luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
9896 commits 1 branch 0 tags 214 MiB
Commit graph

2585 commits

Author SHA1 Message Date
Jeff Mitchell 5f249d4005
Add allowed_response_headers (#6115) 2019-02-05 16:02:15 -05:00
Aidan Daniels-Soles 86f096449b Replace special hyphen (#6165) 2019-02-05 10:48:26 -08:00
Brian Shumate 18c8f390f9 Update AppRole API docs (#6047) 
- Use consistent "Create/Update" heading text style
 2019-02-04 11:17:16 -05:00
nickwales e2429522fa Removed typo (#6162) 2019-02-04 11:13:37 -05:00
Matthew Potter 5e374d5cd1 Add libvault to the list of elixir libraries (#6158) 2019-02-04 11:12:29 -05:00
Yoko a9392f9840
Adding a mention for 'kv-v2' as type (#6151) 2019-02-01 11:26:08 -08:00
Jeff Mitchell adccccae69 Update example output for PKI serial -> serial_number 
Fixes #6146
 2019-02-01 10:29:34 -05:00
Jeff Mitchell b2cc9ebd3a Remove regenerate-key docs as it no longer exists 2019-02-01 09:29:40 -05:00
Jeff Mitchell 47accf8086 Add role_id as an alias name source for AWS and change the defaults 2019-01-30 15:51:45 -05:00
Donald Guy 4363453017 Docs: Azure auth example using metadata service (#6124) 
There are probably better ways to massage this but I think it would be helpful to have something like this included
 2019-01-30 12:13:39 -08:00
nathan r. hruby a643664c5b bump dato and rack to fix website builds 2019-01-30 11:10:49 -07:00
Brian Shumate 2337df4b2b Update documentation for command operator unseal (#6117) 
- Add migrate command option
 2019-01-28 10:27:51 -05:00
Gordon Shankman cd2f7bbde8 Adding support for SSE in the S3 storage backend. (#5996) 2019-01-26 16:48:08 -05:00
Calvin Leung Huang 34af3daeb0 docs: update agent sample config (#6096) 2019-01-24 07:25:03 -05:00
Jeff Mitchell 3f1a7d4fdd
Update to latest etcd and use the new repository packages (#6087) 
This will be necessary for go mod work

Additionally, the srv api has changed. This adapts to it.
 2019-01-23 14:35:03 -05:00
Jeff Mitchell 5e126f6de8
Implement JWS-compatible signature marshaling (#6077) 
This currently only applies to ECDSA signatures, and is a toggleable
option.
 2019-01-23 12:31:34 -05:00
gitirabassi 1aaacda3ec small fixes to docs and indexes 2019-01-18 02:14:57 +01:00
Jim Kalafut 0f2fcfb6f1
Update JWT docs with new jwt_supported_algs parameter (#6069) 2019-01-17 15:27:20 -08:00
Yoko e5c6b421e0 Fixed the broken link (#6052) 
* Fixed the broken link

* Fixing the broken link

* Fixes redirect to Tokens guide

The separate redirect within learn.hashicorp.com will be fixed on its own repo.
 2019-01-16 17:06:28 -08:00
Yoko e09f058ada
Adding the CLI flag placement info (#6027) 
* Adding the CLI flag placement info

* Adding the definition of 'options' and 'args'

* tweaked the wording a little bit

* Added more description in the example

* Added a link to 'Flags' in the doc for options def
 2019-01-15 11:24:50 -08:00
Jeff Mitchell f75f4e75c7 Prepare for 1.0.2 2019-01-15 11:25:11 -05:00
Jim Kalafut 960eb45014
Remove unnecessary permission 2019-01-10 16:18:10 -08:00
Seth Vargo e726f13957 Simplify permission requirements for GCP things (#6012) 2019-01-10 10:05:21 -08:00
Dilan Bellinghoven f9dacbf221 Add docker-credential-vault-login to Third-Party Tools (#6003) 
* Added Docker credential helper to list of Third-Party tools

* website/source/api/relatedtools.html.md: Fixed a typo
 2019-01-10 10:46:18 -05:00
Yoko 9a4de34dce Allowed characters in paths (#6015) 2019-01-10 10:39:20 -05:00
Vishal Nayak 0c30f46587
Add option to configure ec2_alias values (#5846) 
* Add option to configure ec2_alias values

* Doc updates

* Fix overwriting of previous config value

* s/configEntry/config

* Fix formatting

* Address review feedback

* Address review feedback
 2019-01-09 18:28:29 -05:00
Yoko 0a97f95ff4
Document upper limit on Transit encryption size (#6014) 2019-01-08 17:57:43 -08:00
Giacomo Tirabassi 0d3845c537 Influxdb secret engine built-in plugin (#5924) 
* intial work for influxdb secret plugin

* fixed typo

* added comment

* added documentation

* added tests

* fixed tests

* added vendoring

* minor testing issue with hardcoded values

* minor fixes
 2019-01-08 17:26:16 -08:00
Julien Blache 91d432fc85 FoundationDB backend TLS support and housekeeping (#5800) 
* Fix typo in documentation

* Update fdb-go-install.sh for new release tags

* Exclude FoundationDB bindings from vendoring, delete vendored copy

FoundationDB bindings are tightly coupled to the server version and
client library version used in a specific deployment. Bindings need
to be installed using the fdb-go-install.sh script, as documented in
the foundationdb backend documentation.

* Add TLS support to FoundationDB backend

TLS support appeared in FoundationDB 5.2.4, raising the minimum API version
for TLS-aware FoundationDB code to 520.

* Update documentation for FoundationDB TLS support
 2019-01-08 09:01:44 -08:00
Seth Vargo 46cbfb0e4b Fix formatting (#6009) 
The new markdown parser is less forgiving
 2019-01-08 08:51:37 -08:00
Jeff Escalante a22275d4e0 remove extra analytics page call (#5997) 2019-01-07 11:18:55 -05:00
Thomas Kula 4265579aaa Fix small typo in azure.html.md (#6004) 2019-01-07 10:03:22 -05:00
Aric Walker c065b46f42 Remove duplicate "Users can" from policy md (#6002) 2019-01-07 07:02:28 -08:00
Seth Vargo c3f1043c24 Reduce required permissions for the GCPCKMS auto-unsealer (#5999) 
This changes the behavior of the GCPCKMS auto-unsealer setup to attempt
encryption instead of a key lookup. Key lookups are a different API
method not covered by roles/cloudkms.cryptoKeyEncrypterDecrypter. This
means users must grant an extended scope to their service account
(granting the ability to read key data) which only seems to be used to
validate the existence of the key.

Worse, the only roles that include this permission are overly verbose
(e.g. roles/viewer which gives readonly access to everything in the
project and roles/cloudkms.admin which gives full control over all key
operations). This leaves the user stuck between choosing to create a
custom IAM role (which isn't fun) or grant overly broad permissions.

By changing to an encrypt call, we get better verification of the unseal
permissions and users can reduce scope to a single role.
 2019-01-04 16:29:31 -05:00
Seth Vargo 1917bb406d Fix audit docs (#6000) 
These appear to have been converted to (bad) HTML. This returns them to
their original markdown format.
 2019-01-04 13:45:50 -06:00
Iain Gray ecdacbb90a Update DG to Vault 1.0 (#5855) 
* Update DG to Vault 1.0

* as per comments  - chrishoffman

* Removed stray bracket and added quotes

* updated as per conversations with Dan
 2019-01-03 10:10:37 -05:00
Mike Wickett 46576acff3 website: add print styles for docs (#5958) 2019-01-03 09:24:10 -05:00
Graham Land 2e92372710 Docs: Add Auto Unseal Rekey example (#5952) 
* Add KMS Rekey example

I've had customers looking for AWS KMS rekeying examples today - when using pgp keys.
This example would have clarified what they needed to do.

* Replaced KMS reference with Auto Unseal

``` bash
Rekey an Auto Unseal vault and encrypt the resulting recovery keys with PGP:
```
 2019-01-03 09:23:43 -05:00
Becca Petrin d7f31fe5e4
Merge pull request #5892 from jen20/jen20/dynamodb-capacity-doc 
docs: Clarify the utility of DynamoDB capacities
 2018-12-20 11:54:26 -08:00
Becca Petrin d108843a0a
Merge pull request #5947 from hmalphettes/master 
Docs: JWT API - List Roles: fix the path
 2018-12-20 09:15:57 -08:00
Becca Petrin f4ea0e001f
Merge pull request #5940 from hashicorp/je.website-local-run-docs 
Improve local development instruction
 2018-12-20 09:11:13 -08:00
R.B. Boyer 0ebb30938c website: fix simple typo (#5979) 2018-12-19 14:46:54 -08:00
Clint 004ca032e8
add MSSQL storage docs to sidebar (#5978) 2018-12-19 14:06:42 -06:00
Graham Land c1fa76e9e2 Docs: Add example for Vault init Auto Unseal with PGP Keys (#5951) 
* Add example for AWS KMS AutoUnseal with PGP Keys

A customer could not figure how to get this working today. 
This example would have helped them. We don't mention KMS anywhere in this section.

* Changed reference from AWS KMS to Auto Unseal

``` bash
Initialize Auto Unseal, but encrypt the recovery keys with pgp keys:
```
 2018-12-18 11:42:10 -05:00
Janosch Maier b95fbbafe9 Docs: Fix project resource name in gcp roleset documentation (#5966) 
The resource name when referring to a GCP project needs to have a "s". This PR adds the missing letter in the documentation.
 2018-12-17 16:22:02 -08:00
vishalnayak 689163e7ed Upgrade guide for 0.11.6 2018-12-14 12:22:50 -05:00
Jeff Mitchell 8e229fed4a Prep for release 2018-12-14 10:42:59 -05:00
Matthew Irish 4e06fd698e update help output examples and mention openapi fragment support (#5954) 2018-12-14 09:12:03 -05:00
Jeff Mitchell d9d47bb252 Update Consul ACL example 
Fixes #5831
 2018-12-13 17:18:28 -05:00
Hugues Malphettes 726d79d854
Merge branch 'master' into master 2018-12-14 05:21:41 +08:00
Jeff Mitchell 1d847b3acc Add sidebar link for approle autoauth docs 2018-12-13 09:51:47 -05:00
Hugues Malphettes 6ea6844ef9
JWT API - List Roles: fix the path 
With vault-1.0.0 and vault-0.11.4 a different path is needed to list the jwt registered roles:

```
$ vault list auth/jwt/roles
No value found at auth/jwt/roles/

$ vault list auth/jwt/role
Keys
----
myrole
```
I hope this helps!
 2018-12-13 06:27:30 +08:00
Sergey Trasko f24a4f189e Fixed markdown for cert documentation (#5735) 2018-12-12 15:27:28 -05:00
Joel Thompson 286b3f4e9f auth/aws: Clarify docs for cross-account access with IAM auth (#5900) 
The docs hadn't been updated to reflect the ability to do cross-account
AWS IAM auth, and so it was a bit confusing as to whether that was
supported. This removes the ambiguity by explicitly mentioning AWS IAM
principals.
 2018-12-12 15:21:27 -05:00
Bert Roos cfa008896d Added comma for readability (#5941) 
Signed-off-by: Bert Roos <Bert-R@users.noreply.github.com>
 2018-12-12 09:23:20 -05:00
Graham Land 53c6b36613 Fixing a couple of small typos (#5942) 2018-12-12 05:56:58 -08:00
Jeff Escalante eddfd7ff23 improve bootstrap script and local development instructions 2018-12-11 19:46:52 -05:00
emily 94c03d1072 Update GCP auth BE docs (#5753) 
Documented changes from https://github.com/hashicorp/vault-plugin-auth-gcp/pull/55
* Deprecating `project_id` for `bound_projects` and making it optional
* Deprecating `google_certs_endpoint` (unused)
* Adding group aliases 

Also, some general reformatting
 2018-12-10 12:54:18 -08:00
Jeff Mitchell c67ef8be09
Update PKI docs (#5929) 2018-12-10 10:24:47 -05:00
Tommy Murphy d3774e6aaa Correct GCE Token Parameter (#5667) 
As written the GCE token curl results in an error: "non-empty audience parameter required".

Google's docs (https://cloud.google.com/compute/docs/instances/verifying-instance-identity) confirm that the parameter is 'audience' not 'aud'.
 2018-12-07 15:10:30 -08:00
Matthew Irish a447dac803
change ui url so that it includes the trailing slash (#5890) 2018-12-05 12:25:16 -06:00
Chris Hoffman 561502394a
fixing redirect (#5908) 2018-12-05 12:06:15 -05:00
Chris Hoffman 57536e0c41
adding a redirect for old style upgrade guide location (#5905) 2018-12-05 10:54:10 -05:00
Chris Hoffman cebbe43f70
removing beta tag (#5904) 2018-12-05 10:45:22 -05:00
Jim Kalafut cb52f36c38 Update downloads.html.erb (#5899) 2018-12-05 10:40:33 -05:00
Chris Hoffman 1da490e929
adding upgrade guide for 1.0 (#5903) 
* adding upgrade guide for 1.0

* fixing sidebar
 2018-12-05 10:33:53 -05:00
ncabatoff b53437a2f8
Fix documentation re substitutions. It appears this was broken from day one. (#5896) 2018-12-04 13:14:00 -05:00
Jim Kalafut 3552019795
Update operator migrate docs (#5895) 2018-12-04 08:49:42 -08:00
James Nugent 65e7a2660d docs: Clarify the utility of DynamoDB capacities 
When configuring DynamoDB, the read and write capacities configured only
have any effect if the table does not exist. As per the comment in the
code [1], the configuration of an existing table is never modified. This
was not previously reflected in the documentation - this commit
rectifies that.

[1]: https://github.com/hashicorp/vault/blob/master/physical/dynamodb/dynamodb.go#L743-L745
 2018-12-03 17:55:18 -06:00
Martin 6c0ce0b11f Typo in policy template doc (#5887) 2018-12-03 14:36:17 -05:00
RJ Spiker 1a5149dceb website: @hashicorp dependency bumps (#5874) 2018-12-03 12:17:10 -05:00
RJ Spiker 14f5c88a38 website: responsive styling updates (#5858) 
* docs-sidenav version bump with required updates to #inner styles

* website - fix ie11 responsive rendering bug
 2018-12-03 12:09:28 -05:00
Jeff Mitchell 149e14f8fa Some release prep work 2018-12-03 10:01:06 -05:00
Jim Kalafut 1f3ea9b30a
Fix docs typos (#5881) 2018-11-30 14:32:04 -08:00
Martins Sipenko 3c0d63169c Fix config/sts docs (#5839) 2018-11-30 11:08:47 -08:00
Mike Christof a82ff1f92e fixed api/secret/ssh docs (#5833) 2018-11-30 10:55:33 -08:00
Lucy Davinhart 046e5fcf57 Document /sys/health?perfstandbyok (#5870) 
* Document /sys/health?perfstandbyok

Discovered that in Vault Enterprise 0.11.5, `/sys/health?standbyok` returns a 473 status for performance standby nodes, compared to a 200 for standard standby nodes.

Turns out there was an additional `perfstandbyok` option added, here:
e5aaf80764

* Update health.html.md

Slight tweak to wording for perfstandbyok
 2018-11-29 09:57:30 -08:00
Martins Sipenko 640bae4b65 Remove false statement from docs. (#5854) 2018-11-27 07:47:34 -05:00
Clint dfe585c7f7 Agent kube projected token (#5725) 
* Add support for custom JWT path in Agent: kubernetes auth

- add support for "token_path" configuration
- add a reader for mocking in tests

* add documentation for token_path
 2018-11-19 14:28:17 -08:00
Jennifer Yip 5ad06760d6 Update share image (#5776) 2018-11-19 17:24:13 -05:00
Jennifer Yip 6421670cfe Add consent manager to vaultproject.io (#5808) 
* Add consent manager

* Add Hull and Hotjar
 2018-11-19 17:23:03 -05:00
Richard Flosi 7daa57ccf3 Update section-header to 4.0.0 (#5821) 2018-11-19 17:20:54 -05:00
Jeff Escalante 15c22a414e update docs sidenav (#5810) 2018-11-19 17:20:03 -05:00
Atthavit Wannasakwong 4344bb8ec1 fix wrong IAM action name in docs (#5812) 
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/api-permissions-reference.html
 2018-11-17 09:10:50 -08:00
Jeff Escalante 0a2e62d2d6 add ruby version to root (#5802) 2018-11-16 08:19:50 -05:00
Richard Flosi 34bdb080f8 Update section-header usage for vaultproject.io (#5799) 2018-11-16 08:16:58 -05:00
Janosch Maier 192c8b5c84 Fix incorrect parameter name in docs (#5798) 2018-11-15 13:56:12 -08:00
Clint 7db8d4031e
Add read config endpoint docs (#5790) 
* Add read config endpoint docs

* fix response code, remove empty fields from sample response
 2018-11-15 11:51:06 -06:00
Yoko 4c6de9f808
Fixing broken link (#5794) 2018-11-15 09:23:05 -08:00
Jim Kalafut d45220159d
Fix incorrect parameter name in docs (#5793) 
Fixes https://github.com/hashicorp/vault-plugin-auth-gcp/issues/56
 2018-11-14 17:16:04 -08:00
RJ Spiker 2a3e8a6604 website: add js-utils and update components to accommodate (#5751) 2018-11-14 11:13:02 -08:00
Becca Petrin 8f82809c78
Update docs to match running builtins as plugins (#5727) 2018-11-14 09:17:12 -08:00
Brian Kassouf 119ae7e26d
Update downloads.html.erb 2018-11-13 20:01:17 -08:00
Brian Kassouf d7f8f9f312
Update config.rb 2018-11-13 19:58:41 -08:00
Vishal Nayak c144bc4b34
Recommend IAM auth over EC2 (#5772) 
* Recommend IAM auth over EC2

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
 2018-11-13 18:49:25 -05:00
Vishal Nayak 086e7c6a41
Fix CLI flag name for rekeying (#5774) 2018-11-13 14:27:14 -05:00
Jim Kalafut a6b6898cca
Add docs for openapi endpoint (#5766) 2018-11-13 09:39:19 -08:00
Jeff Mitchell 41460ffb29
Add note about seal migration not being supported for secondaries currently (#5762) 2018-11-12 09:41:05 -05:00
Jeff Escalante 517589eff3 Add redirect for /intro/index.html, remove old unused redirects file (#5728) 
* add redirect for /intro/index.html, remove old unused redirects file

* adjust redirect link
 2018-11-09 13:12:11 -05:00
Jeff Escalante f792a5f59b update website readme with instructions for updating navigation (#5748) 2018-11-09 13:11:46 -05:00