diff --git a/website/content/docs/commands/session-recordings/download.mdx b/website/content/docs/commands/session-recordings/download.mdx
index 96567fbc66..d37da7e29b 100644
--- a/website/content/docs/commands/session-recordings/download.mdx
+++ b/website/content/docs/commands/session-recordings/download.mdx
@@ -7,6 +7,8 @@ description: |-
# session-recordings download
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary session-recordings download`
The `boundary session-recordings download` command lets you download a Boundary session recording.
diff --git a/website/content/docs/commands/session-recordings/index.mdx b/website/content/docs/commands/session-recordings/index.mdx
index 1775243cd9..85416f60cf 100644
--- a/website/content/docs/commands/session-recordings/index.mdx
+++ b/website/content/docs/commands/session-recordings/index.mdx
@@ -7,6 +7,8 @@ description: |-
# session-recordings
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary session-recordings`
The `session-recordings` command lets you perform operations on Boundary session recording resources.
diff --git a/website/content/docs/commands/session-recordings/list.mdx b/website/content/docs/commands/session-recordings/list.mdx
index 53a7b378ec..3f286ef4a1 100644
--- a/website/content/docs/commands/session-recordings/list.mdx
+++ b/website/content/docs/commands/session-recordings/list.mdx
@@ -7,6 +7,8 @@ description: |-
# session-recordings list
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary session-recordings list`
The `boundary session-recordings list` command lets you list the Boundary session recordings within a given scope or resource.
diff --git a/website/content/docs/commands/session-recordings/read.mdx b/website/content/docs/commands/session-recordings/read.mdx
index 708974a19f..96a818e984 100644
--- a/website/content/docs/commands/session-recordings/read.mdx
+++ b/website/content/docs/commands/session-recordings/read.mdx
@@ -7,6 +7,8 @@ description: |-
# session-recordings read
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary session-recordings read`
The `boundary session-recordings read` command lets you read information about a Boundary session recording by providing the ID.
diff --git a/website/content/docs/commands/storage-buckets/create.mdx b/website/content/docs/commands/storage-buckets/create.mdx
index 1d81ed8678..901c84799d 100644
--- a/website/content/docs/commands/storage-buckets/create.mdx
+++ b/website/content/docs/commands/storage-buckets/create.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets create
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets create`
The `boundary storage-buckets create` command lets you create Boundary storage buckets.
diff --git a/website/content/docs/commands/storage-buckets/delete.mdx b/website/content/docs/commands/storage-buckets/delete.mdx
index 26210d7d79..62dd47a8bf 100644
--- a/website/content/docs/commands/storage-buckets/delete.mdx
+++ b/website/content/docs/commands/storage-buckets/delete.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets delete
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets delete`
The `boundary storage-buckets delete` command lets you delete Boundary storage buckets.
diff --git a/website/content/docs/commands/storage-buckets/index.mdx b/website/content/docs/commands/storage-buckets/index.mdx
index 155de5ef0b..6d6e1005bf 100644
--- a/website/content/docs/commands/storage-buckets/index.mdx
+++ b/website/content/docs/commands/storage-buckets/index.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets`
The `storage-buckets` command lets you perform operations on Boundary storage bucket resources.
diff --git a/website/content/docs/commands/storage-buckets/list.mdx b/website/content/docs/commands/storage-buckets/list.mdx
index 758ea8d6ae..f1567fa2ab 100644
--- a/website/content/docs/commands/storage-buckets/list.mdx
+++ b/website/content/docs/commands/storage-buckets/list.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets list
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `storage-buckets list`
The `storage-buckets list` command lets you list the storage buckets within a given scope or resource.
diff --git a/website/content/docs/commands/storage-buckets/read.mdx b/website/content/docs/commands/storage-buckets/read.mdx
index 21c8f404e0..1148473e98 100644
--- a/website/content/docs/commands/storage-buckets/read.mdx
+++ b/website/content/docs/commands/storage-buckets/read.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets read
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets read`
The `boundary storage-buckets read` command lets you read information about Boundary storage buckets.
diff --git a/website/content/docs/commands/storage-buckets/update.mdx b/website/content/docs/commands/storage-buckets/update.mdx
index f112fee622..0b0941a9b2 100644
--- a/website/content/docs/commands/storage-buckets/update.mdx
+++ b/website/content/docs/commands/storage-buckets/update.mdx
@@ -7,6 +7,8 @@ description: |-
# storage-buckets update
+This feature requires HCP Boundary or Boundary Enterprise
+
Command: `boundary storage-buckets update`
The `boundary storage-buckets update` command lets you update Boundary storage buckets by ID.
diff --git a/website/content/docs/concepts/credential-management.mdx b/website/content/docs/concepts/credential-management.mdx
index 4c650bfd0a..71dcce2ab0 100644
--- a/website/content/docs/concepts/credential-management.mdx
+++ b/website/content/docs/concepts/credential-management.mdx
@@ -65,7 +65,9 @@ Learn more about [credential brokering](/boundary/tutorials/hcp-getting-started/
Learn more about the [Vault dynamic secrets engine](/vault/docs/secrets).
-## Credential injection HCP/ENT
+## Credential injection
+
+This feature requires HCP Boundary or Boundary Enterprise
Credential injection is the process by which a credential is fetched from a credential store and then passed on to a worker for authentication to a remote machine.
With credential injection, the user never sees the credential required to authenticate to the target.
diff --git a/website/content/docs/concepts/domain-model/credential-libraries.mdx b/website/content/docs/concepts/domain-model/credential-libraries.mdx
index 979f962ecb..fc6807ef17 100644
--- a/website/content/docs/concepts/domain-model/credential-libraries.mdx
+++ b/website/content/docs/concepts/domain-model/credential-libraries.mdx
@@ -34,7 +34,9 @@ The default value is `GET`.
- `vault-http-request-body` - (optional) The body of the HTTP request the library sends to Vault when it requests credentials.
Only valid if `http_method` is set to `POST`.
-### Vault SSH certificate credential library attributes HCP/ENT
+### Vault SSH certificate credential library attributes
+
+This feature requires HCP Boundary or Boundary Enterprise
As of Boundary 0.12.0, you can configure SSH credential injection using [Vault's SSH secrets engine](/vault/docs/secrets/ssh) to create the SSH certificate credentials.
SSH certificate-based authentication extends key-based authentication using digital signatures.
diff --git a/website/content/docs/concepts/domain-model/session-recordings.mdx b/website/content/docs/concepts/domain-model/session-recordings.mdx
index 053e60e3e8..6a09ca45e5 100644
--- a/website/content/docs/concepts/domain-model/session-recordings.mdx
+++ b/website/content/docs/concepts/domain-model/session-recordings.mdx
@@ -5,8 +5,9 @@ description: |-
The anatomy of a Boundary session recording
---
-# Session recordings HCP/ENT
+# Session recordings
+This feature requires HCP Boundary or Boundary Enterprise
A session recording represents a directory structure of
files in an external object store that together are the
diff --git a/website/content/docs/concepts/domain-model/storage-buckets.mdx b/website/content/docs/concepts/domain-model/storage-buckets.mdx
index 5702c302bd..b759328321 100644
--- a/website/content/docs/concepts/domain-model/storage-buckets.mdx
+++ b/website/content/docs/concepts/domain-model/storage-buckets.mdx
@@ -5,8 +5,9 @@ description: |-
The anatomy of a Boundary storage bucket
---
-# Storage buckets HCP/ENT
+# Storage buckets
+This feature requires HCP Boundary or Boundary Enterprise
A resource known as a storage bucket is used to store the [session recordings][].
The storage bucket represents a bucket in an external object store.
diff --git a/website/content/docs/concepts/domain-model/targets.mdx b/website/content/docs/concepts/domain-model/targets.mdx
index 1f1b32dc26..797e321857 100644
--- a/website/content/docs/concepts/domain-model/targets.mdx
+++ b/website/content/docs/concepts/domain-model/targets.mdx
@@ -92,7 +92,9 @@ TCP targets have the following additional attribute:
- `default_port` - (required)
The default port to set on this target.
-### SSH target attributes HCP/ENT
+### SSH target attributes
+
+This feature requires HCP Boundary or Boundary Enterprise
SSH targets use injected application credentials to authenticate an SSH session between the client and end host.
Injected credentials allow users to securely connect to remost hosts using SSH, while never being in the possession of a valid credential for that target host.
diff --git a/website/content/docs/concepts/filtering/worker-tags.mdx b/website/content/docs/concepts/filtering/worker-tags.mdx
index d9101b645c..95fe0ebcaa 100644
--- a/website/content/docs/concepts/filtering/worker-tags.mdx
+++ b/website/content/docs/concepts/filtering/worker-tags.mdx
@@ -148,7 +148,10 @@ The `ingress_worker_filter`HCP/ENT attribute controls which workers a
This is the worker a client connects to when initiating a connection to a target.
-## Vault workers HCP/ENT
+## Vault workers
+
+This feature requires HCP Boundary or Boundary Enterprise
+
Tags are used to control which [PKI workers] can manage Vault requests by specifying
a `worker_filter`attribute when configuring [credential stores].
diff --git a/website/content/docs/concepts/security/data-encryption.mdx b/website/content/docs/concepts/security/data-encryption.mdx
index 26a7b5c3fd..3ec6f246d3 100644
--- a/website/content/docs/concepts/security/data-encryption.mdx
+++ b/website/content/docs/concepts/security/data-encryption.mdx
@@ -105,7 +105,10 @@ $ boundary scopes list-key-version-destruction-jobs -scope-id p_A4jfDjZ9jf
Once the job disappears from this list, the associated key version will have
been destroyed and any existing data will have been re-encrypted.
-## The `bsr` KMS key HCP/ENT
+## The `bsr` KMS key
+
+This feature requires HCP Boundary or Boundary Enterprise
+
The `bsr` KMS key is required for [session recording](/boundary/docs/configuration/session-recording).
If you do not add a `bsr` key to your controller configuration, you will receive an error when you attempt to enable session recording.
The key is used for encrypting data and checking the integrity of recordings.
diff --git a/website/content/docs/concepts/workers.mdx b/website/content/docs/concepts/workers.mdx
index e9f58f1f24..2183e9c0c7 100644
--- a/website/content/docs/concepts/workers.mdx
+++ b/website/content/docs/concepts/workers.mdx
@@ -52,7 +52,10 @@ with tag “A,” to connect to targets in “Network A.”
-## Multi-hop sessions HCP/ENT
+## Multi-hop sessions
+
+This feature requires HCP Boundary or Boundary Enterprise
+
Most organizations want to provide access to infrastructure without exposing private networks. Many organizations also have complex network topologies requiring
inbound traffic to route through multiple network enclaves in order to reach the target system.
[Multi-hop](/boundary/docs/configuration/worker#multi-hop-worker-capabilities-hcp-ent) sessions allow you to chain together two or more workers
diff --git a/website/content/docs/configuration/session-recording/create-storage-bucket.mdx b/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
index fec80119a1..0f2ca125d4 100644
--- a/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
+++ b/website/content/docs/configuration/session-recording/create-storage-bucket.mdx
@@ -5,7 +5,9 @@ description: |-
How to create a storage bucket for session recording in Boundary
---
-# Create a storage bucket HCP/ENT
+# Create a storage bucket
+
+This feature requires HCP Boundary or Boundary Enterprise
As of Boundary 0.13.0, you can record and audit user sessions.
A Boundary resource known as a [storage bucket](/boundary/docs/concepts/domain-model/storage-buckets) is used to store the recorded sessions.
diff --git a/website/content/docs/configuration/session-recording/enable-session-recording.mdx b/website/content/docs/configuration/session-recording/enable-session-recording.mdx
index 5a2cfecb9c..b1ec2f4080 100644
--- a/website/content/docs/configuration/session-recording/enable-session-recording.mdx
+++ b/website/content/docs/configuration/session-recording/enable-session-recording.mdx
@@ -5,7 +5,9 @@ description: |-
How to enable session recording on a target in Boundary
---
-# Enable session recording on a target HCP/ENT
+# Enable session recording on a target
+
+This feature requires HCP Boundary or Boundary Enterprise
You must enable session recording for any targets that you want to record sessions on.
When you [create a storage bucket](/boundary/docs/configuration/session-recording/create-storage-bucket), Boundary provides you with an ID.
diff --git a/website/content/docs/configuration/session-recording/index.mdx b/website/content/docs/configuration/session-recording/index.mdx
index 3fa17a463f..edb0ce883d 100644
--- a/website/content/docs/configuration/session-recording/index.mdx
+++ b/website/content/docs/configuration/session-recording/index.mdx
@@ -5,7 +5,9 @@ description: |-
An overview of session recording in Boundary
---
-# Overview HCP/ENT
+# Overview
+
+This feature requires HCP Boundary or Boundary Enterprise
Boundary provides auditing capabilities via session recording.
In Boundary, a session represents a set of connections between a user and a host from a target.
diff --git a/website/content/docs/configuration/worker/index.mdx b/website/content/docs/configuration/worker/index.mdx
index ec3470b486..12f3b73904 100644
--- a/website/content/docs/configuration/worker/index.mdx
+++ b/website/content/docs/configuration/worker/index.mdx
@@ -104,7 +104,9 @@ Any other updated values are ignored.
The `SIGTERM` and `SIGINT` signals initiate a graceful shutdown on a worker. The worker waits for any sessions to drain
before shutting down. Workers in a graceful shutdown state do not receive any new work, including session proxying, from the control plane.
-## Multi-hop worker capabilities HCP/ENT
+## Multi-hop worker capabilities
+
+This feature requires HCP Boundary or Boundary Enterprise
Multi-hop capabilities, including multi-hop sessions and Vault private access,
is when a session or Vault credential request goes through more than one worker.
diff --git a/website/content/docs/configuration/worker/pki-worker.mdx b/website/content/docs/configuration/worker/pki-worker.mdx
index 933e1cbe47..6d60a2a687 100644
--- a/website/content/docs/configuration/worker/pki-worker.mdx
+++ b/website/content/docs/configuration/worker/pki-worker.mdx
@@ -77,7 +77,9 @@ kms "aead" {
}
```
-## Session recording (HCP/ENT)
+## Session recording
+
+This feature requires HCP Boundary or Boundary Enterprise
[Session recording](/boundary/docs/configuration/session-recording) requires at least one PKI worker with access to local and remote storage.
PKI workers used for session recording require an accessible directory defined by `recording_storage_path` for
diff --git a/website/content/docs/operations/session-recordings/index.mdx b/website/content/docs/operations/session-recordings/index.mdx
index c6894669b8..62e343d873 100644
--- a/website/content/docs/operations/session-recordings/index.mdx
+++ b/website/content/docs/operations/session-recordings/index.mdx
@@ -5,9 +5,9 @@ description: |-
How to work with Boundary's recorded sessions
---
-# Recorded sessions operations HCP/ENT
+# Recorded sessions operations
-
+This feature requires HCP Boundary or Boundary Enterprise
Boundary provides [auditing](/boundary/docs/concepts/auditing) capabilities via [session recording](/boundary/docs/configuration/session-recording).
In Boundary, a session represents a set of connections between a user and a host from a target.
diff --git a/website/content/docs/operations/session-recordings/manage-recorded-sessions.mdx b/website/content/docs/operations/session-recordings/manage-recorded-sessions.mdx
index e0b43e19d9..c51c79d824 100644
--- a/website/content/docs/operations/session-recordings/manage-recorded-sessions.mdx
+++ b/website/content/docs/operations/session-recordings/manage-recorded-sessions.mdx
@@ -5,7 +5,9 @@ description: |-
How to find, download, and view Boundary's recorded sessions
---
-# Find and view recorded sessions HCP/ENT
+# Find and view recorded sessions
+
+This feature requires HCP Boundary or Boundary Enterprise
You can view a list of all recorded sessions, or if you know the ID of a specific recorded session, you can find any channels associated with that recording.
diff --git a/website/content/docs/operations/session-recordings/validate-data-store.mdx b/website/content/docs/operations/session-recordings/validate-data-store.mdx
index cee625d8a6..142a257d63 100644
--- a/website/content/docs/operations/session-recordings/validate-data-store.mdx
+++ b/website/content/docs/operations/session-recordings/validate-data-store.mdx
@@ -4,7 +4,9 @@ page_title: Validate the data integrity in the external object store
description: |-
How Boundary validates the data integrity of recorded sessions in the external object store
---
-# How Boundary validates data integrity in the external object store HCP/ENT
+# How Boundary validates data integrity in the external object store
+
+This feature requires HCP Boundary or Boundary Enterprise
When a Boundary worker uploads a BSR file to AWS S3 through the Boundary AWS plugin, the plugin calculates the SHA256 checksum of the contents of the BSR file and attaches this information to the object that is uploaded to S3.
The SHA256 checksum value attached to the S3 object is returned to the Boundary worker.
diff --git a/website/content/docs/operations/session-recordings/validate-session-recordings.mdx b/website/content/docs/operations/session-recordings/validate-session-recordings.mdx
index ac226082cd..de6cf958ba 100644
--- a/website/content/docs/operations/session-recordings/validate-session-recordings.mdx
+++ b/website/content/docs/operations/session-recordings/validate-session-recordings.mdx
@@ -5,7 +5,9 @@ description: |-
How to validate the integrity of Boundary's recorded sessions
---
-# Validate the integrity of session recordings HCP/ENT
+# Validate the integrity of session Recordings
+
+This feature requires HCP Boundary or Boundary Enterprise
BSR directories are validated based on the contents in the directory.
Boundary cryptographically verifies each individual Boundary Session Recording (BSR) file.