76c717b081
Restrict cert auth by CIDR ( #4478 )
2018-05-09 15:39:55 -07:00
274732733e
Clarify that rotate requires sudo
2018-05-09 10:19:35 -04:00
67b8d3dc40
Changed DR docs page to fix generating secondary DR token ( #4521 )
...
The docs for how to create secondary DR tokens were incorrect, which caused issues at a customer. I fixed the documentation with the proper syntax and formatting, which I copied from the perf replication docs (after changing endpoints). Can someone take a quick look for me?
2018-05-08 13:35:48 -07:00
f95a913bd5
docs: s/entity/group-alias
2018-05-08 16:32:35 -04:00
9b9be9622a
Typo ( #4505 )
2018-05-03 13:37:44 -07:00
cef1b3b75c
Payload key should be dr_operation_token ( #4498 )
2018-05-02 18:35:51 -07:00
9cf56fe0df
Fix mapping read paths ( #4448 )
2018-04-25 09:22:30 -04:00
94f28e3c24
Merge branch 'master-oss' into approle-local-secretid
2018-04-24 16:17:56 -04:00
c35fe4e6f0
Update curl commands / replace invalid '--payload' flag ( #4440 )
2018-04-24 11:20:29 -04:00
6b7a042003
error on enable_local_secret_ids update after role creation
2018-04-23 17:05:53 -04:00
97d146ca69
update docs
2018-04-23 16:54:23 -04:00
6d95b4d266
Add the ability to restrict token usage by IP. Add to token roles. ( #4412 )
...
Fixes #815
2018-04-21 10:49:16 -04:00
da1d68969c
docs: update accessor lookup response
2018-04-17 11:52:58 -04:00
6e827d2b27
docs: update token lookup response
2018-04-17 11:40:00 -04:00
efd0023d89
Update index.html.md ( #4372 )
...
Remove duplicate of max_ttl description from end of period description under create role parameters.
2018-04-17 11:05:50 -04:00
7ba953b969
Add docs for internal UI mounts endpoint ( #4369 )
...
* Add docs for internal UI mounts endpoint
* Update description section
2018-04-16 12:13:58 -04:00
530121c655
Add ability to disable an entity ( #4353 )
2018-04-13 21:49:40 -04:00
99cf5c6054
Fix token store role documentation around explicit max ttl
2018-04-13 09:59:12 -04:00
a8b8ca136e
KV: Update 'versioned' naming to 'v2' ( #4293 )
...
* Update 'versioned' naming to 'v2'
* Make sure options are set
* Fix description of auth flag
* Review feedback
2018-04-09 09:39:32 -07:00
f6a3a76f25
Docs for configuration UI headers ( #4313 )
...
* adding /sys/config/ui headers
* adding /sys/config/ui headers
2018-04-09 12:21:02 -04:00
19f9f6ee89
Root Credential Rotation Docs ( #4312 )
...
* updating root credential docs
* more docs updates
* more docs updates
2018-04-09 12:20:29 -04:00
cff34e983f
UI - pki updates ( #4291 )
...
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
2018-04-08 21:09:29 -05:00
62ce5ec91d
Versioned K/V docs ( #4259 )
...
* Work on kv docs
* Add more kv docs
* Update kv docs
* More docs updates
* address some review coments
2018-04-03 23:22:41 -07:00
f5ba4796f5
Case insensitive behavior for LDAP ( #4238 )
2018-04-03 09:52:43 -04:00
96fc0c2509
Update group alias by ID ( #4237 )
...
* update group alias by id
* update docs
2018-04-02 10:42:01 -04:00
ab3579aeb6
add entity merge API to docs ( #4234 )
2018-04-01 12:59:57 -04:00
2f90e0c2e1
Merge branch 'master-oss' into 0.10-beta
2018-03-27 12:40:30 -04:00
d03056eed3
Update Github auth method API reference ( #4202 )
...
* Update Github auth method API reference
* Replaced vault.rocks in API
2018-03-26 16:56:14 -07:00
0b827774ae
Drop vault.rocks ( #4186 )
2018-03-23 11:41:51 -04:00
b7ef4a3a6f
adding Azure docs ( #4185 )
...
Adding Azure Auth Method docs
2018-03-22 18:28:42 -04:00
ad383e911f
Update kv backend and add some docs ( #4182 )
...
* Add kv backend
* Move kv in apha order
* Update kv backend and add some docs
2018-03-21 23:10:05 -04:00
25792df5a9
Passthrough request headers ( #4172 )
...
* Add passthrough request headers for secret/auth mounts
* Update comments
* Fix SyncCache deletion of passthrough_request_headers
* Remove debug line
* Case-insensitive header comparison
* Remove unnecessary allocation
* Short-circuit filteredPassthroughHeaders if there's nothing to filter
* Add whitelistedHeaders list
* Update router logic after merge
* Add whitelist test
* Add lowercase x-vault-kv-client to whitelist
* Add back const
* Refactor whitelist logic
2018-03-21 19:56:47 -04:00
f9b6f4b1c5
Docs for Vault GCP secrets plugin ( #4159 )
2018-03-21 15:02:38 -04:00
1fcf0c6a38
Docs: update formatting / heading ( #4175 )
...
- Correct Generate Disaster Recovery Operation Token heading level
- Tighten up formatting/trailing spaces
2018-03-21 10:14:52 -04:00
73b1fde82f
Spelling ( #4119 )
2018-03-20 14:54:10 -04:00
b3e5ec865d
README Spelling error ( #4165 )
2018-03-20 11:45:56 -04:00
9d030aaf37
Note that you can set a CA chain when using set-signed.
...
Fixes #2246
2018-03-19 19:44:07 -04:00
35ccbe504c
Add Cryptr to related tools ( #4126 )
2018-03-19 14:46:54 -04:00
3a5e1792c0
Update path-help to make clear you shouldn't put things in the URL.
...
Remove from website docs as those have been long deprecated.
2018-03-19 11:50:16 -04:00
3e2006eb13
Allow non-prefix-matched IAM role and instance profile ARNs in AWS auth backend ( #4071 )
...
* Update aws auth docs with new semantics
Moving away from implicitly globbed bound_iam_role_arn and
bound_iam_instance_profile_arn variables to make them explicit
* Refactor tests to reduce duplication
auth/aws EC2 login tests had the same flow duplicated a few times, so
refactoring to reduce duplication
* Add tests for aws auth explicit wildcard constraints
* Remove implicit prefix matching from AWS auth backend
In the aws auth backend, bound_iam_role_arn and
bound_iam_instance_profile_arn were ALWAYS prefix matched, and there was
no way to opt out of this implicit prefix matching. This now makes the
implicit prefix matching an explicit opt-in feature by requiring users
to specify a * at the end of an ARN if they want the prefix matching.
2018-03-17 21:24:49 -04:00
39dc981301
auth/aws: Allow binding by EC2 instance IDs ( #3816 )
...
* auth/aws: Allow binding by EC2 instance IDs
This allows specifying a list of EC2 instance IDs that are allowed to
bind to the role. To keep style formatting with the other bindings, this
is still called bound_ec2_instance_id rather than bound_ec2_instance_ids
as I intend to convert the other bindings to accept lists as well (where
it makes sense) and keeping them with singular names would be the
easiest for backwards compatibility.
Partially fixes #3797
2018-03-15 09:19:28 -07:00
76be90f384
Add PKCS1v15 as a RSA signature and verification option on the Transit secret engine ( #4018 )
...
Option to specify the RSA signature type, in specific add support for PKCS1v15
2018-03-15 09:17:02 -07:00
59b3e28151
Make the API docs around ed25519 more clear about what derivation means for this key type
2018-03-15 11:59:50 -04:00
3108860d4b
Audit HMAC values on AuthConfig ( #4077 )
...
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs
* docs: Add ttl params to auth enable endpoint
* Rewording of go string to simply string
* Add audit hmac keys as CLI flags on auth/secrets enable
* Fix copypasta mistake
* Add audit hmac keys to auth and secrets list
* Only set config values if they exist
* Fix http sys/auth tests
* More auth plugin_name test fixes
* Pass API values into MountEntry's config when creating auth/secrets mount
* Update usage wording
2018-03-09 14:32:28 -05:00
527eb418fe
approle: Use TypeCommaStringSlice for BoundCIDRList ( #4078 )
...
* Use TypeCommaStringSlice for Approle bound_cidr_list
* update docs
* Add comments in the test
2018-03-08 17:49:08 -05:00
e2fb199ce5
Non-HMAC audit values ( #4033 )
...
* Add non-hmac request keys
* Update comment
* Initial audit request keys implementation
* Add audit_non_hmac_response_keys
* Move where req.NonHMACKeys gets set
* Minor refactor
* Add params to auth tune endpoints
* Sync cache on loadCredentials
* Explicitly unset req.NonHMACKeys
* Do not error if entry is nil
* Add tests
* docs: Add params to api sections
* Refactor audit.Backend and Formatter interfaces, update audit broker methods
* Add audit_broker.go
* Fix method call params in audit backends
* Remove fields from logical.Request and logical.Response, pass keys via LogInput
* Use data.GetOk to allow unsetting existing values
* Remove debug lines
* Add test for unsetting values
* Address review feedback
* Initialize values in FormatRequest and FormatResponse using input values
* Update docs
* Use strutil.StrListContains
* Use strutil.StrListContains
2018-03-02 12:18:39 -05:00
49068a42be
Document primary_email in Okta mfa path
2018-03-02 11:54:21 -05:00
8fe24dec0a
Actually add PingID to the index of API pages
2018-03-02 11:49:48 -05:00
e4949d644b
auth/aws: Allow lists in binds ( #3907 )
...
* auth/aws: Allow lists in binds
In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
2018-03-02 11:09:14 -05:00
2646ed5e2a
update sys/capabilities docs ( #4059 )
2018-03-01 11:42:39 -05:00
5034ae2dcb
Add the ability to use multiple paths for capability checking ( #3663 )
...
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).
Fixes #3336
* Added tests
* added 'paths' field
* Update docs
* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
4b0f27923f
ssh: clarify optional behavior of cidr_list
2018-02-24 06:55:55 -05:00
a2e816321e
adding LIST for connections in database backend ( #4027 )
2018-02-22 15:27:33 -05:00
9c2ad5c4ec
Fix formatting on sys/health docs
2018-02-22 10:52:12 -05:00
a06243bf8d
Add description param on tune endpoints ( #4017 )
2018-02-21 17:18:05 -05:00
45bb1f0adc
Verify DNS SANs if PermittedDNSDomains is set ( #3982 )
...
* Verify DNS SANs if PermittedDNSDomains is set
* Use DNSNames check and not PermittedDNSDomains on leaf certificate
* Document the check
* Add RFC link
* Test for success case
* fix the parameter name
* rename the test
* remove unneeded commented code
2018-02-16 17:42:29 -05:00
f29bde0052
Support other names in SANs ( #3889 )
2018-02-16 17:19:34 -05:00
6f6b4521fa
Update website for AWS client max_retries
2018-02-16 11:13:55 -05:00
35906aaa6c
Add ChaCha20-Poly1305 support to transit ( #3975 )
2018-02-14 11:59:46 -05:00
c61ac21e6c
auth/aws: Improve role tag docs as suggested on mailing list ( #3915 )
...
Fixes the ambiguity called out in
https://groups.google.com/forum/#!msg/vault-tool/X3s7YY0An_w/yH0KFQxlBgAJ
2018-02-12 17:39:17 -05:00
6f025fe2ab
Adds the ability to bypass Okta MFA checks. ( #3944 )
...
* Adds the ability to bypass Okta MFA checks.
Unlike before, the administrator opts-in to this behavior, and is
suitably warned.
Fixes #3872
2018-02-09 17:03:49 -05:00
80ffd07b8b
added a flag to make common name optional if desired ( #3940 )
...
* added a flag to make common name optional if desired
* Cover one more case where cn can be empty
* remove skipping when empty; instead check for emptiness before calling validateNames
* Add verification before adding to DNS names to also fix #3918
2018-02-09 13:42:19 -05:00
4fbeae77ee
Update relatedtools.html.md
2018-02-08 11:15:47 -05:00
a25986391b
Add vaultenv to the list of related tools ( #3945 )
2018-02-08 10:30:45 -05:00
b9a5a35895
docs: Fix the expected type of metadata ( #3835 )
2018-01-23 16:30:15 -05:00
8e8675053b
Sync some bits over
2018-01-22 21:44:49 -05:00
dec64ecfd7
Update API endpoint references for revoke-prefix ( #3828 )
2018-01-22 18:04:43 -05:00
9c46431b80
Support JSON lists for Okta user groups+policies. ( #3801 )
...
* Support JSON lists for Okta user groups+policies.
Migrate the manually-parsed comma-separated string field types for user
groups and user policies to TypeCommaStringSlice. This means user
endpoints now accept proper lists as input for these fields in addition
to comma-separated string values. The value for reads remains a list.
Update the Okta API documentation for users and groups to reflect that
both user group and user/group policy fields are list-valued.
Update the Okta acceptance tests to cover passing a list value for the
user policy field, and require the OKTA_API_TOKEN env var to be set
(required for the "everyone" policy tests to pass).
* Fix typo, add comma-separated docs.
2018-01-16 18:20:19 -05:00
3ad372d65d
Fix minor typo in word "certificate" ( #3783 )
2018-01-15 15:52:41 -05:00
d8009bced1
Merge branch 'master-oss' into sethvargo/cli-magic
2018-01-10 11:15:49 -05:00
b242800958
Fixed the link to the section on generating DR operation token for promoting secondary. ( #3766 )
2018-01-09 10:02:09 -06:00
fd424c74ba
Docs: add DR secondary/active HTTP 472 code ( #3748 )
2018-01-03 15:07:36 -05:00
d1803098ae
Merge branch 'master-oss' into sethvargo/cli-magic
2018-01-03 14:02:31 -05:00
9c3e96b591
Update '/auth/token/revoke-self' endpoint documentation to reflect the proper response code ( #3735 )
2018-01-03 12:09:43 -05:00
39dd122663
Update docs to reflect ability to load cold CA certs to output full chains. ( #3740 )
2018-01-03 10:59:18 -05:00
c50c597b62
Spelling correction. "specifig" -> "specific" ( #3739 )
2018-01-03 10:38:55 -05:00
3c483b3e87
Spelling correction "datatabse" -> "database" ( #3738 )
2018-01-03 10:38:16 -05:00
e6d60ee551
Clarify control group APIs are enterprise only.
...
Fixes #3702
2017-12-19 11:00:02 -05:00
c4e951efb8
Add period and max_ttl to cert role creation ( #3642 )
2017-12-18 15:29:45 -05:00
cf3e284396
Use Custom Cert Extensions as Cert Auth Constraint ( #3634 )
2017-12-18 12:53:44 -05:00
77a7c52392
Merge branch 'master' into f-nomad
2017-12-18 12:23:39 -05:00
98e04c42d3
Correct documentation for Kubernetes Auth Plugin ( #3708 )
2017-12-18 12:12:08 -05:00
446b87ee0e
added the missing nonce and type fields ( #3694 )
2017-12-17 16:26:07 -05:00
f6bed8b925
fixing up config to allow environment vars supported by api client
2017-12-17 09:10:56 -05:00
c71f596fbd
address some feedback
2017-12-15 17:06:56 -05:00
b478ba8bac
Merge branch 'master' into f-nomad
2017-12-14 16:44:28 -05:00
15b3d8738e
Transit: backup/restore ( #3637 )
2017-12-14 12:51:50 -05:00
3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice ( #3621 )
2017-12-11 13:13:35 -05:00
0ee55dde52
Remove duplicate link in ToC ( #3671 )
2017-12-11 12:52:58 -05:00
b5d21ebdae
Cross reference pki/cert in a few places.
2017-12-11 11:10:28 -05:00
2aa576149c
Small typo relating to no_store in pki secret backend ( #3662 )
...
* Removed typo :)
* Corrected typo in the website related to no_store
2017-12-07 10:40:21 -05:00
41f03b466a
Support MongoDB session-wide write concern ( #3646 )
...
* Initial work on write concern support, set for the lifetime of the session
* Add base64 encoded value support, include docs and tests
* Handle error from json.Unmarshal, fix test and docs
* Remove writeConcern struct, move JSON unmarshal to Initialize
* Return error on empty mapping of write_concern into mgo.Safe struct
2017-12-05 15:31:01 -05:00
892a0cb5e0
Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key ( #3632 )
2017-12-04 12:12:58 -05:00
5a9d8c60ac
Docs: Update /sys/policies/ re: beta refs to address #3624 ( #3629 )
2017-12-04 12:10:26 -05:00
f762d0615e
Remove beta notice
2017-12-04 08:25:16 -08:00
fd2464c410
Fix spelling ( #3609 )
...
changed "aomma" to "comma"
2017-12-04 10:53:58 -05:00
605efa37e9
update relatedtools, add Goldfish UI. ( #3597 )
...
Add link to Goldfish a web UI for Vault.
2017-12-04 10:51:16 -05:00
ff2c8d4865
Fix docs for Transit API ( #3588 )
2017-12-04 10:34:05 -05:00
d81a39ab99
Update cassandra docs with consistency value.
...
Fixes #3361
2017-12-02 14:18:23 -05:00
7b14f41872
Fix docs up to current standards
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 16:53:42 +00:00
b3799697a2
Rename policy into policies
2017-11-29 16:31:17 +00:00
a6d3119e3e
Pull master into f-nomad
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:56:37 +00:00
5f02a64206
docs: encryption/decryption now supports asymmetric keys ( #3599 )
2017-11-21 12:25:28 -05:00
00dfc1c4de
Docs: Remove 'none' as algorithm options ( #3587 )
2017-11-15 09:09:45 -05:00
85a5a75835
Add token_reviewer_jwt to the kubernetes docs ( #3586 )
2017-11-14 13:27:09 -08:00
b3a7d8ecf3
adding licensing docs ( #3585 )
2017-11-14 16:15:09 -05:00
8fedef3d99
Docs change for Policy API ( #3584 )
...
vault 0.9.0 deprecated the term `rules` in favor of the
term `policy` in several of the /sys/policy APIs.
The expected return state of 200 SUCCESS_NO_DATA only happens
if the `policy` term is used. A response including the
deprecation notice and a 204 SUCCESS_WITH_DATA status code
is returned when `rules` is applied.
2017-11-14 14:26:26 -05:00
7ac167f8a4
Sync docs
2017-11-14 06:13:11 -05:00
5d976794d4
API refactoring and doc updates ( #3577 )
...
* Doc updates and API refactoring
* fix tests
* change metadata fieldtype to TypeKVPairs
* Give example for TypeKVPairs in CLI for metadata
* Update API docs examples to reflect the native expected value for TypeKVPairs
* Don't mention comma separation in the docs for TypeCommaStringSlice
* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias
* Address review feedback
* Fix formatting
* fix sidebar links
2017-11-13 20:59:42 -05:00
645c068011
transit doc update ( #3564 )
2017-11-09 16:17:54 -05:00
b7deec2bec
Add docs for /sys/rekey-recovery-key ( #3520 )
2017-11-08 14:22:30 -05:00
01ff6293e0
Doc fix for Create/Update Token API ( #3548 )
...
`orphan` is intended to be default to False. Docs indicate this
is default to True. Simple change to update the docs only.
2017-11-07 18:06:44 -05:00
2c8cd19e14
auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive ( #3291 )
2017-11-06 17:12:07 -05:00
de8c0dce99
minor cleanup
2017-11-06 16:34:20 -05:00
57c9afa357
added AWS enpoint handling ( #3416 )
2017-11-06 13:31:38 -05:00
d7305a4681
Add note on support for using rec keys on /sys/rekey ( #3517 )
2017-11-06 12:18:15 -05:00
17310654a1
Add PKCS8 marshaling to PKI ( #3518 )
2017-11-06 12:05:07 -05:00
5a317a1a32
Updated documentation
2017-11-06 15:13:50 +00:00
93917743df
Update SSH list roles docs ( #3536 )
2017-11-03 18:00:46 -04:00
e4e4a7ba67
Capabilities responds considering policies on entities and groups ( #3522 )
...
* Capabilities endpoint will now return considering policies on entities and groups
* refactor the policy derivation into a separate function
* Docs: Update docs to reflect the change in capabilities endpoint
2017-11-03 11:20:10 -04:00
06923430cc
docs: s/persona/alias ( #3529 )
2017-11-03 11:17:59 -04:00
52df62d4ff
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend ( #3489 )
...
* encrypt/decrypt/sign/verify RSA
* update path-help and doc
* Fix the bug which was breaking convergent encryption
* support both 2048 and 4096
* update doc to contain both 2048 and 4096
* Add test for encrypt, decrypt and rotate on RSA keys
* Support exporting RSA keys
* Add sign and verify test steps
* Remove 'RSA' from PEM header
* use the default salt length
* Add 'RSA' to PEM header since openssl is expecting that
* export rsa keys as signing-key as well
* Comment the reasoning behind the PEM headers
* remove comment
* update comment
* Parameterize hashing for RSA signing and verification
* Added test steps to check hash algo choice for RSA sign/verify
* fix test by using 'prehashed'
2017-11-03 10:45:53 -04:00
a7acc23034
docs: Add config/ca delete operation ( #3525 )
2017-11-03 06:19:21 -04:00
d540985926
Unifying Storage and API path in role
2017-10-31 21:06:10 +00:00
963f516ac9
Fix C&P in docs.
...
Fixes #3454
2017-10-27 16:43:26 -04:00
5ff1485a3e
Correct typos in the sys/raw documentation ( #3484 )
2017-10-24 10:33:57 -04:00
83b1eb900a
More naming cleanup
2017-10-24 09:35:03 -04:00
7463ba73a5
Oops typo
2017-10-24 09:34:30 -04:00
926ca5c125
Update k8s documentation
2017-10-24 09:34:12 -04:00
51a27b758b
Resolve the most painful merge conflict known on earth
2017-10-24 09:34:12 -04:00
2982fdf7ca
Remove ?list examples
...
They are documented in the overall API section, but people should get used to seeing LIST as a verb
2017-10-24 09:32:15 -04:00
c5665920f6
Standardize on "auth method"
...
This removes all references I could find to:
- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend
in favor of the unified:
- auth method
2017-10-24 09:32:15 -04:00
0afff80b5e
Document mount types/values
2017-10-24 09:28:05 -04:00
e4065e33d2
copying general purpose tools from transit backend to /sys/tools ( #3391 )
2017-10-20 10:59:17 -04:00
6c6e2a3baa
Correct typo: DELET to DELETE ( #3452 )
2017-10-13 10:11:04 -04:00
af24163abd
Implement signing of pre-hashed data ( #3448 )
...
Transit backend sign and verify endpoints now support algorithm=none
2017-10-11 11:48:51 -04:00
a2808db1af
Fix docs ( #3449 )
2017-10-11 11:29:26 -04:00
d5decccbfe
Update index.html.md ( #3433 )
...
Fixed typo in json property used to create custom secret_id
2017-10-11 09:25:43 -04:00
cbe41b590f
add GCP APIs that need to be enabled to GCP auth docs, small doc fixes ( #3446 )
2017-10-11 09:18:32 -04:00
d7bb311db3
A few simple fixes for the Github API docs ( #3432 )
2017-10-06 06:13:47 -04:00
974332c2c5
upgrade ldap api docs to refrect 0.8.3 change to returned json of policies ( #3421 )
2017-10-04 15:40:28 -04:00
e3ce60eb1f
Allow entering PKI URLs as arrays. ( #3409 )
...
Fixes #3407
2017-10-03 16:13:57 -04:00
b207b76f14
Updated API Docs with the Global Token Parameter
2017-09-29 11:23:47 +01:00
f56e191020
Fix spelling errors ( #3390 )
2017-09-28 07:54:40 -04:00
43540e9c32
Fix grammatical error ( #3395 )
...
Also changed capitalization for consistency.
2017-09-28 06:28:48 -04:00
b1db3765ca
Kubernetes Docs Update ( #3386 )
...
* Update Kubnernetes Docs
* Add a note about alpha clusters on GKE
* Fix JSON formatting
* Update kubernetes.html.md
* Fix a few review comments
2017-09-27 14:02:18 -07:00
abcf4b3bb2
docs: Added certificate deletion operation API ( #3385 )
2017-09-26 20:28:52 -04:00
2b4561dccb
Adding Nomad Secret Backend API documentation
2017-09-21 09:18:35 -05:00
9b0d594d02
Kubernetes auth ( #3350 )
...
* Import the kubernetes credential backend
* Add kubernetes docs
* Escape * characters
* Revert "Import the kubernetes credential backend"
This reverts commit f12627a9427bcde7e73cea41dea19d0922f94789.
* Update the vendored directory
2017-09-19 09:27:26 -05:00
d4a5362835
Clarify backup data that is being stored ( #3345 )
2017-09-19 07:44:34 -05:00
ed3d75d0b1
Add GCE docs for GCP Auth Backend ( #3341 )
2017-09-19 07:44:05 -05:00
2abddb248e
Fix a few quirks in the GCP auth backend's docs. ( #3322 )
2017-09-19 07:41:41 -05:00
8529972bfb
Updated https://www.vaultproject.io/api/system/replication-dr.html#generate-dr-secondary-token to be a POST rather than GET. This was reported by a customer and I confirmed that this should be a logical.UpdateOperation rather than ReadOperation ( 24f2b961fd/vault/replication_api.go (L121)). ( #3342 )
2017-09-15 16:19:16 -04:00
1029ad3b33
Rename "generic" secret backend to "kv" ( #3292 )
2017-09-15 09:02:29 -04:00
a2d2f1a543
Adding support for base_url for Okta api ( #3316 )
...
* Adding support for base_url for Okta api
* addressing feedback suggestions, bringing back optional group query
* updating docs
* cleaning up the login method
* clear out production flag if base_url is set
* docs updates
* docs updates
2017-09-15 00:27:45 -04:00
9d73c81f38
Disable the `sys/raw` endpoint by default ( #3329 )
...
* disable raw endpoint by default
* adding docs
* config option raw -> raw_storage_endpoint
* docs updates
* adding listing on raw endpoint
* reworking tests for enabled raw endpoints
* root protecting base raw endpoint
2017-09-15 00:21:35 -04:00
2c640950e0
Fixed docs to reflect correct HTTP method for /sys/config/auditing endpoing ( #3331 )
...
Updated documentation to reflect "Read Single Audit Request Header" endpoint is GET-based.
2017-09-13 11:59:27 -07:00
cb6ac1e926
Change behavior of TTL in sign-intermediate ( #3325 )
...
* Fix using wrong public key in sign-self-issued
* Change behavior of TTL in sign-intermediate
This allows signing CA certs with an expiration past the signer's
NotAfter.
It also change sign-self-issued to replace the Issuer, since it's
potentially RFC legal but stacks won't validate it.
Ref: https://groups.google.com/d/msg/vault-tool/giP69-n2o20/FfhRpW1vAQAJ
2017-09-13 11:42:45 -04:00
cfa74e6a95
remove token header from login samples ( #3320 )
2017-09-11 18:14:05 -04:00
12cde76112
fix: add missing comma to payload ( #3308 )
2017-09-11 12:03:43 -04:00
c747caac2a
Fix cassandra tests, explicitly set cluster port if provided ( #3296 )
...
* Fix cassandra tests, explicitly set cluster port if provided
* Update cassandra.yml test-fixture
* Add port as part of the config option, fix tests
* Remove hostport splitting in cassandraConnectionProducer.createSession
* Include port in API docs
2017-09-07 23:04:40 -04:00
567f2ce1f1
Fix docs for Certificate authentication ( #3301 )
...
Fix discrepencies in the documentation for TLS Certificate
authentication. The Delete CRL method has a misleading title and
description.
2017-09-07 10:28:14 -04:00
25976b340e
Fixed small typo in RabbitMQ secret backend. ( #3300 )
...
Fixed `name` param for the Delete Role API in the RabbitMQ secret backend.
2017-09-07 10:00:32 -04:00
44bf03e3b6
Fix compile after dep update
2017-09-05 18:18:34 -04:00
e85e22b00e
Fixing the response sample for reading a plugin ( #3278 )
...
The plugin config data properties are returned immediately within the response's `data` object.
2017-09-01 08:34:54 -04:00
abb2ab2918
Add pki/root/sign-self-issued. ( #3274 )
...
* Add pki/root/sign-self-issued.
This is useful for root CA rolling, and is also suitably dangerous.
Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.
* Add tests
2017-08-31 23:07:15 -04:00
6f417d39da
Normalize plugin_name option for mount and enable-auth ( #3202 )
2017-08-31 12:16:59 -04:00
194491759d
Updating Okta lib for credential backend ( #3245 )
...
* migrating to chrismalek/oktasdk-go Okta library
* updating path docs
* updating bool reference from config
2017-08-30 22:37:21 -04:00
caf90f58d8
auth/aws: Allow wildcard in bound_iam_principal_id ( #3213 )
2017-08-30 17:51:48 -04:00
21a15204bd
Fix API/AUTH/AppRole doc issue concerning bound_cidr_list ( #3205 )
...
This patch fixes a little documentation issue.
bind_cidr_list doesn't exist as parameter to AppRole creation. It should be "bound_cidr_list".
In "path-help" it is documented correctly.
2017-08-29 12:37:20 -04:00
525c124d69
Add missing code ending to Sample Payload ( #3239 )
2017-08-25 12:34:12 -04:00
d88aefc64f
Fix typo ( #3237 )
2017-08-25 09:51:33 -04:00
bf9658ec61
fix docs formatting
2017-08-24 11:23:26 -04:00
27598ce960
Add GET variant on LIST endpoints ( #3232 )
2017-08-23 17:59:22 -04:00
da19d2941f
add new php client to the doc ( #3206 )
2017-08-21 13:07:03 -04:00
ba98b60e41
Fix typo in AppRole API page ( #3207 )
2017-08-18 10:46:29 -04:00
411419cbf8
plugins/backend/reload -> plugins/reload/backend ( #3186 )
2017-08-16 12:40:38 -04:00
ae75e39c44
Fix plugin docs ( #3185 )
...
* Fix plugin docs
* Add plugin_name to auth endpoint
2017-08-16 12:36:46 -04:00
4dc55474e6
Remove erroneous flag from hmac docs
2017-08-16 11:27:39 -04:00
c34a5b2e93
* Add ability to specify a plugin dir in dev mode ( #3184 )
...
* Change (with backwards compatibility) sha_256 to sha256 for plugin
registration
2017-08-16 11:17:50 -04:00
31a994e452
Initial GCP auth backend documentation ( #3167 )
2017-08-15 22:03:04 -04:00
0c2c078e48
Add PingID MFA docs ( #3182 )
2017-08-15 22:01:34 -04:00
89b81bcb4c
Oracle plugin docs ( #3131 )
...
* Add oracle database docs
* Add oracle database docs
* Fix commas in json output
* Update oracle.html.md
2017-08-15 17:24:01 -07:00
340fe4e609
Add permitted dns domains to pki ( #3164 )
2017-08-15 16:10:36 -04:00
e4eb6e9020
Make PKI root generation idempotent-ish and add delete endpoint. ( #3165 )
2017-08-15 14:00:40 -04:00
d25bc60feb
Update libraries ( #3160 )
...
* Remove vault-java which has better alternatives.
* Add ansible-vault, a zero dependency
[lookup-plugin](http://docs.ansible.com/ansible/latest/playbooks_lookups.html ) for ansible
2017-08-14 20:28:11 -04:00
09d0a894d7
docs: Fix the default value for 'generate_signing_key'
2017-08-14 12:39:11 -04:00
1b6991c8f3
Removed unused parameter from docs ( #3152 )
...
According to #3116 , it seems like this parameter isn't used. I couldn't trigger any differences by playing around with transit signing function, and could not find anything in the source code that actually parses this param. Presumably, it is unused?
2017-08-11 20:57:06 -04:00
d477b9455e
Fix broken url in replication performance docs
2017-08-11 16:03:05 -04:00
e3e5be4617
API Docs updates ( #3135 )
2017-08-09 11:22:19 -04:00
9410ec2c6d
docs: API docs for TOTP, Okta and Duo MFA ( #3129 )
...
* docs: API docs for TOTP, Okta and Duo MFA
* docs: List types in the MFA main page
2017-08-08 20:20:37 -04:00
95af5bf6c7
Add plugin backends docs ( #3125 )
...
* Add docs on plugins/backend/reload, add plugin backend guide
* Fix docs headers
* Fix API endpoint description
* Update plugin guide and internals pages
2017-08-08 12:39:19 -04:00
191d48f848
API Docs updates ( #3101 )
2017-08-08 12:28:17 -04:00
53ef0156da
update dr replication docs with the promotion response ( #3124 )
2017-08-07 09:59:46 -05:00
ad1d74cae0
Set allowed headers via API instead of defaulting to wildcard. ( #3023 )
2017-08-07 10:03:30 -04:00
3fb75beb59
Fix formatting in mfa docs ( #3122 )
2017-08-07 09:55:17 -04:00
26ee120ca4
docs: MFA API ( #3109 )
2017-08-03 23:32:22 -04:00
db9d9e6415
Store original request path in WrapInfo ( #3100 )
...
* Store original request path in WrapInfo as CreationPath
* Add wrapping_token_creation_path to CLI output
* Add CreationPath to AuditResponseWrapInfo
* Fix tests
* Add and fix tests, update API docs with new sample responses
2017-08-02 18:28:58 -04:00
4885b3e502
Use RemoteCredProvider instead of EC2RoleProvider ( #2983 )
2017-07-31 18:27:16 -04:00
d0f329e124
Add leader cluster address to status/leader output. ( #3061 )
...
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.
Fixes #3042
2017-07-31 18:25:27 -04:00
Becca Petrin