diff --git a/docs/data-sources/account.md b/docs/data-sources/account.md
deleted file mode 100644
index f8d306d3a1db5f4c2899c8615e7c12481ab4f0bc..0000000000000000000000000000000000000000
--- a/docs/data-sources/account.md
+++ /dev/null
@@ -1,76 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_account Data Source - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  
----
-
-# smallstep_account (Data Source)
-
-
-
-
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Read-Only
-
-- `browser` (Attributes) Configuration to use a client certificate. (see [below for nested schema](#nestedatt--browser))
-- `ethernet` (Attributes) Configuration to connect a device to a protected LAN. (see [below for nested schema](#nestedatt--ethernet))
-- `id` (String) The ID of this resource.
-- `name` (String)
-- `vpn` (Attributes) Configuration to connect a device to a VPN. (see [below for nested schema](#nestedatt--vpn))
-- `wifi` (Attributes) Configuration to connect a device to a protected WiFi network. (see [below for nested schema](#nestedatt--wifi))
-
-<a id="nestedatt--browser"></a>
-### Nested Schema for `browser`
-
-
-<a id="nestedatt--ethernet"></a>
-### Nested Schema for `ethernet`
-
-Read-Only:
-
-- `autojoin` (Boolean)
-- `ca_chain` (String)
-- `external_radius_server` (Boolean)
-- `network_access_server_ip` (String)
-
-
-<a id="nestedatt--vpn"></a>
-### Nested Schema for `vpn`
-
-Read-Only:
-
-- `autojoin` (Boolean)
-- `connection_type` (String) Allowed values: `IPSec` `IKEv2` `SSL`
-- `ike` (Attributes) (see [below for nested schema](#nestedatt--vpn--ike))
-- `remote_address` (String)
-- `vendor` (String) Allowed values: `F5` `Cisco` `Juniper`
-
-<a id="nestedatt--vpn--ike"></a>
-### Nested Schema for `vpn.ike`
-
-Read-Only:
-
-- `ca_chain` (String)
-- `eap` (Boolean)
-- `remote_id` (String) Typically, the common name of the remote server. Defaults to the remote address.
-
-
-
-<a id="nestedatt--wifi"></a>
-### Nested Schema for `wifi`
-
-Read-Only:
-
-- `autojoin` (Boolean)
-- `ca_chain` (String)
-- `external_radius_server` (Boolean)
-- `hidden` (Boolean)
-- `network_access_server_ip` (String)
-- `ssid` (String)
-
-
diff --git a/docs/data-sources/attestation_authority.md b/docs/data-sources/attestation_authority.md
deleted file mode 100644
index fa884b5158c03dfbb2f65de06dbfe744e5f1fa4e..0000000000000000000000000000000000000000
--- a/docs/data-sources/attestation_authority.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_attestation_authority Data Source - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  An attestation authority used with the device-attest-01 ACME challenge to verify a device's hardware identity. This object is experimental and subject to change.
----
-
-# smallstep_attestation_authority (Data Source)
-
-An attestation authority used with the device-attest-01 ACME challenge to verify a device's hardware identity. This object is experimental and subject to change.
-
-## Example Usage
-
-```terraform
-data "smallstep_attestation_authority" "aa" {
-  id = "4958f125-8e2a-4c99-8c32-832b25e5569e"
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `id` (String) A UUID identifying this attestation authority. Read only.
-
-### Read-Only
-
-- `attestor_intermediates` (String) The pem-encoded list of intermediate certificates used to build a chain of trust to verify the attestation certificates submitted by devices.
-- `attestor_roots` (String) The pem-encoded list of certificates used to verify the attestation certificates submitted by devices.
-- `created_at` (String) Timestamp in RFC3339 format when the attestation authority was created.
-- `name` (String) The name of the attestation authority.
-- `root` (String) The pem-encoded root certificate of this attestation authority. This is generated server-side when the attestation authority is created. This certificate should be used in the `attestationRoots` field of an ACME_ATTESTATION provisioner with the `tpm` format.
-- `slug` (String) A short name for this attestation authority. Read only.
-
-
diff --git a/docs/data-sources/collection.md b/docs/data-sources/collection.md
deleted file mode 100644
index b7629e9ae1e78d8ba6865d66a92f133dc6041c90..0000000000000000000000000000000000000000
--- a/docs/data-sources/collection.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_collection Data Source - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  A collection of instances.
----
-
-# smallstep_collection (Data Source)
-
-A collection of instances.
-
-## Example Usage
-
-```terraform
-data "smallstep_collection" "tpms" {
-  slug = "tpms"
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `slug` (String) A lowercase name identifying the collection.
-
-### Optional
-
-- `schema_uri` (String) Reference to a schema that all instances in the collection must conform to.
-
-### Read-Only
-
-- `created_at` (String) Timestamp in RFC3339 format when the collections was created
-- `display_name` (String) A user-friendly name for the collection.
-- `instance_count` (Number) The number of instances in the collection.
-- `updated_at` (String) Timestamp in RFC3339 format when the collections was last updated
-
-
diff --git a/docs/data-sources/collection_instance.md b/docs/data-sources/collection_instance.md
deleted file mode 100644
index 0d592532db828583740aa18be505f10e972a11b3..0000000000000000000000000000000000000000
--- a/docs/data-sources/collection_instance.md
+++ /dev/null
@@ -1,37 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_collection_instance Data Source - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  An instance in a collection.
----
-
-# smallstep_collection_instance (Data Source)
-
-An instance in a collection.
-
-## Example Usage
-
-```terraform
-data "smallstep_collection_instance" "tpm1" {
-  collection_slug = "tpms"
-  id              = "urn:ek:sha256:RAzbOveN1Y45fYubuTxu5jOXWtOK1HbfZ7yHjBuWlyE="
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `collection_slug` (String) The slug of the collection this instance belongs to
-
-### Read-Only
-
-- `created_at` (String) Timestamp in RFC3339 format when the instance was added to the collection.
-- `data` (String) The instance data.
-- `id` (String) The ID of this resource.
-- `out_data` (String) The instance data.
-- `updated_at` (String) Timestamp in RFC3339 format when the instance was last changed.
-
-
diff --git a/docs/data-sources/device_collection_account.md b/docs/data-sources/device_collection_account.md
deleted file mode 100644
index 8eebf1530f334c53ee70a377ace566d18448e53f..0000000000000000000000000000000000000000
--- a/docs/data-sources/device_collection_account.md
+++ /dev/null
@@ -1,166 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_device_collection_account Data Source - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  The certificate details binding an account to a device collection.
----
-
-# smallstep_device_collection_account (Data Source)
-
-The certificate details binding an account to a device collection.
-
-
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `device_collection_slug` (String)
-- `slug` (String) Used as the identifier for the device collection account.
-
-### Optional
-
-- `account_id` (String) Identifier of the account.
-- `authority_id` (String) A UUID identifying the authority to issue certificates for the account on devices in the collection.
-- `certificate_data` (Attributes) (see [below for nested schema](#nestedatt--certificate_data))
-- `certificate_info` (Attributes) Details on a managed certificate. (see [below for nested schema](#nestedatt--certificate_info))
-- `display_name` (String) A friendly name for the device collection account. Also used as the Common Name, if no static SANs are provided.
-- `key_info` (Attributes) The attributes of the cryptographic key. (see [below for nested schema](#nestedatt--key_info))
-- `reload_info` (Attributes) The properties used to reload a service. (see [below for nested schema](#nestedatt--reload_info))
-
-<a id="nestedatt--certificate_data"></a>
-### Nested Schema for `certificate_data`
-
-Optional:
-
-- `common_name` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--common_name))
-- `country` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--country))
-- `locality` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--locality))
-- `organization` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organization))
-- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organizational_unit))
-- `postal_code` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--postal_code))
-- `province` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--province))
-- `sans` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--sans))
-- `street_address` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--street_address))
-
-<a id="nestedatt--certificate_data--common_name"></a>
-### Nested Schema for `certificate_data.common_name`
-
-Optional:
-
-- `device_metadata` (String)
-- `static` (String)
-
-
-<a id="nestedatt--certificate_data--country"></a>
-### Nested Schema for `certificate_data.country`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--locality"></a>
-### Nested Schema for `certificate_data.locality`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--organization"></a>
-### Nested Schema for `certificate_data.organization`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--organizational_unit"></a>
-### Nested Schema for `certificate_data.organizational_unit`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--postal_code"></a>
-### Nested Schema for `certificate_data.postal_code`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--province"></a>
-### Nested Schema for `certificate_data.province`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--sans"></a>
-### Nested Schema for `certificate_data.sans`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--street_address"></a>
-### Nested Schema for `certificate_data.street_address`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-
-<a id="nestedatt--certificate_info"></a>
-### Nested Schema for `certificate_info`
-
-Optional:
-
-- `crt_file` (String) The filepath where the certificate is to be stored.
-- `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration).
-- `gid` (Number) GID of the files where the certificate is stored.
-- `key_file` (String) The filepath where the key is to be stored.
-- `mode` (Number) Permission bits of the files where the certificate is stored.
-- `root_file` (String) The filepath where the root certificate is to be stored.
-- `type` (String) The type of certificate. Allowed values: `X509` `SSH_USER` `SSH_HOST`
-- `uid` (Number) UID of the files where the certificate is stored.
-
-
-<a id="nestedatt--key_info"></a>
-### Nested Schema for `key_info`
-
-Optional:
-
-- `format` (String) The format used to encode the private key. For X509 keys the default format is PKCS#8. The classic format is PKCS#1 for RSA keys, SEC 1 for ECDSA keys, and PKCS#8 for ED25519 keys. For SSH keys the default format is always the OPENSSH format. When a hardware module is used to store the keys the default will be a JSON representation of the key, except on Linux where tss2 will be used. Allowed values: `DEFAULT` `PKCS8` `OPENSSH` `TSS2` `CLASSIC`
-- `protection` (String) Whether to use a hardware module to store the private key for a workload certificate. If set to `NONE` no hardware module will be used. If set to `DEFAULT` a hardware module will only be used with format `TSS2`. `HARDWARE_WITH_FALLBACK` can only be used with the key format `DEFAULT`. Allowed values: `DEFAULT` `NONE` `HARDWARE` `HARDWARE_WITH_FALLBACK` `HARDWARE_ATTESTED`
-- `pub_file` (String) A CSR or SSH public key to use instead of generating one.
-- `type` (String) The key type used. The current DEFAULT type is ECDSA_P256. Allowed values: `DEFAULT` `ECDSA_P256` `ECDSA_P384` `ECDSA_P521` `RSA_2048` `RSA_3072` `RSA_4096` `ED25519`
-
-
-<a id="nestedatt--reload_info"></a>
-### Nested Schema for `reload_info`
-
-Optional:
-
-- `method` (String) Ways an endpoint can reload a certificate. `AUTOMATIC` means the process is able to detect and reload new certificates automatically. `CUSTOM` means a custom command must be run to trigger the workload to reload the certificates. `SIGNAL` will configure the agent to send a signal to the process in `pidFile`. `DBUS` will use the systemd system bus to issue a `try-reload-or-restart` job for unit specified by `unitName`. `PLATFORM` uses a method specific to the operating system. Allowed values: `AUTOMATIC` `CUSTOM` `SIGNAL` `DBUS` `PLATFORM`
-- `pid_file` (String) File that holds the pid of the process to signal. Required when method is SIGNAL.
-- `signal` (Number) The signal to send to a process when a certificate should be reloaded. Required when method is SIGNAL.
-- `unit_name` (String) The systemd unit name to reload when a certificate should be reloaded. Required when method is DBUS.
-
-
diff --git a/docs/resources/account.md b/docs/resources/account.md
deleted file mode 100644
index 7a9e650186a7142745ceb777caa769399028c81a..0000000000000000000000000000000000000000
--- a/docs/resources/account.md
+++ /dev/null
@@ -1,88 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_account Resource - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  
----
-
-# smallstep_account (Resource)
-
-
-
-
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `name` (String)
-
-### Optional
-
-- `browser` (Attributes) Configuration to use a client certificate. (see [below for nested schema](#nestedatt--browser))
-- `ethernet` (Attributes) Configuration to connect a device to a protected LAN. (see [below for nested schema](#nestedatt--ethernet))
-- `vpn` (Attributes) Configuration to connect a device to a VPN. (see [below for nested schema](#nestedatt--vpn))
-- `wifi` (Attributes) Configuration to connect a device to a protected WiFi network. (see [below for nested schema](#nestedatt--wifi))
-
-### Read-Only
-
-- `id` (String) The ID of this resource.
-
-<a id="nestedatt--browser"></a>
-### Nested Schema for `browser`
-
-
-<a id="nestedatt--ethernet"></a>
-### Nested Schema for `ethernet`
-
-Optional:
-
-- `autojoin` (Boolean)
-- `ca_chain` (String)
-- `external_radius_server` (Boolean)
-- `network_access_server_ip` (String)
-
-
-<a id="nestedatt--vpn"></a>
-### Nested Schema for `vpn`
-
-Required:
-
-- `connection_type` (String) Allowed values: `IPSec` `IKEv2` `SSL`
-- `remote_address` (String)
-
-Optional:
-
-- `autojoin` (Boolean)
-- `ike` (Attributes) (see [below for nested schema](#nestedatt--vpn--ike))
-- `vendor` (String) Allowed values: `F5` `Cisco` `Juniper`
-
-<a id="nestedatt--vpn--ike"></a>
-### Nested Schema for `vpn.ike`
-
-Optional:
-
-- `ca_chain` (String)
-- `eap` (Boolean)
-- `remote_id` (String) Typically, the common name of the remote server. Defaults to the remote address.
-
-
-
-<a id="nestedatt--wifi"></a>
-### Nested Schema for `wifi`
-
-Required:
-
-- `ssid` (String)
-
-Optional:
-
-- `autojoin` (Boolean)
-- `ca_chain` (String)
-- `external_radius_server` (Boolean)
-- `hidden` (Boolean)
-- `network_access_server_ip` (String)
-
-
diff --git a/docs/resources/attestation_authority.md b/docs/resources/attestation_authority.md
deleted file mode 100644
index c61937364297008ecaa7f1cf97e906f0a9a7ef22..0000000000000000000000000000000000000000
--- a/docs/resources/attestation_authority.md
+++ /dev/null
@@ -1,54 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_attestation_authority Resource - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  An attestation authority used with the device-attest-01 ACME challenge to verify a device's hardware identity. This object is experimental and subject to change.
----
-
-# smallstep_attestation_authority (Resource)
-
-An attestation authority used with the device-attest-01 ACME challenge to verify a device's hardware identity. This object is experimental and subject to change.
-
-## Example Usage
-
-```terraform
-resource "smallstep_collection" "tpms" {
-  slug = "tpms"
-}
-
-resource "smallstep_attestation_authority" "aa" {
-  name                   = "Foo Attest"
-  catalog                = smallstep_collection.tpms.slug
-  attestor_roots         = "-----BEGIN CERTIFICATE-----\n..."
-  attestor_intermediates = "----- BEGIN CERTIFICATE-----\n..."
-  depends_on             = [smallstep_collection.tpms]
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `attestor_roots` (String) The pem-encoded list of certificates used to verify the attestation certificates submitted by devices.
-- `name` (String) The name of the attestation authority.
-
-### Optional
-
-- `attestor_intermediates` (String) The pem-encoded list of intermediate certificates used to build a chain of trust to verify the attestation certificates submitted by devices.
-
-### Read-Only
-
-- `created_at` (String) Timestamp in RFC3339 format when the attestation authority was created.
-- `id` (String) A UUID identifying this attestation authority. Read only.
-- `root` (String) The pem-encoded root certificate of this attestation authority. This is generated server-side when the attestation authority is created. This certificate should be used in the `attestationRoots` field of an ACME_ATTESTATION provisioner with the `tpm` format.
-- `slug` (String) A short name for this attestation authority. Read only.
-
-## Import
-
-Import is supported using the following syntax:
-
-```shell
-terraform import smallstep_attestation_authority.aa 4958f125-8e2a-4c99-8c32-832b25e5569e
-```
diff --git a/docs/resources/authority.md b/docs/resources/authority.md
index d54f109e0fcf355f9718aeec0fac8f8d9283f3f3..ef53e70e77bc407b0fd51424d846086ccb76849e 100644
--- a/docs/resources/authority.md
+++ b/docs/resources/authority.md
@@ -110,7 +110,7 @@ Optional:
 
 - `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration).
 - `max_path_length` (Number)
-- `name_constraints` (Attributes) X509 certificate name constraints. (see [below for nested schema](#nestedatt--intermediate_issuer--name_constraints))
+- `name_constraints` (Attributes) X509 certificate name constratins. (see [below for nested schema](#nestedatt--intermediate_issuer--name_constraints))
 - `subject` (Attributes) Name used in x509 certificates (see [below for nested schema](#nestedatt--intermediate_issuer--subject))
 
 <a id="nestedatt--intermediate_issuer--name_constraints"></a>
@@ -160,7 +160,7 @@ Optional:
 
 - `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration).
 - `max_path_length` (Number)
-- `name_constraints` (Attributes) X509 certificate name constraints. (see [below for nested schema](#nestedatt--root_issuer--name_constraints))
+- `name_constraints` (Attributes) X509 certificate name constratins. (see [below for nested schema](#nestedatt--root_issuer--name_constraints))
 - `subject` (Attributes) Name used in x509 certificates (see [below for nested schema](#nestedatt--root_issuer--subject))
 
 <a id="nestedatt--root_issuer--name_constraints"></a>
diff --git a/docs/resources/collection.md b/docs/resources/collection.md
deleted file mode 100644
index 24bbcdc10562649fc04015df5626ba8bcdc8ad2f..0000000000000000000000000000000000000000
--- a/docs/resources/collection.md
+++ /dev/null
@@ -1,45 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_collection Resource - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  A collection of instances.
----
-
-# smallstep_collection (Resource)
-
-A collection of instances.
-
-## Example Usage
-
-```terraform
-resource "smallstep_collection" "tpms" {
-  slug = "tpms"
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `slug` (String) A lowercase name identifying the collection.
-
-### Optional
-
-- `display_name` (String) A user-friendly name for the collection.
-- `schema_uri` (String) Reference to a schema that all instances in the collection must conform to.
-
-### Read-Only
-
-- `created_at` (String) Timestamp in RFC3339 format when the collections was created
-- `instance_count` (Number) The number of instances in the collection.
-- `updated_at` (String) Timestamp in RFC3339 format when the collections was last updated
-
-## Import
-
-Import is supported using the following syntax:
-
-```shell
-terraform import smallstep_collection.devices devices
-```
diff --git a/docs/resources/collection_instance.md b/docs/resources/collection_instance.md
deleted file mode 100644
index eb8a143cbe9673626b3aa5e163279a116381d883..0000000000000000000000000000000000000000
--- a/docs/resources/collection_instance.md
+++ /dev/null
@@ -1,46 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_collection_instance Resource - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  An instance in a collection.
----
-
-# smallstep_collection_instance (Resource)
-
-An instance in a collection.
-
-## Example Usage
-
-```terraform
-resource "smallstep_collection_instance" "server1" {
-  id              = "urn:ek:sha256:RAzbOveN1Y45fYubuTxu5jOXWtOK1HbfZ7yHjBuWlyE="
-  data            = "{}"
-  collection_slug = smallstep_collection.tpms.slug
-  depends_on      = [smallstep_collection.tpms]
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `collection_slug` (String) The collection will be created implicitly if it does not exist.
-If creating this collection with a smallstep_collection resource in the same config you MUST use depends_on to avoid race conditions.
-- `data` (String) The instance data.
-
-### Read-Only
-
-- `created_at` (String) Timestamp in RFC3339 format when the instance was added to the collection.
-- `id` (String) The ID of this resource.
-- `out_data` (String) The instance data stored after any modifications made server-side. If the instance belongs to a device collection a host ID attribute will be added to the data.
-- `updated_at` (String) Timestamp in RFC3339 format when the instance was last changed.
-
-## Import
-
-Import is supported using the following syntax:
-
-```shell
-terraform import smallstep_collection_instance.device1 devicescollection/device1
-```
diff --git a/docs/resources/device_collection.md b/docs/resources/device_collection.md
deleted file mode 100644
index fad38eba5a0ed27c1958a927aef8b15cbb56304b..0000000000000000000000000000000000000000
--- a/docs/resources/device_collection.md
+++ /dev/null
@@ -1,152 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_device_collection Resource - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  Configuration to create a new device collection.
----
-
-# smallstep_device_collection (Resource)
-
-Configuration to create a new device collection.
-
-## Example Usage
-
-### GCP VM Device Collection with GCE Instance
-
-```terraform
-resource "smallstep_device_collection" "gcp" {
-  slug         = "gce"
-  display_name = "GCE"
-  device_type  = "gcp-vm"
-  gcp_vm = {
-    service_accounts = ["pki@prod-1234.iam.gserviceaccount.com"]
-  }
-  admin_emails = ["admin@example.com"]
-}
-
-data "google_compute_instance" "dbserver" {
-  name = "dbserver"
-  zone = "us-central1-b"
-}
-
-resource "smallstep_collection_instance" "dbserver" {
-  depends_on      = [smallstep_device_collection.gcp]
-  collection_slug = smallstep_device_collection.gcp.slug
-  id              = data.google_compute_instance.dbserver.instance_id
-  data = jsonencode({
-    "hostname"   = data.google_compute_instance.dbserver.name
-    "private_ip" = data.google_compute_instance.dbserver.network_interface.0.network_ip
-    "public_ip"  = data.google_compute_instance.dbserver.network_interface.0.access_config[0].nat_ip
-  })
-}
-```
-
-### TPM Device Collection
-
-```terraform
-resource "smallstep_device_collection" "tpm" {
-  slug         = "tmpservers"
-  display_name = "TPM Servers"
-  admin_emails = ["admin@example.com"]
-  device_type  = "tpm"
-  tpm = {
-    attestor_roots = file("${path.module}/root.crt")
-  }
-}
-```
-
-### EC2 Device Collection
-
-```terraform
-resource "smallstep_device_collection" "aws" {
-  slug         = "ec2west"
-  display_name = "EC2 West"
-  admin_emails = ["admin@example.com"]
-  device_type  = "aws-vm"
-  aws_vm = {
-    accounts            = ["0123456789"]
-    disable_custom_sans = false
-  }
-}
-```
-
-### Azure VM Device Collection
-
-```terraform
-resource "smallstep_device_collection" "azure" {
-  slug         = "azure"
-  display_name = "Azure VMs"
-  admin_emails = ["admin@example.com"]
-  device_type  = "azure-vm"
-  azure_vm = {
-    tenant_id           = "76543210"
-    resource_groups     = ["0123456789"]
-    disable_custom_sans = false
-    audience            = ""
-  }
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `authority_id` (String) A UUID identifying the authority to issue certificates for the agent running on devices in the collection.
-- `device_type` (String) Must match the deviceTypeConfiguration. Cannot be changed. Allowed values: `aws-vm` `azure-vm` `gcp-vm` `tpm`
-- `display_name` (String)
-- `slug` (String)
-
-### Optional
-
-- `aws_vm` (Attributes) Configuration for an AWS provisioner for a device collection of AWS VMs. (see [below for nested schema](#nestedatt--aws_vm))
-- `azure_vm` (Attributes) (see [below for nested schema](#nestedatt--azure_vm))
-- `gcp_vm` (Attributes) Configuration for the GCP provisioner for device collections of GCP instances. At least one service account or project ID must be set. (see [below for nested schema](#nestedatt--gcp_vm))
-- `tpm` (Attributes) Configuration for a device collection of machines with TPMs. (see [below for nested schema](#nestedatt--tpm))
-
-<a id="nestedatt--aws_vm"></a>
-### Nested Schema for `aws_vm`
-
-Required:
-
-- `accounts` (Set of String) The list of AWS account IDs that are allowed to use an AWS cloud provisioner.
-
-Optional:
-
-- `disable_custom_sans` (Boolean) By default custom SANs are valid, but if this option is set to `true` only the SANs available in the instance identity document will be valid. These are the private IP and the DNS ip-<private-ip>.<region>.compute.internal.
-
-
-<a id="nestedatt--azure_vm"></a>
-### Nested Schema for `azure_vm`
-
-Required:
-
-- `resource_groups` (Set of String) The list of resource group names that are allowed to use this provisioner.
-- `tenant_id` (String) The Azure account tenant ID for this provisioner. This ID is the Directory ID available in the Azure Active Directory properties.
-
-Optional:
-
-- `audience` (String) Defaults to https://management.azure.com/ but it can be changed if necessary.
-- `disable_custom_sans` (Boolean) By default custom SANs are valid, but if this option is set to `true` only the SANs available in the token will be valid, in Azure only the virtual machine name is available.
-
-
-<a id="nestedatt--gcp_vm"></a>
-### Nested Schema for `gcp_vm`
-
-Optional:
-
-- `disable_custom_sans` (Boolean) By default custom SANs are valid, but if this option is set to `true` only the SANs available in the instance identity document will be valid, these are the DNS `<instance-name>.c.<project-id>.internal` and `<instance-name>.<zone>.c.<project-id>.internal`.
-- `project_ids` (Set of String) The list of project identifiers that are allowed to use a GCP cloud provisioner.
-- `service_accounts` (Set of String) The list of service accounts that are allowed to use a GCP cloud provisioner.
-
-
-<a id="nestedatt--tpm"></a>
-### Nested Schema for `tpm`
-
-Optional:
-
-- `attestor_intermediates` (String) The pem-encoded list of intermediate certificates used to build a chain of trust to verify the attestation certificates submitted by agents. Ignored if the team already has an attestation authority.
-- `attestor_roots` (String) The pem-encoded list of certificates used to verify the attestation certificates submitted by agents. Ignored if the team already has an attestation authority. Required if the team does not already have an attestation authority.
-- `force_cn` (Boolean) Force one of the SANs to become the Common Name, if a Common Name is not provided.
-- `require_eab` (Boolean) Only ACME clients that have been preconfigured with valid EAB credentials will be able to create an account with this provisioner.
diff --git a/docs/resources/device_collection_account.md b/docs/resources/device_collection_account.md
deleted file mode 100644
index 6bc80c8e4808b38d140ecb31bf68a6a8abbc01fc..0000000000000000000000000000000000000000
--- a/docs/resources/device_collection_account.md
+++ /dev/null
@@ -1,178 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_device_collection_account Resource - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  The certificate details binding an account to a device collection.
----
-
-# smallstep_device_collection_account (Resource)
-
-The certificate details binding an account to a device collection.
-
-
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `account_id` (String) Identifier of the account.
-- `authority_id` (String) A UUID identifying the authority to issue certificates for the account on devices in the collection.
-- `certificate_data` (Attributes) (see [below for nested schema](#nestedatt--certificate_data))
-- `certificate_info` (Attributes) Details on a managed certificate. (see [below for nested schema](#nestedatt--certificate_info))
-- `device_collection_slug` (String)
-- `display_name` (String) A friendly name for the device collection account. Also used as the Common Name, if no static SANs are provided.
-- `key_info` (Attributes) The attributes of the cryptographic key. (see [below for nested schema](#nestedatt--key_info))
-- `slug` (String) Used as the identifier for the device collection account.
-
-### Optional
-
-- `reload_info` (Attributes) The properties used to reload a service. (see [below for nested schema](#nestedatt--reload_info))
-
-<a id="nestedatt--certificate_data"></a>
-### Nested Schema for `certificate_data`
-
-Required:
-
-- `common_name` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--common_name))
-
-Optional:
-
-- `country` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--country))
-- `locality` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--locality))
-- `organization` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organization))
-- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organizational_unit))
-- `postal_code` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--postal_code))
-- `province` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--province))
-- `sans` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--sans))
-- `street_address` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--street_address))
-
-<a id="nestedatt--certificate_data--common_name"></a>
-### Nested Schema for `certificate_data.common_name`
-
-Optional:
-
-- `device_metadata` (String)
-- `static` (String)
-
-
-<a id="nestedatt--certificate_data--country"></a>
-### Nested Schema for `certificate_data.country`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--locality"></a>
-### Nested Schema for `certificate_data.locality`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--organization"></a>
-### Nested Schema for `certificate_data.organization`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--organizational_unit"></a>
-### Nested Schema for `certificate_data.organizational_unit`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--postal_code"></a>
-### Nested Schema for `certificate_data.postal_code`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--province"></a>
-### Nested Schema for `certificate_data.province`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--sans"></a>
-### Nested Schema for `certificate_data.sans`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--street_address"></a>
-### Nested Schema for `certificate_data.street_address`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-
-<a id="nestedatt--certificate_info"></a>
-### Nested Schema for `certificate_info`
-
-Required:
-
-- `type` (String) The type of certificate. Allowed values: `X509` `SSH_USER` `SSH_HOST`
-
-Optional:
-
-- `crt_file` (String) The filepath where the certificate is to be stored.
-- `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration).
-- `gid` (Number) GID of the files where the certificate is stored.
-- `key_file` (String) The filepath where the key is to be stored.
-- `mode` (Number) Permission bits of the files where the certificate is stored.
-- `root_file` (String) The filepath where the root certificate is to be stored.
-- `uid` (Number) UID of the files where the certificate is stored.
-
-
-<a id="nestedatt--key_info"></a>
-### Nested Schema for `key_info`
-
-Required:
-
-- `format` (String) The format used to encode the private key. For X509 keys the default format is PKCS#8. The classic format is PKCS#1 for RSA keys, SEC 1 for ECDSA keys, and PKCS#8 for ED25519 keys. For SSH keys the default format is always the OPENSSH format. When a hardware module is used to store the keys the default will be a JSON representation of the key, except on Linux where tss2 will be used. Allowed values: `DEFAULT` `PKCS8` `OPENSSH` `TSS2` `CLASSIC`
-- `type` (String) The key type used. The current DEFAULT type is ECDSA_P256. Allowed values: `DEFAULT` `ECDSA_P256` `ECDSA_P384` `ECDSA_P521` `RSA_2048` `RSA_3072` `RSA_4096` `ED25519`
-
-Optional:
-
-- `protection` (String) Whether to use a hardware module to store the private key for a workload certificate. If set to `NONE` no hardware module will be used. If set to `DEFAULT` a hardware module will only be used with format `TSS2`. `HARDWARE_WITH_FALLBACK` can only be used with the key format `DEFAULT`. Allowed values: `DEFAULT` `NONE` `HARDWARE` `HARDWARE_WITH_FALLBACK` `HARDWARE_ATTESTED`
-- `pub_file` (String) A CSR or SSH public key to use instead of generating one.
-
-
-<a id="nestedatt--reload_info"></a>
-### Nested Schema for `reload_info`
-
-Required:
-
-- `method` (String) Ways an endpoint can reload a certificate. `AUTOMATIC` means the process is able to detect and reload new certificates automatically. `CUSTOM` means a custom command must be run to trigger the workload to reload the certificates. `SIGNAL` will configure the agent to send a signal to the process in `pidFile`. `DBUS` will use the systemd system bus to issue a `try-reload-or-restart` job for unit specified by `unitName`. `PLATFORM` uses a method specific to the operating system. Allowed values: `AUTOMATIC` `CUSTOM` `SIGNAL` `DBUS` `PLATFORM`
-
-Optional:
-
-- `pid_file` (String) File that holds the pid of the process to signal. Required when method is SIGNAL.
-- `signal` (Number) The signal to send to a process when a certificate should be reloaded. Required when method is SIGNAL.
-- `unit_name` (String) The systemd unit name to reload when a certificate should be reloaded. Required when method is DBUS.
-
-
diff --git a/docs/resources/workload.md b/docs/resources/workload.md
deleted file mode 100644
index 64df23e4cd6ede8b469304abdea5ccd780c2bd06..0000000000000000000000000000000000000000
--- a/docs/resources/workload.md
+++ /dev/null
@@ -1,304 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "smallstep_workload Resource - terraform-provider-smallstep"
-subcategory: ""
-description: |-
-  A workload represents anything that uses a certificate.
----
-
-# smallstep_workload (Resource)
-
-A workload represents anything that uses a certificate.
-
-## Example Usage
-
-### Generic Workload on EC2
-
-```terraform
-resource "smallstep_device_collection" "ec2_west" {
-  slug         = "ec2west"
-  display_name = "EC2 West"
-  device_type  = "aws-vm"
-  aws_vm = {
-    accounts = ["0123456789"]
-  }
-  admin_emails = ["admin@example.com"]
-}
-
-resource "smallstep_workload" "generic" {
-  depends_on             = [smallstep_device_collection.ec2_west]
-  workload_type          = "generic"
-  device_collection_slug = resource.smallstep_device_collection.ec2_west.slug
-  slug                   = "ec2generic"
-  display_name           = "Generic Workload"
-  admin_emails           = ["admin@example.com"]
-
-  certificate_info = {
-    type = "X509"
-  }
-
-  key_info = {
-    format = "DEFAULT"
-    type   = "ECDSA_P256"
-  }
-}
-```
-
-### Redis Workload with All Optionas
-
-```terraform
-resource "smallstep_workload" "redis" {
-  depends_on             = [smallstep_device_collection.ec2_west]
-  device_collection_slug = resource.smallstep_device_collection.ec2_west.slug
-  workload_type          = "redis"
-  slug                   = "redisec2west"
-  display_name           = "Redis EC2 West"
-  admin_emails           = ["admin@example.com"]
-
-  certificate_info = {
-    type      = "X509"
-    duration  = "168h"
-    crt_file  = "db.crt"
-    key_file  = "db.key"
-    root_file = "ca.crt"
-    uid       = 1001
-    gid       = 999
-    mode      = 256
-  }
-
-  hooks = {
-    renew = {
-      shell = "/bin/sh"
-      before = [
-        "echo renewing",
-      ]
-      after = [
-        "echo renewed",
-      ]
-      on_error = [
-        "echo failed renew",
-      ]
-    }
-    sign = {
-      shell = "/bin/bash"
-      before = [
-        "echo signing",
-      ]
-      after = [
-        "echo signed",
-      ]
-      on_error = [
-        "echo failed sign",
-      ]
-    }
-  }
-
-  key_info = {
-    format = "DEFAULT"
-    type   = "ECDSA_P256"
-  }
-
-  reload_info = {
-    method   = "SIGNAL"
-    pid_file = "db.pid"
-    signal   = 1
-  }
-}
-```
-
-<!-- schema generated by tfplugindocs -->
-## Schema
-
-### Required
-
-- `authority_id` (String) A UUID identifying the authority to issue certificates for the workload.
-- `certificate_data` (Attributes) (see [below for nested schema](#nestedatt--certificate_data))
-- `certificate_info` (Attributes) Details on a managed certificate. (see [below for nested schema](#nestedatt--certificate_info))
-- `device_collection_slug` (String) Slug of the device collection the workload will be added to.
-- `display_name` (String) A friendly name for the workload. Also used as the Common Name, if no static SANs are provided.
-- `key_info` (Attributes) The attributes of the cryptographic key. (see [below for nested schema](#nestedatt--key_info))
-- `slug` (String) Used as the identifier for the workload.
-
-### Optional
-
-- `hooks` (Attributes) The collection of commands to run when a certificate for a managed endpoint is signed or renewed. (see [below for nested schema](#nestedatt--hooks))
-- `reload_info` (Attributes) The properties used to reload a service. (see [below for nested schema](#nestedatt--reload_info))
-- `workload_type` (String) The type of workload being deployed.
-Possible values are `etcd` `generic` `git` `grafana` `haproxy` `httpd` `kafka` `mysql` `nginx` `nodejs` `postgres` `redis` `tomcat` and `zookeeper`. 
-Use `generic` for a basic certificate workload.
-
-<a id="nestedatt--certificate_data"></a>
-### Nested Schema for `certificate_data`
-
-Required:
-
-- `common_name` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--common_name))
-
-Optional:
-
-- `country` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--country))
-- `locality` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--locality))
-- `organization` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organization))
-- `organizational_unit` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--organizational_unit))
-- `postal_code` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--postal_code))
-- `province` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--province))
-- `sans` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--sans))
-- `street_address` (Attributes) (see [below for nested schema](#nestedatt--certificate_data--street_address))
-
-<a id="nestedatt--certificate_data--common_name"></a>
-### Nested Schema for `certificate_data.common_name`
-
-Optional:
-
-- `device_metadata` (String)
-- `static` (String)
-
-
-<a id="nestedatt--certificate_data--country"></a>
-### Nested Schema for `certificate_data.country`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--locality"></a>
-### Nested Schema for `certificate_data.locality`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--organization"></a>
-### Nested Schema for `certificate_data.organization`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--organizational_unit"></a>
-### Nested Schema for `certificate_data.organizational_unit`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--postal_code"></a>
-### Nested Schema for `certificate_data.postal_code`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--province"></a>
-### Nested Schema for `certificate_data.province`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--sans"></a>
-### Nested Schema for `certificate_data.sans`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-<a id="nestedatt--certificate_data--street_address"></a>
-### Nested Schema for `certificate_data.street_address`
-
-Optional:
-
-- `device_metadata` (List of String)
-- `static` (List of String)
-
-
-
-<a id="nestedatt--certificate_info"></a>
-### Nested Schema for `certificate_info`
-
-Required:
-
-- `type` (String) The type of certificate. Allowed values: `X509` `SSH_USER` `SSH_HOST`
-
-Optional:
-
-- `crt_file` (String) The filepath where the certificate is to be stored.
-- `duration` (String) The certificate lifetime. Parsed as a [Golang duration](https://pkg.go.dev/time#ParseDuration).
-- `gid` (Number) GID of the files where the certificate is stored.
-- `key_file` (String) The filepath where the key is to be stored.
-- `mode` (Number) Permission bits of the files where the certificate is stored.
-- `root_file` (String) The filepath where the root certificate is to be stored.
-- `uid` (Number) UID of the files where the certificate is stored.
-
-
-<a id="nestedatt--key_info"></a>
-### Nested Schema for `key_info`
-
-Required:
-
-- `format` (String) The format used to encode the private key. For X509 keys the default format is PKCS#8. The classic format is PKCS#1 for RSA keys, SEC 1 for ECDSA keys, and PKCS#8 for ED25519 keys. For SSH keys the default format is always the OPENSSH format. When a hardware module is used to store the keys the default will be a JSON representation of the key, except on Linux where tss2 will be used. Allowed values: `DEFAULT` `PKCS8` `OPENSSH` `TSS2` `CLASSIC`
-- `type` (String) The key type used. The current DEFAULT type is ECDSA_P256. Allowed values: `DEFAULT` `ECDSA_P256` `ECDSA_P384` `ECDSA_P521` `RSA_2048` `RSA_3072` `RSA_4096` `ED25519`
-
-Optional:
-
-- `protection` (String) Whether to use a hardware module to store the private key for a workload certificate. If set to `NONE` no hardware module will be used. If set to `DEFAULT` a hardware module will only be used with format `TSS2`. `HARDWARE_WITH_FALLBACK` can only be used with the key format `DEFAULT`. Allowed values: `DEFAULT` `NONE` `HARDWARE` `HARDWARE_WITH_FALLBACK` `HARDWARE_ATTESTED`
-- `pub_file` (String) A CSR or SSH public key to use instead of generating one.
-
-
-<a id="nestedatt--hooks"></a>
-### Nested Schema for `hooks`
-
-Optional:
-
-- `renew` (Attributes) A list of commands to run before and after a certificate is granted. (see [below for nested schema](#nestedatt--hooks--renew))
-- `sign` (Attributes) A list of commands to run before and after a certificate is granted. (see [below for nested schema](#nestedatt--hooks--sign))
-
-<a id="nestedatt--hooks--renew"></a>
-### Nested Schema for `hooks.renew`
-
-Optional:
-
-- `after` (List of String) List of commands to run after the operation.
-- `before` (List of String) List of commands to run before the operation.
-- `on_error` (List of String) List of commands to run when the operation fails.
-- `shell` (String) The shell to use to execute the commands.
-
-
-<a id="nestedatt--hooks--sign"></a>
-### Nested Schema for `hooks.sign`
-
-Optional:
-
-- `after` (List of String) List of commands to run after the operation.
-- `before` (List of String) List of commands to run before the operation.
-- `on_error` (List of String) List of commands to run when the operation fails.
-- `shell` (String) The shell to use to execute the commands.
-
-
-
-<a id="nestedatt--reload_info"></a>
-### Nested Schema for `reload_info`
-
-Required:
-
-- `method` (String) Ways an endpoint can reload a certificate. `AUTOMATIC` means the process is able to detect and reload new certificates automatically. `CUSTOM` means a custom command must be run to trigger the workload to reload the certificates. `SIGNAL` will configure the agent to send a signal to the process in `pidFile`. `DBUS` will use the systemd system bus to issue a `try-reload-or-restart` job for unit specified by `unitName`. `PLATFORM` uses a method specific to the operating system. Allowed values: `AUTOMATIC` `CUSTOM` `SIGNAL` `DBUS` `PLATFORM`
-
-Optional:
-
-- `pid_file` (String) File that holds the pid of the process to signal. Required when method is SIGNAL.
-- `signal` (Number) The signal to send to a process when a certificate should be reloaded. Required when method is SIGNAL.
-- `unit_name` (String) The systemd unit name to reload when a certificate should be reloaded. Required when method is DBUS.
diff --git a/examples/data-sources/smallstep_attestation_authority/data-source.tf b/examples/data-sources/smallstep_attestation_authority/data-source.tf
deleted file mode 100644
index 99c9d296ad19b081557c6879a2f750948337e776..0000000000000000000000000000000000000000
--- a/examples/data-sources/smallstep_attestation_authority/data-source.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-
-data "smallstep_attestation_authority" "aa" {
-  id = "4958f125-8e2a-4c99-8c32-832b25e5569e"
-}
diff --git a/examples/data-sources/smallstep_collection/data-source.tf b/examples/data-sources/smallstep_collection/data-source.tf
deleted file mode 100644
index 3844a75e9b6d818a93dd1b23af58aec00ec3431d..0000000000000000000000000000000000000000
--- a/examples/data-sources/smallstep_collection/data-source.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-
-data "smallstep_collection" "tpms" {
-  slug = "tpms"
-}
diff --git a/examples/data-sources/smallstep_collection_instance/data-source.tf b/examples/data-sources/smallstep_collection_instance/data-source.tf
deleted file mode 100644
index 9e3815b71037ec306f10185b014e4566d06b193a..0000000000000000000000000000000000000000
--- a/examples/data-sources/smallstep_collection_instance/data-source.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-
-data "smallstep_collection_instance" "tpm1" {
-  collection_slug = "tpms"
-  id              = "urn:ek:sha256:RAzbOveN1Y45fYubuTxu5jOXWtOK1HbfZ7yHjBuWlyE="
-}
diff --git a/examples/resources/smallstep_attestation_authority/import.sh b/examples/resources/smallstep_attestation_authority/import.sh
deleted file mode 100644
index be15dcce1889ce541f4a940e33f4dac315ed132d..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_attestation_authority/import.sh
+++ /dev/null
@@ -1 +0,0 @@
-terraform import smallstep_attestation_authority.aa 4958f125-8e2a-4c99-8c32-832b25e5569e
diff --git a/examples/resources/smallstep_attestation_authority/resource.tf b/examples/resources/smallstep_attestation_authority/resource.tf
deleted file mode 100644
index 7a6f9c9e66cabdd2f4f35cb5c78818c1250401c4..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_attestation_authority/resource.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-
-resource "smallstep_collection" "tpms" {
-  slug = "tpms"
-}
-
-resource "smallstep_attestation_authority" "aa" {
-  name                   = "Foo Attest"
-  catalog                = smallstep_collection.tpms.slug
-  attestor_roots         = "-----BEGIN CERTIFICATE-----\n..."
-  attestor_intermediates = "----- BEGIN CERTIFICATE-----\n..."
-  depends_on             = [smallstep_collection.tpms]
-}
diff --git a/examples/resources/smallstep_collection/import.sh b/examples/resources/smallstep_collection/import.sh
deleted file mode 100644
index 5f608ad64c4f8ae5066885da779451c6fd04f44d..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_collection/import.sh
+++ /dev/null
@@ -1 +0,0 @@
-terraform import smallstep_collection.devices devices
diff --git a/examples/resources/smallstep_collection/resource.tf b/examples/resources/smallstep_collection/resource.tf
deleted file mode 100644
index 7b2b0b4b54138f4c37eab4ed7c0c1c5e776230b5..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_collection/resource.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-
-resource "smallstep_collection" "tpms" {
-  slug = "tpms"
-}
diff --git a/examples/resources/smallstep_device_collection/aws.tf b/examples/resources/smallstep_device_collection/aws.tf
deleted file mode 100644
index 860cf42c224ff23a217cb02d9a8a65f263879a3f..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_device_collection/aws.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-
-resource "smallstep_device_collection" "aws" {
-  slug         = "ec2west"
-  display_name = "EC2 West"
-  admin_emails = ["admin@example.com"]
-  device_type  = "aws-vm"
-  aws_vm = {
-    accounts            = ["0123456789"]
-    disable_custom_sans = false
-  }
-}
diff --git a/examples/resources/smallstep_device_collection/azure.tf b/examples/resources/smallstep_device_collection/azure.tf
deleted file mode 100644
index b7af8891c7e51c766b2d5e786cdd5caf8565a9ef..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_device_collection/azure.tf
+++ /dev/null
@@ -1,13 +0,0 @@
-
-resource "smallstep_device_collection" "azure" {
-  slug         = "azure"
-  display_name = "Azure VMs"
-  admin_emails = ["admin@example.com"]
-  device_type  = "azure-vm"
-  azure_vm = {
-    tenant_id           = "76543210"
-    resource_groups     = ["0123456789"]
-    disable_custom_sans = false
-    audience            = ""
-  }
-}
diff --git a/examples/resources/smallstep_device_collection/provider.tf b/examples/resources/smallstep_device_collection/provider.tf
deleted file mode 100644
index 18392c1b8c4c4e7643575464b1aeb3e4969e123c..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_device_collection/provider.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-# This file is not shown in example docs but is used for testing
-terraform {
-  required_providers {
-    smallstep = {
-      source = "smallstep/smallstep"
-    }
-    google = {
-      source  = "hashicorp/google"
-      version = "5.2.0"
-    }
-  }
-}
-
-provider "smallstep" {}
-
-provider "google" {
-  project = "prod-1234"
-  region  = "us-central1"
-}
diff --git a/examples/resources/smallstep_device_collection/resource.tf b/examples/resources/smallstep_device_collection/resource.tf
deleted file mode 100644
index 1f1674c2b375dcabb77c73114171934c3a25b409..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_device_collection/resource.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-
-resource "smallstep_device_collection" "gcp" {
-  slug         = "gce"
-  display_name = "GCE"
-  device_type  = "gcp-vm"
-  gcp_vm = {
-    service_accounts = ["pki@prod-1234.iam.gserviceaccount.com"]
-  }
-  admin_emails = ["admin@example.com"]
-}
-
-data "google_compute_instance" "dbserver" {
-  name = "dbserver"
-  zone = "us-central1-b"
-}
-
-resource "smallstep_collection_instance" "dbserver" {
-  depends_on      = [smallstep_device_collection.gcp]
-  collection_slug = smallstep_device_collection.gcp.slug
-  id              = data.google_compute_instance.dbserver.instance_id
-  data = jsonencode({
-    "hostname"   = data.google_compute_instance.dbserver.name
-    "private_ip" = data.google_compute_instance.dbserver.network_interface.0.network_ip
-    "public_ip"  = data.google_compute_instance.dbserver.network_interface.0.access_config[0].nat_ip
-  })
-}
diff --git a/examples/resources/smallstep_device_collection/tpm.tf b/examples/resources/smallstep_device_collection/tpm.tf
deleted file mode 100644
index 8a9bfa0fb5a89709036193443311be8fa3d5ba03..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_device_collection/tpm.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-
-resource "smallstep_device_collection" "tpm" {
-  slug         = "tmpservers"
-  display_name = "TPM Servers"
-  admin_emails = ["admin@example.com"]
-  device_type  = "tpm"
-  tpm = {
-    attestor_roots = file("${path.module}/root.crt")
-  }
-}
diff --git a/examples/resources/smallstep_workload/redis.tf b/examples/resources/smallstep_workload/redis.tf
deleted file mode 100644
index 7ea1e0a7287797bd028fdd6372a05e4d19b7e53a..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_workload/redis.tf
+++ /dev/null
@@ -1,58 +0,0 @@
-
-resource "smallstep_workload" "redis" {
-  depends_on             = [smallstep_device_collection.ec2_west]
-  device_collection_slug = resource.smallstep_device_collection.ec2_west.slug
-  workload_type          = "redis"
-  slug                   = "redisec2west"
-  display_name           = "Redis EC2 West"
-  admin_emails           = ["admin@example.com"]
-
-  certificate_info = {
-    type      = "X509"
-    duration  = "168h"
-    crt_file  = "db.crt"
-    key_file  = "db.key"
-    root_file = "ca.crt"
-    uid       = 1001
-    gid       = 999
-    mode      = 256
-  }
-
-  hooks = {
-    renew = {
-      shell = "/bin/sh"
-      before = [
-        "echo renewing",
-      ]
-      after = [
-        "echo renewed",
-      ]
-      on_error = [
-        "echo failed renew",
-      ]
-    }
-    sign = {
-      shell = "/bin/bash"
-      before = [
-        "echo signing",
-      ]
-      after = [
-        "echo signed",
-      ]
-      on_error = [
-        "echo failed sign",
-      ]
-    }
-  }
-
-  key_info = {
-    format = "DEFAULT"
-    type   = "ECDSA_P256"
-  }
-
-  reload_info = {
-    method   = "SIGNAL"
-    pid_file = "db.pid"
-    signal   = 1
-  }
-}
diff --git a/examples/resources/smallstep_workload/resource.tf b/examples/resources/smallstep_workload/resource.tf
deleted file mode 100644
index 5e1b6e75258a0316b8a46d048cd624f95bfa1d6f..0000000000000000000000000000000000000000
--- a/examples/resources/smallstep_workload/resource.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-
-resource "smallstep_device_collection" "ec2_west" {
-  slug         = "ec2west"
-  display_name = "EC2 West"
-  device_type  = "aws-vm"
-  aws_vm = {
-    accounts = ["0123456789"]
-  }
-  admin_emails = ["admin@example.com"]
-}
-
-resource "smallstep_workload" "generic" {
-  depends_on             = [smallstep_device_collection.ec2_west]
-  workload_type          = "generic"
-  device_collection_slug = resource.smallstep_device_collection.ec2_west.slug
-  slug                   = "ec2generic"
-  display_name           = "Generic Workload"
-  admin_emails           = ["admin@example.com"]
-
-  certificate_info = {
-    type = "X509"
-  }
-
-  key_info = {
-    format = "DEFAULT"
-    type   = "ECDSA_P256"
-  }
-}
diff --git a/templates/resources/device_collection.md.tmpl b/templates/resources/device_collection.md.tmpl
deleted file mode 100644
index ba168da0697e4073764039430ac3c4462ec92f90..0000000000000000000000000000000000000000
--- a/templates/resources/device_collection.md.tmpl
+++ /dev/null
@@ -1,39 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
-subcategory: ""
-description: |-
-{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
----
-
-# {{.Name}} ({{.Type}})
-
-{{ .Description | trimspace }}
-
-## Example Usage
-
-### GCP VM Device Collection with GCE Instance
-
-{{ tffile "examples/resources/smallstep_device_collection/resource.tf" }}
-
-### TPM Device Collection
-
-{{ tffile "examples/resources/smallstep_device_collection/tpm.tf" }}
-
-### EC2 Device Collection
-
-{{ tffile "examples/resources/smallstep_device_collection/aws.tf" }}
-
-### Azure VM Device Collection
-
-{{ tffile "examples/resources/smallstep_device_collection/azure.tf" }}
-
-{{ .SchemaMarkdown | trimspace }}
-
-{{- if .HasImport }}
-## Import
-
-Import is supported using the following syntax:
-
-{{ codefile "examples/resources/smallstep_device_collection/import.sh" }}
-{{- end }}
diff --git a/templates/resources/workload.md.tmpl b/templates/resources/workload.md.tmpl
deleted file mode 100644
index a7e58b02f2e26749d6c1c24ec072a0b0115e32c0..0000000000000000000000000000000000000000
--- a/templates/resources/workload.md.tmpl
+++ /dev/null
@@ -1,31 +0,0 @@
----
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
-subcategory: ""
-description: |-
-{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
----
-
-# {{.Name}} ({{.Type}})
-
-{{ .Description | trimspace }}
-
-## Example Usage
-
-### Generic Workload on EC2
-
-{{ tffile "examples/resources/smallstep_workload/resource.tf" }}
-
-### Redis Workload with All Optionas
-
-{{ tffile "examples/resources/smallstep_workload/redis.tf" }}
-
-{{ .SchemaMarkdown | trimspace }}
-
-{{- if .HasImport }}
-## Import
-
-Import is supported using the following syntax:
-
-{{ codefile "examples/resources/smallstep_workload/import.sh" }}
-{{- end }}