DOCS: keyword tag updates (#2922)

* replace "zero-trust" with "zero trust"

* fix and update all keyword tags

docs/docs/architecture.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: pomerium architecture
+    content: pomerium, architecture
 ---
 
 # Architecture

docs/docs/background.md

@@ -3,7 +3,7 @@ title: Background
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy beyondcorp zero-trust reverse-proxy ztn zta
+    content: pomerium, identity access proxy, beyondcorp, zero trust, reverse proxy, ztn, zta
 ---
 
 # Background
@@ -41,9 +41,9 @@ In summary, perimeter based security suffers from the following shortcomings:
 - Even just defining what the network perimeter is is an increasingly difficult proposition in a remote-work, BYOD, multi-cloud world. Most organizations are a heterogeneous mix of clouds, servers, devices, and organizational units.
 - VPNs are often misused and exacerbate the issue by opening yet another door into your network organization.
 
-### Zero-trust
+### Zero Trust
 
-[Zero-trust](https://ldapwiki.com/wiki/Zero%20Trust) instead attempts to mitigate these shortcomings by adopting the following principles:
+[Zero trust](https://ldapwiki.com/wiki/Zero%20Trust) instead attempts to mitigate these shortcomings by adopting the following principles:
 
 - Trust flows from identity, device-state, and context; not network location.
 - Treat both internal and external networks as untrusted.
@@ -51,11 +51,11 @@ In summary, perimeter based security suffers from the following shortcomings:
 - Every device, user, and application's communication should be authenticated, authorized, and encrypted.
 - Access policy should be dynamic, and built from multiple sources.
 
-To be clear, _perimeter security is not defunct_, nor is zero-trust security a panacea or a single product. Many of the ideas and principles of perimeter security are still relevant and are part of a holistic, and wide-ranging security policy. After all, we still want our castles to have high walls.
+To be clear, _perimeter security is not defunct_, nor is zero trust security a panacea or a single product. Many of the ideas and principles of perimeter security are still relevant and are part of a holistic, and wide-ranging security policy. After all, we still want our castles to have high walls.
 
 ## Further reading
 
-The zero-trust security model was first articulated by [John Kindervag](http://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf) in 2010, and by Google in 2011 as a result of the [Operation Aurora](https://en.wikipedia.org/wiki/Operation_Aurora) breach. What follows is a curated list of resources that covers the topic in more depth.
+The zero trust security model was first articulated by [John Kindervag](http://www.virtualstarmedia.com/downloads/Forrester_zero_trust_DNA.pdf) in 2010, and by Google in 2011 as a result of the [Operation Aurora](https://en.wikipedia.org/wiki/Operation_Aurora) breach. What follows is a curated list of resources that covers the topic in more depth.
 
 ### Government Recommendations
 

docs/docs/community/code-of-conduct.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: pomerium community contributing code-of-conduct
+    content: pomerium, community, contributing, code of conduct
 ---
 
 # Contributor Covenant Code of Conduct

docs/docs/community/contributing.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: pomerium community contributing pr code
+    content: pomerium, community, contributing, pr, code
 description: >-
   This document describes how you can find issues to work on, fix/add
   documentation, and how setup Pomerium for local development.

docs/docs/community/readme.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: pomerium community help bugs updates features
+    content: pomerium, community, help, bugs, updates, features
 
 description: >-
   This document describes how you users can stay up to date with pomerium,

docs/docs/community/security.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: pomerium security disclosure vulnerabilities
+    content: pomerium, security, disclosure, vulnerabilities
 ---
 
 # Security Policy

docs/docs/identity-providers/auth0.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: auth0
+    content: auth0, pomerium, identity provider, idp
 ---
 
 # Auth0

docs/docs/identity-providers/azure.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: azure active-directory active directory ad microsoft
+    content: azure, active directory, ad, microsoft, identity provider, idp
 ---
 
 # Azure Active Directory

docs/docs/identity-providers/cognito.md

@@ -4,7 +4,7 @@ lang: en-US
 # sidebarDepth: 0
 meta:
   - name: keywords
-    content: amazon aws cognito open-id oidc
+    content: amazon, aws, cognito, openid, oidc, identity provider, idp
 ---
 
 # Cognito

docs/docs/identity-providers/github.md

@@ -4,7 +4,7 @@ lang: en-US
 # sidebarDepth: 0
 meta:
   - name: keywords
-    content: github oauth2 provider identity-provider
+    content: github, oauth2, provider, identity provider, idp
 ---
 
 # GitHub

docs/docs/identity-providers/gitlab.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: gitlab oidc openid-connect identity-provider
+    content: gitlab, oidc, openid connect, identity provider, idp
 ---
 
 # GitLab

docs/docs/identity-providers/google.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: google gsuite gmail oidc openid-connect workspaces
+    content: google, gsuite, gmail, oidc, openid connect, workspaces, identity provider, idp
 ---
 
 # Google Workspace (formerly known as G Suite)

docs/docs/identity-providers/okta.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: okta oidc
+    content: okta oidc, identity provider, idp
 ---
 
 # Okta

docs/docs/identity-providers/ping.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 0
 meta:
   - name: keywords
-    content: ping oidc
+    content: ping, oidc, identity provider, idp
 ---
 
 # Ping Identity

docs/docs/install/binary.md

@@ -3,7 +3,7 @@ title: Binaries
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy oidc reverse-proxy
+    content: pomerium, identity access proxy, oidc, reverse proxy, identity aware proxy
 ---
 
 # Binaries

docs/docs/install/from-source.md

@@ -3,7 +3,7 @@ title: From Source
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy oidc reverse-proxy from-source
+    content: pomerium, identity access proxy, oidc, reverse proxy, from source, identity aware proxy
 ---
 
 # From Source

docs/docs/install/readme.md

@@ -4,7 +4,7 @@ lang: en-US
 description: Get Pomerium up and running quickly with Docker.
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy oidc docker reverse-proxy containers
+    content: pomerium, identity access proxy, oidc, docker, reverse proxy, containers, identity aware proxy
 ---
 
 # Pomerium using Docker

docs/docs/k8s/helm.md

@@ -3,7 +3,7 @@ title: Helm
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy oidc kubernetes Helm reverse-proxy
+    content: pomerium, identity access proxy, oidc, kubernetes, helm, reverse proxy, ingress controller
 ---
 
 # Install Pomerium using Helm

docs/docs/k8s/ingress.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 1
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy oidc kubernetes Ingress reverse-proxy
+    content: pomerium, identity access proxy, oidc, kubernetes, ingress, ingress controller, reverse proxy
 ---
 
 # Kubernetes Ingress Controller

docs/docs/readme.md

@@ -5,8 +5,8 @@ sidebarDepth: 0
 meta:
   - name: keywords
     content: >-
-      pomerium overview identity-access-proxy beyondcorp zero-trust
+      pomerium, overview, identity access proxy, beyondcorp, zero trust,
-      reverse-proxy ztn zero-trust-networks
+      reverse proxy, ztn, zero trust networks
 ---
 
 # What is Pomerium

docs/docs/tcp/readme.md

@@ -4,7 +4,7 @@ description: >-
   This article describes how to leverage pomerium for TCP proxying
 meta:
   - name: keywords
-    content: pomerium pomerium-cli proxy identity-access-proxy ssh tcp postgres database redis mysql application non-http
+    content: pomerium, pomerium-cli, proxy, identity access proxy, ssh, tcp, postgres, database, redis, mysql, application, non http, tunnel
 ---
 
 # TCP Support

docs/docs/topics/certificates.md

@@ -4,12 +4,12 @@ sidebarDepth: 1
 lang: en-US
 meta:
   - name: keywords
-    content: x509 certificates tls mtls letsencrypt lets encrypt
+    content: x509, certificates, tls, mtls, letsencrypt, lets encrypt
 ---
 
 # Certificates
 
-[Certificates](https://en.wikipedia.org/wiki/X.509) and [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) play a vital role in [zero-trust][principles] networks, and in Pomerium.
+[Certificates](https://en.wikipedia.org/wiki/X.509) and [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) play a vital role in [zero trust][principles] networks, and in Pomerium.
 
 This document covers a few options in how to generate and set up TLS certificates suitable for working with pomerium.
 
@@ -124,4 +124,4 @@ Certificates, TLS, and Public Key Cryptography is a vast subject we cannot adequ
 [certificate_key]: ../../reference/readme.md#certificates
 [override_certificate_name]: ../../reference/readme.md#override-certificate-name
 [principles]: ../background.md#history
-[zero-trust]: ../background.md#zero-trust
+[zero trust]: ../background.md#zero-trust

docs/docs/topics/device-identity.md

@@ -7,7 +7,7 @@ sidebarDepth: 1
 
 # Device Identity
 
-One of the core components of the zero-trust security model is **device identity**, which is the ability for a device to have a unique, unclonable identity string that can be authenticated and factored into access control decisions. This topic page covers the concept of device identity, and how it applies to the zero-trust model.
+One of the core components of the zero trust security model is **device identity**, which is the ability for a device to have a unique, unclonable identity string that can be authenticated and factored into access control decisions. This topic page covers the concept of device identity, and how it applies to the zero trust model.
 
 ## Why Device Identity Is Important
 
@@ -25,7 +25,7 @@ Device identity is similar but unique to MFA. Where MFA is an additional layer o
 
 ## What Is Device Identity
 
-> When you remove "[the perimeter]" as the source of trust to your infrastructure, you must replace it with a level of trust for every person, **device**, and hop in the communication path. Where the other, more commonly implemented facets of zero-trust validates the user and traffic, device identity (through WebAuthn) validates the end user's device.
+> When you remove "[the perimeter]" as the source of trust to your infrastructure, you must replace it with a level of trust for every person, **device**, and hop in the communication path. Where the other, more commonly implemented facets of zero trust validates the user and traffic, device identity (through WebAuthn) validates the end user's device.
 
 Device ID is a unique identifying key that can only be created by the specific combination of hardware and software present on a specific device. How this is accomplished is largely dependent on the tools available on the user hardware, which we've detailed below.
 

docs/docs/topics/mutual-auth.md

@@ -4,14 +4,14 @@ lang: en-US
 sidebarDepth: 1
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy mutual authentication jwt jwks mtls
+    content: pomerium, identity access proxy, mutual authentication, jwt, jwks, mtls
 description: >-
   This page describes the concept of mutual authentication and why it's important.
 ---
 
-# Mutual Authentication: A Component of Zero-Trust
+# Mutual Authentication: A Component of Zero Trust
 
-Pomerium provides a good layer of security out of the box, but it's not (and can't be) configured for complete [zero trust] right out of the box. This page explains several methods of achieving mutual authentication — a big part of the zero-trust model — with practical examples.
+Pomerium provides a good layer of security out of the box, but it's not (and can't be) configured for complete [zero trust] right out of the box. This page explains several methods of achieving mutual authentication — a big part of the zero trust model — with practical examples.
 
 This is a nuanced topic that dives into several specific security practices that provide mutual authentication. You can use the table of contents below to narrow down to the specific tools you're interested in or read the entire doc for a deeper understanding of how these tools work together to support strong infrastructure security.
 
@@ -122,7 +122,7 @@ C-.-A
 E[/Hacker/] --x B
 ```
 
-In this way, we've applied a zero-trust security model to the application layer of our infrastructure's network model. You can see JWT verification in practice with our [Grafana] integration guide.
+In this way, we've applied a zero trust security model to the application layer of our infrastructure's network model. You can see JWT verification in practice with our [Grafana] integration guide.
 
 ## mTLS: Protocol-based Mutual Authentication
 
@@ -191,7 +191,7 @@ flowchart LR
   B---xD
 ```
 
-In this way, we've applied a zero-trust security model to the protocol layer of our infrastructure's network model.
+In this way, we've applied a zero trust security model to the protocol layer of our infrastructure's network model.
 
 ## Mutual Authentication With a Sidecar
 

docs/docs/troubleshooting.md

@@ -6,7 +6,7 @@ sidebarDepth: 0
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium troubleshooting faq frequently asked questions
+    content: pomerium, troubleshooting, faq, frequently asked questions
 ---
 
 # Troubleshooting

docs/enterprise/api.md

@@ -3,7 +3,7 @@ title: API
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy oidc reverse-proxy enterprise console api python go
+    content: pomerium, identity access proxy, oidc, reverse proxy, enterprise, console, api, python, go
 ---
 
 # Enterprise Console API

docs/enterprise/concepts.md

@@ -140,7 +140,7 @@ Pomerium provides authentication via your existing identity provider (Pomerium s
 
 Authorization policy can be expressed in a high-level, [declarative language](/enterprise/reference/manage.md#pomerium-policy-language) or [as code](/enterprise/reference/manage.md#rego) that can be used to enforce ABAC, RBAC, or any other governance policy controls. Pomerium can make holistic policy and authorization decisions using external data and request context factors such as user groups, roles, time, day, location and vulnerability status.
 
-Pomerium enables zero-trust based access in which trust flows from identity, device-state, and context, not network location. Every device, user, and application's communication should be authenticated, authorized, and encrypted.
+Pomerium enables zero trust based access in which trust flows from identity, device-state, and context, not network location. Every device, user, and application's communication should be authenticated, authorized, and encrypted.
 
 With Pomerium:
 

docs/enterprise/install/readme.md

@@ -3,7 +3,7 @@ title: Install
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy oidc docker reverse-proxy containers install enterprise console
+    content: pomerium, identity access proxy, oidc, docker, reverse proxy, containers, install, enterprise, console
 ---
 
 There are several ways to install Pomerium Enterprise, to suite your organization's needs. We provide open-source Pomerium and Pomerium Enterprise as deb and rpm packages from an upstream repository, and as Docker images, and Helm charts. You can also build Pomerium from source.

docs/enterprise/reference/config.md

@@ -3,7 +3,7 @@ title: Environment Variables
 lang: en-US
 meta:
     - name: keywords
-      content: configuration options settings Pomerium Enterprise
+      content: configuration, options, settings, pomerium, enterprise, reference
 ---
 
 # Pomerium Console Environment Variables

docs/enterprise/reference/configure.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 2
 meta:
     - name: keywords
-      content: configuration options settings Pomerium Enterprise
+      content: configuration, options, settings, pomerium, enterprise, reference
 ---
 
 # Configure

docs/enterprise/reference/manage.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 2
 meta:
     - name: keywords
-      content: configuration options settings Pomerium Enterprise
+      content: configuration, options, settings, pomerium, enterprise, reference
 ---
 
 # Manage
@@ -366,6 +366,8 @@ A policy can only support PPL or Rego. Once one is set, the other tab is disable
 
 Certificates are the x509 _public-key_ and _private-key_ used to establish secure HTTP and gRPC connections. Any combination of the above can be used together, and are additive. You can also use any of these settings in conjunction with `Autocert` to get OCSP stapling.
 
+Certificates loaded into Pomerium from these config values are used to attempt secure connections between end users and services, between Pomerium services, and to upstream endpoints.
+
 For example, if specifying multiple certificates at once:
 
 ```yaml
@@ -378,6 +380,15 @@ certificates:
     key: "$HOME/.acme.sh/prometheus.example.com_ecc/prometheus.example.com.key"
 ```
 
+Or to set a single certificate and key covering multiple domains and/or a wildcard subdomain:
+
+```yaml
+certificate_file: "$HOME/.acme.sh/*.example.com/fullchain.crt"
+certificate_key:  "$HOME/.acme.sh/*.example.com/*.example.com.key"
+```
+
+**Note:** Pomerium will check your system's trust/key store for valid certificates first. If your certificate solution imports into the system store, you don't need to also specify them with these configuration keys.
+
 [route-concept]: /enterprise/concepts.md#routes
 [route-reference]: /enterprise/reference/manage.md#routes
 [namespace-concept]: /enterprise/concepts.md#namespaces

docs/enterprise/reference/reports.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 2
 meta:
     - name: keywords
-      content: configuration options settings Pomerium Enterprise
+      content: configuration, options, settings, pomerium, enterprise, reference
 ---
 
 # Reports

docs/guides/ad-guard.md

@@ -3,10 +3,10 @@ title: AdGuard
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy adguard ad-guard pi-hole piehole
+    content: pomerium, identity access proxy, adguard, ad guard, pi hole, piehole
 description: >-
   This guide covers how to add authentication and authorization to a hosted,
-  fully, online instance of adguard.
+  fully, online instance of Adguard.
 ---
 
 # Securing AdGuard Home

docs/guides/argo.md

@@ -3,7 +3,7 @@ title: Argo
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy argo argo-cd
+    content: pomerium, identity access proxy, argo, cd, continuous deployment
 description: >-
   This guide covers how to add authentication and authorization to an instance
   of argo.

docs/guides/cloud-run.md

@@ -3,7 +3,7 @@ title: Cloud Run
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy gcp google iap serverless cloudrun
+    content: pomerium, identity access proxy, gcp, google, iap, serverless, cloudrun
 description: >-
   This guide covers how to deploy Pomerium to Cloud Run and use it to protect
   other endpoints via Authorization Headers.

docs/guides/code-server.md

@@ -4,8 +4,8 @@ lang: en-US
 meta:
   - name: keywords
     content: >-
-      pomerium identity-access-proxy visual-studio-code visual studio code
+      pomerium, identity access proxy, visual studio code,
-      authentication authorization
+      authentication, authorization
 description: >-
   This guide covers how to add authentication and authorization to a hosted,
   fully, online instance of visual studio code.

docs/guides/enroll-device.md

@@ -4,8 +4,8 @@ lang: en-US
 meta:
   - name: keywords
     content: >-
-      pomerium identity-access-proxy webauthn device id enroll
+      pomerium, identity access proxy, webauthn, device id, enroll, enrollment,
-      authentication authorization
+      authentication, authorization
 description: >-
   This guide covers how to enroll a trusted execution environment device as a Pomerium end-user.
 ---

docs/guides/gitlab.md

@@ -4,8 +4,8 @@ lang: en-US
 meta:
   - name: keywords
     content: >-
-      pomerium identity-access-proxy gitlab gitlab-ee docker
+      pomerium, identity access proxy, gitlab, gitlab-ee, docker,
-      authentication authorization
+      authentication, authorization, self-hosted
 description: >-
   This guide covers how to secure self-hosted GitLab behind Pomerium, providing authentication and authorization through your IdP.
 ---

docs/guides/grafana.md

@@ -4,8 +4,8 @@ lang: en-US
 meta:
   - name: keywords
     content: >-
-      pomerium identity-access-proxy data logging graphing grafana
+      pomerium, identity access proxy, data, logging, graphing, grafana,
-      authentication authorization
+      authentication, authorization
 description: >-
   This guide covers how to use Pomerium to authenticate and authorize users of Grafana.
 ---

docs/guides/jwt-verification.md

@@ -3,7 +3,7 @@ title: JWT Verification
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy envoy jwt
+    content: pomerium, identity access proxy, envoy, jwt,
 description: >-
   This example demonstrates how to verify the Pomerium JWT assertion header using Envoy.
 ---
@@ -11,7 +11,7 @@ description: >-
 # JWT Verification
 This example demonstrates how to verify the [Pomerium JWT assertion header](https://www.pomerium.io/reference/#pass-identity-headers) using [Envoy](https://www.envoyproxy.io/). This is useful for legacy or 3rd party applications which can't be modified to perform verification themselves.
 
-This guide is a practical demonstration of some of the topics discussed in [Mutual Authentication: A Component of Zero-Trust].
+This guide is a practical demonstration of some of the topics discussed in [Mutual Authentication: A Component of Zero Trust].
 
 ## Requirements
 - [Docker](https://www.docker.com/)
@@ -239,6 +239,6 @@ You should now be able to run the example with:
 [httpbin.localhost.pomerium.io]: https://verify.localhost.pomerium.io
 [Local Development with Wildcard DNS on Linux]: https://sixfeetup.com/blog/local-development-with-wildcard-dns-on-linux
 [Local Development with Wildcard DNS]: https://blog.thesparktree.com/local-development-with-wildcard-dns
-[Mutual Authentication: A Component of Zero-Trust]: /docs/topics/mutual-auth.md
+[Mutual Authentication: A Component of Zero Trust]: /docs/topics/mutual-auth.md
 [Mutual Authentication With a Sidecar]: /docs/topics/mutual-auth.md#mutual-authentication-with-a-sidecar
 [verify.localhost.pomerium.io]: https://verify.localhost.pomerium.io

docs/guides/kubernetes-dashboard.md

@@ -3,7 +3,7 @@ title: Kubernetes Dashboard
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy kubernetes helm k8s oauth dashboard
+    content: pomerium, identity access proxy, kubernetes, helm, k8s, oauth, dashboard,
 description: >-
   This guide covers how to add authentication and authorization to kubernetes dashboard using single-sing-on, pomerium, helm, and letsencrypt certificates.
 ---

docs/guides/kubernetes.md

@@ -3,7 +3,7 @@ title: Kubernetes API / Kubectl
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy kubernetes helm k8s oauth
+    content: pomerium, identity access proxy, kubernetes, helm, k8s, oauth
 description: >-
   This guide covers how to add authentication and authorization to kubernetes apiserver using single-sing-on and pomerium.
 ---

docs/guides/local-oidc.md

@@ -3,7 +3,7 @@ title: Local OIDC Provider
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy oidc
+    content: pomerium, identity access proxy, oidc, identity provider, idp
 description: >-
   This guide covers how to use Pomerium with a local OIDC provider using [qlik/simple-oidc-provider].
 ---

docs/guides/mtls.md

@@ -3,7 +3,7 @@ title: Client-Side mTLS
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy mtls client-certificate
+    content: pomerium, identity access proxy, mtls, client certificate, mutual authentication
 description: >-
   This guide covers how to use Pomerium to implement mutual authentication
   (mTLS) for end-users, using client certificates with a custom certificate authority.

docs/guides/nginx.md

@@ -3,7 +3,7 @@ title: Nginx
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy nginx
+    content: pomerium, identity access proxy, nginx
 description: >-
   This guide covers how to use Pomerium to protect services behind an nginx
   proxy.

docs/guides/synology.md

@@ -3,7 +3,7 @@ title: Synology
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy synology docker
+    content: pomerium, identity access proxy, synology, docker, dsm, nas
 ---
 
 # Synology

docs/guides/tcp.md

@@ -3,7 +3,7 @@ title: TCP Services
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy ssh tcp postgres database redis mysql
+    content: pomerium, identity access proxy, ssh, tcp, postgres, database, redis, mysql
 description: >-
   This guide covers how to use Pomerium to protect TCP services such as SSH, Postgres and Redis.
 ---

docs/guides/tiddlywiki.md

@@ -3,7 +3,7 @@ title: TiddlyWiki
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy wiki tiddlywiki
+    content: pomerium, identity access proxy, wiki, tiddlywiki
 description: >-
   This guide covers how to add authentication and authorization to a hosted, fully, online instance of TiddlyWiki.
 ---

docs/guides/traefik-ingress.md

@@ -3,7 +3,7 @@ title: Traefik Ingress
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy traefik kubernetes forwardauth forward-auth external helm k8s ingress
+    content: pomerium, identity access proxy, traefik, kubernetes, forwardauth, forward auth, external, helm, k8s, ingress
 description: >-
   This guide covers how to use Pomerium to secure Traefik when used as a Kubernetes Ingress Controller
 ---

docs/guides/transmission.md

@@ -4,7 +4,7 @@ lang: en-US
 meta:
   - name: keywords
     content: >-
-      pomerium bittorrent torrent pomerium identity-access-proxy transmission-daemon transmission authentication authorization
+      pomerium, bittorrent, torrent, identity access proxy, transmission-daemon, transmission, authentication, authorization
 description: >-
   Learn how to use Pomerium as an authentication and authorization proxy for a Transmission torrent daemon.
 ---

docs/guides/upstream-mtls.md

@@ -3,7 +3,7 @@ title: Upstream mTLS
 lang: en-US
 meta:
   - name: keywords
-    content: pomerium identity-access-proxy mtls client-certificate
+    content: pomerium, identity access proxy, mtls, client certificate, mutual authentication
 description: >-
   This guide covers how to configure Pomerium to provide mutual authentication
   (mTLS) to an upstream service, using client certificates with a custom certificate authority.
@@ -11,7 +11,7 @@ description: >-
 
 # Upstream mTLS With Pomerium
 
-Part of a complete zero-trust security model is secure communication between your identity-aware access proxy (Pomerium) and the upstream service it provides access to. This means both Pomerium *and* the upstream service will authenticate each other.
+Part of a complete zero trust security model is secure communication between your identity-aware access proxy (Pomerium) and the upstream service it provides access to. This means both Pomerium *and* the upstream service will authenticate each other.
 
 Pomerium confirms the identity of an upstream service by the TLS certificate it serves. See [`tls_custom_ca_file`] and [`tls_server_name`] for more information on configuring Pomerium to accept an upstream's TLS certificate.
 

docs/reference/readme.md

@@ -4,7 +4,7 @@ lang: en-US
 sidebarDepth: 2
 meta:
   - name: keywords
-    content: configuration options settings pomerium
+    content: configuration, options, settings, pomerium, reference
 ---
 
 # Configuration Settings

docs/reference/settings.yaml

@@ -5,7 +5,7 @@ preamble: |
   sidebarDepth: 2
   meta:
     - name: keywords
-      content: configuration options settings pomerium
+      content: configuration, options, settings, pomerium, reference
   ---
 
   # Configuration Settings

scripts/generate-console-pages.js

@@ -62,7 +62,7 @@ title: Environment Variables
 lang: en-US
 meta:
     - name: keywords
-      content: configuration options settings Pomerium Enterprise
+      content: configuration, options, settings, pomerium, enterprise, reference
 ---
 
 # Pomerium Console Environment Variables
@@ -102,7 +102,7 @@ lang: en-US
 sidebarDepth: 2
 meta:
     - name: keywords
-      content: configuration options settings Pomerium Enterprise
+      content: configuration, options, settings, pomerium, enterprise, reference
 ---
 
 `;