link renames

ydb/docs/en/core/changelog-server.md

@@ -8,7 +8,7 @@ Release date: July 31, 2024.
 
 * The [Knn UDF](./yql/reference/udf/list/knn.md) function for precise nearest vector search has been implemented.
 * The gRPC Query service has been developed, enabling the execution of all types of queries (DML, DDL) and retrieval of unlimited amounts of data.
-* [Integration with the LDAP protocol](./concepts/auth.md) has been implemented, allowing the retrieval of a list of groups from external LDAP directories.
+* [Integration with the LDAP protocol](./security/authentication.md) has been implemented, allowing the retrieval of a list of groups from external LDAP directories.
 
 ### Embedded UI
 

ydb/docs/en/core/concepts/federated_query/ydb.md

@@ -4,7 +4,7 @@
 
 To connect to an external {{ ydb-short-name }} database from another {{ ydb-short-name }} database acting as the federated query engine, the following steps need to be performed on the latter:
 
-1. Prepare authentication data to access the remote {{ ydb-short-name }} database. Currently, in federated queries to {{ ydb-short-name }}, the only available authentication method  is [login and password](../../concepts/auth.md#static-credentials) (other methods are not supported). The password to the external database is stored as a [secret](../datamodel/secrets.md):
+1. Prepare authentication data to access the remote {{ ydb-short-name }} database. Currently, in federated queries to {{ ydb-short-name }}, the only available authentication method  is [login and password](../../security/authentication.md#static-credentials) (other methods are not supported). The password to the external database is stored as a [secret](../datamodel/secrets.md):
 
     ```yql
     CREATE OBJECT ydb_datasource_user_password (TYPE SECRET) WITH (value = "<password>");
@@ -92,4 +92,4 @@ When working with tables located in the external {{ ydb-short-name }} database,
 |`Datetime`|`Datetime`|
 |`Timestamp`|`Timestamp`|
 |`Json`|`Json`|
-|`JsonDocument`|`Json`|
+|`JsonDocument`|`Json`|

ydb/docs/en/core/dev/example-app/go/_includes/run_custom.md

@@ -1,6 +1,6 @@
 To run the example against any available {{ ydb-short-name }} database, the [endpoint](../../../../concepts/connect.md#endpoint) and the [database path](../../../../concepts/connect.md#database) need to be provide.
 
-If authentication is enabled for the database, the [authentication mode](../../../../concepts/auth.md) needs to be chosen and credentials (a token or a username/password pair) need to be provided.
+If authentication is enabled for the database, the [authentication mode](../../../../security/authentication.md) needs to be chosen and credentials (a token or a username/password pair) need to be provided.
 
 Run the command as follows:
 

ydb/docs/en/core/dev/example-app/java/_includes/run_custom.md

@@ -1,6 +1,6 @@
 To run the example against any available {{ ydb-short-name }} database, the [endpoint](../../../../concepts/connect.md#endpoint) and the [database path](../../../../concepts/connect.md#database) need to be provide.
 
-If authentication is enabled for the database, the [authentication mode](../../../../concepts/auth.md) needs to be chosen and credentials (a token or a username/password pair) need to be provided.
+If authentication is enabled for the database, the [authentication mode](../../../../security/authentication.md) needs to be chosen and credentials (a token or a username/password pair) need to be provided.
 
 Run the command as follows:
 

ydb/docs/en/core/dev/example-app/java/index.md

@@ -29,7 +29,7 @@ Next, from the same working directory, run the following command to start the te
 Main driver initialization parameters
 
 * A connection string containing details about an [endpoint](../../../concepts/connect.md#endpoint) and [database](../../../concepts/connect.md#database). This is the only parameter that is required.
-* [Authentication](../../../recipes/ydb-sdk/auth.md#auth-provider) provider. Unless explicitly specified, an [anonymous connection](../../../concepts/auth.md) is used.
+* [Authentication](../../../recipes/ydb-sdk/auth.md#auth-provider) provider. Unless explicitly specified, an [anonymous connection](../../../security/authentication.md) is used.
 * [Session pool](../../../recipes/ydb-sdk/session-pool-limit.md) settings
 
 App code snippet for driver initialization:

ydb/docs/en/core/dev/example-app/python/_includes/run_custom.md

@@ -1,6 +1,6 @@
 To run the example against any available {{ ydb-short-name }} database, the [endpoint](../../../../concepts/connect.md#endpoint) and the [database path](../../../../concepts/connect.md#database) need to be provide.
 
-If authentication is enabled for the database, the [authentication mode](../../../../concepts/auth.md) needs to be chosen and credentials (a token or a username/password pair) need to be provided.
+If authentication is enabled for the database, the [authentication mode](../../../../security/authentication.md) needs to be chosen and credentials (a token or a username/password pair) need to be provided.
 
 Run the command as follows:
 

ydb/docs/en/core/dev/terraform.md

@@ -62,9 +62,9 @@ The provider will be installed in the Terraform plugins folder - `~/.terraform.d
 
 Where:
 
-* `token` - specifies the access token to the database if authentication is used, for example, using a third-party [IAM](../concepts/auth.md#iam) provider.
-* `user` - the username for accessing the database in case of using authentication by [username and password](../concepts/auth.md#static-credentials)
-* `password` - the password for accessing the database in case of using authentication by [username and password](../concepts/auth.md#static-credentials)
+* `token` - specifies the access token to the database if authentication is used, for example, using a third-party [IAM](../security/authentication.md#iam) provider.
+* `user` - the username for accessing the database in case of using authentication by [username and password](../security/authentication.md#static-credentials)
+* `password` - the password for accessing the database in case of using authentication by [username and password](../security/authentication.md#static-credentials)
 
 ## Using the Terraform provider {{ ydb-short-name }} {#work-with-tf}
 

ydb/docs/en/core/integrations/ingestion/logstash.md

@@ -34,7 +34,7 @@ The command will return a list of all installed plugins, which contain the plugi
 
 ## Configure {{ ydb-short-name }} connection
 
-All plugins use the same set of parameters to configure the connection to {{ ydb-short-name }}. This set contains only one required parameter, `connection_string`. Other parameters are optional and allow configuring [an authentication mode](../../concepts/auth.md). An anonymous mode will be used if the configuration doesn't contain any of these parameters.
+All plugins use the same set of parameters to configure the connection to {{ ydb-short-name }}. This set contains only one required parameter, `connection_string`. Other parameters are optional and allow configuring [an authentication mode](../../security/authentication.md). An anonymous mode will be used if the configuration doesn't contain any of these parameters.
 
 ```ruby
 # This example demonstrates configuration for ydb_storage plugin.

ydb/docs/en/core/integrations/migration/liquibase.md

@@ -555,4 +555,4 @@ List of different authentication options through URL parameters:
 
 Also, if your cluster is configured using username and password, authentication is done through Liquibase parameters.
 
-For more info about different authentication settings, refer to the [section](../../concepts/auth.md).
+For more info about different authentication settings, refer to the [section](../../security/authentication.md).

ydb/docs/en/core/reference/configuration/index.md

@@ -209,7 +209,7 @@ Odd numbers must be used for `nto_select` because using even numbers does not im
 
 ## Authentication configuration {#auth}
 
-The [authentication mode](../../concepts/auth.md) in the {{ ydb-short-name }} cluster is created in the `domains_config.security_config` section.
+The [authentication mode](../../security/authentication.md) in the {{ ydb-short-name }} cluster is created in the `domains_config.security_config` section.
 
 ### Syntax
 
@@ -607,7 +607,7 @@ For a configuration located in 3 availability zones, specify 3 rings. For a conf
 
 ### Configuring LDAP authentication {#ldap-auth-config}
 
-One of the user authentication methods in {{ ydb-short-name }} is with an LDAP directory. More details about this type of authentication can be found in the section on [interacting with the LDAP directory](../../concepts/auth.md#ldap-auth-provider). To configure LDAP authentication, the `ldap_authentication` section must be defined.
+One of the user authentication methods in {{ ydb-short-name }} is with an LDAP directory. More details about this type of authentication can be found in the section on [interacting with the LDAP directory](../../security/authentication.md#ldap-auth-provider). To configure LDAP authentication, the `ldap_authentication` section must be defined.
 
 Example of the `ldap_authentication` section:
 
@@ -647,11 +647,11 @@ auth_config:
 | `bind_password` | The password for the service account used to search for the user entry. |
 | `search_filter` | A filter for searching the user entry in the LDAP directory. The filter string can include the sequence *$username*, which is replaced with the username requested for authentication in the database. |
 | `use_tls` | Configuration settings for the TLS connection between {{ ydb-short-name }} and the LDAP server. |
-| `enable` | Determines if a TLS connection [using the `StartTls` request](../../concepts/auth.md#starttls) will be attempted. When set to `true`, the `ldaps` connection scheme should be disabled by setting `ldap_authentication.scheme` to `ldap`. |
+| `enable` | Determines if a TLS connection [using the `StartTls` request](../../security/authentication.md#starttls) will be attempted. When set to `true`, the `ldaps` connection scheme should be disabled by setting `ldap_authentication.scheme` to `ldap`. |
 | `ca_cert_file` | The path to the certification authority's certificate file. |
 | `cert_require` | Specifies the certificate requirement level for the LDAP server.<br>Possible values:<ul><li>`NEVER` - {{ ydb-short-name }} does not request a certificate or accepts any presented certificate.</li><li>`ALLOW` - {{ ydb-short-name }} requests a certificate from the LDAP server but will establish the TLS session even if the certificate is not trusted.</li><li>`TRY` - {{ ydb-short-name }} requires a certificate from the LDAP server and terminates the connection if it is not trusted.</li><li>`DEMAND`/`HARD` - These are equivalent to `TRY` and are the default setting, with the value set to `DEMAND`.</li></ul> |
 | `ldap_authentication_domain` | An identifier appended to the username to distinguish LDAP directory users from those authenticated using other providers. The default value is `ldap`. |
-| `scheme` | The connection scheme to the LDAP server.<br>Possible values:<ul><li>`ldap` - Connects without encryption, sending passwords in plain text. This is the default value.</li><li>`ldaps` - Connects using TLS encryption from the first request. To use `ldaps`, disable the [`StartTls` request](../../concepts/auth.md#starttls) by setting `ldap_authentication.use_tls.enable` to `false`, and provide certificate details in `ldap_authentication.use_tls.ca_cert_file` and set the certificate requirement level in `ldap_authentication.use_tls.cert_require`.</li><li>Any other value defaults to `ldap`.</li></ul> |
+| `scheme` | The connection scheme to the LDAP server.<br>Possible values:<ul><li>`ldap` - Connects without encryption, sending passwords in plain text. This is the default value.</li><li>`ldaps` - Connects using TLS encryption from the first request. To use `ldaps`, disable the [`StartTls` request](../../security/authentication.md#starttls) by setting `ldap_authentication.use_tls.enable` to `false`, and provide certificate details in `ldap_authentication.use_tls.ca_cert_file` and set the certificate requirement level in `ldap_authentication.use_tls.cert_require`.</li><li>Any other value defaults to `ldap`.</li></ul> |
 | `requested_group_attribute` | The attribute used for reverse group membership. The default is `memberOf`. |
 | `extended_settings.enable_nested_groups_search` | A flag indicating whether to perform a request to retrieve the full hierarchy of groups to which the user's direct groups belong. |
 | `host` | The hostname of the LDAP server. This parameter is deprecated and should be replaced with the `hosts` parameter. |

ydb/docs/en/core/reference/configuration/tls.md

@@ -77,7 +77,7 @@ monitoring_config:
 
 ### LDAP
 
-{{ ydb-short-name }} supports [LDAP](../../concepts/auth.md#ldap) for user authentication. The LDAP protocol has two options for enabling TLS.
+{{ ydb-short-name }} supports [LDAP](../../security/authentication.md#ldap) for user authentication. The LDAP protocol has two options for enabling TLS.
 
 Example of enabling TLS for LDAP via the `StartTls` protocol extension:
 
@@ -123,4 +123,4 @@ tracing_config:
 
 ## Asynchronous replication
 
-[Asynchronous replication](../../concepts/async-replication.md) synchronizes data between two {{ ydb-short-name }} databases, where one serves as a client to the other. Whether this communication uses TLS-encrypted connections is controlled by the `CONNECTION_STRING` setting of [CREATE ASYNC REPLICATION](../../yql/reference/syntax/create-async-replication.md) queries. Use the `grpcs://` protocol for TLS connections. No changes to the server-side configuration are required.
+[Asynchronous replication](../../concepts/async-replication.md) synchronizes data between two {{ ydb-short-name }} databases, where one serves as a client to the other. Whether this communication uses TLS-encrypted connections is controlled by the `CONNECTION_STRING` setting of [CREATE ASYNC REPLICATION](../../yql/reference/syntax/create-async-replication.md) queries. Use the `grpcs://` protocol for TLS connections. No changes to the server-side configuration are required.

ydb/docs/en/core/reference/ydb-cli/_includes/connect.md

@@ -4,7 +4,7 @@
 
 Most of the {{ ydb-short-name }} CLI commands relate to operations on a {{ ydb-short-name }} database and require establishing a connection to it to be executed.
 
-The {{ ydb-short-name }} CLI uses the following sources to determine the database to connect to and the [authentication mode](../../../concepts/auth.md) to use with it (listed in descending priority):
+The {{ ydb-short-name }} CLI uses the following sources to determine the database to connect to and the [authentication mode](../../../security/authentication.md) to use with it (listed in descending priority):
 
 1. The command line.
 2. The profile set in the `--profile` command-line option.

ydb/docs/en/core/reference/ydb-cli/commands/config-info.md

@@ -16,15 +16,15 @@ General format of the command:
 * [database](../../../concepts/connect.md#database) — Database path.
 * Authentication parameters:
 
-  * [token](../../../concepts/auth.md#iam) — Access Token.
-  * [yc-token](../../../concepts/auth.md#iam) — Refresh Token.
-  * [sa-key-file](../../../concepts/auth.md#iam) — Service Account Key.
-  * [use-metadata-credentials](../../../concepts/auth.md#iam) — Metadata.
-  * [user](../../../concepts/auth.md#static-credentials)
-  * [password](../../../concepts/auth.md#static-credentials)
+  * [token](../../../security/authentication.md#iam) — Access Token.
+  * [yc-token](../../../security/authentication.md#iam) — Refresh Token.
+  * [sa-key-file](../../../security/authentication.md#iam) — Service Account Key.
+  * [use-metadata-credentials](../../../security/authentication.md#iam) — Metadata.
+  * [user](../../../security/authentication.md#static-credentials)
+  * [password](../../../security/authentication.md#static-credentials)
 
 * [ca-file](../../../concepts/connect.md#tls-cert) — Root certificate.
-* [iam-endpoint](../../../concepts/auth.md#iam) — URL of IAM service.
+* [iam-endpoint](../../../security/authentication.md#iam) — URL of IAM service.
 
 ## Examples {#examples}
 

ydb/docs/en/core/reference/ydb-cli/profile/_includes/create.md

@@ -216,7 +216,7 @@ Creating a new `mydb1` profile:
    Please enter your numeric choice:
    ```
 
-   All the available authentication methods are described in [{#T}](../../../../concepts/auth.md). The set of methods and text of the hints may differ from those given in this example.
+   All the available authentication methods are described in [{#T}](../../../../security/authentication.md). The set of methods and text of the hints may differ from those given in this example.
 
    If the method you choose involves specifying an additional parameter, you'll be prompted to enter it. For example, if you select `4` (Use service account key file):
 

ydb/docs/en/core/reference/ydb-dstool/global-options.md

@@ -12,7 +12,7 @@ All the {{ ydb-short-name }} DSTool utility subcommands share the same global op
 | `--grpc-port` | gRPC port used to invoke procedures. |
 | `--mon-port` | Port to view HTTP monitoring data in JSON format. |
 | `--mon-protocol` | If you fail to specify the cluster connection protocol explicitly in the endpoint, the protocol is taken from here. |
-| `--token-file` | Path to the file with [Access Token](../../concepts/auth.md#iam). |
+| `--token-file` | Path to the file with [Access Token](../../security/authentication.md#iam). |
 | `--ca-file` | Path to a root certificate PEM file used for TLS connections. |
 | `--http` | Use HTTP instead of gRPC to connect to the Blob Storage. |
 | `--http-timeout` | Timeout for I/O operations on the socket when running HTTP(S) queries. |

ydb/docs/en/core/reference/ydb-sdk/_includes/auth.md

@@ -1,10 +1,10 @@
 # Authentication in the SDK
 
-As we discussed in the [{{ ydb-short-name }} server connection](../../../concepts/connect.md) article, the client must add an [authentication token](../../../concepts/auth.md) to each request. The authentication token is checked by the server. If the authentication is successful, the request is authorized and executed. Otherwise, the `Unauthenticated` error returns.
+As we discussed in the [{{ ydb-short-name }} server connection](../../../concepts/connect.md) article, the client must add an [authentication token](../../../security/authentication.md) to each request. The authentication token is checked by the server. If the authentication is successful, the request is authorized and executed. Otherwise, the `Unauthenticated` error returns.
 
 The {{ ydb-short-name }} SDK uses an object that is responsible for generating these tokens. SDK provides built-in methods for getting such an object:
 
-1. The methods that pass parameters explicitly, with each method implementing a certain [authentication mode](../../../concepts/auth.md).
+1. The methods that pass parameters explicitly, with each method implementing a certain [authentication mode](../../../security/authentication.md).
 2. The method that determines the authentication mode and relevant parameters based on environmental variables.
 
 Usually, you create a token generation object before you initialize the {{ ydb-short-name }} driver, and you pass the object to the driver constructor as a parameter. The C++ and Go SDKs additionally let you work with multiple databases and token generation objects through a single driver.

ydb/docs/en/core/reference/ydb-sdk/topic.md

@@ -49,7 +49,7 @@ Before performing the examples, [create a topic](../ydb-cli/topic-create.md) and
   TDriver driver(driverConfig);
   ```
 
-  This example uses authentication token from the `YDB_TOKEN` environment variable. For details see [Connecting to a database](../../concepts/connect.md) and [Authentication](../../concepts/auth.md) pages.
+  This example uses authentication token from the `YDB_TOKEN` environment variable. For details see [Connecting to a database](../../concepts/connect.md) and [Authentication](../../security/authentication.md) pages.
 
   App code snippet for creating a client:
 
@@ -75,7 +75,7 @@ Before performing the examples, [create a topic](../ydb-cli/topic-create.md) and
 
   In this example `CloudAuthHelper.getAuthProviderFromEnviron()` helper method is used which retrieves auth token from environment variables.
   For example, `YDB_ACCESS_TOKEN_CREDENTIALS`.
-  For details see [Connecting to a database](../../concepts/connect.md) and [Authentication](../../concepts/auth.md) pages.
+  For details see [Connecting to a database](../../concepts/connect.md) and [Authentication](../../security/authentication.md) pages.
 
   Topic client ([source code](https://github.com/ydb-platform/ydb-java-sdk/blob/master/topic/src/main/java/tech/ydb/topic/TopicClient.java#L34)) uses {{ ydb-short-name }} transport and handles all topics topic operations, manages read and write sessions.