* Fix formatting of the Vault Agent docs
* Fix up the param definitions with <code> rather than <tt>
* Use <code> only where there is a link embedded, otherwise ticks
* raft: use file paths for TLS info in the retry_join stanza
* raft: maintain backward compat for existing tls params
* docs: update raft docs with new file-based TLS params
* Update godoc comment, fix docs
* Adds a summary to the top of each plugin's page showing the capabilities that the plugin has.
* Fixed sidebar sorting (they weren't quite alpabetical)
* Improved instructions for using the Oracle plugin
* Added note about using the pluggable database rather than the container database
* Replaced admin/root usernames with super-user ones to encourage users to not use the root user in Vault
* Included suggestions to rotate the root user's password when the plugin is capable
* Improve documentation around rotating the root user's password
* Fixed various typos
* raft: check for nil on concrete type in SetupCluster
* raft: move check to its own func
* raft: func cleanup
* raft: disallow disable_clustering = true when raft storage is used
* docs: update disable_clustering to mention new behavior
* add aws auth info to upgrade guide
* elaborate on who is effected and add more versions
* use partials for repeated doc text
* add new pages to side nav
* fixed some grammar issue
The sentence did read clearly so I added a change to make it read a little cleaner
* Update website/pages/docs/secrets/index.mdx
Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
* Updates the k8s helm platform docs
- Updates to talk about the external mode
- Updates the helm install overview to show that the releases can also
be the way to install
- Rewrites the how-to to include showing how to start in each mode
- Each mode that has a guide links off to a guide
- Re-organizes the Unseal and Init to a section and places all the
various other unseals underneath it
- Moves updating below the unseal and init
- Shows some basic usage of the helm CLI with a value and file override
* Adds learn links for k8s index pages
* Adds helm dev and external vault examples
While the dev one may seem obvious I think that it's incredibly useful
to cover our bases if this is to be reference documentation. I thought
maybe the example could have ingress support for UI but do not have the
experience to recommend it.
* Adds helm docs example dev and external
- places the development first as it feels like the starting point for
some.
- places the external after HA
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
* Remove the versus section on the website.
We don't keep it maintained, it's very out of date, and we don't really
like comparing ourselves to other software anyways; it's not fair to
describe other software or solutions in ways that may not align with
how they want to be described.
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
* Pin HTTP Host header for all client requests
* Drop port map scheme
* Add SRV Lookup environment var
* Lookup SRV records only when env var is specified
* Add docs
Co-Authored-By: Michel Vocks <michelvocks@gmail.com>
Updated docs for vault-helm 0.4.0 configuration changes, and helm 3
support (dropping helm 2). Also some spelling changes, and shortened
page titles for the k8s helm examples.
* RSA3072 implementation in transit secrets engine
* moved new KeyType at the end of the list
So already stored keys still work properly
Co-authored-by: Jim Kalafut <jim@kalafut.net>
* adding support for TLS 1.3 for TCP listeners
* removed test as CI uses go 1.12
* removed Cassandra support, added deprecation notice
* re-added TestTCPListener_tls13
* rename UseAutoAuthForce to ForceAutoAuth, because I think it reads better
* Document 'ForceAuthAuthToken' option for Agent Cache
* Update website/pages/docs/agent/caching/index.mdx
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* Add additional tests around use_auto_auth=force and add documentation
* remove note, it's no longer correct
Co-authored-by: Jim Kalafut <jim@kalafut.net>
* Guard against using Raft as a seperate HA Storage
* Document that Raft cannot be used as a seperate ha_storage backend at this time
* remove duplicate imports from updating with master
* Mark deprecated plugins as deprecated
* Add redaction capability to database plugins
* Add x509 client auth
* Update vendored files
* Add integration test for x509 client auth
* Remove redaction logic pending further discussion
* Update vendored files
* Minor updates from code review
* Updated docs with x509 client auth
* Roles are required
* Disable x509 test because it doesn't work in CircleCI
* Add timeouts for container lifetime
* Fix typos
* Update Oracle DB secrets docs to show support for Static Roles
* Add warning about username case sensitivity
* Remove warning about casing
* Fix typo
Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>
Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
* Adding a new replication metric (WAL GC counter)
Adding a new line about the vault.replication.wal.gc metric
* Update website/pages/docs/internals/telemetry.mdx
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
* Add specification about AWS IAM Unique Identifiers
We experienced an issue where IAM roles resources were re-provisioned with the same ARNs and no change had been made to our vault role configuration but users lost access with `-method=aws`. It wasn't immediately clear to us how IAM Unique Identifiers where being used to avoid the same situations outlined in the AWS documentation. We eventually concluded that re-provisioning the roles in our auth/aws/auth would fetch the new IAM Unique Identifiers.
I hope that this small amendment helps people avoid this problem in the future.
Upgrade to new official Okta sdk lib. Since it requires an API token, use old unofficial okta lib for no-apitoken case.
Update test to use newer field names. Remove obsolete test invalidated by #4798. Properly handle case where an error was expected and didn't occur.
* Improve standalone with TLS example
- Documented creating a key & cert for serving Vault endpoints
- Removed unneeded configuration in custom values.yaml
- Updated examples to 1.3.0
* Add 127.0.0.1 to CSR
* Grammar & minor formatting
* Add additional DNS entry for CSR
* Split examples into individual pages
* Add Kubernetes Auth Method example
* Remove old examples file
* Fix rebase fail
* Remove global section of yaml files that aren't needed
* Fix minor typos
* Fix typos that didn't get carried over from previous PR
* Re-copy from previous examples file to resolve rebase issues
* update dependencies
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
* add secrets/postgresql redirect
* change name of old path
* ensure deprecated pages are not indexed by search engines
* remove deprecated page from navigation
* Improve standalone with TLS example
- Documented creating a key & cert for serving Vault endpoints
- Removed unneeded configuration in custom values.yaml
- Updated examples to 1.3.0
* Add 127.0.0.1 to CSR
* Grammar & minor formatting
* Add additional DNS entry for CSR
* Fix typos, formatting, and other minor issues
* Use correct header depth for Helm Configuration
Co-Authored-By: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>