Commit graph

5083 commits

Author SHA1 Message Date
Alexander Scheel 04bb7eef15
Update transit public keys for Ed25519 support (#20727)
* Refine documentation for public_key

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Support additional key types in importing version

This originally left off the custom support for Ed25519 and RSA-PSS
formatted keys that we've added manually.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add support for Ed25519 keys

Here, we prevent importing public-key only keys with derived Ed25519
keys. Notably, we still allow import of derived Ed25519 keys via private
key method, though this is a touch weird: this private key must have
been packaged in an Ed25519 format (and parseable through Go as such),
even though it is (strictly) an HKDF key and isn't ever used for Ed25519.

Outside of this, importing non-derived Ed25519 keys works as expected.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key only export method to Transit

This allows the existing endpoints to retain private-key only, including
empty strings for versions which lack private keys. On the public-key
endpoint, all versions will have key material returned.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for exporting via public-key interface

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key export option to docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-24 11:26:35 -04:00
Tom Proctor e41119d5f4
Docs: Updates for latest Vault CSI Provider releases (#20721) 2023-05-24 13:07:00 +01:00
Peter Wilson 5eb03f785e
Docs: audit - add warning when disabling device regarding HMAC (#20715)
* added note to warn of potential issues in disabling audit when using HMAC

* added to command docs pages too
2023-05-23 14:55:55 +01:00
claire bontempo f4793cdca1
remove paragraph (#20709) 2023-05-22 16:14:17 -04:00
Mike Palmiotto dc8d2af2d8
Add current_billing_period activity endpoint param (#20694)
* Add current_billing_period activity endpoint param

This commit introduces a new parameter: `current_billing_period`, which
can be used in lieu of `start_time` and `end_time` options.

GET ... /sys/internal/counters/activity?current_billing_period=true now
results in a response which contains the full billing period
information.

* changelog

* Update internal counters docs
2023-05-22 09:22:45 -04:00
Christopher Swenson f80a73d0fe
docs: Traditional HA standby nodes do *not* serve read requests directly (#20687) 2023-05-19 13:00:57 -07:00
Violet Hynes a47c0c7073
VAULT-15546 First pass at Vault Proxy docs (#20578)
* VAULT-15546 First pass at Vault Proxy docs

* VAULT-15546 correct errors

* VAULT-15546 fully qualify paths

* VAULT-15546 remove index

* VAULT-15546 Some typos and clean up

* VAULT-15546 fix link

* VAULT-15546 Add redirects so old links stay working

* VAULT-15546 more explicit redirects

* VAULT-15546 typo fixes

* Suggestions for Vault Agent & Vault Proxy docs (#20612)

* Rename 'agentandproxy' to 'agent-and-proxy' for better URL

* Update the index pages for each section

* VAULT-15546 fix link typo

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-19 13:11:39 -04:00
Equus quagga 0750d31a4c
Added a note to remove-peer (#20583)
* Update raft.mdx

* Update website/content/docs/commands/operator/raft.mdx

Co-authored-by: Josh Black <raskchanky@gmail.com>

---------

Co-authored-by: Josh Black <raskchanky@gmail.com>
2023-05-19 12:21:30 +02:00
Equus quagga 5ff1bfc1e8
Update docs/secrets/databases/mssql.mdx (#20623)
Added a note in the `Example for Azure SQL Database` section stating that we only support SQL auth and no Azure AD auth.
2023-05-18 19:33:55 -07:00
l-with d1d3d697da
Add possibility to decode generated encoded root token to api (#20595) 2023-05-18 15:18:19 -04:00
Jonathan Frappier 03a684eb7e
Add root protected endpoint table (#20650)
* Add root protected endpoint table

* Fix heading case
2023-05-18 11:53:22 -04:00
Luis (LT) Carbonell 95e6723aa9
Correct Default for MaximumPageSize (#20453)
* default max page size for config

* Add changelog

* update test int to *int

* add testing defaults

* update default to -1, i.e. dont paginate

* update test

* Add error message for invalid search

* Make 0 the default

* cleanup

* Add to known issues doc

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.12.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Add workaround to docs

* Update changelog/20453.txt

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

---------

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-05-17 20:56:53 +00:00
Stefano Cattonar 023d847182
Fixed a typo in the "Environment Variable Example" because it was generating a parsing error (#20574)
Fixed a typo in the "Environment Variable Example" because it was generating a parsing error:

template server error: error="(dynamic): execute: template: :2:30: executing \"\" at <.Data.data.payments_api_key>: can't evaluate field data in type *dependency.Secret"
2023-05-12 22:34:51 +00:00
Josh Black 8c08ac8df4
add undo logs metrics to docs (#20568) 2023-05-11 18:28:25 -07:00
Rowan Smith 57af313dc8
Update server.mdx (#19881)
added a note detailing that usage of `-log-file` functions as an additional output, does not replace journald / stdout
2023-05-11 17:18:55 -07:00
Gabriel Santos 05f3236c15
Provide public key encryption via transit engine (#17934)
* import rsa and ecdsa public keys

* allow import_version to update public keys - wip

* allow import_version to update public keys

* move check key fields into func

* put private/public keys in same switch cases

* fix method in UpdateKeyVersion

* move asymmetrics keys switch to its own method - WIP

* test import public and update it with private counterpart

* test import public keys

* use public_key to encrypt if RSAKey is not present and failed to decrypt
if key version does not have a private key

* move key to KeyEntry parsing from Policy to KeyEntry method

* move extracting of key from input fields into helper function

* change back policy Import signature to keep backwards compatibility and
add new method to import private or public keys

* test import with imported public rsa and ecdsa keys

* descriptions and error messages

* error messages, remove comments and unused code

* changelog

* documentation - wip

* suggested changes - error messages/typos and unwrap public key passed

* fix unwrap key error

* fail if both key fields have been set

* fix in extractKeyFromFields, passing a PolicyRequest wouldn't not work

* checks for read, sign and verify endpoints so they don't return errors when a private key was not imported and tests

* handle panic on "export key" endpoint if imported key is public

* fmt

* remove 'isPrivateKey' argument from 'UpdateKeyVersion' and
'parseFromKey' methods

also: rename 'UpdateKeyVersion' method to 'ImportPrivateKeyForVersion' and 'IsPublicKeyImported' to 'IsPrivateKeyMissing'

* delete 'RSAPublicKey' when private key is imported

* path_export: return public_key for ecdsa and rsa when there's no private key imported

* allow signed data validation with pss algorithm

* remove NOTE comment

* fix typo in EC public key export where empty derBytes was being used

* export rsa public key in pkcs8 format instead of pkcs1 and improve test

* change logic on how check for is private key missing is calculated

---------

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-11 11:56:46 +00:00
Jonathan Frappier 82427e355f
Add requested generated secret example (#20556)
* Add requested generated secret example

* Fix code block types

* Update website/content/docs/secrets/kv/kv-v1.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/kv/kv-v2.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-10 18:21:26 -04:00
Jens Hofmann b8ac5ec2da
Update elasticdb.mdx (#20437)
* Update elasticdb.mdx

Remove success message of vault write operations from text blocks to better support copy&paste to console

* Update code block types

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-04 16:17:57 -07:00
Alex Cahn 976881954a
Update interoperability-matrix.mdx (#20501)
* Update interoperability-matrix.mdx

* Update interoperability-matrix.mdx

Added MySQL as well
2023-05-04 08:58:00 -07:00
Alexander Scheel c1bc341b88
Add note about cross-cluster write failures (#20506)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-04 13:05:14 +00:00
claire bontempo 00e43b88b4
fix typo (#20473) 2023-05-02 19:29:14 +00:00
Yoko Hyakuna a56e4ca96a
Fix the title header - What is Vault (#20465) 2023-05-02 11:29:36 -07:00
marcin-kulik fda0a731fc
Update installation.mdx (#17954) 2023-05-02 13:34:42 -04:00
Jonathan Frappier 3c6e130ca2
Add HCP tabs, apply Vale suggestions, fix heading case (#20361)
* Add HCP tabs, apply Vale suggestions, fix heading case

* Apply feedback

* Apply PM feedback

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-01 11:56:16 -04:00
Josh Black 1d307d48b6
Clarify origin of ID parameter for path filter creation (#20415)
* Clarify origin of ID parameter for path filter creation

* add additional note

* add additional info
2023-05-01 08:34:03 -07:00
Alexander Scheel 32a7f8250a
Update to tidy status and docs (#20442)
* Add missing tidy-status state values

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on auto-tidy reading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing tidy status field revocation_queue_safety_buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Include pause_duration in tidy-status docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add date of last auto-tidy operation to status

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-01 14:26:29 +00:00
Alexander Scheel 91481143af
Show existing keys, issuers on PKI import (#20441)
* Add additional existing keys response field

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for validating existing keys

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update docs for import to include new fields

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-05-01 14:07:31 +00:00
Yoko Hyakuna ad96cf88e8
Update the command output example (#20427) 2023-04-28 13:46:20 -07:00
Jason Peng 2a954ef072
Updated the HA Upgrade Instructions (#20206)
* Update index.mdx

Updated instructions for Vault Upgrade HA

* Create vault-ha-upgrade.mdx

Moved HA Vault upgrade instruction to a new page and added a Note for disabling automated upgrade procedure

* Add the new vault-ha-upgrade page to the side menu

* Format and wording edits

* Remove extra paracentesis

* Fix a typo

* Change the title appears on the navigation

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-28 10:54:53 -07:00
Tom Proctor 767dc6283f
docs: Set uniform supported Kubernetes versions for all integrations (#20010) 2023-04-28 10:33:37 +01:00
Ben Ash 2f63318cea
api-docs/pki: common_name is no longer required. (#20403) 2023-04-27 16:11:49 -04:00
Yoko Hyakuna 155a32fc77
Fix the GDPR link (#20382) 2023-04-27 08:57:23 -07:00
Josh Black 80a9d7d4ce
Correct an oversight re: skip_flush in the docs (#20383) 2023-04-26 17:30:09 -07:00
Brian Shumate 7fcdb23376
Docs: DR replication API updates (#20373)
* Docs: DR replication API updates

- Add clarification for secondary_public_key parameter
- Update section header

* During activation
2023-04-26 16:15:46 -07:00
Braulio Gomes Rodrigues 627fe60044
Vault change doc main couchbase (#20314)
* changing chouchbase host variable

* Alterando linha 82 couchbase

* Changing couchbase host address in main document
2023-04-25 10:21:25 -07:00
miagilepner 7d631cb44f
VAULT-15791: Update docs to use vault-java-driver fork (#20316) 2023-04-25 11:08:05 +02:00
Nick Cabatoff 3ddb69bd2b
Fix docs-nav-data.json that I broke in #20312 (#20322) 2023-04-24 13:10:53 -04:00
Nick Cabatoff 4d42b08644
Add guidelines for agent/server version compatibility (#20312) 2023-04-24 11:49:50 -04:00
Braulio Gomes Rodrigues 03fa9432a4
changing chouchbase host variable (#19812)
* changing chouchbase host variable

* Alterando linha 82 couchbase
2023-04-24 13:56:56 +00:00
Josh Black 4b9599fddb
update website docs for new update-primary mode (#20302) 2023-04-21 15:21:28 -07:00
John Children bebe6dcaa0
Docs: Fix k8s injector templating example (#20271)
From every other example I can find, the secret name in the template should match the one in the inject annotation. Indeed the same example appears in the examples page.

https://github.com/hashicorp/vault/blob/main/website/content/docs/platform/k8s/injector/examples.mdx#patching-existing-pods
2023-04-21 17:12:13 +00:00
melmus c5d10e0b8b
doc/Update service_registration if use Vault HA (#19920)
* Update service_registration if use Vault HA

* Update protocol

* Minor updates for style consistency

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-21 17:04:25 +00:00
Luis (LT) Carbonell d308c31cbf
Add Configurable LDAP Max Page Size (#19032)
* Add config flag for LDAP max page size

* Add changelog

* move changelog to correct file

* cleanup

* Default to non-paged searching for with -1

* Update website/content/api-docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update tests

---------

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-04-20 20:39:27 +00:00
Austin Gebauer eaf67b7c0e
Add OIDC provider docs for IBM ISAM (#19247)
* Add OIDC provider docs for IBM ISAM

* Add changelog, api docs and docs-nav-data

---------

Co-authored-by: Benjamin Voigt <benjamin.voigt@god.dev>
2023-04-20 11:30:59 -07:00
Hugo Puntos dae5489787
Fix link for the tutorial about Key Management Secrets Engine with GCP Cloud KMS (#19418) 2023-04-19 12:43:21 -04:00
Jason O'Donnell b5822e612b
cli/namespace: add detailed flag to namespace list (#20243)
* cli/namespace: add detailed flag to namespace list

* changelog
2023-04-19 09:31:51 -04:00
Sohil Kaushal 5424eb2e8f
docs(postgresql): Update Postgresql SE API doco (#19931)
* docs(postgresql): Update Postgresql SE API doco

Update the postgresql secret engine API docs to include some "caveats"
of the pgx library. In particular, this enhances the docs to inform the
user that if any sslcreds are supplied as a part of the Database
connection string, the user/vault admin will need to ensure that the
certificates are present at those paths.

* Chore: fixup minor error with db docs

* Keep the language simple

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-19 00:17:44 +00:00
Yoko Hyakuna e7a43f86ba
[Docs] Mark the 'policies' parameter as deprecated for tokens (#20238)
* Mark the 'policies' parameter as deprecated

* Update website/content/partials/tokenfields.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

---------

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2023-04-18 23:55:05 +00:00
Tom Proctor f2d8762679
Docs: CSI encoding config released in v1.3.0 (#20237) 2023-04-18 23:55:25 +01:00
Nathan Handler ad1c669d4b
Fix Indentation in Kubernetes Auth Example (#20216)
In the Kubernetes Auth Code Example, the indentation for the `auth` import is off, causing it to not be indented the same amount as the previous `vault` import. This change ensures that both imports use the same indentation.
2023-04-18 15:23:25 -07:00
Yura Shutkin 7de8a3bc31
Update wrapping-unwrap.mdx (#20109)
* Update wrapping-unwrap.mdx

It is possible to unwrap data without authentication in Vault. I've added an example of a curl request.

* Add changelog record
2023-04-18 14:20:27 -07:00
Jason O'Donnell bb82c679ad
docs/debug: add example policy for debug command (#20232) 2023-04-18 14:17:19 -04:00
Max Bowsher 91abc177bb
Minor follow-ups to #16865 (#20220)
* Minor follow-ups to #16865

Fix PKI issuer upgrade logic when upgrading to 1.12 or later, to
actually turn off the issuer crl-signing usage when it intended to.

Fix minor typo in docs.

* changelog
2023-04-18 07:39:05 -04:00
Milena Zlaticanin 42400699c0
add missing mongodb atlas fields to the docs (#20207) 2023-04-17 14:10:07 -07:00
Niranjan Shrestha adbfffc47b
Update userpass.mdx (#20121)
* Update userpass.mdx

vault write auth/userpass/users/mitchellh password=foo policies=admins
in the path "userpass" is actually a path, if custom path is defined, custom path need to used, instead of userpass.

* Add extra description

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-17 16:52:13 +00:00
Scott Miller 5be4d61d13
Add documentation for cert auth OCSP checking (#18064) 2023-04-13 18:33:21 +00:00
Jason O'Donnell ec9e08c931
sdk/ldaputil: add connection_timeout configurable (#20144)
* sdk/ldaputil: add connection_timeout configurable

* changelog

* Update doc

* Fix test

* Change default to 30s
2023-04-13 12:43:28 -04:00
Josh Black cf20bb9233
Add additional clarity around autopilot upgrade versions (#20129) 2023-04-12 17:21:50 -07:00
James King 0b6327eda9
Potentially Malicious Link (#20114)
* Potentially Malicious Link

The current link redirects to a personal beauty sales site.

* Create 20114.txt
2023-04-12 20:23:41 +00:00
Matt Schultz 2310e13cf1
Update docs to include specifics and caveats around Transit Managed Keys support. (#20099) 2023-04-12 12:19:25 -05:00
Mike Palmiotto 1b5d527521
api: Add reporting fields to activitylog config endpoint (#20086)
This PR adds the internal reporting state to the
`internal/counters/config` read endpoint:
* reporting_enabled
* billing_start_timestamp
2023-04-12 12:02:28 -04:00
Violet Hynes 918d1001e0
Docs: remove use_auto_auth token from cache docs (#20111) 2023-04-12 13:26:36 +00:00
Yoko Hyakuna 0b3f24a2d8
Update the HTTP verb for consistency (#20056) 2023-04-11 13:35:06 -07:00
Austin Gebauer 787c5971ab
docs/oidc: fixes Azure user.read permission link (#20079) 2023-04-11 11:34:38 -07:00
Jonathan Frappier 6980579388
Fix list formatting (#20076) 2023-04-11 09:25:12 -07:00
John-Michael Faircloth 8a4e50fa64
secrets/openldap: add creds/ endpoint to API docs (#19973) 2023-04-11 08:42:50 -05:00
Yoko Hyakuna de1eeffdcf
[Docs] Add tutorial links to install doc (#20051)
* Add tutorial links for additional guidance

* Removed extra space
2023-04-10 08:52:48 -07:00
Christopher Swenson 43912fe0e2
Update docs for Helm 0.24.0 release (#20049)
Release: https://github.com/hashicorp/vault-helm/releases/tag/v0.24.0
2023-04-07 14:03:43 -07:00
Kyle Schochenmaier c3ef3d9c3f
add upgrade documentation around STS lease_duration issue (#20011)
* add upgrade documentation around STS lease_duration issue

Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>
2023-04-07 17:34:42 +00:00
Andreas Gruhler 0036a35c58
Update helm.mdx (#20020)
I was wondering why the default VaultAuth CR was not created. It was due the fact that I copy/pasted the snippet from the docs here, which has the wrong key.
2023-04-07 09:31:08 -07:00
ram-parameswaran 29182ae562
update index.mdx with correct installation doc ref (#19932)
* update index.mdx with correct installation doc ref

update index.mdx with installation doc ref to point to the right installation.mdx path

* Update installation ref

Update installation ref

* Update index ref without relative path

Update installation doc index ref without relative path
2023-04-07 08:48:23 -07:00
Brian Shumate 29fdfeeb04
API docs: update Transit restore payload example (#20032)
- Correct JSON payload example
2023-04-07 08:14:43 -04:00
Chip Stepowski 8cd90fc1e2
Update Create Role heading to Create/Update Role (#20000)
The subheading states you can update a named role but for navigation purposes I think it would also make sense to add it to the heading too.
2023-04-06 11:42:22 +01:00
Florin Cătălin Țiucra-Popa 59d3f5110d
Update create.mdx (#19981)
Add the missing Command Option `-wrap-ttl`
2023-04-05 17:54:07 +02:00
Yoko Hyakuna f649c9e20c
Updated the example config with api_addr parameter (#19985) 2023-04-04 17:58:08 -07:00
Yoko Hyakuna e90d94b97e
Extends the PR19488 (#19928) 2023-04-04 14:52:57 -07:00
Theron Voran 74d87239af
docs/vault-k8s: example using pkiCert and writeToFile (#19926)
Adding an example of using pkiCert and writeToFile to write cert and
key files from a template.

---------

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-04-03 16:39:26 -07:00
Alain Chiasson 9ee73e38fb
Update replication-dr.mdx (#19604)
In testing, disabling the dr secondary requires a DR Operations token, not a vault token.
2023-04-03 13:35:16 -04:00
Alexander Scheel a94541080f
Clarify that other operations run while tidy is paused (#19914)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-31 16:09:37 -04:00
Mark Lewis d90f6daee9
Update kubernetes.mdx (#19567)
Correct 2 typos
2023-03-30 16:42:25 -07:00
Anthony Burke 95472e0ae5
fixes oracle plugin whitespace (#19470) 2023-03-30 16:40:25 -07:00
Chip Stepowski 256e20e862
Added note about Autopilot default values. (#19515)
* Added note about Autopilot default values.

* Update website/content/docs/concepts/integrated-storage/autopilot.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-03-30 16:30:29 -07:00
Peter Wilson 538e66ffea
Add available types to API documentation for enable audit (#19850) 2023-03-30 15:30:35 +00:00
Kit Haines d2ecf8ffc5
Add PKI-CLI to docs (#19669)
* Add pki-cli docs.

* Tiny updates.

* Whitespace fix, include description

* Closing-tags.

* Update website/content/docs/commands/pki/verify-sign.mdx

Title Code as Shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

Title More Code as Shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/list-intermediates.mdx

Title code block as shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/issue.mdx

Title code-block as shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Apply suggestions from code review

Label Code-Blocks as Shell-Session

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Apply suggestions from code review

Comma and Period Changes.

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Apply suggestions from code review

ascheels highlighting-1

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix highlighting throughout.

* Update website/content/docs/commands/pki/list-intermediates.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

Clarifying note on why unknown fields might be there.

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

cipherboy request

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add Key-ID RFC link.

* k=v add link

* correct link

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-30 07:31:48 -04:00
Theron Voran f0391962a2
docs/vault-secrets-operator: update for beta install (#19835)
Update the helm commands to work with the beta release.
2023-03-29 22:51:34 +00:00
Brian Shumate f4fbca8050
Docs: API: Update token_period description (#19821)
- Clarify token_period per feedback in SPE-34
2023-03-29 13:53:16 -07:00
Ben Ash 7322dd952b
Add vault-secrets-operator beta docs. (#19827)
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2023-03-29 20:33:06 +00:00
Robert 71071fd954
docs: Change wording for AssumeRole permissions in AWS secrets (#19823)
Co-authored-by: wernerwws <wernerwws@users.noreply.github.com>
2023-03-29 13:03:26 -05:00
Raymond Ho 554674fb59
add docs for VAULT_RUN_MODE (#19808) 2023-03-28 21:18:45 -07:00
Victor Rodriguez bd76f6c539
Update Vault PKCS#11 Provider documentation for v0.2.0. (#19783) 2023-03-28 14:57:45 -04:00
Anton Averchenkov 41466b9eca
docs: Fix duration format link in kv-v2 docs page (#19768) 2023-03-27 13:18:25 -04:00
Raymond Ho f725e151b8
add warning for vault lambda extension cache ttl (#19738) 2023-03-24 23:37:38 +00:00
ram-parameswaran f491cc8225
Update username template description for AWS (#19690)
Update username template description for AWS by calling out what DisplayName and PolicyName actually are placeholders for
2023-03-23 19:56:55 -07:00
Yoko Hyakuna 11a748de4a
Add OpenAPI Go and C# (#18896)
* Add OpenAPI Go and C#

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Add code sample links for OpenAPI-based Go and .NET

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Remove command flags that are no longer needed

* Fix 'OpenAPI C#' > 'OpenAPI .NET'

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

---------

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Co-authored-by: AnPucel <adiroff@hashicorp.com>
2023-03-23 16:04:50 -07:00
Rowan Smith 8627b8aca5
Update tcp.mdx (#19546)
expand the info for using x-forwarded-for option
2023-03-23 15:59:42 -07:00
Yoko Hyakuna af842e2cee
Fix the title parsing error (#19685) 2023-03-22 20:35:35 -07:00
Luis (LT) Carbonell 91e04109be
add clarifying statement for pkcs11 support (#19673) 2023-03-22 12:40:23 -04:00
ram-parameswaran b24115cf1e
Updated connection_url to be pgx library relevant (#19667)
Updated connection_url to be according to the options available in the pgx library instead of the now deprecated use of the lib/pq which was done as part of Vault 1.11 as documented here - https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#june-20-2022
2023-03-22 09:02:47 -07:00
Karel 7469b0828a
Fix: Optionally reload x509 key-pair from disk on agent auto-auth (#19002)
* Optionally reload x509 key-pair from disk

* Document 'reload' config value

* Added changelog release note
2023-03-22 11:01:58 -04:00
Raymond Ho 96e966e9ef
VAULT-13614 Support SCRAM-SHA-256 encrypted passwords for PostgreSQL (#19616) 2023-03-21 12:12:53 -07:00
mickael-hc 427b4dbd49
security model updates (#19656) 2023-03-21 11:14:00 -07:00
Rowan Smith c29f5e718a
docs / Update 1.13.0 Known Issues (#19601)
* Update 1.13.0.mdx

add a note to known issues

* Update website/content/docs/release-notes/1.13.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-03-20 18:14:41 -07:00
Daniel Huckins 058710d33d
Add -mount flag to kv list command (#19378)
* add flag

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle kv paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* scaffold test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* need metadata for list paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add (broken) test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* fix test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update docs

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* format

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add godoc

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test case for mount only

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle case of no unnamed arg

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add non-mount behavior

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add more detail to comment

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add v1 tests

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-20 16:26:21 -04:00
Rowan Smith c581f90c05
Update deregister.mdx (#19573)
adding `-version=` parameter to docs
2023-03-20 12:08:20 -07:00
Tom Proctor 7fd394fc76
Docs: Implementing the plugin version interface (#19606) 2023-03-20 17:43:31 +00:00
Alexander Scheel 1fe1c756ab
Add known issue text for PKI revocation (#19632)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-20 12:24:05 -04:00
Steven Clark 6fbf3da148
Add known issue about OCSP GET redirection responses (#19523) 2023-03-17 18:07:04 +00:00
Violet Hynes 31f764b82b
Update KV-V2 docs to explicitly call out the secret mount path as a parameter (#19607)
* Update KV-V2 docs to explicitly call out the secret mount path as a parameter

* Missed some angular brackets

* remove wishy language
2023-03-17 12:21:55 -04:00
miagilepner ec4bd1fb25
VAULT-14204 Update parameter policy documentation (#19586) 2023-03-17 11:14:54 +01:00
Mike Palmiotto 89d7b874ba
Add upgrade note for Removed builtins in 1.13 (#19531) 2023-03-15 22:18:44 +00:00
Hamid Ghaf 27bb03bbc0
adding copyright header (#19555)
* adding copyright header

* fix fmt and a test
2023-03-15 09:00:52 -07:00
Scott Miller de31641aea
Add the Tokenization/Rotation persistence issue as a Known Issue (#19542)
* Note the known issue with rotation interaction with tokenization key policy persistence

* typo
2023-03-15 09:42:02 -05:00
Violet Hynes fdd38deb49
Update auto-auth docs to remove tilde for home (#19548)
* Update auto-auth docs to remove tilde for home

* Extra clean-up
2023-03-15 09:35:43 -04:00
Francis Chuang 74c3697144
Add Oracle Cloud auth to the Vault Agent (#19260)
* Add Oracle Cloud auth to the Vault Agent

* Use ParseDurationSecond to parse credential_poll_interval

* Use os.UserHomeDir()
2023-03-15 09:08:52 -04:00
Violet Hynes 85f845c3e0
VAULT-12798 Correct removal behaviour when JWT is symlink (#18863)
* VAULT-12798 testing for jwt symlinks

* VAULT-12798 Add testing of jwt removal

* VAULT-12798 Update docs for clarity

* VAULT-12798 Small change, and changelog

* VAULT-12798 Lstat -> Stat

* VAULT-12798 remove forgotten comment

* VAULT-12798 small refactor, add new config item

* VAULT-12798 Require opt-in config for following symlinks for JWT deletion

* VAULT-12798 change changelog
2023-03-14 15:44:19 -04:00
Ashlee M Boyer 788af4a90e
Remove .mdx extension from link (#19514) 2023-03-13 15:03:06 -04:00
Meggie be18d6cac3
Un-hiding link to 1.13 upgrade guide (#19505)
* Un-hiding link to 1.13 upgrade guide

* Removing draft notice
2023-03-10 11:30:19 -05:00
Robert 0315efba0c
Add info about gcp service account key encoding (#19496) 2023-03-10 09:13:37 -06:00
Yoko Hyakuna e392b6650f
Remove the note about Vault not supporting number Okta verify push number challenge (#19497) 2023-03-09 16:30:49 -08:00
Max Winslow dbbdd33c63
Change headings to h2 (#19402) 2023-03-07 15:48:51 -08:00
Phil Renaud d09c716e4b
Link to the Nomad tutorial for Vault as OIDC provider (#19461) 2023-03-06 10:30:14 -08:00
Yoko Hyakuna 40dc1d39d9
Add more context on the Release Notes landing page (#19456)
* Add little more verbiage on the Release Notes landing page

* Add missing comma
2023-03-03 14:39:39 -08:00
prabhat-hashi e5b982199f
Docs - update ldap page to add clarity around sAMAccountName (#19450)
* Docs - update ldap page to add clarity around sAMAccountName

Updated https://developer.hashicorp.com/vault/docs/secrets/ldap#active-directory-ad-1 to clarify customers configure username properly using username_template when sAMAccountName is involved.

* Docs -  edit on last update for ldap page

Fixed the link /vault/docs/concepts/username-templating
2023-03-03 10:09:13 -08:00
Max Winslow c44f94d7ff
update entity-alias doc fix (#19435) 2023-03-03 08:16:26 -08:00
Tony Wittinger 64b4ee234d
docs: updated key size in transit documentation (#19346) 2023-03-02 16:07:40 -08:00
akshya96 09057073ae
Vault Status Command Differs Depending on Format (#19361)
* vault-issue-9185

* removing new lines:

* removing new space

* fix grammar

* change field name
2023-03-01 12:57:53 -08:00
Alexander Scheel dabe38dcc1
Document RSA operations (#19377)
Also clarify hash function choices.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-01 13:35:35 -05:00
Mark Sailes 4c3c56dee4
Remove the Lambda SnapStart incompatibility notice. (#19394) 2023-03-01 18:13:18 +00:00
Malte S. Stretz 320f46ba8a
Add documentation for tls_max_version (#19398) 2023-03-01 14:45:04 +00:00
Max Winslow 109fbe06bb
change verbiage for lookup group and entity (#19406) 2023-02-28 12:40:38 -08:00
Austin Gebauer 10fe43701f
docs/ad: adds deprecation announcements and migration guide (#19388)
* docs/ad: adds deprecation announcements and migration guide

* fix table ending

* remove fully-qualified links

* Minor format fixes - migrationguide

* Update website/content/docs/secrets/ad/migration-guide.mdx

Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>

* Update website/content/docs/secrets/ad/migration-guide.mdx

Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
2023-02-28 10:41:59 -08:00
Alexander Scheel 2970b15a63
Add docs on FIPS Inside vs Seal Wrap (#19310)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-28 10:22:17 -05:00
Yoko Hyakuna cd7f7cc131
Vault 1.13.0 Release Notes (#19360)
* Adding Vault 1.13.0 Release Notes

* Add OpenAPI Go and .NET client libraries to the list

* Add the 'UI wizard removal' to the release note
2023-02-27 12:44:13 -08:00
Rowan Smith 4fd467a53b
approle naming syntax documentation (#19369)
Documentation does not currently detail the accepted naming scheme for approle roles, this aims to provide clarity based on customer feedback. https://github.com/hashicorp/vault/blob/main/sdk/framework/path.go#L16-L18 details the regex used.
2023-02-27 12:08:15 -08:00
Alexander Scheel 7182949029
Fix transit byok tool, add docs, tests (#19373)
* Fix Vault Transit BYOK helper argument parsing

This commit fixes the following issues with the importer:

 - More than two arguments were not supported, causing the CLI to error
   out and resulting in a failure to import RSA keys.
 - The @file notation support was not accepted for KEY, meaning
   unencrypted keys had to be manually specified on the CLI.
 - Parsing of additional argument data was done in a non-standard way.
 - Fix parsing of command line options and ensure only relevant
   options are included.

Additionally, some error messages and help text was clarified.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing documentation on Transit CLI to website

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for Transit BYOK vault subcommand

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Appease CI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-27 18:25:38 +00:00
Jakob Beckmann 078a245939
Allow alias dereferencing in LDAP searches (#18230)
* impr(auth/ldap): allow to dereference aliases in searches

* docs: add documentation for LDAP alias dereferencing

* chore(auth/ldap): add changelog entry for PR 18230

* chore: run formatter

* fix: update default LDAP configuration with new default

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>

* docs(ldap): add alias dereferencing to API docs for LDAP

---------

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>
2023-02-24 13:49:17 -05:00
David Yu 9753379fe8
Update consul.mdx (#19300) 2023-02-22 17:45:26 -05:00
Austin Gebauer a8d382d52a
docs/oidc: make it clear that contents of CA certificate are expected (#19297) 2023-02-22 11:33:53 -08:00
Bryce Kalow 2fa1153e95
adds content-check command and README update (#19271) 2023-02-22 12:04:00 -05:00
Max Coulombe b9bcd135e5
Added disambiguation that creation request can also update roles (#17371)
+ added  disambiguation that creation request can also update roles
2023-02-22 12:02:31 -05:00
Alexander Scheel fbebf2508b
Add note clarifying revoked issuer associations (#19289)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-22 15:48:20 +00:00
Raymond Ho 57ff9835f7
use github token env var if present when fetching org id (#19244) 2023-02-21 12:17:35 -08:00
Christopher Swenson 724ccd5bc4
docs: Add page about events (#19243)
This page details the new events experiment that will be
released in Vault 1.13.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-21 16:43:34 +00:00
Tero Saarni b634bb897b
docs/k8s: updated helm doc for short-lived SA tokens (#15675)
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-02-21 12:09:27 +00:00
Max Winslow 3a132c2428
Add vault print token to commands in Vault docs (#19183)
* doc-update

* Update website/content/docs/commands/print.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-02-17 20:51:48 -08:00
Scott Miller 0a5f3208fd
Document the 'convergent' tokenization transform option (#19249) 2023-02-17 13:15:40 -06:00
Alexander Scheel dd3356752a
Add note on client cert definition (#19248)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-17 11:36:41 -05:00
John-Michael Faircloth 9c837ef4b5
docs/upgrade guide: add changes to plugin loading (#19231)
* docs/upgrade guide: add changes to plugin loading

* clarify this is for external plugins
2023-02-16 22:47:29 +00:00
claire bontempo a5a80b895d
replace whitelist with allow (#19217) 2023-02-16 14:35:30 -08:00
Peter Wilson 70f1d3c217
Remove incorrect information about being able to set environment variables for certain log config (#19208) 2023-02-16 13:37:59 +00:00
Raymond Ho 91446e129e
Add rotate root docs for azure secrets (#19187) 2023-02-15 13:07:42 -08:00
Steven Zamborsky 7534689818
Update raftautosnapshots.mdx (#18996)
Clarify that the `local_max_space` value for local automated snapshots is cumulative for all snapshots in the `file_prefix` path.
2023-02-14 22:46:41 -08:00
John-Michael Faircloth fc13efc80e
docs/plugins: update upgrading plugins (#19109)
* docs/plugins: update upgrading plugins

* Update website/content/docs/upgrading/plugins.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

---------

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-14 17:40:06 +00:00
Max Coulombe 2c32190eed
Fix database sample payload doc (#19170)
* * fix database static-user rotation statement in sample payload

* + added changelog
2023-02-14 08:29:27 -05:00
Theron Voran dda2df25db
docs/vault-helm: fix multi-line block copy (#19119)
Add a `$` before the command in shell blocks that include command
output, so that the "Copy" button on the website only copies the
command and not the output.
2023-02-13 22:21:11 -08:00
ram-parameswaran 7dff0e6ae4
Update PKI Secret Engine doc for auto-tidy (#19122)
PKI Secret Engine documentation for auto-tidy(https://developer.hashicorp.com/vault/api-docs/secret/pki#configure-automatic-tidy) has a parameter interval_duration(https://developer.hashicorp.com/vault/api-docs/secret/pki#interval_duration). This needs to explicitly call out the default value to be 12 hours.
2023-02-10 15:57:58 -05:00
Milena Zlaticanin b6c5d07c5e
Azure Auth - rotate-root documentation (#18780)
* add documentation for rotate root

* commit suggestions

* move api permissions section
2023-02-08 18:14:28 -07:00
Steven Clark e599068323
Add OCSP GET known issue (#19066) 2023-02-08 15:06:44 +00:00
Tom Crayford 532f4ab60a
Docs: Remove duplicated, outdated raft information (#11620)
Co-authored-by: Mehdi Ahmadi <aphorise@gmail.com>
2023-02-08 13:37:54 +00:00
Alexander Scheel 06e950b40e
Fix documentation on CRL fixed version (#19046)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 20:51:03 +00:00
akshya96 6b96bd639c
adding emit duration for telemetry (#19027) 2023-02-07 11:26:38 -08:00
Alexander Scheel 3f8aaedc2a
Add suggested root rotation procedure (#19033)
* Add suggested root rotation procedure

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify docs heading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 13:51:33 -05:00
Alexander Scheel 9130a786bb
Document pki cross cluster behavior (#19031)
* Add documentation on cross-cluster CRLs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing revocation queue safety buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 11:11:33 -05:00
Max Winslow 54a4b9c4d3
docs: Typo (#18541) 2023-02-07 11:35:41 +00:00
Bryce Kalow f33e779d5d
update learn links to point to developer locations (#19026) 2023-02-06 20:34:51 -08:00
Scott Miller 78aaa3ca92
Add a note that multi-cluster ENT setups can avoid this risk (#19024)
* wip

* all-seals

* typo

* add note about unreplicated items

* italics

* word-smithing
2023-02-06 19:25:14 -06:00
Theron Voran 4278ed606c
docs/vault-k8s: 1.2.0 release updates (#19010) 2023-02-06 22:35:12 +00:00
Scott Miller b43e4fbd9c
Add a stronger warning about the usage of recovery keys (#19011)
* Add a stronger warning about the usage of recovery keys

* Update website/content/docs/concepts/seal.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Keep the mitigation text in the warning box

---------

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-02-06 16:23:05 -06:00
Kyle Schochenmaier e5af4d34c1
update annotation docs for agent telemetry stanza (#18681)
* update annotation docs for telemetry stanza
Co-authored-by: Kendall Strautman <36613477+kendallstrautman@users.noreply.github.com>
2023-02-06 13:47:50 -06:00
Matt Schultz 6bfebc3ce3
Transit Managed Keys Documentation (#18994)
* Document 'managed_key' key type for transit. Document new 'usages' parameter when creating a managed key in the system backend.

* Document new managed key parameters for transit managed key rotation.
2023-02-03 18:49:02 -06:00
Alexander Scheel 660979d58b
Document Cross-Cluster CRLs/OCSP for Vault Enterprise (#18970)
* Add documentation on fetching unified CRLs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on unified OCSP

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify that OCSP requests need to be URL encoded

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Document new CRL config parameters

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify notes about cross-cluster options

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-02-03 16:30:23 -05:00
Christopher Swenson dfdeca7b5d
docs: Remove XKS proxy TLS setup note (#18988)
The TLS settings should not need to be modified as xks-proxy should
generate the certificate and key itself for listening.
2023-02-03 13:22:04 -08:00
Alexander Scheel cb2f6ff7fe
Add docs on cross-cluster listing endpoints (#18987)
* Add docs on cross-cluster listing endpoints

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-02-03 20:01:10 +00:00
Alexander Scheel 8b331fa769
Add notes on cross cluster CRLs (#18986)
* Group CRL related sections

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix casing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about cluster size and revocation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Apply suggestions from code review

Thanks Yoko!

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-02-03 19:51:30 +00:00
Alexander Scheel 1a2eef482d
Add docs on cross cluster tidy operations (#18979)
* List tidy parameters in one place

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add new tidy status outputs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on new tidy parameters

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-03 14:27:18 -05:00
Rowan Smith 6c53845db9
docs allow_forwarding_via_token syntax update (#18956)
* allow_forwarding_via_token syntax update

the example syntax used for `allow_forwarding_via_token` marks the option as an array when it does not need to be, this updates the format on the page to be a code block and removes the square braces

* another update to `allow_forwarding_via_token` syntax
2023-02-03 10:58:19 -08:00
Sascha Marcel Schmidt 544f07de66
docs: Change default value for ha_enabled to false (#18983)
see: https://github.com/hashicorp/vault/blob/main/physical/mysql/mysql.go#L132
2023-02-03 18:20:14 +00:00
Austin Gebauer e165697ce7
secrets/azure: changes permission recommendation to be minimally permissive (#18937) 2023-02-01 11:07:57 -08:00
Hamid Ghaf 6a8716ac18
docs for named login MFA (#18833)
* docs for named login MFA

* feedback
2023-02-01 10:30:14 -05:00
Alexander Scheel 5d17f9b142
Allow cleanup ssh dynamic keys host keys (#18939)
* Add ability to clean up host keys for dynamic keys

This adds a new endpoint, tidy/dynamic-keys that removes any stale host
keys still present on the mount. This does not clean up any pending
dynamic key leases and will not remove these keys from systems with
authorized hosts entries created by Vault.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-01 15:09:16 +00:00
Alexander Scheel 881ae5a303
Remove dynamic keys from SSH Secrets Engine (#18874)
* Remove dynamic keys from SSH Secrets Engine

This removes the functionality of Vault creating keys and adding them to
the authorized keys file on hosts.

This functionality has been deprecated since Vault version 0.7.2.

The preferred alternative is to use the SSH CA method, which also allows
key generation but places limits on TTL and doesn't require Vault reach
out to provision each key on the specified host, making it much more
secure.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove dynamic ssh references from documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove dynamic key secret type entirely

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify changelog language

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add removal notice to the website

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-31 16:02:22 -05:00
Florin Cătălin Țiucra-Popa 597e97264e
Update integrated-storage.mdx (#18893)
* Update integrated-storage.mdx

The quorum paragraph shall also be updated with the table:
instead of: 
"A Raft cluster of 3 nodes can tolerate a single node failure while a cluster
of 5 can tolerate 2 node failures. The recommended configuration is to either
run 3 or 5 Vault servers per cluster."

shall be:
"A Raft cluster of 3 nodes can tolerate a single node failure while a cluster
of 5 can tolerate 2 node failures. The recommended configuration is to either
run 5 or 7 Vault servers per cluster."

* Give an explicit node recommendation

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-01-31 12:19:28 -08:00
Brandon Romano a74cc88c45
Updates for Plugin Portal deprecation in favor of new Integrations section (#18898)
* Add Redirect for Plugin Portal -> Integration Library

* Remove Plugin Portal page & update sidebar

* Replace the Plugin Portal link to point Vault Integrations (#18897)

* Replace the Plugin Portal link to point Vault Integrations

* Update website/content/docs/partnerships.mdx

Co-authored-by: Brandon Romano <brandon@hashicorp.com>

---------

Co-authored-by: Brandon Romano <brandon@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-01-31 10:17:18 -08:00
Nathan Button c9a5c196b8
Update docs for Azure Secrets Engine new feature (#16537)
* Update docs for Azure Secrets Enginee new feature

* Fix default vaule and clean up the description

* indent second line
2023-01-30 13:35:51 -08:00
Alexander Scheel cc57a0f73e
Clarify key bits for ssh (#18854)
* Clarify error on due to unsupported EC key bits

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove documentation about unsupported EC/224

Resolves: #18843

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-26 10:14:05 -05:00
Alexander Scheel 4b78146476
Add note about cluster deployments (#18855)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-26 09:34:11 -05:00
Ashlee M Boyer f3df55ad58
docs: Migrate link formats (#18696)
* Adding check-legacy-links-format workflow

* Adding test-link-rewrites workflow

* Updating docs-content-check-legacy-links-format hash

* Migrating links to new format

Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-25 16:12:15 -08:00
Kit Haines 27be887bfd
Vault 9406 enablement certs need userid handling in role (#18397)
* The fields.

* UserID set, add to certificate

* Changelog.

* Fix test (set default).

* Add UserID constant to certutil, revert extension changes

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add user_ids as field for leaf signing

Presumably, this isn't necessary for CAs, given that CAs probably don't
have a user ID corresponding to them.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Support setting multiple user_ids in Subject

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Allow any User ID with sign-verbatim

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for User IDs in PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs about user_ids, allowed_user_ids

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-25 13:13:54 -05:00
Alexander Scheel 7b98b4ab6a
Document setting manual_chain after cross-signing (#18839)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-25 16:54:14 +00:00
Violet Hynes 72fc343ff8
VAULT-12564 Docs for token file auth method (#18783)
* VAULT-12564 Docs for token file auth method

* VAULT-12564 fix typo

* VAULT-12564 nav data

* VAULT-12564 Add note, remove token file removal config

* VAULT-12564 stronger wording

* VAULT-12564 auth -> auto-auth
2023-01-25 11:21:22 -05:00
Peter Wilson 292207b7d1
Parallel migration (#18815) (#18817)
* Parallel migration (#18815)
* flagParallel sanity check
* Attempt to use ErrGroups
* Updated docs
* Allow 'start' and 'max-parallel' together
* parallel flag renamed to max-parallel
* tests for start + parallel
* Removed permit pool
* Updated docs to make it clearer that a high setting might not be honored based on storage backend setting
* System dependent max int size
* Default max-parallel 1 => 10
* Test folder/paths updated

Co-authored-by: Tomasz Pawelczak <10206601+gites@users.noreply.github.com>
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-01-25 15:19:45 +00:00
Chris Capurso b69dad8a05
change indentation level of cas field (#18806)
* change indentation leve of cas field

* change formatting for cas_required

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-01-24 15:27:15 -05:00
Yoko Hyakuna 740726404b
Add the description front matter (#18800) 2023-01-23 20:13:17 +00:00
Jason O'Donnell 16f199cff9
secrets/mysql: Add tls_server_name and tls_skip_verify parameters (#18799)
* secret/mysql: add tls_server_name config parameter

* Add skip verify

* Add doc

* changelog

* changelog

* Update plugins/database/mysql/connection_producer.go

Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>

* Update plugins/database/mysql/connection_producer.go

Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>

Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
2023-01-23 20:06:46 +00:00
Tom Proctor fc378c0908
Event system alpha experiment (#18795) 2023-01-23 19:26:49 +00:00
Tom Proctor 97eac57b4f
Docs: Add ACL hints to Consul secrets engine instructions (#18750) 2023-01-19 10:48:17 +00:00
Max Coulombe 553e1cfb0d
* added the new redis parameter documentation (#18752)
* added the new redis parameter documentation
* added changelog
2023-01-18 15:51:15 -05:00
Ashlee M Boyer 0f1a82b377
Wrapping example link value with backticks (#18709) 2023-01-17 15:25:25 -08:00
akshya96 ab4f1719fd
user-lockout documentation changes (#18478)
* added user-lockout documentation changes

* add changelog

* remove new lines

* changing method name

* changing lockedusers to locked-users

* Update website/content/docs/concepts/user-lockout.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/api-docs/system/user-lockout.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/api-docs/system/user-lockout.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/partials/user-lockout.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/partials/user-lockout.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* adding suggested changes

* adding bullet points to disable

* Update website/content/api-docs/system/user-lockout.mdx

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update website/content/partials/user-lockout.mdx

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update website/content/docs/commands/auth/tune.mdx

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>

* Update website/content/docs/commands/auth/tune.mdx

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>

* Update website/content/docs/concepts/user-lockout.mdx

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>

Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-01-17 15:12:16 -08:00
Kendall Strautman 19b863404c
docs: updates inline alert authoring info (#18713)
* docs: updates inline alert authoring info

* chore: other readme updates

* chore: update package, fix typo

* chore: update to stable
2023-01-17 14:13:09 -05:00