If a CSR contains a SAN of type otherName, encoded in UTF-8, and the signing role specifies use_csr_sans, the otherName SAN will be included in the signed cert's SAN extension.
Allow single star in allowed_other_sans to match any OtherName. Update documentation to clarify globbing behaviour.
Continues https://github.com/hashicorp/vault/pull/6459 and cleans up
some spots that should have been deleted, but due to markdown
formatting, weren't rendering anyway.
> Remove response code info from non-overview API docs as it can be
> misinterpreted and is always the same anyways.
* Update parameter names to match URL placeholders
* Fix incorrect parameter quoting
Without the separated quoting, the entire `ec2_alias (string: "role_id")` string becomes an anchor link.
* Fix default value for userattr
vault/sdk/helper/ldaputil/config.go shows userattr has a default value of "cn"
* Fix default value for url
Documentation says it's required, but vault/sdk/helper/ldaputil/config.go shows that url has a default value.
* Fix default value for url
Documentation says it's required, but vault/sdk/helper/ldaputil/config.go shows that url has a default value.
* website: various updates
* Expose /docs and /intro views using documentation-style
layout for index pages
* Add [Use Case] Secrets Management page
* Add [Use Case] Data Encryption page
* Add [Use Case] Identity Based Access page
* Update redirects file removing `/intro` routes redirecting to
`learn.hashicorp`
* Hide MegaNav on mobile
* website: route /api straight to documentation
* Bybass index page and jump straight to content
The example request for "Generate Intermediate" was type "internal", but the example response contained the private key, which "internal" doesn't do. This patch fixes the example request to be type "exported" to match the example response.
This typo is related to https://github.com/hashicorp/vault/issues/7603 . The typo was causing issues with getting this working correctly when following the guide. I imagine any other newbie to this plugin will have the same struggle. I had to delve into the source code to figure it out
* document the require_request_header option in Agent
* document the require_request_header option in Agent
* document the require_request_header option in Agent
* document the require_request_header option in Agent
* minor tweaks to docs
Currently whenever we start a new C* session in the database plugin, we
run `LIST ALL` to determine whether we are a superuser, or otherwise
have permissions on roles. This is a fairly sensible way of checking
this, except it can be really slow when you have a lot of roles (C*
isn't so good at listing things). It's also really intensive to C* and
leads to a lot of data transfer. We've seen timeout issues when doing
this query, and can of course raise the timeout, but we'd probably
prefer to be able to switch it off.
* secrets/aws: Support permissions boundaries on iam_user creds
This allows configuring Vault to attach a permissions boundary policy to
IAM users that it creates, configured on a per-Vault-role basis.
* Fix indentation of policy in docs
Use spaces instead of tabs
Fixed malformed json example (removed extra comma). Here's the payload parse error I was running into with the example.
```
{
"rotation_period":"12h",
"verification_ttl":43200,
}
```
Vault does not like this JSON.
```
curl -s \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload-2.json \
http://127.0.0.1:8200/v1/identity/oidc/key/named-key-001 | jq
{
"errors": [
"failed to parse JSON input: invalid character '}' looking for beginning of object key string"
]
}
```
Vaulted is no longer maintained according to the readme.
https://github.com/chiefy/vaulted#vaulted
"No Longer Being Maintained Use node-vault for future support of Vault features!"
