Docs: add syntax highlighting keywords to code blocks (#13963)

Closes: #13691 Changes: - Added keywords for syntax highlighting to code blocks in documentation Markdown files. --------- Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
2024-11-06 08:55:24 +00:00 · 2023-09-22 16:57:40 -05:00 · 2023-09-22 16:57:40 -05:00 · 1b25187453
commit 1b25187453
parent 38bf87b0a0
31 changed files with 408 additions and 404 deletions
--- a/docs/01-Using-Fleet/standard-query-library/README.md
+++ b/docs/01-Using-Fleet/standard-query-library/README.md
@ -6,7 +6,7 @@ Fleet's [standard query library](https://fleetdm.com/queries) includes a growing

 After cloning the fleetdm/fleet repo, import the queries and policies found in `docs/01-Using-Fleet/standard-query-library/standard-query-library.yml` using [fleetctl](https://fleetdm.com/docs/using-fleet/fleetctl-cli):

-```
+```sh
 fleetctl apply -f docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
 ```

--- a/docs/Configuration/agent-configuration.md
+++ b/docs/Configuration/agent-configuration.md
@ -12,7 +12,7 @@ Agent options are validated using the latest version of osquery.

 When updating agent options, you may see an error similar to this:

-```
+```sh
 [...] unsupported key provided: "logger_plugin"
 If you’re not using the latest osquery, use the fleetctl apply --force command to override validation.
 ```
@ -21,7 +21,9 @@ This error indicates that you're providing a config option that isn't valid in t

 If you are not using the latest version of osquery, you can create a config YAML file and apply it with `fleetctl` using the `--force` flag to override the validation:

-```fleetctl apply --force -f config.yaml```
+```sh
+fleetctl apply --force -f config.yaml
+```

 You can verify that your agent options are valid by using [the fleetctl apply command](https://fleetdm.com/docs/using-fleet/fleetctl-cli#fleetctl-apply) with the `--dry-run` flag. This will report any error and do nothing if the configuration was valid. If you don't use the latest version of osquery, you can override validation using the `--force` flag. This will update agent options even if they are invalid.

@ -160,7 +162,7 @@ If you prefer to deploy a new package with the updated enroll secret:

 > In order for these options to be applied to your hosts, the `osquery` agent must be configured to use the `tls` config plugin and pointed to the correct endpoint. If you are using Fleetd to enroll your hosts, this is done automatically.

-```
+```go
 "--config_plugin=tls",
 "--config_tls_endpoint=" + path.Join(prefix, "/api/v1/osquery/config")
 ```
--- a/docs/Configuration/configuration-files/README.md
+++ b/docs/Configuration/configuration-files/README.md
@ -146,7 +146,7 @@ To do this with `fleetctl` (assuming the existing secret is `oldsecret` and the

 Begin by retrieving the existing secret configuration:

-```
+```sh
 $ fleetctl get enroll_secret
 ---
 apiVersion: v1
@ -159,7 +159,7 @@ spec:

 Apply the new configuration with both secrets:

-```
+```sh
 $ echo '
 ---
 apiVersion: v1
@ -176,7 +176,7 @@ $ fleetctl apply -f secrets.yml
 Now transition clients to using only the new secret. When the transition is completed, remove the
 old secret:

-```
+```sh
 $ echo '
 ---
 apiVersion: v1
@ -269,7 +269,7 @@ The `secrets` section provides the list of enroll secrets that will be valid for
 - Optional setting (array of dictionaries)
 - Default value: none (empty)
 - Config file format:
-  ```
+  ```yaml
  team:
    name: Client Platform Engineering
    secrets:
@ -283,18 +283,18 @@ You can modify an existing team by applying a new team configuration file with t

 Retrieve the team configuration and output to a YAML file:

-```console
+```sh
 % fleetctl get teams --name Workstations --yaml > workstation_config.yml
 ```
 After updating the generated YAML, apply the changes:

-```console
+```sh
 % fleetctl apply -f workstation_config.yml
 ```

 Depending on your Fleet version, you may see `unsupported key` errors for the following keys when applying the new team configuration:

-```
+```text
 id
 user_count
 host_count
@ -645,7 +645,7 @@ in a public channel or a GitHub issue.
 - Optional setting (array of integers)
 - Default value: empty
 - Config file format:
-  ```
+  ```yaml
  server_settings:
    debug_host_ids:
      - 342
--- a/docs/Configuration/fleet-server-configuration.md
+++ b/docs/Configuration/fleet-server-configuration.md
--- a/docs/Contributing/API-for-contributors.md
+++ b/docs/Contributing/API-for-contributors.md
@ -544,7 +544,7 @@ None.

 ##### Default response

-```
+```json
 {
  "public_key": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzVENDQVptZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkR2JHVmwKZEVSTk1CNFhEVEl5TVRJeE16RTFNREl6TmxvWERUSXpNREV4TWpFMU1USXpObG93RWpFUU1BNEdBMVVFQXhNSApSbXhsWlhSRVRUQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1jbXIxOVNiQUhaCnVZNnJBa254dVBCV0tkSFlrSXpJY2JGMHErZ0ZKZVU3cUlwU0FQWFhmeUpFTXpyQXhpZStPSi9QSXhkTHZTZVoKdXA2Qzg5VHM1VEwrWjhKZmR3T2ZLQVFIUWpyQVpGZkxkdUh0SjNRZnk3di9rbmZ3VzNNSU9XZ00zcDQ3a0xzOAowZnJzNmVuTlpXZElsNUMyV1NpOXVGVVVQcFJTbm1Ha1AvK2QydmNCaWdIOHQ0K3RuV3NYdjhpekxqcHhhanV6CjN0Vlp3SFA0cjBQZTdIM0I0eDZINmlKZmxRZzI4Z3owbDZWa0c2NjVKT2NMLzlDSmNtOWpWRmpxb0RmZTVjUFAKMVFNbFpyb1FCaFhOUHN3bEhRWTkzekJFK3VSRUVNL1N1d0dZcGZLYjQwSDM0S1B1U3Y5SXZHTjIzTXdNM01FMwppNEFBWGJQOGZNTUNBd0VBQWFNU01CQXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01BMEdDU3FHU0liM0RRRUJDd1VBCkE0SUJBUUM5ZFcyRXBxemp1VWhhbk1CSXJpK09VWVhrekR2eVB6bGxTMXd0UVdQQ0s4cFJ5Rk5TM3RkakVXT2kKSTcyOVh2UmtpNjhNZStqRlpxSkxFWHpWUlkwb29aSWhhcG5lNUZoNzlCbkIrWGl6TFQ0TStDNHJ5RVQwOXg4SQpaWHJuY1BKME9ueUdVemlFK0szWEI2dVNLeWN1a3pZci9sRVBBMGlQRTZpM0dNYjljenJFL2NOQURrRXZwcjU2CjN1SFdMU3hwK1U5QmJyaTNDSXBoR1NvSWxnTVBEaUE1RkpiOXc0SnlMK0crZ3Q4c1BlcUZkZDYyRDRpV3U5a0wKMVZBUjRSU2xPcWt1cTVXREZVcUxsVGJFMS9oY1lqcVVUczRrSWhENmN6MkcxQlBnMUU2WVpRZWp6U0ZpeGR1MApYUy9UTTByUFBKNithUC82V1BNRWpJcGVRcmNvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
  "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeHlhdlgxSnNBZG01anFzQ1NmRzQ4RllwMGRpUWpNaHhzWFNyNkFVbDVUdW9pbElBCjlkZC9Ja1F6T3NER0o3NDRuODhqRjB1OUo1bTZub0x6MU96bE12NW53bDkzQTU4b0JBZENPc0JrVjh0MjRlMG4KZEIvTHUvK1NkL0JiY3dnNWFBemVuanVRdXp6Uit1enA2YzFsWjBpWGtMWlpLTDI0VlJRK2xGS2VZYVEvLzUzYQo5d0dLQWZ5M2o2MmRheGUveUxNdU9uRnFPN1BlMVZuQWMvaXZROTdzZmNIakhvZnFJbCtWQ0RieURQU1hwV1FiCnJya2s1d3YvMElseWIyTlVXT3FnTjk3bHc4L1ZBeVZtdWhBR0ZjMCt6Q1VkQmozZk1FVDY1RVFRejlLN0FaaWwKOHB2alFmZmdvKzVLLzBpOFkzYmN6QXpjd1RlTGdBQmRzL3g4d3dJREFRQUJBb0lCQUZRMUFFeGU3bnB0MUc4RgowZ2J3SlpIQjdSYms2bUlNMHo0RXBqZUtEYmI2M2MzMjFKOGV5b3Z6cUhHOFYwMHd1b0tnTkNkQ2lDMjVhOVpnCmFyZHFuNU5MVFJZOEJYZkxrVUQ2ekw5STRHVGJERjZGUjN4cmdWcnh1cjNxTE5EYjltSVBwd1hqQzlTUDUvMmcKdFZ0OTFOV3lOUndrYmxpeXQ4R0p1TmhBZ3VXbnJLQmw5b3o1QkpCU3JLZTJPUE5ERm5mbUs1NFM1VzRKakZZMApFTUV3Z2ZiL2xQZjluWFZwRG9QeEl3QnJmRU5oU3oxcVI0bzJPbVFyRGNOQUNZU05razRjbXVIMHpxc3J5aFg4CkNhajhCcllOemxaeGNPTmpmK1NxUkdvVndjdzZKbzNKazBEREZHeEVaOHBEUThJTXgzRUQ1SE4rbW1SaGRMQmoKT0pRZVhVRUNnWUVBeWZDaFArSVNzMGNtcEM3WUFrK1UrVHNTTElnY3BTTHdReFF2RGFmRWFtMHJoWDJQdDk1ZgpJN1NCTlM3TmlNR0xCVk4rWHg0RHlsT3RYaGNzTm5YUU5qU3J3ZFNHTGxFbU5wWDJXR0x4Znp4REVVbFFSS3FEClY2RHBDaHdmY2tCTFRUNkVaRDlnV21DOGZIYUNPc0JDUHR1VStLQUpFa1FRaVk1VlRLSjYrMkVDZ1lFQS9IYnQKKzIvWFJzSW84VkE4QmhjMitDYyt4YUNrK3dvTVByZ0d4OWxrMTR2R0hDcCtDY2ZGZThqU2NHMDhzU3RKTnJCVgp0cHgvbm1yYklyMzUxVkxlMFNLQ2R2aHF5ajBXQWlWVDhDL0VjcUxGV0VwNG5mY1ZnVHIxRjBGMUptR0Y4WVNYCk41VEh4Tnc4VjZLUDVmWEM2dVVFMkNpZnR1bkxqSGFSNXZCakxxTUNnWUVBdlNjTE0zYUVRNjlTejVrZE5sVHEKMnVUczZnOTRuV256bVRGdnZaKzJ5R1dIelp0R0lsbEZ6b0VHUWhXYjZndzROdjMxTWcxQVNhVkZrQXV1bXppUgpsaVNSK1pZak5ZRkhoUHZFNnhlSzA3NVRwLzUvRkVLUGttWWp3eGVDa1JjT01jVnNaeVpDRDRYcko3NHR6L0JFClhQSjdRTU5PbS9CcmVSMThZck1TOVNFQ2dZQjhqZnhaV1ZNL1FKbE1mTVl3UnhIQ21qSVk5R21ReE9OSHFpa0cKUGhYSFZkazJtaXcyalEyOFJWYTFTdDl2bFNoNHg4Ung1SUg5MlVBbHdzNVlWWnRDV0tFL0tzNGMyc2haNUtxbAp6QnRDWjFXdmVvWkpnTlptUEgwZ3JSV3NDdDgzU2JBRkp1enNEYS9qbUhzZi9BRGZQSUFJV1BwN0ZwdHF3REM1ClhBM0N1d0tCZ0c0QVVmMUZralNYRFBlL2JoVjhtZG4rZCtzN2g2RjZkRWttNnEya1dyS1B4V2lFdlN3QlZEQWoKQjhIRlNtNW1pcHNTTXhQbFVEZDRPSXRSUzVUM1AwcStRZENZNkwzemhmSFBCUzdhTlZaRUJXdVNlY2lDRk0wSQo3MjFSK081TitMTlFwN1N6VWUxRll1WWdhandFSE9KMW82d1ArZWloMmQyVVQyQ09Ed1NrCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg=="
@ -570,7 +570,7 @@ Note that the `public_key` and `private_key` are base64 encoded and should be de

 ##### Default response

-```
+```json
 {
  "apns_key": "aGV5LCBJJ20gc2VjcmV0Cg==",
  "scep_cert": "bHR5LCBJJ20gc2VjcmV0Cg=",
@ -621,7 +621,7 @@ None.

 ##### Default response

-```
+```json
 {
  "url": "https://idp-provider.com/saml?SAMLRequest=...",
 }
@ -1918,7 +1918,7 @@ Note that live queries are automatically cancelled if this method is not called

 #### Example script to handle request and response

-```
+```js
 const socket = new WebSocket('wss://<your-base-url>/api/v1/fleet/results/websocket');

 socket.onopen = () => {
@ -2058,7 +2058,7 @@ Note that SockJS has been found to be substantially less reliable than the [stan

 #### Example script to handle request and response

-```
+```js
 const socket = new SockJS(`<your-base-url>/api/v1/fleet/results`, undefined, {});

 socket.onopen = () => {
@ -2539,7 +2539,7 @@ Downloads a pre-built fleet-osquery installer with the given parameters.

 ##### Default response

-```
+```http
 Status: 200
 Content-Type: application/octet-stream
 Content-Disposition: attachment
--- a/docs/Contributing/Building-Fleet.md
+++ b/docs/Contributing/Building-Fleet.md
@ -18,13 +18,13 @@ Install the dependencies as described in the following sections, then go to [Clo

 Enable the macOS developer tools:

-```
+```sh
 xcode-select --install
 ```

 Install [Homebrew](https://brew.sh/) to manage dependencies, then:

-```
+```sh
 brew install git go node yarn
 ```

@ -32,7 +32,7 @@ brew install git go node yarn

 Install dependencies:

-```
+```sh
 sudo apt-get install -y git golang make nodejs npm
 sudo npm install -g yarn
 ```
@ -40,7 +40,7 @@ sudo npm install -g yarn
 #### Windows

 To install dependencies, we recommend using [Chocolatey](https://chocolatey.org/install). Always run Chocolatey in Powershell as an Administrator. Assuming your setup does not include any of our requirements, please run:
-```
+```sh
 choco install nodejs git golang docker make python2 mingw
 npm install -g yarn
 ```
@ -53,7 +53,7 @@ If you plan to use [WSL](https://learn.microsoft.com/en-us/windows/wsl/install)

 ### Clone and build

-```
+```sh
 git clone https://github.com/fleetdm/fleet.git
 cd fleet
 make deps
@ -79,7 +79,7 @@ First, you will need to install Fleet's dependencies.

 To do this, run the following from the root of the repository:

-```
+```sh
 make deps
 ```

@ -89,13 +89,13 @@ When pulling changes, it may be necessary to re-run `make deps` if a new Go or J

 To generate all necessary code (bundling JavaScript into Go, etc.), run the following:

-```
+```sh
 make generate
 ```

 If you are using a Mac computer with Apple Silicon and have not installed Rosetta 2, you will need to do so before running `make generate`.

-```
+```sh
 /usr/sbin/softwareupdate --install-rosetta --agree-to-license
 ```

@ -105,7 +105,7 @@ Usually, `make generate` takes the JavaScript code, bundles it into a single bun

 This makes deploying Fleet a dream since you only have to worry about a single static binary. If you are working on frontend code, it is likely that you don't want to have to manually re-run `make generate` and `make build` every time you edit JavaScript and CSS in order to see your changes in the browser. Instead of running `make generate` to solve this problem, before you build the Fleet binary, run the following command:

-```
+```sh
 make generate-dev
 ```

@ -119,7 +119,7 @@ After you run `make generate-dev`, run `make build` to build the binary, launch

 For convenience, Fleet includes a Makefile to build the code:

-```
+```sh
 make
 ```

@ -134,7 +134,7 @@ The following assumes that you already installed  [Docker](https://docs.docker.c

 To set up a canonical development environment via Docker, run the following from the root of the repository:

-```
+```sh
 docker-compose up
 ```

@ -146,7 +146,7 @@ docker-compose up

 If you'd like to shut down the virtual infrastructure created by Docker, run the following from the root of the repository:

-```
+```sh
 docker-compose down
 ```

@ -154,7 +154,7 @@ docker-compose down

 Once you `docker-compose up` and are running the databases, you can build the code and run the following command to create the database tables:

-```
+```sh
 ./build/fleet prepare db --dev
 ```

@ -162,7 +162,7 @@ Once you `docker-compose up` and are running the databases, you can build the co

 To start the Fleet server backed by the Docker development infrastructure, run the Fleet binary as follows:

-```
+```sh
 ./build/fleet serve --dev
 ```

@ -191,7 +191,7 @@ The [Delve](https://github.com/go-delve/delve) Go debugger can be used for debug

 Use the following command in place of `make` and `./build/fleet serve --dev`:

-```
+```sh
 dlv debug --build-flags '-tags=full' ./cmd/fleet -- serve --dev
 ```

@ -201,7 +201,7 @@ It is important to pass the `-tags=full` build flag; otherwise, the server will

 You can also run delve in headless mode, which allows you to attach your preferred debugger client and reuse the same session without having to restart the server:

-```
+```sh
 dlv debug --build-flags '-tags=full' --headless \
  --api-version=2 --accept-multiclient --continue \
  --listen=127.0.0.1:61179 ./cmd/fleet -- serve --dev
@ -210,7 +210,7 @@ dlv debug --build-flags '-tags=full' --headless \
 - If you're using Visual Studio Code, there's a launch configuration in the repo.
 - If you're using vim with `vimspector`, you can use the following config:

-```
+```json
 {
  "configurations": {
    "Go: Attach to Fleet server": {
--- a/docs/Contributing/Configuration-for-contributors.md
+++ b/docs/Contributing/Configuration-for-contributors.md
@ -23,7 +23,7 @@ This is the URL of the Jira server to use, including the scheme (e.g. "https://"
 - Required setting (string)
 - Default value: none
 - Config file format:
-  ```
+  ```yaml
  integrations:
    jira:
      - url: "https://example.atlassian.net"
@ -39,7 +39,7 @@ Use this username to authenticate API requests with the Jira server.
 - Required setting (string)
 - Default value: none
 - Config file format:
-  ```
+  ```yaml
  integrations:
    jira:
      - url: "https://example.atlassian.net"
@ -55,7 +55,7 @@ Use this API token to authenticate API requests with the Jira server.
 - Required setting (string)
 - Default value: none
 - Config file format:
-  ```
+  ```yaml
  integrations:
    jira:
      - url: "https://example.atlassian.net"
@ -71,7 +71,7 @@ Use this Jira project key to create tickets.
 - Required setting (string)
 - Default value: none
 - Config file format:
-  ```
+  ```yaml
  integrations:
    jira:
      - url: "https://example.atlassian.net"
@ -87,7 +87,7 @@ Whether the integration is configured to create Jira tickets for failing policie
 - Optional setting (boolean)
 - Default value: `false`
 - Config file format:
-  ```
+  ```yaml
  integrations:
    jira:
      - url: "https://example.atlassian.net"
@ -104,7 +104,7 @@ Whether the integration is configured to create Jira tickets for recent software
 - Optional setting (boolean)
 - Default value: `false`
 - Config file format:
-  ```
+  ```yaml
  integrations:
    jira:
      - url: "https://example.atlassian.net"
@ -125,7 +125,7 @@ This is the URL of the Zendesk server to use, including the scheme (e.g. "https:
 - Required setting (string)
 - Default value: none
 - Config file format:
-  ```
+  ```yaml
  integrations:
    zendesk:
      - url: "https://example.zendesk.com"
@ -141,7 +141,7 @@ Use this email address to authenticate API requests with the Zendesk server.
 - Required setting (string)
 - Default value: none
 - Config file format:
-  ```
+  ```yaml
  integrations:
    zendesk:
      - url: "https://example.zendesk.com"
@ -157,7 +157,7 @@ Use this API token to authenticate API requests with the Zendesk server.
 - Required setting (string)
 - Default value: none
 - Config file format:
-  ```
+  ```yaml
  integrations:
    zendesk:
      - url: "https://example.zendesk.com"
@ -173,7 +173,7 @@ Use this group ID to create tickets.
 - Required setting (integer)
 - Default value: none
 - Config file format:
-  ```
+  ```yaml
  integrations:
    zendesk:
      - url: "https://example.zendesk.com"
@ -189,7 +189,7 @@ Whether the integration is configured to create Zendesk tickets for failing poli
 - Optional setting (boolean)
 - Default value: `false`
 - Config file format:
-  ```
+  ```yaml
  integrations:
    zendesk:
      - url: "https://example.zendesk.com"
@ -206,7 +206,7 @@ Whether the integration is configured to create Zendesk tickets for recent softw
 - Optional setting (boolean)
 - Default value: `false`
 - Config file format:
-  ```
+  ```yaml
  integrations:
    zendesk:
      - url: "https://example.zendesk.com"
@ -233,7 +233,7 @@ Use this authentication method when the authentication type is `authtype_usernam
  - `authmethod_login`
  - `authmethod_plain`
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    authentication_method: authmethod_cram_md5
  ```
@ -248,7 +248,7 @@ This is the type of authentication for the configured SMTP server.
  - `authtype_none` - use this if your SMTP server is open
  - `authtype_username_password` - use this if your SMTP server requires authentication with a username and password
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    authentication_type: authtype_none
  ```
@ -260,7 +260,7 @@ Whether SMTP support is enabled or not to send emails from Fleet.
 - Optional setting (boolean)
 - Default value: `false`
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    enable_smtp: true
  ```
@ -272,7 +272,7 @@ Whether to enable SSL/TLS for the SMTP connection.
 - Optional setting (boolean)
 - Default value: `true`
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    enable_ssl_tls: false
  ```
@ -284,7 +284,7 @@ Whether to detect if TLS is used by the SMTP server and start using it if so.
 - Optional setting (boolean)
 - Default value: `true`
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    enable_start_tls: false
  ```
@ -296,7 +296,7 @@ Use this password for SMTP authentication when the `authentication_type` is set
 - Optional setting (string)
 - Default value: ""
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    password: supersekretsmtppass
  ```
@ -308,7 +308,7 @@ Use this port to connect to the SMTP server.
 - Optional setting (integer)
 - Default value: `587` (the standard SMTP port)
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    port: 5870
  ```
@ -320,7 +320,7 @@ Use this email address as the sender for emails sent by Fleet.
 - Optional setting (string)
 - Default value: ""
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    sender_address: fleet@example.org
  ```
@ -332,7 +332,7 @@ This is the server hostname for SMTP.
 - Optional setting, required to properly configue SMTP (string)
 - Default value: ""
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    server: mail.example.org
  ```
@ -344,7 +344,7 @@ Use this username for SMTP authentication when the `authentication_type` is set
 - Optional setting (string)
 - Default value: ""
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    user_name: test_user
  ```
@ -356,7 +356,7 @@ Whether the SMTP server's SSL certificates should be verified. This can be turne
 - Optional setting (boolean)
 - Default value: `true`
 - Config file format:
-  ```
+  ```yaml
  smtp_settings:
    verify_ssl_certs: false
  ```
--- a/docs/Contributing/Deploying-chrome-test-ext.md
+++ b/docs/Contributing/Deploying-chrome-test-ext.md
@ -12,7 +12,7 @@ Update the version in [`updates.xml`](https://github.com/fleetdm/fleet/blob/main

 ### Build the distribution folder

-```
+```sh
 cd ee/fleetd-chrome
 yarn run build
 ```
@ -41,13 +41,13 @@ Open `ee/fleetd-chrome/update.xml` in your text editor and modify:

 ### Create the server

-```
+```sh
 cd ee/fleetd-chrome
 python3 -m http.server
 ```
 - Verify that it works by going to http://localhost:8000 to see the files.

-```
+```sh
 cd ee/fleetd-chrome
 npm install -g localtunnel
 lt --port 8000 --subdomain test-new-tables
--- a/docs/Contributing/FAQ.md
+++ b/docs/Contributing/FAQ.md
@ -16,7 +16,7 @@ Enrolling your device with more than one Fleet server is not currently possible.

 ### `dep: command not found`

-```
+```sh
 /bin/bash: dep: command not found
 make: *** [.deps] Error 127
 ```
@ -26,7 +26,7 @@ See the Go language documentation for [workspaces](https://golang.org/doc/code.h

 ### `undefined: Asset`

-```
+```sh
 server/fleet/emails.go:90:23: undefined: Asset
 make: *** [fleet] Error 2
 ```
@ -39,7 +39,7 @@ The `osquery` directory contains a docker-compose.yml and additional configurati

 To start osquery, first retrieve the "Enroll secret" from Fleet (by clicking the "Add New Host") button in the Fleet dashboard, or with `fleetctl get enroll-secret`).

-```
+```sh
 cd tools/osquery
 ENROLL_SECRET=<copy from fleet> docker-compose up
 ```
@ -62,7 +62,7 @@ Apart from an admin [disabling usage](https://fleetdm.com/docs/using-fleet/usage

 If you tried running `fleetctl preview` and you get the following error:

-```
+```sh
 fleetctl preview
 Downloading dependencies into /root/.fleet/preview...
 Pulling Docker dependencies...
--- a/docs/Contributing/Releasing-Fleet.md
+++ b/docs/Contributing/Releasing-Fleet.md
@ -60,7 +60,7 @@ Note: Please prefix versions with `fleet-v` (e.g., `fleet-v4.0.0`) in git tags,
 3. Edit the draft release on the [GitHub releases page](https://github.com/fleetdm/fleet/releases).
   Use the version number as the release title. Use the below template for the release description
   (replace items in <> with the appropriate values):
-   ```
+   ```md
   ### Changes

   <COPY FROM CHANGELOG>
@ -111,18 +111,18 @@ A patch release is required when a critical bug is found. Critical bugs are defi
 #### Process

 1. The DRI for release testing/QA notifies the [directly responsible individual (DRI) for creating the patch release branch](https://fleetdm.com/handbook/engineering#rituals) to create the new branch, starting from the git tag of the prior release. Patch branches should be prefixed with `patch-`. In this example we are creating `4.3.1`:
-   ```
+   ```sh
   git checkout fleet-v4.3.0
   git checkout --branch patch-fleet-v4.3.1
   ```

 2. The DRI for creating the patch release branch cherry picks the necessary commits into the new branch:
-   ```
+   ```sh
   git cherry-pick d34db33f
   ```

 3. The DRI for creating the patch release branch pushes the branch to github.com/fleetdm/fleet:
-   ```
+   ```sh
   git push origin patch-fleet-v4.3.1
   ```

--- a/docs/Contributing/Run-Locally-Built-Fleetd.md
+++ b/docs/Contributing/Run-Locally-Built-Fleetd.md
@ -16,7 +16,7 @@ https://github.com/fleetdm/fleet/tree/main/tools/tuf/test


 ### MacOS - Prepare a script file with this content. Call it my_build.sh:
-```
+```sh
 SYSTEMS="macos" \
 PKG_FLEET_URL=https://localhost:8080 \
 PKG_TUF_URL=http://localhost:8081 \
@ -38,7 +38,9 @@ Put the real key here: ```ENROLL_SECRET=<REPLACE WITH REAL SECRET KEY>```
 ### Remove previous local TUF
 If you already have a local TUF running, remove it.

-```rm -rf test_tuf```
+```sh
+rm -rf test_tuf
+```

 ### Run the local build
 chmod +x my_build.sh
--- a/docs/Contributing/Seeding-Data.md
+++ b/docs/Contributing/Seeding-Data.md
@ -14,7 +14,7 @@ For a text-based walkthrough, follow these steps:

 First, create an `env` file with the following contents:

-```
+```sh
 export SERVER_URL=https://localhost:8080 # your Fleet server URL and port
 export CURL_FLAGS='-k -s' # set insecure flag
 export TOKEN=eyJhbGciOi... # your api token
@ -26,7 +26,7 @@ export TOKEN=eyJhbGciOi... # your api token

 Next, set the `FLEET_ENV_PATH` to point to the `env` file using the command line.

-```
+```sh
 export FLEET_ENV_PATH=./path/to/env/file/fleet_env
 ```

@ -40,7 +40,7 @@ Finally, run one of the bash scripts located in the [/tools/api](https://github.

 The `fleet/create_free` script will generate an environment to roughly reflect an installation of Fleet Free. The script creates 3 users with different roles. From the fleet directory, run:

-```
+```sh
 ./tools/api/fleet/teams/create_free
 ```

@ -50,7 +50,7 @@ The `fleet/create_free` script will generate an environment to roughly reflect a

 The `fleet/create_premium` script will generate an environment to roughly reflect an installation of Fleet Premium. The script will create 2 teams of 7 users with different roles. From the fleet directory, run:

-```
+```sh
 ./tools/api/fleet/teams/create_premium
 ```

@ -60,7 +60,7 @@ The `fleet/create_premium` script will generate an environment to roughly reflec

 The `fleet/create_figma` script will generate an environment to reflect the mockups in the Fleet EE (current) Figma file. The script creates 3 teams and 12 users with different roles. From the fleet directory, run:

-```
+```sh
 ./tools/api/fleet/teams/create_figma
 ```

--- a/docs/Contributing/Testing-and-local-development.md
+++ b/docs/Contributing/Testing-and-local-development.md
@ -54,7 +54,7 @@ Use the `--dev_license` flag to use the default development license key.

 For example:

-```
+```sh
 ./build/fleet serve --dev --dev_license
 ```

@ -68,19 +68,19 @@ Check out [`/tools/osquery` directory instructions](https://github.com/fleetdm/f

 You must install the [`golangci-lint`](https://golangci-lint.run/) command to run `make test[-go]` or `make lint[-go]`, using:

-```
+```sh
 go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.2
 ```

 Make sure it is available in your `PATH`. To execute the basic unit and integration tests, run the following from the root of the repository:

-```
+```sh
 REDIS_TEST=1 MYSQL_TEST=1 make test
 ```

 Note that on a Linux system, the Redis tests will include running in cluster mode, so the docker Redis Cluster setup must be running. This implies starting the docker dependencies as follows:

-```
+```sh
 # start both the default docker-compose.yml and the redis cluster-specific
 # docker-compose-redis-cluster.yml
 $ docker-compose -f docker-compose.yml -f docker-compose-redis-cluster.yml up
@ -98,7 +98,7 @@ REDIS_TEST=1 MYSQL_TEST=1 MINIO_STORAGE_TEST=1 SAML_IDP_TEST=1 NETWORK_TEST=1 ma

 To run all Go linters and static analyzers, run the following:

-```
+```sh
 make lint-go
 ```

@ -106,13 +106,13 @@ make lint-go

 To run all JS unit tests, run the following:

-```
+```sh
 make test-js
 ```

 or

-```
+```sh
 yarn test
 ```

@ -120,13 +120,13 @@ yarn test

 To run all JS linters and static analyzers, run the following:

-```
+```sh
 make lint-js
 ```

 or

-```
+```sh
 yarn lint
 ```

@ -134,7 +134,7 @@ yarn lint

 To run MySQL integration tests, set environment variables as follows:

-```
+```sh
 MYSQL_TEST=1 make test-go
 ```

@ -142,7 +142,7 @@ MYSQL_TEST=1 make test-go

 To run email related integration tests using MailHog set environment as follows:

-```
+```sh
 MAIL_TEST=1 make test-go
 ```

@ -150,7 +150,7 @@ MAIL_TEST=1 make test-go

 A few tests require network access as they make requests to external hosts. Given that the network is unreliable and may not be available. Those hosts may also be unavailable so these tests are skipped by default. They are opt-in via the `NETWORK_TEST` environment variable. To run them:

-```
+```sh
 NETWORK_TEST=1 make test-go
 ```

@ -188,21 +188,21 @@ Make sure dependencies are up to date and to build the [Fleet binaries locally](

 For Fleet Free tests:

-```
+```sh
 make e2e-reset-db
 make e2e-serve-free
 ```

 For Fleet Premium tests:

-```
+```sh
 make e2e-reset-db
 make e2e-serve-premium
 ```

 This will start a local Fleet server connected to the E2E database. Leave this server running for the duration of end-to-end testing.

-```
+```sh
 make e2e-setup
 ```

@ -216,13 +216,13 @@ Tests can be run in interactive mode or from the command line.

 For Fleet Free tests:

-```
+```sh
 yarn e2e-browser:free
 ```

 For Fleet Premium tests:

-```
+```sh
 yarn e2e-browser:premium
 ```

@ -232,13 +232,13 @@ Use the graphical UI controls to run and view tests.

 For Fleet Free tests:

-```
+```sh
 yarn e2e-cli:free
 ```

 For Fleet Premium tests:

-```
+```sh
 yarn e2e-cli:premium
 ```

@ -278,7 +278,7 @@ backup, restore, and reset the MySQL database. This can be achieved with the fol

 Backup:

-```
+```sh
 make db-backup
 ```

@ -286,7 +286,7 @@ The database dump is stored in `backup.sql.gz`.

 Restore:

-```
+```sh
 make db-restore
 ```

@ -294,7 +294,7 @@ Note that a "restore" will replace the state of the development database with th

 Reset:

-```
+```sh
 make db-reset
 ```

@ -305,7 +305,7 @@ Connect to the MySQL shell to view and interact directly with the contents of th

 To connect via Docker:

-```
+```sh
 docker-compose exec mysql mysql -uroot -ptoor -Dfleet
 ```

@ -313,7 +313,7 @@ docker-compose exec mysql mysql -uroot -ptoor -Dfleet

 Connect to the `redis-cli` in REPL mode to view and interact directly with the contents stored in Redis.

-```
+```sh
 docker-compose exec redis redis-cli
 ```

@ -378,7 +378,7 @@ First, create one stream for "status" logs and one for "result" logs (see
 https://osquery.readthedocs.io/en/stable/deployment/logging/ for more information around the two
 types of logs):

-```
+```sh
 $ awslocal kinesis create-stream --stream-name "sample_status" --shard-count 1
 $ awslocal kinesis create-stream --stream-name "sample_result" --shard-count 1
 $ awslocal kinesis list-streams
@ -391,7 +391,7 @@ $ awslocal kinesis list-streams
 ```

 Use the following configuration to run Fleet:
-```
+```sh
 FLEET_OSQUERY_RESULT_LOG_PLUGIN=kinesis
 FLEET_OSQUERY_STATUS_LOG_PLUGIN=kinesis
 FLEET_KINESIS_REGION=us-east-1
@ -403,7 +403,7 @@ FLEET_KINESIS_RESULT_STREAM=sample_result
 ```

 Here's a sample command for running `fleet serve`:
-```
+```sh
 make fleet && FLEET_OSQUERY_RESULT_LOG_PLUGIN=kinesis FLEET_OSQUERY_STATUS_LOG_PLUGIN=kinesis FLEET_KINESIS_REGION=us-east-1 FLEET_KINESIS_ENDPOINT_URL=http://localhost:4566 FLEET_KINESIS_ACCESS_KEY_ID=default FLEET_KINESIS_SECRET_ACCESS_KEY=default FLEET_KINESIS_STATUS_STREAM=sample_status FLEET_KINESIS_RESULT_STREAM=sample_result ./build/fleet serve --dev --dev_license --logging_debug
 ```
 Fleet will now be relaying "status" and "result" logs from osquery agents to the LocalStack's
@ -471,7 +471,7 @@ Pre-built installers are kept in a blob storage like AWS S3. As part of your you
 3. Configure your fleet server setting `FLEET_PACKAGING_GLOBAL_ENROLL_SECRET` to match your global enroll secret.
 4. Set `FLEET_SERVER_SANDBOX_ENABLED=1`, as the endpoint to retrieve the installer is only available in the sandbox.

-```
+```sh
 FLEET_SERVER_SANDBOX_ENABLED=1 FLEET_PACKAGING_GLOBAL_ENROLL_SECRET=xyz  ./build/fleet serve --dev
 ```

@ -530,7 +530,7 @@ Note that:

 Another option, if for some reason, generating the certificates and keys fails or you don't have a supported email address handy is to use `openssl` to generate your SCEP key pair:

-```
+```sh
 $ openssl genrsa -out fleet-mdm-apple-scep.key 4096

 $ openssl req -x509 -new -nodes -key fleet-mdm-apple-scep.key -sha256 -days 1826 -out fleet-mdm-apple-scep.crt -subj '/CN=Fleet Root CA/C=US/O=Fleet DM.'
@ -540,7 +540,7 @@ $ openssl req -x509 -new -nodes -key fleet-mdm-apple-scep.key -sha256 -days 1826

 Try to store all the certificates and tokens you generated in the earlier steps together in a safe place outside of the repo, then start the server with:

-```
+```sh
 FLEET_MDM_APPLE_SCEP_CHALLENGE=scepchallenge \
 FLEET_MDM_APPLE_SCEP_CERT=/path/to/fleet-mdm-apple-scep.crt \
 FLEET_MDM_APPLE_SCEP_KEY=/path/to/fleet-mdm-apple-scep.key \
@ -554,7 +554,7 @@ FLEET_MDM_APPLE_APNS_KEY=/path/to/mdmcert.download.push.key \

 Note: if you need to enroll VMs using MDM, the server needs to run behind TLS with a valid certificate. In a separate terminal window/tab, create a local tunnel to your server using `ngrok` (`brew install ngrok/ngrok/ngrok` if you don't have it.)

-```
+```sh
 ngrok http https://localhost:8080
 ```

@ -594,7 +594,7 @@ If you are using QEMU for Linux, follow the instruction guide to install a recen
 1. Create a fleetd package that you will install on your host machine. You can get this command from the fleet
   UI on the manage hosts page when you click the `add hosts` button. Alternatively, you can run the command:

-  ```
+  ```sh
  ./build/fleetctl package --type=pkg --fleet-desktop --fleet-url=<url-of-fleet-instance> --enroll-secret=<your-fleet-enroll-secret>
  ```

@ -648,7 +648,7 @@ We use [Nudge](https://github.com/macadmins/nudge) to enforce macOS updates. Our

 - Orbit launches Nudge using the following command, you can try and run the command yourself to see if you spot anything suspicious:

-```
+```sh
 open /opt/orbit/bin/nudge/macos/stable/Nudge.app --args -json-url file:///opt/orbit/nudge-config.json
 ```

@ -656,13 +656,13 @@ open /opt/orbit/bin/nudge/macos/stable/Nudge.app --args -json-url file:///opt/or

 - Nudge has a great [guide](https://github.com/macadmins/nudge/wiki/Logging) to stream/parse their logs, the TL;DR version is that you probably want a terminal running:

-```
+```sh
 log stream --predicate 'subsystem == "com.github.macadmins.Nudge"' --info --style json --debug
 ```

 - Nudge has a couple of flags that you can provide to see what config values are actually being used. You can try launching Nudge with `-print-json-config` or `-print-profile-config` like this:

-```
+```sh
 open /opt/orbit/bin/nudge/macos/stable/Nudge.app --args -json-url file:///opt/orbit/nudge-config.json -print-json-config
 ```

--- a/docs/Deploy/Deploy-Fleet-on-CentOS.md
+++ b/docs/Deploy/Deploy-Fleet-on-CentOS.md
@ -8,7 +8,7 @@ If you don't have a CentOS host readily available, Fleet recommends using [Vagra

 Once you have installed Vagrant, run the following to create a Vagrant box, start it, and log into it:

-```
+```sh
 echo 'Vagrant.configure("2") do |config|
  config.vm.box = "bento/centos-7.1"
  config.vm.network "forwarded_port", guest: 8080, host: 8080
@ -33,7 +33,7 @@ sudo cp fleet/linux/fleet* /usr/bin/

 To install the MySQL server files, run the following:

-```
+```sh
 wget https://repo.mysql.com/mysql57-community-release-el7.rpm
 sudo rpm -i mysql57-community-release-el7.rpm
 sudo yum update
@ -42,7 +42,7 @@ sudo yum install mysql-server

 To start the MySQL service:

-```
+```sh
 sudo systemctl start mysqld
 ```

@ -51,7 +51,7 @@ MySQL creates an initial temporary root password which you can find in `/var/log

 Connect to MySQL

-```
+```sh
 mysql -u root -p
 ```

@ -61,38 +61,38 @@ Change root password, in this case we will use `toor?Fl33t` as default password

 For MySQL 5.7.6 and newer, use the following command:

-```
+```sh
 mysql> ALTER USER "root"@"localhost" IDENTIFIED BY "toor?Fl33t";
 ```

 For MySQL 5.7.5 and older, use:

-```
+```sh
 mysql> SET PASSWORD FOR "root"@"localhost" = PASSWORD("toor?Fl33t");
 ```

 Now issue the command

-```
+```sh
 mysql> flush privileges;
 ```

 And exit MySQL

-```
+```sh
 mysql> exit
 ```

 Stop MySQL and start again

-```
+```sh
 sudo mysqld stop
 sudo systemctl start mysqld
 ```

 It's also worth creating a MySQL database for us to use at this point. Run the following to create the `fleet` database in MySQL. Note that you will be prompted for the password you created above.

-```
+```sh
 echo 'CREATE DATABASE fleet;' | mysql -u root -p
 ```

@ -100,14 +100,14 @@ echo 'CREATE DATABASE fleet;' | mysql -u root -p

 To install the Redis server files, run the following:

-```
+```sh
 sudo rpm -Uvh https://archives.fedoraproject.org/pub/archive/epel/6/i386/epel-release-6-8.noarch.rpm
 sudo yum install redis
 ```

 To start the Redis server in the background, you can run the following:

-```
+```sh
 sudo service redis start
 ```

@ -115,7 +115,7 @@ sudo service redis start

 Now that we have installed Fleet, MySQL, and Redis, we are ready to launch Fleet! First, we must "prepare" the database. We do this via `fleet prepare db`:

-```
+```sh
 /usr/bin/fleet prepare db \
  --mysql_address=127.0.0.1:3306 \
  --mysql_database=fleet \
@ -125,13 +125,13 @@ Now that we have installed Fleet, MySQL, and Redis, we are ready to launch Fleet

 The output should look like:

-```
+```sh
 Migrations completed.
 ```

 Before we can run the server, we need to generate some TLS keying material. If you already have tooling for generating valid TLS certificates, then you are encouraged to use that instead. You will need a TLS certificate and key for running the Fleet server. If you'd like to generate self-signed certificates, you can do this via (replace SERVER_NAME with your server FQDN):

-```
+```sh
 openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
  -keyout /tmp/server.key -out /tmp/server.cert -subj "/CN=SERVER_NAME” \
  -addext "subjectAltName=DNS:SERVER_NAME”
@ -144,7 +144,7 @@ You should now have two new files in `/tmp`:

 Now we are ready to run the server! We do this via `fleet serve`:

-```
+```sh
 /usr/bin/fleet serve \
  --mysql_address=127.0.0.1:3306 \
  --mysql_database=fleet \
@ -168,7 +168,7 @@ See [Running with systemd](https://fleetdm.com/docs/deploying/configuration#runn

 To install osquery on CentOS, you can run the following:

-```
+```sh
 sudo rpm -ivh https://osquery-packages.s3.amazonaws.com/centos7/noarch/osquery-s3-centos7-repo-1-0.0.noarch.rpm
 sudo yum install osquery
 ```
@ -181,13 +181,13 @@ If you select "Fetch Fleet Certificate", your browser will download the appropri

 You can also select "Reveal Secret" on that modal and the enrollment secret for your Fleet instance will be revealed. Copy that text and create a file with its contents:

-```
+```sh
 echo 'LQWzGg9+/yaxxcBUMY7VruDGsJRYULw8' | sudo tee /var/osquery/enroll_secret
 ```

 Now you're ready to run the `osqueryd` binary:

-```
+```sh
 sudo /usr/bin/osqueryd \
  --enroll_secret_path=/var/osquery/enroll_secret \
  --tls_server_certs=/var/osquery/server.pem \
--- a/docs/Deploy/Deploy-Fleet-on-Kubernetes.md
+++ b/docs/Deploy/Deploy-Fleet-on-Kubernetes.md
@ -89,7 +89,7 @@ Let's tell Kubernetes to create the cluster by running the below command.

 If you have not used Helm before, you must run the following to initialize your cluster prior to installing Fleet:

-```
+```sh
 helm init
 ```

@ -101,7 +101,7 @@ Please note you will need all dependencies configured prior to installing the Fl

 Once you have those configured, run the following:

-```
+```sh
 helm upgrade --install fleet fleet \
  --repo https://fleetdm.github.io/fleet/charts \
  --values values.yaml
@ -122,7 +122,7 @@ To install MySQL from Helm, run the following command. Note that there are some
 - There should be a `fleet` database created
 - The default user's username should be `fleet`

-```
+```sh
 helm install \
  --name fleet-database \
  --set mysqlUser=fleet,mysqlDatabase=fleet \
@ -143,20 +143,20 @@ Note: this step is not neccessary when using the Fleet Helm Chart as it handles

 The last step is to run the Fleet database migrations on your new MySQL server. To do this, run the following:

-```
+```sh
 kubectl create -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
 ```

 In Kubernetes, you can only run a job once. If you'd like to run it again (i.e.: you'd like to run the migrations again using the same file), you must delete the job before re-creating it. To delete the job and re-run it, you can run the following commands:

-```
+```sh
 kubectl delete -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
 kubectl create -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-migrations.yml
 ```

 #### Redis

-```
+```sh
 helm install \
  --name fleet-cache \
  --set persistence.enabled=false \
@ -185,7 +185,7 @@ It should be noted that by default Kubernetes stores secret data in plaintext in

 Consider using Lets Encrypt to easily generate your TLS certificate. For examples on using `lego`, the command-line Let's Encrypt client, see the [documentation](https://github.com/xenolf/lego#cli-example). Consider the following example, which may be useful if you're a GCP user:

-```
+```sh
 GCE_PROJECT="acme-gcp-project" GCE_DOMAIN="acme-co" \
  lego --email="username@acme.co" \
    -x "http-01" \
@ -196,13 +196,13 @@ GCE_PROJECT="acme-gcp-project" GCE_DOMAIN="acme-co" \

 If you're going the route of a more traditional CA-signed certificate, you'll have to generate a TLS key and a CSR (certificate signing request):

-```
+```sh
 openssl req -new -newkey rsa:2048 -nodes -keyout tls.key -out tls.csr
 ```

 Now you'll have to give this CSR to a Certificate Authority, and they will give you a file called `tls.crt`. We will then have to add the key and certificate as Kubernetes secrets.

-```
+```sh
 kubectl create secret tls fleet-tls --key=./tls.key --cert=./tls.crt
 ```

@ -210,13 +210,13 @@ kubectl create secret tls fleet-tls --key=./tls.key --cert=./tls.crt

 First we must deploy the instances of the Fleet webserver. The Fleet webserver is described using a Kubernetes deployment object. To create this deployment, run the following:

-```
+```sh
 kubectl apply -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-deployment.yml
 ```

 You should be able to get an instance of the webserver running via `kubectl get pods` and you should see the following logs:

-```
+```sh
 kubectl logs fleet-webserver-9bb45dd66-zxnbq
 ts=2017-11-16T02:48:38.440578433Z component=service method=ListUsers user=none err=null took=2.350435ms
 ts=2017-11-16T02:48:38.441148166Z transport=https address=0.0.0.0:443 msg=listening
@ -226,7 +226,7 @@ ts=2017-11-16T02:48:38.441148166Z transport=https address=0.0.0.0:443 msg=listen

 Now that the Fleet server is running on our cluster, we have to expose the Fleet webservers to the internet via a load balancer. To create a Kubernetes `Service` of type `LoadBalancer`, run the following:

-```
+```sh
 kubectl apply -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-service.yml
 ```

@ -234,7 +234,7 @@ kubectl apply -f ./docs/Using-Fleet/configuration-files/kubernetes/fleet-service

 Finally, we must configure a DNS address for the external IP address that we now have for the Fleet load balancer. Run the following to show some high-level information about the service:

-```
+```sh
 kubectl get services fleet-loadbalancer
 ```

--- a/docs/Deploy/Upgrading-Fleet.md
+++ b/docs/Deploy/Upgrading-Fleet.md
@ -29,7 +29,7 @@ sudo cp fleet/linux/fleet* /usr/bin/

 Pull the latest Fleet docker image:

-```
+```sh
 docker pull fleetdm/fleet
 ```

@ -45,7 +45,7 @@ First, take the existing servers offline.

 Run database migrations:

-```
+```sh
 fleet prepare db
 ```

@ -53,7 +53,7 @@ fleet prepare db

 Once Fleet has been replaced with the newest version and the database migrations have completed, serve the newly upgraded Fleet instance:

-```
+```sh
 fleet serve
 ```

--- a/docs/Deploy/cloudgov.md
+++ b/docs/Deploy/cloudgov.md
@ -14,7 +14,7 @@ values as appropriate.

 4. From your local fleetdm source directory.

-```
+```sh
 git clone https://github.com/fleetdm/fleet
 cd fleet
 cf login -a api.fr.cloud.gov  --sso
@ -24,13 +24,13 @@ cf login -a api.fr.cloud.gov  --sso

 5. Setup a demo application space

-```
+```sh
 cf target -o sandbox-gsa create-space fleetdm-rename
 ```

 6. Create database(s)

-```
+```sh
 # Update manifest.yml file to rename application and database key names to match commands below.

 cf marketplace
--- a/docs/Deploy/deploy-on-hetzner-cloud.md
+++ b/docs/Deploy/deploy-on-hetzner-cloud.md
@ -361,7 +361,7 @@ This would be a great time to set up `A`/`AAAA` records for your Fleet controlle

 Now that we have our machine, we’ll want to allow DNS queries to DNS resolvers other than Hetzner:

-```
+```sh
 sed -i /etc/systemd/resolved.conf 's/^#DNS=$/DNS=1.1.1.1 9.9.9.9 8.8.8.8/'
 systemctl restart systemd-resolved
 ```
@ -372,7 +372,7 @@ This will ensure that external DNS can be reached through a means _other_ than b

 Let’s get our machine up to date and install some packages we’ll need later

-```
+```sh
 # Update Apt
 sudo apt update
 sudo apt install -y ca-certificates curl gnupg lsb-release
@ -382,7 +382,7 @@ sudo apt install -y ca-certificates curl gnupg lsb-release

 To ensure we do not expose services accidentally, we'll install [UncomplicatedFirewall](https://wiki.ubuntu.com/UncomplicatedFirewall), also known as ufw, to block all inbound traffic by default and then allow the protocols we need.

-```
+```sh
 apt install ufw
 ufw deny all

@ -400,7 +400,7 @@ ufw enable
 Before we can get started, let’s install [Docker](https://docs.docker.com/) to manage our workloads. Other container runtimes would work, but Docker is pretty well known, robust, and uses [Containerd](https://containerd.io) underneath anyway, so let’s use that:


-```
+```sh
 sudo apt install -y ca-certificates curl gnupg lsb-release # these should already be installed

 # Set up package repositories for docker
@ -430,7 +430,7 @@ To run MySQL, we’ll have to do the following:

 We can pull the [official MySQL docker image](https://hub.docker.com/_/mysql) like so:

-```
+```sh
 $ docker pull mysql@sha256:16e159331007eccc069822f7b731272043ed572a79a196a05ffa2ea127caaf67 # mysql:5.7.38 as of 2022/05/19
 ```

@ -440,7 +440,7 @@ $ docker pull mysql@sha256:16e159331007eccc069822f7b731272043ed572a79a196a05ffa2

 First we’ll set up our credentials:

-```
+```sh
 # Create the Fleet MySQL data folder
 mkdir -p /etc/fleet

@ -456,7 +456,7 @@ cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 | sed -e 's/^/MYS

 And then we’ll create the actual unit that reads this config

-```
+```systemd
 [Unit]
 Description=Fleet MySQL instance
 After=docker.service
@ -485,7 +485,7 @@ WantedBy=default.target

 We’ll save this content to `/etc/systemd/system/fleet-mysql.service`, and refresh `systemd`:

-```
+```sh
 $ systemctl daemon-reload
 $ systemctl enable fleet-mysql
 ```
@ -500,7 +500,7 @@ Fleet uses [Redis](https://redis.io/) as its primary caching solution, so we’l

 We can pull the [KeyDB docker image](https://hub.docker.com/r/eqalpha/keydb) like so:

-```
+```sh
 $ docker pull eqalpha/keydb@sha256:18a00f69577105650d829ef44a9716eb4feaa7a5a2bfacd115f0a1e7a97a8726 # x86_64_v6.3.0 as of 2022/05/19
 ```

@ -509,7 +509,7 @@ $ docker pull eqalpha/keydb@sha256:18a00f69577105650d829ef44a9716eb4feaa7a5a2bfa
 Similarly to MySQL, a systemd service can be created for our redis-equivalent service as well.


-```
+```systemd
 [Unit]
 Description=Fleet Redis instance
 After=docker.service
@ -537,7 +537,7 @@ WantedBy=default.target

 We’ll save this content to `/etc/systemd/system/fleet-redis.service`. And just like MySQL we’ll `daemon-reload` and `enable`:

-```
+```sh
 systemctl daemon-reload
 systemctl enable fleet-redis
 ```
@ -552,7 +552,7 @@ We’re finally at the main course – time to install Fleet!

 We can pull the [Fleet docker image](https://hub.docker.com/r/fleetdm/fleet) like so:

-```
+```sh
 $ docker pull fleetdm/fleet@sha256:332744f3503dc15fdb65c7b672a09349b2c30fb59a08f9ab4b1bbab94e3ddb5b
 ```

@ -562,7 +562,7 @@ The [Fleet v4.15.0](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.15.0)

 First, we’ll get our Fleet ENV vars in place:

-```
+```sh
 mkdir -p /etc/fleet/fleet

 # MySQL fleet ENV
@ -579,7 +579,7 @@ echo 'FLEET_SERVER_TLS=false' >> /etc/fleet/fleet.env

 We can set up Fleet to run like so:

-```
+```systemd
 [Unit]
 Description=Fleet
 After=docker.service
@ -620,7 +620,7 @@ Luckily, Caddy supports automatic HTTPS certificate retrieval via [LetsEncrypt](

 First, let’s write our domain as a configuration that systemd can use at `/etc/fleet/caddy.env`:

-```
+```sh
 mkdir -p /etc/fleet/caddy;
 touch /etc/fleet/caddy.env;
 chmod 600 /etc/fleet/caddy.env;
@ -637,13 +637,13 @@ reverse_proxy 127.0.0.1:8080

 After saving that simple `Caddyfile` at `/etc/fleet/caddy/Caddyfile`, we can do our usual `docker pull`ing:

-```
+```sh
 $ docker pull caddy@sha256:6e62b63d4d7a4826f9e93c904a0e5b886a8bea2234b6569e300924282a2e8e6c
 ```

 Here’s a systemd service:

-```
+```systemd
 [Unit]
 Description=Fleet Caddy instance
 After=docker.service
--- a/docs/Deploy/deploy-on-render.md
+++ b/docs/Deploy/deploy-on-render.md
@ -109,7 +109,7 @@ You’ll find the enroll-secret after clicking “Add hosts”. This is a specia

 To install `fleetctl`, which is the command line interface (CLI) used to communicate between your computer and Fleet, you either run `npm install -g fleetctl` or [download fleetctl](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.3.0) from Github. Once it's installed try the following command (Docker require) on your terminal:

-```
+```sh
 fleetctl package --type=msi --enroll-secret <secret> --fleet-url https://<your-unique-service-name>.onrender.com
 ```

@ -119,7 +119,7 @@ Now we need some awesome queries to run against the hosts we enroll, check out t

 To get them into Fleet we can use `fleetctl` again. Run the following on your terminal:

-```
+```sh
 curl https://raw.githubusercontent.com/fleetdm/fleet/main/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml -o standard-query-library.yaml
 ```

@ -127,13 +127,13 @@ Now that we downloaded the standard query library, we’ll apply it using `fleet

 Try running:

-```
+```sh
 fleetctl config set --address https://<your-unique-service-name>.onrender.com
 ```

 Next, login with your credentials from when you set up the Fleet instance by running `fleetctl login`:

-```
+```sh
 fleetctl login
 Log in using the standard Fleet credentials.
 Email: <enter user you just setup>
@ -143,7 +143,7 @@ Fleet login successful and context configured!

 Applying the query library is simple. Just run:

-```
+```sh
 fleetctl apply -f standard-query-library.yaml
 ```

--- a/docs/Deploy/proxies.md
+++ b/docs/Deploy/proxies.md
@ -4,7 +4,7 @@ If you are in an enterprise environment where Fleet is behind a proxy and you wo

 For example, to configure the proxy in a systemd service file:

-```
+```systemd
 [Service]
 Environment="HTTP_PROXY=http(s)://PROXY_URL:PORT/"
 Environment="HTTPS_PROXY=http(s)://PROXY_URL:PORT/"
--- a/docs/Deploy/single-sign-on-sso.md
+++ b/docs/Deploy/single-sign-on-sso.md
@ -18,7 +18,7 @@ Setting up the service provider (Fleet) with an identity provider generally requ

 - _Assertion Consumer Service_ - This is the call-back URL that the identity provider
  will use to send security assertions to Fleet. In Okta, this field is called _single sign-on URL_. On Google, it is "ACS URL." The value you supply will be a fully qualified URL consisting of your Fleet web address and the call-back path `/api/v1/fleet/sso/callback`. For example, if your Fleet web address is https://fleet.example.com, then the value you would use in the identity provider configuration would be:
-  ```
+  ```text
  https://fleet.example.com/api/v1/fleet/sso/callback
  ```

--- a/docs/Deploy/system-d.md
+++ b/docs/Deploy/system-d.md
@ -10,7 +10,7 @@ permissions to execute the binary, open the configuration files, and write the l
 used. It is also possible to run as `root`, though as with any other web server it is discouraged
 to run Fleet as `root`.

-```
+```systemd

 [Unit]
 Description=Fleet
@ -36,7 +36,7 @@ WantedBy=multi-user.target

 Once you created the file, you need to move it to `/etc/systemd/system/fleet.service` and start the service.

-```
+```sh
 sudo mv fleet.service /etc/systemd/system/fleet.service
 sudo systemctl start fleet.service
 sudo systemctl status fleet.service
@ -50,7 +50,7 @@ Sometimes you'll need to update the systemd unit file defining the service. To d

 Then, run

-```
+```sh
 sudo systemctl daemon-reload
 sudo systemctl restart fleet.service
 ```
--- a/started/FAQ.md
+++ b/started/FAQ.md
@ -152,13 +152,13 @@ Yes, fleetd can be run alongside an existing, separately-installed osqueryd. If

 Yes, auto-updates can be disabled entirely by passing `--disable-updates` as a flag when running `fleetctl package` to generate your installer (easy) or by deploying a modified systemd file to your hosts (more complicated). We'd recommend the flag:

-```
+```sh
 fleetctl package --fleetctl package --type=deb --fleet-url=https://localhost:8080 --enroll-secret=superRandomSecret --disable-updates
 ```

 You can also indicate the [channels you would like Fleetd to watch for updates](https://fleetdm.com/docs/using-fleet/fleetd#update-channels) using the `--orbit-channel`, `--desktop-channel` , and `--osqueryd-channel` flags:

-```
+```sh
 fleetctl package --fleetctl package --type=deb --fleet-url=https://localhost:8080 --enroll-secret=superRandomSecret --orbit-channel=edge --desktop-channel=stable --osqueryd-channel=4
 ```

@ -188,7 +188,7 @@ Any extension table available in a host enrolled to Fleet can be queried by Flee

 If you are using a self-signed certificate on `localhost`, add the  `--insecure` flag when building your installation packages:

-```
+```sh
 fleetctl package --fleetctl package --type=deb --fleet-url=https://localhost:8080 --enroll-secret=superRandomSecret --insecure
 ```

@ -231,7 +231,7 @@ By default, Fleet will query hosts for software inventory hourly. If you'd like

 There are a few ways you can go about getting counts of hosts that meet specific criteria using the REST API. You can use [`GET /api/v1/fleet/hosts`](https://fleetdm.com/docs/using-fleet/rest-api#list-hosts) or the [`fleetctl` CLI](https://fleetdm.com/docs/using-fleet/fleetctl-cli#available-commands) to gather a list of all hosts and then work with that data however you'd like. For example, you could retrieve all hosts using `fleetctl get hosts` and then use `jq` to pull out the data you need. The following example would give you a count of hosts by their OS version:

-```
+```sh
 $ fleetctl get hosts --json | jq '.spec .os_version' | sort | uniq -c

   1 "CentOS Stream 8.0.0"
@ -328,7 +328,7 @@ Changes were introduced in Fleet v4.20.0 that caused the `features.additional_qu

 There is a [bug](https://github.com/fleetdm/fleet/issues/8443) in MySQL validation in some versions of Fleet when using the `created_at` and `updated_at` columns as `order_key` along with an `after` filter. Adding `h.` to the column in `order_key` will return your results.

-```
+```text
 {host}/api/v1/fleet/hosts?order_key=h.created_at&order_direction=desc&after=2022-10-22T20:22:03Z

 ```
@ -435,7 +435,7 @@ To get your proxy server's HTTP client to work with a local Fleet when using a s

 The exact solution to this depends on the request client you are using. For example, when using Node.js ± Sails.js, you can work around this in the requests you're sending with `await sails.helpers.http.get()` by lifting your app with the `NODE_TLS_REJECT_UNAUTHORIZED` environment variable set to `0`:

-```
+```sh
 NODE_TLS_REJECT_UNAUTHORIZED=0 sails console
 ```

@ -495,7 +495,7 @@ The next step is to make sure the credentials for the database match what is exp

 If you're successful connecting to the database and still receive a database connection error, you may need to specify your database credentials when running `fleet prepare db`. It's encouraged to put your database credentials in environment variables or a config file.

-```
+```sh
 fleet prepare db \
    --mysql_address=<database_address> \
    --mysql_database=<database_name> \
--- a/API/rest-api.md
+++ b/API/rest-api.md
@ -44,7 +44,7 @@ To get an API token, retrieve it from the "Account settings" > "Get API token" i

 Then, use that API token to authenticate all subsequent API requests by sending it in the "Authorization" request header, prefixed with "Bearer ":

-```
+```http
 Authorization: Bearer <your token>
 ```

@ -3860,14 +3860,14 @@ assigned to a team. Note that in this example the form data specifies`team_id` i

 ##### Request headers

-```
+```http
 Content-Length: 850
 Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y
 ```

 ##### Request body

-```
+```http
 --------------------------f02md47480und42y
 Content-Disposition: form-data; name="team_id"

@ -3979,14 +3979,14 @@ solely on the response status code returned by this endpoint.

 ##### Example response headers

-```
+```http
  Content-Length: 542
  Content-Type: application/octet-stream
  Content-Disposition: attachment;filename="2023-03-31 Example profile.mobileconfig"
 ```

 ###### Example response body
-```
+```xml
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
@ -4411,14 +4411,14 @@ assigned to a team. Note that in this example the form data specifies `team_id`

 ##### Request headers

-```
+```http
 Content-Length: 850
 Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y
 ```

 ##### Request body

-```
+```http
 --------------------------f02md47480und42y
 Content-Disposition: form-data; name="team_id"
 1
@ -4516,7 +4516,7 @@ Download a bootstrap package.

 `Status: 200`

-```
+```http
 Status: 200
 Content-Type: application/octet-stream
 Content-Disposition: attachment
@ -4608,14 +4608,14 @@ Upload an EULA that will be shown during the DEP flow.

 ##### Request headers

-```
+```http
 Content-Length: 850
 Content-Type: multipart/form-data; boundary=------------------------f02md47480und42y
 ```

 ##### Request body

-```
+```http
 --------------------------f02md47480und42y
 Content-Disposition: form-data; name="eula"; filename="eula.pdf"
 Content-Type: application/octet-stream
@ -4699,7 +4699,7 @@ Download an EULA file

 `Status: 200`

-```
+```http
 Status: 200
 Content-Type: application/pdf
 Content-Disposition: attachment
--- a/Fleet/Automations.md
+++ b/Fleet/Automations.md
@ -25,7 +25,7 @@ For webhook automations, if a new CVE is detected on more than one host during t

 Example webhook payload:

-```
+```http
 POST https://server.com/example
 ```

@ -84,7 +84,7 @@ For webhooks automations, if a policy is newly failing on more than one host dur

 Example webhook payload:

-```
+```http
 POST https://server.com/example
 ```

@ -140,7 +140,7 @@ Fleet sends these webhook requests once per day by default. This interval can be

 Example webhook payload:

-```
+```http
 POST https://server.com/example
 ```

--- a/Fleet/MDM-commands.md
+++ b/Fleet/MDM-commands.md
@ -73,7 +73,7 @@ Fleet UI:

 Example output:

-```
+```sh
 $ fleetctl get mdm-command-results -id 333af7f8-b9a4-4f62-bfb2-f7488fbade21
 +--------------------------------------+----------------------+----------------+--------------+---------------------+---------------------------------------------------------+
 |                  ID                  |         TIME         |      TYPE      |    STATUS    |      HOSTNAME       |                         RESULTS                         |
@ -99,7 +99,7 @@ You can view the list of the 1,000 latest commands using "fleetctl":

 Example output:

-```
+```sh
 $ fleetctl get mdm-commands
 +--------------------------------------+----------------------+--------------------------+--------------+------------------------+
 |                  ID                  |         TIME         |           TYPE           |    STATUS    |        HOSTNAME        |
--- a/Fleet/MDM-setup.md
+++ b/Fleet/MDM-setup.md
@ -45,7 +45,7 @@ Use either of the following methods to generate the necessary files:

 Run the following command to download three files and send an email to you with an attached CSR file.

-```
+```sh
 fleetctl generate mdm-apple --email <email> --org <org> 
 ```

@ -80,7 +80,7 @@ Navigate to the **Settings > Integrations > Mobile device management (MDM)** pag

 #### Fleetctl CLI

-```
+```sh
 fleetctl get mdm-apple
 ```

@ -104,7 +104,7 @@ Navigate to the **Settings > Integrations > Mobile device management (MDM)** pag

 #### Fleetctl CLI

-```
+```sh
 fleetctl get mdm-apple
 ``` 

@ -114,7 +114,7 @@ fleetctl get mdm-apple

 Run the following command in `fleetctl`. This will download three files and send an email to you with an attached CSR file. You may ignore the SCEP certificate and SCEP key as you do not need these to renew APNs.

-```
+```sh
 fleetctl generate mdm-apple --email <email> --org <org>
 ```

@ -146,7 +146,7 @@ Use either of the following methods to confirm that Fleet is set up:

 Run the following command. You should see information about the new APNs certificate such as serial number and renewal date. 

-```
+```sh
 fleetctl get mdm-apple
 ```

@ -178,7 +178,7 @@ User either of the following methods to generate a certificate and private key p

 #### Fleetctl CLI:

-```
+```sh
 fleetctl generate mdm-apple-bm
 ```

@ -217,7 +217,7 @@ Use either of the following methods to confirm that Fleet is set up correctly. Y

 #### Fleetctl CLI:

-```
+```sh
 fleetctl get mdm-apple
 ```

@ -271,7 +271,7 @@ Use either of the following methods to see your ABM renewal date and other impor

 #### Fleetctl CLI

-```
+```sh
 fleetctl get mdm-apple
 ```

--- a/Fleet/Scripts.md
+++ b/Fleet/Scripts.md
@ -48,7 +48,7 @@ osascript -e 'tell application "Finder" to set desktop picture to POSIX file "'"
 ### Step 3: Run the script

 1. Run this fleetctl command:
-```
+```sh
 fleetctl run-script --script_path=set-wallpaper-to-fleet.sh --host=hostname`
 ```

--- a/Fleet/enroll-hosts.md
+++ b/Fleet/enroll-hosts.md
@ -184,7 +184,7 @@ Specify the path to this certificate with the `--tls_server_certs` flag when you

 In order for osquery to connect to the fleet server, there are some flags that need to be set:

-```
+```sh
 --enroll_secret_path=/etc/osquery/enroll_secret 
 --tls_server_certs=/etc/osquery/fleet.crt
 --tls_hostname=fleet.example.com 
@ -209,7 +209,7 @@ These can be specified directly in the command line or saved to a flag file.

 Assuming that you are deploying your enroll secret in the file `/etc/osquery/enroll_secret` and your osquery server certificate is at `/etc/osquery/fleet.crt`, you could copy and paste the following command with the following flags (be sure to replace `fleet.acme.net` with the hostname or IP of your Fleet installation):

-```
+```sh
 sudo osqueryd \
 --enroll_secret_path=/etc/osquery/enroll_secret \
 --tls_server_certs=/etc/osquery/fleet.crt \
@ -238,13 +238,13 @@ If your enroll secret is defined in a local file, specify the file's path with t

 For your convenience, osqueryd supports putting all your flags into a single file. We suggest deploying this file to `/etc/osquery/fleet.flags`. If you've deployed the appropriate osquery flags to that path, you could simply launch osquery via:

-```
+```sh
 osqueryd --flagfile=/etc/osquery/fleet.flags
 ```

 When using a flag file on Windows, make sure that file paths in the flag file are absolute and not quoted. For example, in `C:\Program Files\osquery\osquery.flags`:

-```
+```sh
 --tls_server_certs=C:\Program Files\osquery\fleet.pem
 --enroll_secret_path=C:\Program Files\osquery\secret.txt
 ```
@ -257,7 +257,7 @@ deploy a new package for every new osquery release.

 #### Generate installer

-```
+```sh
 fleetctl package --type [pkg|msi|deb|rpm] --fleet-url [fleet-hostname:port] --enroll-secret [secret]
 ```

@ -318,13 +318,13 @@ If you use plain osquery, instructions are [available here](https://osquery.read
 On a system with osquery installed via the Fleet osquery installer (Fleetd), obtain the
 `CodeRequirement` of Fleetd by running:

-```
+```sh
 codesign -dr - /opt/orbit/bin/orbit/macos/stable/orbit
 ```

 The output should be similar or identical to:

-```
+```sh
 Executable=/opt/orbit/bin/orbit/macos/edge/orbit
 designated => identifier "com.fleetdm.orbit" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "8VBZ3948LU"
 ```
--- a/Fleet/fleetctl-CLI.md
+++ b/Fleet/fleetctl-CLI.md
@ -24,13 +24,13 @@ To see the commands you can run with fleetctl, run the `fleetctl --help` command

 Each command available to `fleetctl` has a help menu with additional information. To pull up the help menu, run `fleetctl <command> --help`, replacing `<command>` with the command you're looking up:

-```
+```sh
 > fleetctl setup --help
 ```

 You will see more info about the command, including the usage and information about any additional commands and options (or 'flags') that can be passed with it:

-```
+```sh
 NAME:
   fleetctl setup - Set up a Fleet instance

@ -62,7 +62,7 @@ This guide illustrates:

 For the sake of this tutorial, we will be using the local development Docker Compose infrastructure to run Fleet locally. This is documented in some detail in the [developer documentation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Building-Fleet.md#development-infrastructure), but the following are the minimal set of commands that you can run from the root of the repository (assuming that you have a working Go/JavaScript toolchain installed along with Docker Compose):

-```
+```sh
 docker-compose up -d
 make deps
 make generate
@ -79,7 +79,7 @@ At this point, the MySQL database doesn't have any users in it. Because of this,

 Now, since our Fleet instance is local in this tutorial, we didn't get a valid TLS certificate, so we need to run the following to configure our Fleet context:

-```
+```sh
 fleetctl config set --address https://localhost:8080 --tls-skip-verify
 [+] Set the address config key to "https://localhost:8080" in the "default" context
 [+] Set the tls-skip-verify config key to "true" in the "default" context
@ -87,7 +87,7 @@ fleetctl config set --address https://localhost:8080 --tls-skip-verify

 Now, if you were connecting to a Fleet instance for real, you wouldn't want to skip TLS certificate verification, so you might run something like:

-```
+```sh
 fleetctl config set --address https://fleet.corp.example.com
 [+] Set the address config key to "https://fleet.corp.example.com" in the "default" context
 ```
@ -96,7 +96,7 @@ fleetctl config set --address https://fleet.corp.example.com

 Now that we've configured our local CLI context, lets go ahead and create our admin account:

-```
+```sh
 fleetctl setup --email zwass@example.com --name 'Zach' --org-name 'Fleet Test'
 Password:
 [+] Fleet setup successful and context configured!
@ -108,7 +108,7 @@ It's possible to specify the password via the `--password` flag or the `$PASSWOR

 To run a simple query against all hosts, you might run something like the following:

-```
+```sh
 fleetctl query --query 'SELECT * FROM osquery_info;' --labels='All Hosts' > results.json
 ⠂  100% responded (100% online) | 1/1 targeted hosts (1/1 online)
 ^C
@ -143,7 +143,7 @@ When the query is done (or you have enough results), CTRL-C and look at the `res

 If you have an existing Fleet instance, run `fleetctl login` (after configuring your local CLI context):

-```
+```sh
 fleetctl config set --address https://fleet.corp.example.com
 [+] Set the address config key to "https://fleet.corp.example.com" in the "default" context

@ -164,7 +164,7 @@ Users that authenticate to Fleet via SSO should retrieve their API token from th

 2. Set the API token in the `~/.fleet/config` file. The file should look like the following:

-```
+```yaml
 contexts:
  default:
    address: https://fleet.corp.example.com
@ -201,7 +201,7 @@ An API-only user does not have access to the Fleet UI. Instead, it's only purpos

 To create your new API-only user, run `fleetctl user create` and pass values for `--name`, `--email`, and `--password`, and include the `--api-only` flag:

-```
+```sh
 fleetctl user create --name "API User" --email api@example.com --password temp!pass --api-only
 ```

@ -210,13 +210,13 @@ An API-only user can be given the same permissions as a regular user. The defaul

 If you'd like your API-only user to have a different access level than the default `Observer` role, you can specify what level of access the new user should have using the `--global-role` flag:

-```
+```sh
 fleetctl user create --name "API User" --email api@example.com --password temp#pass --api-only --global-role admin
 ```

 On Fleet Premium, use the `--team` flag setting `team_id:role` to create an API-only user on a team:

-```
+```sh
 fleetctl user create --name "API Team Maintainer User" --email apimaintainer@example.com --password temp#pass --team 4:maintainer
 ```

@ -268,7 +268,7 @@ The [Log in API](https://fleetdm.com/docs/using-fleet/rest-api#log-in) will retu

 To use `fleetctl` with your regular user account but occasionally use your API-only user for specific cases, you can set up your `fleetctl` config with a new `context` to hold the credentials of your API-only user:

-```
+```sh
 fleetctl config set --address https://dogfood.fleetdm.com --context api
 [+] Context "api" not found, creating it with default values
 [+] Set the address config key to "https://dogfood.fleetdm.com" in the "api" context
@ -276,7 +276,7 @@ fleetctl config set --address https://dogfood.fleetdm.com --context api

 From there on, you can use  the `--context api` flag whenever you need to use the API-only user's identity, rather than logging in and out to switch accounts:

-```
+```sh
 fleetctl login --context admin
 Log in using the admin Fleet credentials.
 Email: admin@example.com
@ -300,7 +300,7 @@ File carving data can be either stored in Fleet's database or to an external S3

 Given a working flagfile for connecting osquery agents to Fleet, add the following flags to enable carving:

-```
+```sh
 --disable_carver=false
 --carver_disable_function=false
 --carver_start_endpoint=/api/v1/osquery/carve/begin
@ -332,13 +332,13 @@ File carves are initiated with osquery queries. Issue a query to the `carves` ta

 For example, to extract the `/etc/hosts` file on a host with hostname `mac-workstation`:

-```
+```sh
 fleetctl query --hosts mac-workstation --query 'SELECT * FROM carves WHERE carve = 1 AND path = "/etc/hosts"'
 ```

 The standard osquery file globbing syntax is also supported to carve entire directories or more:

-```
+```sh
 fleetctl query --hosts mac-workstation --query 'SELECT * FROM carves WHERE carve = 1 AND path LIKE "/etc/%%"'
 ```

@ -352,13 +352,13 @@ Contents of carves are returned as .tar archives, and compressed if that option

 To download the contents of a carve with ID 3, use

-```
+```sh
 fleetctl get carve --outfile carve.tar 3
 ```

 It can also be useful to pipe the results directly into the tar command for unarchiving:

-```
+```sh
 fleetctl get carve --stdout 3 | tar -x
 ```

@ -388,7 +388,7 @@ Osquery can report on the status of carves through queries to the `carves` table

 The details provided by

-```
+```sh
 fleetctl query --labels 'All Hosts' --query 'SELECT * FROM carves'
 ```

@ -415,13 +415,13 @@ Start with a default of 2MiB for MySQL (2097152 bytes), and 5MiB for S3/Minio (5

 `fleetctl` provides debugging capabilities about the running Fleet server via the `debug` command. To see a complete list of all the options run:

-```
+```sh
 fleetctl debug --help
 ```

 To generate a full debugging archive, run:

-```
+```sh
 fleetctl debug archive
 ```

--- a/Fleet/update-agents.md
+++ b/Fleet/update-agents.md
@ -30,7 +30,7 @@ For testing purposes it is okay to initialize the repository in an online enviro

 Initialize the repository:

-```
+```sh
 fleetctl updates init
 ```

@ -38,19 +38,19 @@ Choose and record secure passphrases, _different for each key_. If the passphras

 Make multiple copies of the `keys` directory to be stored offline on USB drives. These copies contain the root key:

-```
+```sh
 cp -r keys <destination>
 ```

 Delete the root key from the `keys` directory:

-```
+```sh
 rm keys/root.json
 ```

 Copy the `keys`, `repository`, and `staged` directories to a separate "working" USB drive:

-```
+```sh
 cp -r keys repository staged <destination>
 ```

@ -70,7 +70,7 @@ The following commands will prompt for key passphrases if not specified in the e

 To stage updates for `osqueryd`:

-```
+```sh
 fleetctl updates add --target ./path/to/linux/osqueryd  --platform linux --name osqueryd --version 4.6.0 -t 4.6 -t 4 -t stable 
 ```

@ -80,7 +80,7 @@ In a typical scenario, each platform is staged before the repository is publishe

 Stage the equivalent macOS update:

-```
+```sh
 fleetctl updates add --target ./path/to/macos/osqueryd  --platform macos --name osqueryd --version 4.6.0 -t 4.6 -t 4 -t stable 
 ```

@ -94,13 +94,13 @@ Publishing updates is as simple as making the contents of the `repository` direc

 Python's `SimpleHTTPServer` can be used for quick local testing:

-```
+```sh
 cd repository && python -m SimpleHTTPServer
 ```

 Or, for Python version 3.0 and greater:

-```
+```sh
 cd repository && python -m http.server
 ```

@ -112,7 +112,7 @@ Fleetd verifies freshness of the update metadata using the signed [timestamp fil

 To update the timestamp metadata:

-```
+```sh
 fleetctl updates timestamp
 ```

@ -124,7 +124,7 @@ Note that `osqueryd` and `orbit` updates must be published before packages can b

 Record the root key metadata with a copy of the repository:

-```
+```sh
 fleetctl updates roots
 ```

@ -154,7 +154,7 @@ more in-depth discussion of the implications of key compromise in the TUF system

 To rotate (for example) the targets key:

-```
+```sh
 fleetctl updates rotate targets
 ```