var (
 		},
 		config.KV{
 			Key:   target.KafkaSASL,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.KafkaTLS,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.KafkaTLSSkipVerify,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.KafkaQueueLimit,
@ -390,12 +390,12 @@ var (
 // GetNotifyKafka - returns a map of registered notification 'kafka' targets
 func GetNotifyKafka(kafkaKVS map[string]config.KVS) (map[string]target.KafkaArgs, error) {
 	kafkaTargets := make(map[string]target.KafkaArgs)
-	for k, kv := range mergeTargets(kafkaKVS, target.EnvKafkaState, DefaultKafkaKVS) {
+	for k, kv := range mergeTargets(kafkaKVS, target.EnvKafkaEnable, DefaultKafkaKVS) {
-		stateEnv := target.EnvKafkaState
+		enableEnv := target.EnvKafkaEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -409,7 +409,7 @@ func GetNotifyKafka(kafkaKVS map[string]config.KVS) (map[string]target.KafkaArgs
 		}
 		kafkaBrokers := env.Get(brokersEnv, kv.Get(target.KafkaBrokers))
 		if len(kafkaBrokers) == 0 {
-			return nil, config.Error("kafka 'brokers' cannot be empty")
+			return nil, config.Errorf(config.SafeModeKind, "kafka 'brokers' cannot be empty")
 		}
 		for _, s := range strings.Split(kafkaBrokers, config.ValueSeparator) {
 			var host *xnet.Host
@ -467,8 +467,8 @@ func GetNotifyKafka(kafkaKVS map[string]config.KVS) (map[string]target.KafkaArgs
 		if k != config.Default {
 			tlsSkipVerifyEnv = tlsSkipVerifyEnv + config.Default + k
 		}
-		kafkaArgs.TLS.Enable = env.Get(tlsEnableEnv, kv.Get(target.KafkaTLS)) == config.StateOn
+		kafkaArgs.TLS.Enable = env.Get(tlsEnableEnv, kv.Get(target.KafkaTLS)) == config.EnableOn
-		kafkaArgs.TLS.SkipVerify = env.Get(tlsSkipVerifyEnv, kv.Get(target.KafkaTLSSkipVerify)) == config.StateOn
+		kafkaArgs.TLS.SkipVerify = env.Get(tlsSkipVerifyEnv, kv.Get(target.KafkaTLSSkipVerify)) == config.EnableOn
 		kafkaArgs.TLS.ClientAuth = tls.ClientAuthType(clientAuth)
 		saslEnableEnv := target.EnvKafkaSASLEnable
@ -483,7 +483,7 @@ func GetNotifyKafka(kafkaKVS map[string]config.KVS) (map[string]target.KafkaArgs
 		if k != config.Default {
 			saslPasswordEnv = saslPasswordEnv + config.Default + k
 		}
-		kafkaArgs.SASL.Enable = env.Get(saslEnableEnv, kv.Get(target.KafkaSASL)) == config.StateOn
+		kafkaArgs.SASL.Enable = env.Get(saslEnableEnv, kv.Get(target.KafkaSASL)) == config.EnableOn
 		kafkaArgs.SASL.User = env.Get(saslUsernameEnv, kv.Get(target.KafkaSASLUsername))
 		kafkaArgs.SASL.Password = env.Get(saslPasswordEnv, kv.Get(target.KafkaSASLPassword))
@ -501,8 +501,8 @@ func GetNotifyKafka(kafkaKVS map[string]config.KVS) (map[string]target.KafkaArgs
 var (
 	DefaultMQTTKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.MqttBroker,
@ -546,13 +546,13 @@ var (
 // GetNotifyMQTT - returns a map of registered notification 'mqtt' targets
 func GetNotifyMQTT(mqttKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[string]target.MQTTArgs, error) {
 	mqttTargets := make(map[string]target.MQTTArgs)
-	for k, kv := range mergeTargets(mqttKVS, target.EnvMQTTState, DefaultMQTTKVS) {
+	for k, kv := range mergeTargets(mqttKVS, target.EnvMQTTEnable, DefaultMQTTKVS) {
-		stateEnv := target.EnvMQTTState
+		enableEnv := target.EnvMQTTEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -656,8 +656,8 @@ func GetNotifyMQTT(mqttKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[s
 var (
 	DefaultMySQLKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.MySQLFormat,
@ -705,13 +705,13 @@ var (
 // GetNotifyMySQL - returns a map of registered notification 'mysql' targets
 func GetNotifyMySQL(mysqlKVS map[string]config.KVS) (map[string]target.MySQLArgs, error) {
 	mysqlTargets := make(map[string]target.MySQLArgs)
-	for k, kv := range mergeTargets(mysqlKVS, target.EnvMySQLState, DefaultMySQLKVS) {
+	for k, kv := range mergeTargets(mysqlKVS, target.EnvMySQLEnable, DefaultMySQLKVS) {
-		stateEnv := target.EnvMySQLState
+		enableEnv := target.EnvMySQLEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -795,8 +795,8 @@ func GetNotifyMySQL(mysqlKVS map[string]config.KVS) (map[string]target.MySQLArgs
 var (
 	DefaultNATSKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.NATSAddress,
@ -832,7 +832,7 @@ var (
 		},
 		config.KV{
 			Key:   target.NATSSecure,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.NATSPingInterval,
@ -840,11 +840,11 @@ var (
 		},
 		config.KV{
 			Key:   target.NATSStreaming,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.NATSStreamingAsync,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.NATSStreamingMaxPubAcksInFlight,
@ -868,13 +868,13 @@ var (
 // GetNotifyNATS - returns a map of registered notification 'nats' targets
 func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, error) {
 	natsTargets := make(map[string]target.NATSArgs)
-	for k, kv := range mergeTargets(natsKVS, target.EnvNATSState, DefaultNATSKVS) {
+	for k, kv := range mergeTargets(natsKVS, target.EnvNATSEnable, DefaultNATSKVS) {
-		stateEnv := target.EnvNATSState
+		enableEnv := target.EnvNATSEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -967,7 +967,7 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
 			ClientCert:    env.Get(clientCertEnv, kv.Get(target.NATSClientCert)),
 			ClientKey:     env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)),
 			Token:         env.Get(tokenEnv, kv.Get(target.NATSToken)),
-			Secure:        env.Get(secureEnv, kv.Get(target.NATSSecure)) == config.StateOn,
+			Secure:        env.Get(secureEnv, kv.Get(target.NATSSecure)) == config.EnableOn,
 			PingInterval:  pingInterval,
 			QueueDir:      env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)),
 			QueueLimit:    queueLimit,
@ -978,7 +978,7 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
 			streamingEnableEnv = streamingEnableEnv + config.Default + k
 		}
-		streamingEnabled := env.Get(streamingEnableEnv, kv.Get(target.NATSStreaming)) == config.StateOn
+		streamingEnabled := env.Get(streamingEnableEnv, kv.Get(target.NATSStreaming)) == config.EnableOn
 		if streamingEnabled {
 			asyncEnv := target.EnvNATSStreamingAsync
 			if k != config.Default {
@ -999,7 +999,7 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
 			}
 			natsArgs.Streaming.Enable = streamingEnabled
 			natsArgs.Streaming.ClusterID = env.Get(clusterIDEnv, kv.Get(target.NATSStreamingClusterID))
-			natsArgs.Streaming.Async = env.Get(asyncEnv, kv.Get(target.NATSStreamingAsync)) == config.StateOn
+			natsArgs.Streaming.Async = env.Get(asyncEnv, kv.Get(target.NATSStreamingAsync)) == config.EnableOn
 			natsArgs.Streaming.MaxPubAcksInflight = maxPubAcksInflight
 		}
@ -1016,8 +1016,8 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
 var (
 	DefaultNSQKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.NSQAddress,
@ -1029,11 +1029,11 @@ var (
 		},
 		config.KV{
 			Key:   target.NSQTLS,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.NSQTLSSkipVerify,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.NSQQueueDir,
@ -1049,13 +1049,13 @@ var (
 // GetNotifyNSQ - returns a map of registered notification 'nsq' targets
 func GetNotifyNSQ(nsqKVS map[string]config.KVS) (map[string]target.NSQArgs, error) {
 	nsqTargets := make(map[string]target.NSQArgs)
-	for k, kv := range mergeTargets(nsqKVS, target.EnvNSQState, DefaultNSQKVS) {
+	for k, kv := range mergeTargets(nsqKVS, target.EnvNSQEnable, DefaultNSQKVS) {
-		stateEnv := target.EnvNSQState
+		enableEnv := target.EnvNSQEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -1105,8 +1105,8 @@ func GetNotifyNSQ(nsqKVS map[string]config.KVS) (map[string]target.NSQArgs, erro
 			QueueDir:    env.Get(queueDirEnv, kv.Get(target.NSQQueueDir)),
 			QueueLimit:  queueLimit,
 		}
-		nsqArgs.TLS.Enable = env.Get(tlsEnableEnv, kv.Get(target.NSQTLS)) == config.StateOn
+		nsqArgs.TLS.Enable = env.Get(tlsEnableEnv, kv.Get(target.NSQTLS)) == config.EnableOn
-		nsqArgs.TLS.SkipVerify = env.Get(tlsSkipVerifyEnv, kv.Get(target.NSQTLSSkipVerify)) == config.StateOn
+		nsqArgs.TLS.SkipVerify = env.Get(tlsSkipVerifyEnv, kv.Get(target.NSQTLSSkipVerify)) == config.EnableOn
 		if err = nsqArgs.Validate(); err != nil {
 			return nil, err
@ -1121,8 +1121,8 @@ func GetNotifyNSQ(nsqKVS map[string]config.KVS) (map[string]target.NSQArgs, erro
 var (
 	DefaultPostgresKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.PostgresFormat,
@ -1170,13 +1170,13 @@ var (
 // GetNotifyPostgres - returns a map of registered notification 'postgres' targets
 func GetNotifyPostgres(postgresKVS map[string]config.KVS) (map[string]target.PostgreSQLArgs, error) {
 	psqlTargets := make(map[string]target.PostgreSQLArgs)
-	for k, kv := range mergeTargets(postgresKVS, target.EnvPostgresState, DefaultPostgresKVS) {
+	for k, kv := range mergeTargets(postgresKVS, target.EnvPostgresEnable, DefaultPostgresKVS) {
-		stateEnv := target.EnvPostgresState
+		enableEnv := target.EnvPostgresEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -1270,8 +1270,8 @@ func GetNotifyPostgres(postgresKVS map[string]config.KVS) (map[string]target.Pos
 var (
 	DefaultRedisKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.RedisFormat,
@ -1303,13 +1303,13 @@ var (
 // GetNotifyRedis - returns a map of registered notification 'redis' targets
 func GetNotifyRedis(redisKVS map[string]config.KVS) (map[string]target.RedisArgs, error) {
 	redisTargets := make(map[string]target.RedisArgs)
-	for k, kv := range mergeTargets(redisKVS, target.EnvRedisState, DefaultRedisKVS) {
+	for k, kv := range mergeTargets(redisKVS, target.EnvRedisEnable, DefaultRedisKVS) {
-		stateEnv := target.EnvRedisState
+		enableEnv := target.EnvRedisEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -1370,8 +1370,8 @@ func GetNotifyRedis(redisKVS map[string]config.KVS) (map[string]target.RedisArgs
 var (
 	DefaultWebhookKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.WebhookEndpoint,
@ -1395,12 +1395,12 @@ var (
 // GetNotifyWebhook - returns a map of registered notification 'webhook' targets
 func GetNotifyWebhook(webhookKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[string]target.WebhookArgs, error) {
 	webhookTargets := make(map[string]target.WebhookArgs)
-	for k, kv := range mergeTargets(webhookKVS, target.EnvWebhookState, DefaultWebhookKVS) {
+	for k, kv := range mergeTargets(webhookKVS, target.EnvWebhookEnable, DefaultWebhookKVS) {
-		stateEnv := target.EnvWebhookState
+		enableEnv := target.EnvWebhookEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -1452,8 +1452,8 @@ func GetNotifyWebhook(webhookKVS map[string]config.KVS, rootCAs *x509.CertPool)
 var (
 	DefaultESKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.ElasticURL,
@ -1481,12 +1481,12 @@ var (
 // GetNotifyES - returns a map of registered notification 'elasticsearch' targets
 func GetNotifyES(esKVS map[string]config.KVS) (map[string]target.ElasticsearchArgs, error) {
 	esTargets := make(map[string]target.ElasticsearchArgs)
-	for k, kv := range mergeTargets(esKVS, target.EnvElasticState, DefaultESKVS) {
+	for k, kv := range mergeTargets(esKVS, target.EnvElasticEnable, DefaultESKVS) {
-		stateEnv := target.EnvElasticState
+		enableEnv := target.EnvElasticEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -1549,8 +1549,8 @@ func GetNotifyES(esKVS map[string]config.KVS) (map[string]target.ElasticsearchAr
 var (
 	DefaultAMQPKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.AmqpURL,
@ -1570,23 +1570,23 @@ var (
 		},
 		config.KV{
 			Key:   target.AmqpMandatory,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.AmqpDurable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.AmqpNoWait,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.AmqpInternal,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.AmqpAutoDeleted,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   target.AmqpDeliveryMode,
@ -1606,12 +1606,12 @@ var (
 // GetNotifyAMQP - returns a map of registered notification 'amqp' targets
 func GetNotifyAMQP(amqpKVS map[string]config.KVS) (map[string]target.AMQPArgs, error) {
 	amqpTargets := make(map[string]target.AMQPArgs)
-	for k, kv := range mergeTargets(amqpKVS, target.EnvAMQPState, DefaultAMQPKVS) {
+	for k, kv := range mergeTargets(amqpKVS, target.EnvAMQPEnable, DefaultAMQPKVS) {
-		stateEnv := target.EnvAMQPState
+		enableEnv := target.EnvAMQPEnable
 		if k != config.Default {
-			stateEnv = stateEnv + config.Default + k
+			enableEnv = enableEnv + config.Default + k
 		}
-		enabled, err := config.ParseBool(env.Get(stateEnv, kv.Get(config.State)))
+		enabled, err := config.ParseBool(env.Get(enableEnv, kv.Get(config.Enable)))
 		if err != nil {
 			return nil, err
 		}
@ -1689,12 +1689,12 @@ func GetNotifyAMQP(amqpKVS map[string]config.KVS) (map[string]target.AMQPArgs, e
 			RoutingKey:   env.Get(routingKeyEnv, kv.Get(target.AmqpRoutingKey)),
 			ExchangeType: env.Get(exchangeTypeEnv, kv.Get(target.AmqpExchangeType)),
 			DeliveryMode: uint8(deliveryMode),
-			Mandatory:    env.Get(mandatoryEnv, kv.Get(target.AmqpMandatory)) == config.StateOn,
+			Mandatory:    env.Get(mandatoryEnv, kv.Get(target.AmqpMandatory)) == config.EnableOn,
-			Immediate:    env.Get(immediateEnv, kv.Get(target.AmqpImmediate)) == config.StateOn,
+			Immediate:    env.Get(immediateEnv, kv.Get(target.AmqpImmediate)) == config.EnableOn,
-			Durable:      env.Get(durableEnv, kv.Get(target.AmqpDurable)) == config.StateOn,
+			Durable:      env.Get(durableEnv, kv.Get(target.AmqpDurable)) == config.EnableOn,
-			Internal:     env.Get(internalEnv, kv.Get(target.AmqpInternal)) == config.StateOn,
+			Internal:     env.Get(internalEnv, kv.Get(target.AmqpInternal)) == config.EnableOn,
-			NoWait:       env.Get(noWaitEnv, kv.Get(target.AmqpNoWait)) == config.StateOn,
+			NoWait:       env.Get(noWaitEnv, kv.Get(target.AmqpNoWait)) == config.EnableOn,
-			AutoDeleted:  env.Get(autoDeletedEnv, kv.Get(target.AmqpAutoDeleted)) == config.StateOn,
+			AutoDeleted:  env.Get(autoDeletedEnv, kv.Get(target.AmqpAutoDeleted)) == config.EnableOn,
 			QueueDir:     env.Get(queueDirEnv, kv.Get(target.AmqpQueueDir)),
 			QueueLimit:   queueLimit,
 		}
--- a/cmd/config/policy/opa/config.go
+++ b/cmd/config/policy/opa/config.go
@ -41,10 +41,6 @@ const (
 // DefaultKVS - default config for OPA config
 var (
 	DefaultKVS = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOff,
 		},
 		config.KV{
 			Key:   URL,
 			Value: "",
@ -112,6 +108,11 @@ type Opa struct {
 	client *http.Client
 }
 // Enabled returns if opa is enabled.
 func Enabled(kvs config.KVS) bool {
 	return kvs.Get(URL) != ""
 }
 // LookupConfig lookup Opa from config, override with any ENVs.
 func LookupConfig(kv config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (Args, error) {
 	args := Args{}
--- a/cmd/config/policy/opa/help.go
+++ b/cmd/config/policy/opa/help.go
@ -23,18 +23,18 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         URL,
-			Description: `Points to URL for OPA HTTP API endpoint. eg: "http://localhost:8181/v1/data/httpapi/authz/allow"`,
+			Description: `OPA HTTP API endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"`,
 			Type:        "url",
 		},
 		config.HelpKV{
 			Key:         AuthToken,
-			Description: "Authorization token for the OPA HTTP API endpoint",
+			Description: "authorization token for OPA HTTP API endpoint",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the OPA policy setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/config/policy/opa/legacy.go
+++ b/cmd/config/policy/opa/legacy.go
@ -33,10 +33,6 @@ func SetPolicyOPAConfig(s config.Config, opaArgs Args) {
 		return
 	}
 	s[config.PolicyOPASubSys][config.Default] = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOn,
 		},
 		config.KV{
 			Key:   URL,
 			Value: opaArgs.URL.String(),
--- a/cmd/config/storageclass/help.go
+++ b/cmd/config/storageclass/help.go
@ -23,19 +23,19 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         ClassStandard,
-			Description: `Set standard storage class parity ratio. eg: "EC:4"`,
+			Description: `set the parity count for default standard storage class e.g. "EC:4"`,
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         ClassRRS,
-			Description: `Set reduced redundancy storage class parity ratio. eg: "EC:2"`,
+			Description: `set the parity count for reduced redundancy storage class e.g. "EC:2"`,
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the storageclass setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/config/storageclass/legacy.go
+++ b/cmd/config/storageclass/legacy.go
@ -35,9 +35,5 @@ func SetStorageClass(s config.Config, cfg Config) {
 			Key:   ClassRRS,
 			Value: cfg.RRS.String(),
 		},
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOn,
 		},
 	}
 }
--- a/cmd/config/storageclass/storage-class.go
+++ b/cmd/config/storageclass/storage-class.go
@ -39,8 +39,6 @@ const (
 	ClassStandard = "standard"
 	ClassRRS      = "rrs"
 	// Env to on/off storage class settings.
 	EnvStorageClass = "MINIO_STORAGE_CLASS_STATE"
 	// Reduced redundancy storage class environment variable
 	RRSEnv = "MINIO_STORAGE_CLASS_RRS"
 	// Standard storage class environment variable
@ -59,10 +57,6 @@ const (
 // DefaultKVS - default storage class config
 var (
 	DefaultKVS = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOff,
 		},
 		config.KV{
 			Key:   ClassStandard,
 			Value: "",
@ -218,6 +212,13 @@ func (sCfg Config) GetParityForSC(sc string) (parity int) {
 	}
 }
 // Enabled returns if etcd is enabled.
 func Enabled(kvs config.KVS) bool {
 	ssc := kvs.Get(ClassStandard)
 	rrsc := kvs.Get(ClassRRS)
 	return ssc != "" || rrsc != ""
 }
 // LookupConfig - lookup storage class config and override with valid environment settings if any.
 func LookupConfig(kvs config.KVS, drivesPerSet int) (cfg Config, err error) {
 	cfg = Config{}
@ -228,22 +229,8 @@ func LookupConfig(kvs config.KVS, drivesPerSet int) (cfg Config, err error) {
 		return cfg, err
 	}
 	stateBool, err := config.ParseBool(env.Get(EnvStorageClass, kvs.Get(config.State)))
 	if err != nil {
 		if kvs.Empty() {
 			return cfg, nil
 		}
 		return cfg, err
 	}
 	ssc := env.Get(StandardEnv, kvs.Get(ClassStandard))
 	rrsc := env.Get(RRSEnv, kvs.Get(ClassRRS))
 	if stateBool {
 		if ssc == "" && rrsc == "" {
 			return cfg, config.Error("'standard' and 'rrs' key cannot be empty for enabled storage class")
 		}
 		// if one of storage class is not empty proceed.
 	}
 	// Check for environment variables and parse into storageClass struct
 	if ssc != "" {
 		cfg.Standard, err = parseStorageClass(ssc)
--- a/cmd/crypto/config.go
+++ b/cmd/crypto/config.go
@ -46,10 +46,6 @@ const (
 // DefaultKVS - default KV crypto config
 var (
 	DefaultKVS = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOff,
 		},
 		config.KV{
 			Key:   KMSVaultEndpoint,
 			Value: "",
@ -100,9 +96,6 @@ const (
 )
 const (
 	// EnvKMSVaultState to enable on/off
 	EnvKMSVaultState = "MINIO_KMS_VAULT_STATE"
 	// EnvKMSVaultEndpoint is the environment variable used to specify
 	// the vault HTTPS endpoint.
 	EnvKMSVaultEndpoint = "MINIO_KMS_VAULT_ENDPOINT"
@ -145,6 +138,12 @@ var defaultCfg = VaultConfig{
 	},
 }
 // Enabled returns if HashiCorp Vault is enabled.
 func Enabled(kvs config.KVS) bool {
 	endpoint := kvs.Get(KMSVaultEndpoint)
 	return endpoint != ""
 }
 // LookupConfig extracts the KMS configuration provided by environment
 // variables and merge them with the provided KMS configuration. The
 // merging follows the following rules:
@ -167,7 +166,7 @@ func LookupConfig(kvs config.KVS) (KMSConfig, error) {
 		return kmsCfg, err
 	}
 	if !kmsCfg.AutoEncryption {
-		kmsCfg.AutoEncryption, err = config.ParseBool(env.Get(EnvKMSAutoEncryption, config.StateOff))
+		kmsCfg.AutoEncryption, err = config.ParseBool(env.Get(EnvKMSAutoEncryption, config.EnableOff))
 		if err != nil {
 			return kmsCfg, err
 		}
@ -176,16 +175,6 @@ func LookupConfig(kvs config.KVS) (KMSConfig, error) {
 		return kmsCfg, nil
 	}
 	stateBool, err := config.ParseBool(env.Get(EnvKMSVaultState, kvs.Get(config.State)))
 	if err != nil {
 		if kvs.Empty() {
 			return kmsCfg, nil
 		}
 		return kmsCfg, err
 	}
 	if !stateBool {
 		return kmsCfg, nil
 	}
 	vcfg := VaultConfig{
 		Auth: VaultAuth{
 			Type: "approle",
--- a/cmd/crypto/help.go
+++ b/cmd/crypto/help.go
@ -23,32 +23,32 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         KMSVaultEndpoint,
-			Description: `Points to Vault API endpoint eg: "http://vault-endpoint-ip:8200"`,
+			Description: `HashiCorp Vault API endpoint e.g. "http://vault-endpoint-ip:8200"`,
 			Type:        "url",
 		},
 		config.HelpKV{
 			Key:         KMSVaultKeyName,
-			Description: `Transit key name used in vault policy, must be unique name eg: "my-minio-key"`,
+			Description: `transit key name used in vault policy, must be unique name e.g. "my-minio-key"`,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         KMSVaultAuthType,
-			Description: `Authentication type to Vault API endpoint eg: "approle"`,
+			Description: `authentication type to Vault API endpoint e.g. "approle"`,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         KMSVaultAppRoleID,
-			Description: `Unique role ID created for AppRole`,
+			Description: `unique role ID created for AppRole`,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         KMSVaultAppRoleSecret,
-			Description: `Unique secret ID created for AppRole`,
+			Description: `unique secret ID created for AppRole`,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         KMSVaultNamespace,
-			Description: `Only needed if AppRole engine is scoped to Vault Namespace eg: "ns1"`,
+			Description: `only needed if AppRole engine is scoped to Vault Namespace e.g. "ns1"`,
 			Optional:    true,
 			Type:        "string",
 		},
@ -60,13 +60,13 @@ var (
 		},
 		config.HelpKV{
 			Key:         KMSVaultCAPath,
-			Description: `Path to PEM-encoded CA cert files to use mTLS authentication (optional) eg: "/home/user/custom-certs"`,
+			Description: `path to PEM-encoded CA cert files to use mTLS authentication (optional) e.g. "/home/user/custom-certs"`,
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the KMS Vault setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/crypto/legacy.go
+++ b/cmd/crypto/legacy.go
@ -83,10 +83,6 @@ func SetKMSConfig(s config.Config, cfg KMSConfig) {
 		return
 	}
 	s[config.KmsVaultSubSys][config.Default] = config.KVS{
 		config.KV{
 			Key:   config.State,
 			Value: config.StateOn,
 		},
 		config.KV{
 			Key:   KMSVaultEndpoint,
 			Value: cfg.Vault.Endpoint,
@ -141,7 +137,7 @@ func SetKMSConfig(s config.Config, cfg KMSConfig) {
 // It sets the global KMS configuration according to the merged configuration
 // on success.
 func lookupConfigLegacy(kvs config.KVS) (KMSConfig, error) {
-	autoBool, err := config.ParseBool(env.Get(EnvAutoEncryptionLegacy, config.StateOff))
+	autoBool, err := config.ParseBool(env.Get(EnvAutoEncryptionLegacy, config.EnableOff))
 	if err != nil {
 		return KMSConfig{}, err
 	}
@ -155,17 +151,6 @@ func lookupConfigLegacy(kvs config.KVS) (KMSConfig, error) {
 		},
 	}
 	// Assume default as "on" for legacy config since we didn't have a _STATE
 	// flag to turn it off, but we should honor it nonetheless to turn it off
 	// if the vault endpoint is down and there is no way to start the server.
 	stateBool, err := config.ParseBool(env.Get(EnvKMSVaultState, config.StateOn))
 	if err != nil {
 		return cfg, err
 	}
 	if !stateBool {
 		return cfg, nil
 	}
 	endpointStr := env.Get(EnvLegacyVaultEndpoint, "")
 	if endpointStr != "" {
 		// Lookup Hashicorp-Vault configuration & overwrite config entry if ENV var is present
--- a/cmd/gateway-main.go
+++ b/cmd/gateway-main.go
@ -118,6 +118,9 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
 	// Handle common command args.
 	handleCommonCmdArgs(ctx)
 	// Initialize all help
 	initHelp()
 	// Get port to listen on from gateway address
 	globalMinioHost, globalMinioPort = mustSplitHostPort(globalCLIContext.Addr)
--- a/cmd/gateway/azure/gateway-azure.go
+++ b/cmd/gateway/azure/gateway-azure.go
@ -101,17 +101,12 @@ ENVIRONMENT VARIABLES:
     MINIO_CACHE_QUOTA: Maximum permitted usage of the cache in percentage (0-100).
 EXAMPLES:
-  1. Start minio gateway server for Azure Blob Storage backend.
+  1. Start minio gateway server for Azure Blob Storage backend on custom endpoint.
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}azureaccountname
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}azureaccountkey
     {{.Prompt}} {{.HelpName}}
  2. Start minio gateway server for Azure Blob Storage backend on custom endpoint.
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}azureaccountname
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}azureaccountkey
     {{.Prompt}} {{.HelpName}} https://azureaccountname.blob.custom.azure.endpoint
-  3. Start minio gateway server for Azure Blob Storage backend with edge caching enabled.
+  2. Start minio gateway server for Azure Blob Storage backend with edge caching enabled.
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}azureaccountname
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}azureaccountkey
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_CACHE_DRIVES{{.AssignmentOperator}}"/mnt/drive1,/mnt/drive2,/mnt/drive3,/mnt/drive4"
--- a/cmd/gateway/s3/gateway-s3.go
+++ b/cmd/gateway/s3/gateway-s3.go
@ -72,28 +72,12 @@ ENVIRONMENT VARIABLES:
     MINIO_CACHE_EXPIRY: Cache expiry duration in days.
     MINIO_CACHE_QUOTA: Maximum permitted usage of the cache in percentage (0-100).
  LOGGER:
     MINIO_LOGGER_HTTP_STATE: Set this to "on" to enable HTTP logging target.
     MINIO_LOGGER_HTTP_ENDPOINT: HTTP endpoint URL to log all incoming requests.
 EXAMPLES:
  1. Start minio gateway server for AWS S3 backend.
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey
     {{.Prompt}} {{.HelpName}}
  2. Start minio gateway server for S3 backend on custom endpoint.
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}Q3AM3UQ867SPQQA43P2F
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
     {{.Prompt}} {{.HelpName}} https://play.min.io:9000
  3. Start minio gateway server for AWS S3 backend logging all requests to http endpoint.
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}Q3AM3UQ867SPQQA43P2F
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_LOGGER_HTTP_STATE{{.AssignmenOperator}}"on"
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_LOGGER_HTTP_ENDPOINT{{.AssignmentOperator}}"http://localhost:8000/"
     {{.Prompt}} {{.HelpName}} https://play.min.io:9000
  4. Start minio gateway server for AWS S3 backend with edge caching enabled.
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_ACCESS_KEY{{.AssignmentOperator}}accesskey
     {{.Prompt}} {{.EnvVarSetCommand}} MINIO_SECRET_KEY{{.AssignmentOperator}}secretkey
--- a/cmd/iam.go
+++ b/cmd/iam.go
@ -654,9 +654,9 @@ func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus)
 		SecretKey: cred.SecretKey,
 		Status: func() string {
 			if status == madmin.AccountEnabled {
-				return config.StateOn
+				return config.EnableOn
 			}
-			return config.StateOff
+			return config.EnableOff
 		}(),
 	})
 	if err := sys.store.saveUserIdentity(accessKey, false, uinfo); err != nil {
--- a/cmd/logger/config.go
+++ b/cmd/logger/config.go
@ -58,8 +58,8 @@ const (
 var (
 	DefaultKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   Endpoint,
@ -72,8 +72,8 @@ var (
 	}
 	DefaultAuditKVS = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 		config.KV{
 			Key:   Endpoint,
@ -153,7 +153,7 @@ func LookupConfig(scfg config.Config) (Config, error) {
 			return cfg, err
 		}
-		enabled, err := config.ParseBool(kv.Get(config.State))
+		enabled, err := config.ParseBool(kv.Get(config.Enable))
 		if err != nil {
 			return cfg, err
 		}
@ -185,7 +185,7 @@ func LookupConfig(scfg config.Config) (Config, error) {
 			return cfg, err
 		}
-		enabled, err := config.ParseBool(kv.Get(config.State))
+		enabled, err := config.ParseBool(kv.Get(config.Enable))
 		if err != nil {
 			return cfg, err
 		}
--- a/cmd/logger/help.go
+++ b/cmd/logger/help.go
@ -23,18 +23,18 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         Endpoint,
-			Description: `HTTP logger endpoint eg: "http://localhost:8080/minio/logs/server"`,
+			Description: `HTTP logger endpoint e.g. "http://localhost:8080/minio/logs/server"`,
 			Type:        "url",
 		},
 		config.HelpKV{
 			Key:         AuthToken,
-			Description: "Authorization token for logger endpoint",
+			Description: "authorization token for logger endpoint",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the HTTP logger setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
@ -43,18 +43,18 @@ var (
 	HelpAudit = config.HelpKVS{
 		config.HelpKV{
 			Key:         Endpoint,
-			Description: `HTTP Audit logger endpoint eg: "http://localhost:8080/minio/logs/audit"`,
+			Description: `HTTP Audit logger endpoint e.g. "http://localhost:8080/minio/logs/audit"`,
 			Type:        "url",
 		},
 		config.HelpKV{
 			Key:         AuthToken,
-			Description: "Authorization token for logger endpoint",
+			Description: "authorization token for audit logger endpoint",
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the HTTP Audit logger setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/logger/legacy.go
+++ b/cmd/logger/legacy.go
@ -31,8 +31,8 @@ func SetLoggerHTTPAudit(scfg config.Config, k string, args HTTP) {
 	}
 	scfg[config.AuditWebhookSubSys][k] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   Endpoint,
@ -54,8 +54,8 @@ func SetLoggerHTTP(scfg config.Config, k string, args HTTP) {
 	scfg[config.LoggerWebhookSubSys][k] = config.KVS{
 		config.KV{
-			Key:   config.State,
+			Key:   config.Enable,
-			Value: config.StateOn,
+			Value: config.EnableOn,
 		},
 		config.KV{
 			Key:   Endpoint,
--- a/cmd/server-main.go
+++ b/cmd/server-main.go
@ -156,7 +156,9 @@ func serverHandleCmdArgs(ctx *cli.Context) {
 	}
 	logger.FatalIf(err, "Invalid command line arguments")
-	logger.LogIf(context.Background(), checkEndpointsSubOptimal(ctx, setupType, globalEndpoints))
+	if err = checkEndpointsSubOptimal(ctx, setupType, globalEndpoints); err != nil {
 		logger.Info("Optimal endpoint check failed %s", err)
 	}
 	// On macOS, if a process already listens on LOCALIPADDR:PORT, net.Listen() falls back
 	// to IPv6 address ie minio will start listening on IPv6 address whereas another
@ -217,6 +219,17 @@ func initSafeModeInit(buckets []BucketInfo) (err error) {
 			if errors.As(err, &cerr) {
 				return
 			}
 			var cfgErr config.Error
 			if errors.As(err, &cfgErr) {
 				if cfgErr.Kind == config.ContinueKind {
 					// print the error and continue
 					logger.Info("Config validation failed '%s' the sub-system is turned-off and all other sub-systems", err)
 					err = nil
 					return
 				}
 			}
 			// Enable logger
 			logger.Disable = false
@ -308,6 +321,9 @@ func serverMain(ctx *cli.Context) {
 	// Handle all server environment vars.
 	serverHandleEnvVars()
 	// Initialize all help
 	initHelp()
 	// Check and load TLS certificates.
 	var err error
 	globalPublicCerts, globalTLSCerts, globalIsSSL, err = getTLSConfig()
@ -338,7 +354,9 @@ func serverMain(ctx *cli.Context) {
 	}
 	// Set system resources to maximum.
-	logger.LogIf(context.Background(), setMaxResources())
+	if err = setMaxResources(); err != nil {
 		logger.Info("Unable to set system resources to maximum %s", err)
 	}
 	if globalIsXL {
 		// Init global heal state
@ -409,8 +427,14 @@ func serverMain(ctx *cli.Context) {
 	logger.FatalIf(initSafeModeInit(buckets), "Unable to initialize server")
 	if globalCacheConfig.Enabled {
-		msg := color.RedBold("Disk caching is disabled in 'server' mode, 'caching' is only supported in gateway deployments")
+		// initialize the new disk cache objects.
-		logger.StartupMessage(msg)
+		var cacheAPI CacheObjectLayer
 		cacheAPI, err = newServerCacheObjects(context.Background(), globalCacheConfig)
 		logger.FatalIf(err, "Unable to initialize disk caching")
 		globalObjLayerMutex.Lock()
 		globalCacheObjectAPI = cacheAPI
 		globalObjLayerMutex.Unlock()
 	}
 	initDailyLifecycle()
--- a/cmd/server-startup-msg.go
+++ b/cmd/server-startup-msg.go
@ -49,7 +49,7 @@ func getFormatStr(strLen int, padding int) string {
 func printStartupSafeModeMessage(apiEndpoints []string, err error) {
 	logStartupMessage(color.RedBold("Server startup failed with '%v'", err))
 	logStartupMessage(color.RedBold("Server switching to safe mode"))
-	logStartupMessage(color.RedBold("Please use 'mc admin' commands to fix this issue"))
+	logStartupMessage(color.RedBold("Please use 'mc admin config' commands fix this issue"))
 	// Object layer is initialized then print StorageInfo in safe mode.
 	objAPI := newObjectLayerWithoutSafeModeFn()
@ -91,13 +91,13 @@ func printStartupSafeModeMessage(apiEndpoints []string, err error) {
 			mcMessage := fmt.Sprintf("> mc.exe config host add %s %s %s %s --api s3v4", alias,
 				endPoint, cred.AccessKey, cred.SecretKey)
 			logStartupMessage(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
-			mcMessage = fmt.Sprintf("> mc.exe admin --help")
+			mcMessage = fmt.Sprintf("> mc.exe admin config --help")
 			logStartupMessage(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
 		} else {
 			mcMessage := fmt.Sprintf("$ mc config host add %s %s %s %s --api s3v4", alias,
 				endPoint, cred.AccessKey, cred.SecretKey)
 			logStartupMessage(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
-			mcMessage = fmt.Sprintf("$ mc admin --help")
+			mcMessage = fmt.Sprintf("$ mc admin config --help")
 			logStartupMessage(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
 		}
 	}
--- a/cmd/test-utils_test.go
+++ b/cmd/test-utils_test.go
@ -76,6 +76,7 @@ func init() {
 	logger.Disable = true
 	initHelp()
 	// Uncomment the following line to see trace logs during unit tests.
 	// logger.AddTarget(console.New())
 }
--- a/docs/config/README.md
+++ b/docs/config/README.md
@ -74,9 +74,9 @@ minio server /data
 | Field                          | Type     | Description                                                                                                                                                                                  |
 |:-------------------------------|:---------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| ``storageclass``               |          | Set storage class for configurable data and parity, as per object basis.                                                                                                                     |
+| ``storage_class``               |          | Set storage class for configurable data and parity, as per object basis.                                                                                                                     |
-| ``storageclass standard=EC:4`` | _string_ | Value for standard storage class. It should be in the format `EC:Parity`, for example to set 4 disk parity for standard storage class objects, set this field to `EC:4`.                     |
+| ``storage_class standard=EC:4`` | _string_ | Value for standard storage class. It should be in the format `EC:Parity`, for example to set 4 disk parity for standard storage class objects, set this field to `EC:4`.                     |
-| ``storageclass rrs=EC:2``      | _string_ | Value for reduced redundancy storage class. It should be in the format `EC:Parity`, for example to set 3 disk parity for reduced redundancy storage class objects, set this field to `EC:3`. |
+| ``storage_class rrs=EC:2``      | _string_ | Value for reduced redundancy storage class. It should be in the format `EC:Parity`, for example to set 3 disk parity for reduced redundancy storage class objects, set this field to `EC:3`. |
 By default, parity for objects with standard storage class is set to `N/2`, and parity for objects with reduced redundancy storage class objects is set to `2`. Read more about storage class support in MinIO server [here](https://github.com/minio/minio/blob/master/docs/erasure/storage-class/README.md).
--- a/docs/config/config.sample.json
+++ b/docs/config/config.sample.json
@ -1,340 +0,0 @@
 {
 	"cache": {
 		"_": {
 			"drives": "",
 			"exclude": "",
 			"expiry": "90",
 			"quota": "80",
 			"state": "off"
 		}
 	},
 	"compression": {
 		"_": {
 			"extensions": ".txt,.log,.csv,.json,.tar,.xml,.bin",
 			"mime_types": "text/*,application/json,application/xml",
 			"state": "off"
 		}
 	},
 	"identity_ldap": {
 		"_": {
 			"group_name_attribute": "",
 			"group_search_base_dn": "",
 			"group_search_filter": "",
 			"server_addr": "",
 			"state": "off",
 			"sts_expiry": "",
 			"username_format": ""
 		}
 	},
 	"identity_openid": {
 		"_": {
 			"config_url": "http://localhost:8080/auth/realms/demo/.well-known/openid-configuration",
 			"state": "on"
 		}
 	},
 	"kms_vault": {
 		"_": {
 			"auth_approle_id": "",
 			"auth_approle_secret": "",
 			"auth_type": "",
 			"capath": "",
 			"endpoint": "",
 			"key_name": "",
 			"key_version": "0",
 			"namespace": "",
 			"state": "off"
 		}
 	},
 	"logger_http": {
 		"1": {
 			"auth_token": "",
 			"endpoint": "",
 			"state": "off"
 		},
 		"_": {
 			"auth_token": "",
 			"endpoint": "",
 			"state": "off"
 		}
 	},
 	"logger_http_audit": {
 		"_": {
 			"auth_token": "",
 			"endpoint": "",
 			"state": "off"
 		}
 	},
 	"notify_amqp": {
 		"1": {
 			"auto_deleted": "off",
 			"delivery_mode": "0",
 			"durable": "off",
 			"exchange": "",
 			"exchange_type": "",
 			"internal": "off",
 			"mandatory": "off",
 			"no_wait": "off",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"routing_key": "",
 			"state": "off",
 			"url": ""
 		},
 		"_": {
 			"auto_deleted": "off",
 			"delivery_mode": "0",
 			"durable": "off",
 			"exchange": "",
 			"exchange_type": "",
 			"internal": "off",
 			"mandatory": "off",
 			"no_wait": "off",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"routing_key": "",
 			"state": "off",
 			"url": ""
 		}
 	},
 	"notify_elasticsearch": {
 		"1": {
 			"format": "namespace",
 			"index": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off",
 			"url": ""
 		},
 		"_": {
 			"format": "namespace",
 			"index": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off",
 			"url": ""
 		}
 	},
 	"notify_kafka": {
 		"1": {
 			"brokers": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"sasl_enable": "off",
 			"sasl_password": "",
 			"sasl_username": "",
 			"state": "off",
 			"tls_client_auth": "0",
 			"tls_enable": "off",
 			"tls_skip_verify": "off",
 			"topic": ""
 		},
 		"_": {
 			"brokers": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"sasl_enable": "off",
 			"sasl_password": "",
 			"sasl_username": "",
 			"state": "off",
 			"tls_client_auth": "0",
 			"tls_enable": "off",
 			"tls_skip_verify": "off",
 			"topic": ""
 		}
 	},
 	"notify_mqtt": {
 		"1": {
 			"broker": "",
 			"keep_alive_interval": "0s",
 			"password": "",
 			"qos": "0",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"reconnect_interval": "0s",
 			"state": "off",
 			"topic": "",
 			"username": ""
 		},
 		"_": {
 			"broker": "",
 			"keep_alive_interval": "0s",
 			"password": "",
 			"qos": "0",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"reconnect_interval": "0s",
 			"state": "off",
 			"topic": "",
 			"username": ""
 		}
 	},
 	"notify_mysql": {
 		"1": {
 			"database": "",
 			"dsn_string": "",
 			"format": "namespace",
 			"host": "",
 			"password": "",
 			"port": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off",
 			"table": "",
 			"username": ""
 		},
 		"_": {
 			"database": "",
 			"dsn_string": "",
 			"format": "namespace",
 			"host": "",
 			"password": "",
 			"port": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off",
 			"table": "",
 			"username": ""
 		}
 	},
 	"notify_nats": {
 		"1": {
 			"address": "",
 			"password": "",
 			"ping_interval": "0",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"secure": "off",
 			"state": "off",
 			"streaming_async": "off",
 			"streaming_cluster_id": "",
 			"streaming_enable": "off",
 			"streaming_max_pub_acks_in_flight": "0",
 			"subject": "",
 			"token": "",
 			"username": ""
 		},
 		"_": {
 			"address": "",
 			"password": "",
 			"ping_interval": "0",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"secure": "off",
 			"state": "off",
 			"streaming_async": "off",
 			"streaming_cluster_id": "",
 			"streaming_enable": "off",
 			"streaming_max_pub_acks_in_flight": "0",
 			"subject": "",
 			"token": "",
 			"username": ""
 		}
 	},
 	"notify_nsq": {
 		"1": {
 			"nsqd_address": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off",
 			"tls_enable": "off",
 			"tls_skip_verify": "off",
 			"topic": ""
 		},
 		"_": {
 			"nsqd_address": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off",
 			"tls_enable": "off",
 			"tls_skip_verify": "off",
 			"topic": ""
 		}
 	},
 	"notify_postgres": {
 		"1": {
 			"connection_string": "",
 			"database": "",
 			"format": "namespace",
 			"host": "",
 			"password": "",
 			"port": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off",
 			"table": "",
 			"username": ""
 		},
 		"_": {
 			"connection_string": "",
 			"database": "",
 			"format": "namespace",
 			"host": "",
 			"password": "",
 			"port": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off",
 			"table": "",
 			"username": ""
 		}
 	},
 	"notify_redis": {
 		"1": {
 			"address": "",
 			"format": "namespace",
 			"key": "",
 			"password": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off"
 		},
 		"_": {
 			"address": "",
 			"format": "namespace",
 			"key": "",
 			"password": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off"
 		}
 	},
 	"notify_webhook": {
 		"1": {
 			"endpoint": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off"
 		},
 		"_": {
 			"auth_token": "",
 			"endpoint": "",
 			"queue_dir": "",
 			"queue_limit": "0",
 			"state": "off"
 		}
 	},
 	"policy_opa": {
 		"_": {
 			"auth_token": "",
 			"state": "off",
 			"url": ""
 		}
 	},
 	"region": {
 		"_": {
 			"name": "us-east-1"
 		}
 	},
 	"storageclass": {
 		"_": {
 			"rrs": "",
 			"standard": "",
 			"state": "off"
 		}
 	},
 	"worm": {
 		"_": {
 			"state": "off"
 		}
 	}
 }
--- a/docs/erasure/storage-class/README.md
+++ b/docs/erasure/storage-class/README.md
@ -62,14 +62,12 @@ Default value for `REDUCED_REDUNDANCY` storage class is `2`.
 The format to set storage class environment variables is as follows
 `MINIO_STORAGE_CLASS_STATE=on`
 `MINIO_STORAGE_CLASS_STANDARD=EC:parity`
 `MINIO_STORAGE_CLASS_RRS=EC:parity`
 For example, set `MINIO_STORAGE_CLASS_RRS` parity 2 and `MINIO_STORAGE_CLASS_STANDARD` parity 3
 ```sh
 export MINIO_STORAGE_CLASS_STATE=on
 export MINIO_STORAGE_CLASS_STANDARD=EC:3
 export MINIO_STORAGE_CLASS_RRS=EC:2
 ```
--- a/docs/gateway/s3.md
+++ b/docs/gateway/s3.md
@ -76,7 +76,6 @@ and "c" for sse-c encryption. More than one encryption option can be set, delimi
 ```sh
 export MINIO_GATEWAY_SSE="s3;c"
 export MINIO_KMS_VAULT_STATE=on
 export MINIO_KMS_VAULT_APPROLE_ID=9b56cc08-8258-45d5-24a3-679876769126
 export MINIO_KMS_VAULT_APPROLE_SECRET=4e30c52f-13e4-a6f5-0763-d50e8cb4321f
 export MINIO_KMS_VAULT_ENDPOINT=https://vault-endpoint-ip:8200
--- a/docs/kms/README.md
+++ b/docs/kms/README.md
@ -171,7 +171,6 @@ The AppRole ID, AppRole Secret Id, Vault endpoint and Vault key name can now be
 You'll need the Vault endpoint, AppRole ID, AppRole SecretID and encryption key-ring name defined in step 2.1.2
 ```
 export MINIO_KMS_VAULT_STATE=on
 export MINIO_KMS_VAULT_APPROLE_ID=8c03926c-6c51-7a1d-cf7d-62e48ab8d6d7
 export MINIO_KMS_VAULT_APPROLE_SECRET=edd8738c-6efe-c226-74f9-ef5b66e119d7
 export MINIO_KMS_VAULT_ENDPOINT=http://vault-endpoint-ip:8200
--- a/docs/logging/README.md
+++ b/docs/logging/README.md
@ -28,7 +28,7 @@ NOTE: `http://endpoint:port/path` is a placeholder value to indicate the URL for
 MinIO also honors environment variable for HTTP target logging as shown below, this setting will override the endpoint settings in the MinIO server config.
 ```
-export MINIO_LOGGER_WEBHOOK_STATE_target1="on"
+export MINIO_LOGGER_WEBHOOK_ENABLE_target1="on"
 export MINIO_LOGGER_WEBHOOK_AUTH_TOKEN_target1="token"
 export MINIO_LOGGER_WEBHOOK_ENDPOINT_target1=http://localhost:8080/minio/logs
 minio server /mnt/data
@ -50,7 +50,7 @@ NOTE: `http://endpoint:port/path` is a placeholder value to indicate the URL for
 MinIO also honors environment variable for HTTP target Audit logging as shown below, this setting will override the endpoint settings in the MinIO server config.
 ```
-export MINIO_AUDIT_WEBHOOK_STATE_target1="on"
+export MINIO_AUDIT_WEBHOOK_ENABLE_target1="on"
 export MINIO_AUDIT_WEBHOOK_AUTH_TOKEN_target1="token"
 export MINIO_AUDIT_WEBHOOK_ENDPOINT_target1=http://localhost:8080/minio/logs
 minio server /mnt/data
--- a/docs/sts/README.md
+++ b/docs/sts/README.md
@ -34,7 +34,6 @@ Make sure we have followed the previous step and configured each software indepe
 ```
 export MINIO_ACCESS_KEY=minio
 export MINIO_SECRET_KEY=minio123
 export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
 export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
 minio server /mnt/data
@ -48,7 +47,6 @@ Make sure we have followed the previous step and configured each software indepe
 ```
 export MINIO_ACCESS_KEY=aws_access_key
 export MINIO_SECRET_KEY=aws_secret_key
 export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
 export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
 export MINIO_ETCD_ENDPOINTS=http://localhost:2379
--- a/docs/sts/client-grants.md
+++ b/docs/sts/client-grants.md
@ -93,14 +93,13 @@ http://minio.cluster:9000?Action=AssumeRoleWithClientGrants&DurationSeconds=3600
 ```
 export MINIO_ACCESS_KEY=minio
 export MINIO_SECRET_KEY=minio123
 export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
 export MINIO_IDENTITY_OPENID_CLIENT_ID="7a243d56-1081-11ea-b1b9-0bad8bed6ca0"
 export MINIO_POLICY_OPA_URL=http://localhost:8181/v1/data/httpapi/authz
 minio server /mnt/export
 mc admin config get myminio identity_openid
-identity_openid config_url="https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration" 
+identity_openid config_url="https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration"
 mc admin config get myminio policy_opa
 policy_opa url="http://localhost:8181/v1/data/httpapi/authz" auth_token=
--- a/docs/sts/ldap.md
+++ b/docs/sts/ldap.md
@ -42,7 +42,6 @@ LDAP is configured via the following environment variables:
 | Variable                                     | Required?               | Purpose                                                                 |
 |----------------------------------------------|-------------------------|-------------------------------------------------------------------------|
 | **MINIO_IDENTITY_LDAP_STATE**                | **YES**                 | Enable or disable ldap identity                                         |
 | **MINIO_IDENTITY_LDAP_SERVER_ADDR**          | **YES**                 | AD/LDAP server address                                                  |
 | **MINIO_IDENTITY_LDAP_USERNAME_FORMAT**      | **YES**                 | Format of full username DN                                              |
 | **MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN** | **NO**                  | Base DN in AD/LDAP hierarchy to use in search requests                  |
@ -57,7 +56,6 @@ Please note that MinIO will only access the AD/LDAP server over TLS. If a self-s
 An example setup for development or experimentation:
 ``` shell
 export MINIO_IDENTITY_LDAP_STATE="on"
 export MINIO_IDENTITY_LDAP_SERVER_ADDR=myldapserver.com:636
 export MINIO_IDENTITY_LDAP_USERNAME_FORMAT="uid={username},cn=accounts,dc=myldapserver,dc=com"
 export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="dc=myldapserver,dc=com"
@ -111,7 +109,6 @@ The group search filter looks like `(&(objectclass=group)(member={usernamedn}))`
 Thus the key configuration parameters look like:
 ```
 MINIO_IDENTITY_LDAP_STATE="on"
 MINIO_IDENTITY_LDAP_SERVER_ADDR='my.ldap-active-dir-server.com:636'
 MINIO_IDENTITY_LDAP_USERNAME_FORMAT='cn={username},cn=users,dc=minioad,dc=local'
 MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN='dc=minioad,dc=local'
@ -218,7 +215,6 @@ http://minio.cluster:9000?Action=AssumeRoleWithLDAPIdentity&LDAPUsername=foouser
 ```
 $ export MINIO_ACCESS_KEY=minio
 $ export MINIO_SECRET_KEY=minio123
 $ export MINIO_IDENTITY_LDAP_STATE="on"
 $ export MINIO_IDENTITY_LDAP_SERVER_ADDR='my.ldap-active-dir-server.com:636'
 $ export MINIO_IDENTITY_LDAP_USERNAME_FORMAT='cn={username},cn=users,dc=minioad,dc=local'
 $ export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN='dc=minioad,dc=local'
--- a/docs/sts/web-identity.md
+++ b/docs/sts/web-identity.md
@ -93,7 +93,6 @@ http://minio.cluster:9000?Action=AssumeRoleWithWebIdentity&DurationSeconds=3600&
 ```
 export MINIO_ACCESS_KEY=minio
 export MINIO_SECRET_KEY=minio123
 export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://accounts.google.com/.well-known/openid-configuration
 minio server /mnt/export
--- a/docs/sts/wso2.md
+++ b/docs/sts/wso2.md
@ -69,7 +69,6 @@ Using the above `access_token` we can perform an STS request to MinIO to get tem
 ### 5. Setup MinIO with OpenID configuration URL
 MinIO server expects environment variable for OpenID configuration url as `MINIO_IDENTITY_OPENID_CONFIG_URL`, this environment variable takes a single entry.
 ```
 export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
 export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
 minio server /mnt/data
--- a/pkg/event/target/amqp.go
+++ b/pkg/event/target/amqp.go
@ -68,7 +68,7 @@ const (
 	AmqpArguments         = "arguments"
 	AmqpPublishingHeaders = "publishing_headers"
-	EnvAMQPState             = "MINIO_NOTIFY_AMQP_STATE"
+	EnvAMQPEnable            = "MINIO_NOTIFY_AMQP_ENABLE"
 	EnvAMQPURL               = "MINIO_NOTIFY_AMQP_URL"
 	EnvAMQPExchange          = "MINIO_NOTIFY_AMQP_EXCHANGE"
 	EnvAMQPRoutingKey        = "MINIO_NOTIFY_AMQP_ROUTING_KEY"
--- a/pkg/event/target/elasticsearch.go
+++ b/pkg/event/target/elasticsearch.go
@ -39,7 +39,7 @@ const (
 	ElasticQueueDir   = "queue_dir"
 	ElasticQueueLimit = "queue_limit"
-	EnvElasticState      = "MINIO_NOTIFY_ELASTICSEARCH_STATE"
+	EnvElasticEnable     = "MINIO_NOTIFY_ELASTICSEARCH_ENABLE"
 	EnvElasticFormat     = "MINIO_NOTIFY_ELASTICSEARCH_FORMAT"
 	EnvElasticURL        = "MINIO_NOTIFY_ELASTICSEARCH_URL"
 	EnvElasticIndex      = "MINIO_NOTIFY_ELASTICSEARCH_INDEX"
--- a/pkg/event/target/kafka.go
+++ b/pkg/event/target/kafka.go
@ -46,7 +46,7 @@ const (
 	KafkaSASLUsername  = "sasl_username"
 	KafkaSASLPassword  = "sasl_password"
-	EnvKafkaState         = "MINIO_NOTIFY_KAFKA_STATE"
+	EnvKafkaEnable        = "MINIO_NOTIFY_KAFKA_ENABLE"
 	EnvKafkaBrokers       = "MINIO_NOTIFY_KAFKA_BROKERS"
 	EnvKafkaTopic         = "MINIO_NOTIFY_KAFKA_TOPIC"
 	EnvKafkaQueueDir      = "MINIO_NOTIFY_KAFKA_QUEUE_DIR"
--- a/pkg/event/target/mqtt.go
+++ b/pkg/event/target/mqtt.go
@ -50,7 +50,7 @@ const (
 	MqttQueueDir          = "queue_dir"
 	MqttQueueLimit        = "queue_limit"
-	EnvMQTTState             = "MINIO_NOTIFY_MQTT_STATE"
+	EnvMQTTEnable            = "MINIO_NOTIFY_MQTT_ENABLE"
 	EnvMQTTBroker            = "MINIO_NOTIFY_MQTT_BROKER"
 	EnvMQTTTopic             = "MINIO_NOTIFY_MQTT_TOPIC"
 	EnvMQTTQoS               = "MINIO_NOTIFY_MQTT_QOS"
--- a/pkg/event/target/mysql.go
+++ b/pkg/event/target/mysql.go
@ -94,7 +94,7 @@ const (
 	MySQLQueueLimit = "queue_limit"
 	MySQLQueueDir   = "queue_dir"
-	EnvMySQLState      = "MINIO_NOTIFY_MYSQL_STATE"
+	EnvMySQLEnable     = "MINIO_NOTIFY_MYSQL_ENABLE"
 	EnvMySQLFormat     = "MINIO_NOTIFY_MYSQL_FORMAT"
 	EnvMySQLDSNString  = "MINIO_NOTIFY_MYSQL_DSN_STRING"
 	EnvMySQLTable      = "MINIO_NOTIFY_MYSQL_TABLE"
--- a/pkg/event/target/nats.go
+++ b/pkg/event/target/nats.go
@ -51,7 +51,7 @@ const (
 	NATSStreamingAsync              = "streaming_async"
 	NATSStreamingMaxPubAcksInFlight = "streaming_max_pub_acks_in_flight"
-	EnvNATSState         = "MINIO_NOTIFY_NATS_STATE"
+	EnvNATSEnable        = "MINIO_NOTIFY_NATS_ENABLE"
 	EnvNATSAddress       = "MINIO_NOTIFY_NATS_ADDRESS"
 	EnvNATSSubject       = "MINIO_NOTIFY_NATS_SUBJECT"
 	EnvNATSUsername      = "MINIO_NOTIFY_NATS_USERNAME"
--- a/pkg/event/target/nsq.go
+++ b/pkg/event/target/nsq.go
@ -40,7 +40,7 @@ const (
 	NSQQueueDir      = "queue_dir"
 	NSQQueueLimit    = "queue_limit"
-	EnvNSQState         = "MINIO_NOTIFY_NSQ"
+	EnvNSQEnable        = "MINIO_NOTIFY_NSQ"
 	EnvNSQAddress       = "MINIO_NOTIFY_NSQ_NSQD_ADDRESS"
 	EnvNSQTopic         = "MINIO_NOTIFY_NSQ_TOPIC"
 	EnvNSQTLS           = "MINIO_NOTIFY_NSQ_TLS"
--- a/pkg/event/target/postgresql.go
+++ b/pkg/event/target/postgresql.go
@ -95,7 +95,7 @@ const (
 	PostgresQueueDir         = "queue_dir"
 	PostgresQueueLimit       = "queue_limit"
-	EnvPostgresState            = "MINIO_NOTIFY_POSTGRES_STATE"
+	EnvPostgresEnable           = "MINIO_NOTIFY_POSTGRES_ENABLE"
 	EnvPostgresFormat           = "MINIO_NOTIFY_POSTGRES_FORMAT"
 	EnvPostgresConnectionString = "MINIO_NOTIFY_POSTGRES_CONNECTION_STRING"
 	EnvPostgresTable            = "MINIO_NOTIFY_POSTGRES_TABLE"
--- a/pkg/event/target/redis.go
+++ b/pkg/event/target/redis.go
@ -41,7 +41,7 @@ const (
 	RedisQueueDir   = "queue_dir"
 	RedisQueueLimit = "queue_limit"
-	EnvRedisState      = "MINIO_NOTIFY_REDIS_STATE"
+	EnvRedisEnable     = "MINIO_NOTIFY_REDIS_ENABLE"
 	EnvRedisFormat     = "MINIO_NOTIFY_REDIS_FORMAT"
 	EnvRedisAddress    = "MINIO_NOTIFY_REDIS_ADDRESS"
 	EnvRedisPassword   = "MINIO_NOTIFY_REDIS_PASSWORD"
--- a/pkg/event/target/webhook.go
+++ b/pkg/event/target/webhook.go
@ -44,7 +44,7 @@ const (
 	WebhookQueueDir   = "queue_dir"
 	WebhookQueueLimit = "queue_limit"
-	EnvWebhookState      = "MINIO_NOTIFY_WEBHOOK_STATE"
+	EnvWebhookEnable     = "MINIO_NOTIFY_WEBHOOK_ENABLE"
 	EnvWebhookEndpoint   = "MINIO_NOTIFY_WEBHOOK_ENDPOINT"
 	EnvWebhookAuthToken  = "MINIO_NOTIFY_WEBHOOK_AUTH_TOKEN"
 	EnvWebhookQueueDir   = "MINIO_NOTIFY_WEBHOOK_QUEUE_DIR"
--- a/pkg/madmin/parse-kv.go
+++ b/pkg/madmin/parse-kv.go
@ -70,19 +70,19 @@ type Targets []Target
 // Standard config keys and values.
 const (
-	StateKey   = "state"
+	EnableKey  = "enable"
 	CommentKey = "comment"
-	// State values
+	// Enable values
-	StateOn  = "on"
+	EnableOn  = "on"
-	StateOff = "off"
+	EnableOff = "off"
 )
 func (kvs KVS) String() string {
 	var s strings.Builder
 	for _, kv := range kvs {
 		// Do not need to print state which is on.
-		if kv.Key == StateKey && kv.Value == StateOn {
+		if kv.Key == EnableKey && kv.Value == EnableOn {
 			continue
 		}
 		if kv.Key == CommentKey && kv.Value == "" {
@ -90,7 +90,7 @@ func (kvs KVS) String() string {
 		}
 		s.WriteString(kv.Key)
 		s.WriteString(KvSeparator)
-		spc := hasSpace(kv.Value)
+		spc := HasSpace(kv.Value)
 		if spc {
 			s.WriteString(KvDoubleQuote)
 		}
@ -108,7 +108,8 @@ func (t Targets) Count() int {
 	return len(t)
 }
-func hasSpace(s string) bool {
+// HasSpace - returns if given string has space.
 func HasSpace(s string) bool {
 	for _, r := range s {
 		if unicode.IsSpace(r) {
 			return true
@ -159,10 +160,12 @@ func (t *Targets) AddTarget(s string) error {
 	if len(inputs) <= 1 {
 		return fmt.Errorf("invalid number of arguments '%s'", s)
 	}
 	subSystemValue := strings.SplitN(inputs[0], SubSystemSeparator, 2)
 	if len(subSystemValue) == 0 {
 		return fmt.Errorf("invalid number of arguments %s", s)
 	}
 	var kvs = KVS{}
 	var prevK string
 	for _, v := range strings.Fields(inputs[1]) {
@ -187,11 +190,19 @@ func (t *Targets) AddTarget(s string) error {
 		})
 	}
 	for i := range *t {
 		if (*t)[i].SubSystem == inputs[0] {
 			(*t)[i] = Target{
 				SubSystem: inputs[0],
 				KVS:       kvs,
 			}
 			return nil
 		}
 	}
 	*t = append(*t, Target{
 		SubSystem: inputs[0],
 		KVS:       kvs,
 	})
 	return nil
 }