cleanup markdown docs across multiple files (#14296)

enable markdown-linter
2025-11-10 05:59:43 -05:00 · 2022-02-11 16:51:25 -08:00
parent 2c0f121550
commit e3e0532613
71 changed files with 1023 additions and 595 deletions
--- a/docs/sts/README.md
+++ b/docs/sts/README.md
@@ -1,4 +1,5 @@
 # MinIO STS Quickstart Guide [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)
+
 The MinIO Security Token Service (STS) is an endpoint service that enables clients to request temporary credentials for MinIO resources. Temporary credentials work almost identically to default admin credentials, with some differences:

 - Temporary credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, MinIO no longer recognizes them or allows any kind of access from API requests made with them.
@@ -11,6 +12,7 @@ Following are advantages for using temporary credentials:
 - Temporary credentials have a limited lifetime, there is no need to rotate them or explicitly revoke them. Expired temporary credentials cannot be reused.

 ## Identity Federation
+
 | AuthN                                                                                  | Description                                                                                                                                   |
 | :----------------------                                                                | ------------------------------------------                                                                                                    |
 | [**WebIdentity**](https://github.com/minio/minio/blob/master/docs/sts/web-identity.md) | Let users request temporary credentials using any OpenID(OIDC) compatible web identity providers such as KeyCloak, Dex, Facebook, Google etc. |
@@ -18,8 +20,10 @@ Following are advantages for using temporary credentials:
 | [**AssumeRole**](https://github.com/minio/minio/blob/master/docs/sts/assume-role.md)   | Let MinIO users request temporary credentials using user access and secret keys.                                                              |

 ### Understanding JWT Claims
+
 > NOTE: JWT claims are only meant for WebIdentity and ClientGrants.
 > AssumeRole or LDAP users can skip the entire portion and directly visit one of the links below.
+>
 > - [**AssumeRole**](https://github.com/minio/minio/blob/master/docs/sts/assume-role.md)
 > - [**AD/LDAP**](https://github.com/minio/minio/blob/master/docs/sts/ldap.md)

@@ -30,18 +34,22 @@ The id_token received is a signed JSON Web Token (JWT). Use a JWT decoder to dec
 | policy     | _string_ or _[]string_ or _comma_separated_value_ | Canned policy name to be applied for STS credentials. (Mandatory) - This can be configured to any desired value such as `roles` or `groups` by setting the environment variable `MINIO_IDENTITY_OPENID_CLAIM_NAME` |

 ## Get started
+
 In this document we will explain in detail on how to configure all the prerequisites.

 > NOTE: If you are interested in AssumeRole API only, skip to [here](https://github.com/minio/minio/blob/master/docs/sts/assume-role.md)

 ### Prerequisites
+
 - [Configuring keycloak](https://github.com/minio/minio/blob/master/docs/sts/keycloak.md) or [Configuring Casdoor](https://github.com/minio/minio/blob/master/docs/sts/casdoor.md)
 - [Configuring etcd (optional needed only in gateway or federation mode)](https://github.com/minio/minio/blob/master/docs/sts/etcd.md)

 ### Setup MinIO with Identity Provider
+
 Make sure we have followed the previous step and configured each software independently, once done we can now proceed to use MinIO STS API and MinIO server to use these credentials to perform object API operations.

 #### KeyCloak
+
 ```
 export MINIO_ROOT_USER=minio
 export MINIO_ROOT_PASSWORD=minio123
@@ -51,6 +59,7 @@ minio server /mnt/data
 ```

 #### Casdoor
+
 ```
 export MINIO_ROOT_USER=minio
 export MINIO_ROOT_PASSWORD=minio123
@@ -60,6 +69,7 @@ minio server /mnt/data
 ```

 ### Setup MinIO Gateway with Keycloak and Etcd
+
 Make sure we have followed the previous step and configured each software independently, once done we can now proceed to use MinIO STS API and MinIO gateway to use these credentials to perform object API operations.

 > NOTE: MinIO gateway requires etcd to be configured to use STS API.
@@ -74,6 +84,7 @@ minio gateway s3
 ```

 ### Using WebIdentiy API
+
 On another terminal run `web-identity.go` a sample client application which obtains JWT id_tokens from an identity provider, in our case its Keycloak. Uses the returned id_token response to get new temporary credentials from the MinIO server using the STS API call `AssumeRoleWithWebIdentity`.

 ```
@@ -103,11 +114,12 @@ These credentials can now be used to perform MinIO API operations.

 ### Using MinIO Console

- Open MinIO URL on the browser, lets say http://localhost:9000/
+- Open MinIO URL on the browser, lets say <http://localhost:9000/>
 - Click on `Login with SSO`
 - User will be redirected to the Keycloak user login page, upon successful login the user will be redirected to MinIO page and logged in automatically,
  the user should see now the buckets and objects they have access to.

 ## Explore Further
+
 - [MinIO Admin Complete Guide](https://docs.min.io/docs/minio-admin-complete-guide.html)
 - [The MinIO documentation website](https://docs.min.io)