Jeff Mitchell
888e833aae
Remove old text from upgrade notes, as changes were made
2016-09-13 11:51:46 -04:00
sashman
c01bf6cb1b
Update libraries.html.md ( #1879 )
2016-09-13 09:23:46 -04:00
AJ Bourg
b524e43f15
Small change: Fix permission vault requires.
...
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
2016-09-12 14:38:10 -06:00
Raja Nadar
d8b1ab05dd
doc: change invalid otp response code to 400 ( #1863 )
...
invalid otp response code is 400 bad request.
2016-09-08 11:13:13 -04:00
Raja Nadar
b06167c748
doc: fixing field name to security_token ( #1850 )
...
response field is security_token, not secret_token.
2016-09-03 22:40:57 -04:00
vishalnayak
5bd665a842
Update atlas listener factory to use version with pre-release info.
2016-09-01 17:21:11 -04:00
vishalnayak
9c78c58948
Remove the string 'Vault' from version information
2016-09-01 14:54:04 -04:00
Raja Nadar
7bd0edee4b
doc: add keys_base64 to response json ( #1824 )
...
add the missing fields in json response for initializing vault.
keys_base64
2016-09-01 09:40:40 -04:00
Raja Nadar
f6cfc1c7ad
doc: add missing version and cluster fields ( #1826 )
...
adding the missing "version" field in json response.
also adding a new response when the unseal completes, and 2 more fields are returned. (cluster..)
2016-09-01 09:39:26 -04:00
Raja Nadar
97e5a02692
doc: add missing token field to generate-root apis ( #1828 )
...
the response is missing the encoded token field for a couple of apis.
2016-09-01 09:39:00 -04:00
Andrew Backhouse
2f35789e71
Update index.html.md ( #1819 )
...
Corrected a minor spelling error.
2016-08-31 10:02:43 -04:00
Jeff Mitchell
222adbdb61
Fix headers in aws-ec2 doc.
2016-08-30 11:53:21 -04:00
Jeff Mitchell
93b5b2a2c0
Update website with POST STS path
2016-08-30 10:37:55 -04:00
Raja Nadar
1ae71ce7db
add missing field keys_base64 to rekey operation
...
fixing the json response blob in the documentation
2016-08-28 17:38:10 -07:00
Jeff Mitchell
d9c46aadc2
update docs
2016-08-26 17:52:42 -04:00
Jeff Mitchell
2f5876dfe9
Use key derivation for convergent nonce. ( #1794 )
...
Use key derivation for convergent nonce.
Fixes #1792
2016-08-26 14:11:03 -04:00
Jeff Mitchell
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
Jeff Mitchell
aa5daadd67
Don't duplicate building info
2016-08-25 13:00:26 -04:00
Jeff Mitchell
9fee9ce8ff
Don't allow tokens in paths. ( #1783 )
2016-08-24 15:59:43 -04:00
Adam Greene
66d3117cad
fix aws-ec2 formatting around ttl ( #1770 )
2016-08-23 16:07:57 -04:00
Karl Falconer
6cbae1388e
[Documentation] AppRole /login is unauthenticated ( #1771 )
2016-08-23 16:03:36 -04:00
Jeff Mitchell
c64dba556c
Swap push/pull.
2016-08-22 19:34:53 -04:00
Eric Peterson
6db65c317e
Fix grammar ( #1759 )
2016-08-22 12:17:48 -04:00
Eric Peterson
9bd1a95850
Fix spelling ( #1758 )
2016-08-22 11:56:37 -04:00
S
7395fb02bc
Update tokens.html.md
...
Bullet points at the end were off (probably due to some line wrapping settings somewhere)
2016-08-22 10:47:11 -04:00
Jeff Mitchell
3320aeb4f6
Update upgrade guide
2016-08-22 09:33:36 -04:00
vishalnayak
dfe73733d5
Seperate endpoints for read/delete using secret-id and accessor
2016-08-21 14:42:49 -04:00
Jeff Mitchell
865ca94032
Initial fixups, not yet done
2016-08-20 22:39:41 -04:00
Jeff Mitchell
0029559ab0
Update location of LDAP docs in upgrade guide.
...
Fixes #1656
2016-08-19 10:31:31 -04:00
Jeff Mitchell
c349e697f5
Change uninit/sealed status codes from health endpoint
2016-08-18 12:10:23 -04:00
Martin Forssen
a617ff0f93
Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role>
...
This parameter was not documented
2016-08-18 13:16:58 +02:00
Brian Shumate
a941dbdd76
Add a bit of clarification
2016-08-17 16:07:30 -04:00
Jeff Mitchell
734e80ca56
Add permit pool to dynamodb
2016-08-15 19:45:06 -04:00
Matt Hurne
56252fb637
AppRole documentation tweaks ( #1735 )
...
* Fix spelling error in AppRole docs
* Add force flag to sample command to generate a secret ID in AppRole docs
* Update sample output for AppRole login in docs
2016-08-15 16:12:08 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell
7497b37280
Completely revamp token documentation
2016-08-13 17:05:31 -04:00
Jeff Mitchell
d2124486ef
Merge pull request #1702 from hashicorp/renew-post-body
...
Add ability to specify renew lease ID in POST body.
2016-08-08 20:01:25 -04:00
Jeff Mitchell
ab71b981ad
Add ability to specify renew lease ID in POST body.
2016-08-08 18:00:44 -04:00
Jeff Mitchell
4f0310ed96
Don't allow root from authentication backends either.
...
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
2016-08-08 17:32:37 -04:00
Jeff Mitchell
be39df9887
Update upgrade docs
2016-08-08 16:44:13 -04:00
Jeff Mitchell
606ba64e23
Remove context-as-nonce, add docs, and properly support datakey
2016-08-07 15:53:40 -04:00
Jeff Mitchell
21e39bfea6
Remove erroneous information about some endpoints being root-protected
2016-08-04 16:08:54 -04:00
Cameron Stokes
0b60375952
~secret/aws: env variable and IAM role usage
2016-08-04 13:02:07 -07:00
Jeff Mitchell
1b0c9afc43
Update DB docs with new SQL specification options
2016-08-03 15:45:56 -04:00
vishalnayak
4f45910dfc
disallowed_policies doc update
2016-08-02 16:33:22 -04:00
Jeff Mitchell
b4386032db
Fix up some wording
2016-08-02 16:25:00 -04:00
vishalnayak
75c51378ce
Updated token auth docs with disallowed_policies
2016-08-02 15:33:03 -04:00
Jeff Mitchell
9902891c81
Alphabetize token store docs
2016-08-01 13:37:12 -04:00
Jeff Mitchell
357f2d972f
Add some extra safety checking in accessor listing and update website
...
docs.
2016-08-01 13:12:06 -04:00
Chris Hoffman
c1c35880da
Missing prefix on roles list
2016-07-29 11:31:26 -04:00
Jan Dudulski
1e46b1cef0
Update revoke-prefix path in doc
...
Minor update to make doc up to date with v0.6
2016-07-29 12:17:24 +02:00
Chris Hoffman
2930f2ca39
Preferred method is AppRole since AppId is now deprecated
2016-07-28 14:32:20 -04:00
Vishal Nayak
358b13d2b4
Merge pull request #1660 from TerryHowe/ansible-module-hashivault
...
Add note about Ansible module in docs
2016-07-27 13:56:41 -04:00
Adam Greene
da8ff50143
documentation cleanup
2016-07-27 10:43:59 -07:00
Terry Howe
da49a7993e
Add note about Ansible module in docs
2016-07-27 10:34:13 -06:00
Laura Bennett
4d9c909ae4
Merge pull request #1650 from hashicorp/request-uuid
...
Added unique identifier to each request. Closes hashicorp/vault#1617
2016-07-27 09:40:48 -04:00
Vishal Nayak
c7bcaa5bb6
Merge pull request #1655 from hashicorp/cluster-id
...
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
vishalnayak
669bbdfa48
Address review feedback from @jefferai
2016-07-26 14:05:27 -04:00
Jeff Mitchell
6e63af6ad0
Add deprecation notices for App ID
2016-07-26 10:08:46 -04:00
Jeff Mitchell
cdb0f78960
Add app-id deprecation to upgrade notes
2016-07-26 10:04:08 -04:00
vishalnayak
a6907769b0
AppRole authentication backend
2016-07-26 09:32:41 -04:00
Jeff Mitchell
3002799c26
Add upgrade notes for LDAP
2016-07-25 09:07:52 -04:00
Laura Bennett
483e796177
website update for request uuuid
2016-07-24 21:23:12 -04:00
Oren Shomron
cd6d114e42
LDAP Auth Backend Overhaul
...
--------------------------
Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.
Simplified group membership lookup significantly to support multiple use-cases:
* Enumerating groups via memberOf attribute on user object
* Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
* Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule
There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.
Additional changes:
* Clarify documentation for LDAP auth backend.
* Reworked how default values are set, added tests
* Removed Dial from LDAP config read. Network should not affect configuration.
2016-07-22 21:20:05 -04:00
Vishal Nayak
38d8ff33d5
Merge pull request #1647 from hashicorp/version-in-api
...
Add version information to health status
2016-07-22 18:34:33 -04:00
vishalnayak
a92da37351
Updated sys/health docs
2016-07-22 18:33:29 -04:00
matt maier
6519c224ac
Circonus integration for telemetry metrics
2016-07-22 15:49:23 -04:00
vishalnayak
765d131b47
Added service-tags config option to provide additional tags to registered service
2016-07-22 04:41:48 -04:00
Laura Bennett
559b0a5006
Merge pull request #1635 from hashicorp/mysql-idle-conns
...
Added maximum idle connections to mysql to close hashicorp/vault#1616
2016-07-20 15:31:37 -04:00
Laura Bennett
422dcc8f25
minor formatting edits
2016-07-20 14:42:52 -04:00
Jeff Mitchell
f2b6569b0b
Merge pull request #1604 from memory/mysql-displayname-2
...
concat role name and token displayname to form mysql username
2016-07-20 14:02:17 -04:00
Nathan J. Mehl
ea294f1d27
use both role name and token display name to form mysql username
2016-07-20 10:17:00 -07:00
Laura Bennett
dba466f50e
update documentation for idle connections
2016-07-20 12:50:07 -04:00
Nathan J. Mehl
0483457ad2
respond to feedback from @vishalnayak
...
- split out usernameLength and displaynameLength truncation values,
as they are different things
- fetch username and displayname lengths from the role, not from
the request parameters
- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Matt Hurne
11a3cb67d0
mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease
2016-07-19 12:46:54 -04:00
Matt Hurne
75a5fbd8fe
Merge branch 'master' into mongodb-secret-backend
2016-07-19 10:38:45 -04:00
Jeff Mitchell
04f0471a9f
Update documentation around dynamodb changes
2016-07-18 14:10:55 -04:00
Jeff Mitchell
c47fc73bd1
Use parsebool
2016-07-18 13:49:05 -04:00
Jeff Mitchell
a3ce0dcb0c
Turn off DynamoDB HA by default.
...
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
Jeff Mitchell
4c5ae34ebf
Merge pull request #1613 from skippy/update-aws-ec2-docs
...
[Docs] aws-ec2 -- note IAM action requirement
2016-07-18 10:40:38 -04:00
Jeff Mitchell
73923db995
Merge pull request #1589 from skippy/patch-2
...
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
2016-07-18 10:02:35 -04:00
Adam Greene
8f6b97f4e4
[Docs] aws-ec2 -- note IAM action requirement
2016-07-13 15:52:47 -07:00
Adam Greene
d6f5c5f491
english tweaks
2016-07-13 15:11:01 -07:00
vishalnayak
407722a9b4
Added tls_min_version to consul storage backend
2016-07-12 20:10:54 -04:00
Nathan J. Mehl
314a5ecec0
allow overriding the default truncation length for mysql usernames
...
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
Jeff Mitchell
a6682405a3
Migrate number of retries down by one to have it be max retries, not tries
2016-07-11 21:57:14 +00:00
Jeff Mitchell
57cdb58374
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages
2016-07-11 21:37:46 +00:00
Matt Hurne
8232de5095
Merge branch 'master' into mongodb-secret-backend
2016-07-09 21:14:21 -04:00
Jeff Mitchell
4aa557ffa6
Add documentation of retry env vars
2016-07-08 10:41:11 -04:00
Matt Hurne
253d4e86fc
Merge branch 'master' into mongodb-secret-backend
2016-07-08 08:32:03 -04:00
Jeff Mitchell
cf42b28487
Some policy concept page clarifications
2016-07-08 05:05:46 +00:00
Matt Hurne
8d5a7992c1
mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages
2016-07-07 23:09:45 -04:00
Matt Hurne
a5f5b26e4b
Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required
2016-07-07 22:34:00 -04:00
Matt Hurne
b1dd5bf449
mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON
2016-07-07 22:31:35 -04:00
Matt Hurne
da0bd77dc4
Merge branch 'master' into mongodb-secret-backend
2016-07-07 21:24:40 -04:00
Eric Herot
cbc76c357e
Pretty sure the method to delete a token role is not GET
2016-07-07 13:54:20 -04:00
Jeff Mitchell
a6d3210163
Merge pull request #1590 from skippy/patch-3
...
Update aws-ec2.html.md -- clarify pkcs7 cert cleanup before use
2016-07-06 21:31:12 +02:00
Stig Lindqvist
71b481ba40
Correcting grammar
2016-07-06 17:57:22 +12:00
Adam Greene
2405b7f078
Update aws-ec2.html.md
...
per #1582 , updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
2016-07-05 13:21:56 -07:00
Adam Greene
5ef359ff6c
Update aws-ec2.html.md
...
clarify, and make more explicit, the language around the default AWS public certificate
2016-07-05 13:14:29 -07:00
Matt Hurne
cf17deb33b
mongodb secret backend: Update documentation
2016-07-05 09:50:23 -04:00
Matt Hurne
292c2fad69
Merge branch 'master' into mongodb-secret-backend
2016-07-01 20:39:13 -04:00
Mark Paluch
ab63c938c4
Address review feedback.
...
Switch ConnectTimeout to framework.TypeDurationSecond with a default of 5. Remove own parsing code.
2016-07-01 22:26:08 +02:00
Mark Paluch
3859f7938a
Support connect_timeout for Cassandra and align timeout.
...
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration. Also align the timeout to 5 seconds which is the default for the Python and Java drivers.
Fixes #1538
2016-07-01 21:22:37 +02:00
Matt Hurne
561e67ade8
Merge branch 'master' into mongodb-secret-backend
2016-06-30 20:23:16 -04:00
Tim Schindler
24c6a605ea
added documentation about ETCD_ADDR env var to etcd backend documentation
2016-06-30 18:46:40 +00:00
Matt Hurne
350b69670c
Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl'
2016-06-30 09:57:43 -04:00
Matt Hurne
5e8c912048
Add mongodb secret backend
2016-06-29 08:33:06 -04:00
Jeff Mitchell
07f53eebc2
Update PKI docs with key_usge info
2016-06-23 11:07:17 -04:00
Cameron Stokes
92f49578e1
Minor typo - that->than.
2016-06-22 11:28:31 -07:00
Jason Antman
d8242d04d2
clarify some aspects of GPG key usage
2016-06-22 10:26:06 -04:00
Vishal Nayak
78d4d5c8c3
Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2
...
Added bound_account_id to aws-ec2 auth backend
2016-06-21 10:03:20 -04:00
Vishal Nayak
d4d47ce5e3
Merge pull request #1531 from hashicorp/auth-mount-tune-params
...
Auth tune endpoints and config settings output from CLI
2016-06-20 20:24:47 -04:00
vishalnayak
8b490e44a1
Added list functionality to logical aws backend's roles
2016-06-20 19:51:04 -04:00
Jeff Mitchell
2e7704ea7e
Add convergent encryption option to transit.
...
Fixes #1537
2016-06-20 13:17:48 -04:00
Mark Paluch
ea4c58f17b
Fix RabbitMQ documentation
...
Change parameter `uri` to `connection_uri` in code example.
2016-06-19 17:45:30 +02:00
vishalnayak
d0a142c75a
Merge branch 'master-oss' into bind-account-id-aws-ec2
...
Conflicts:
website/source/docs/auth/aws-ec2.html.md
2016-06-17 12:41:21 -04:00
vishalnayak
848b479a61
Added 'sys/auth/<path>/tune' endpoints.
...
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
Martin Forssen
f8558ca1f2
Fixed a number of spelling errors in aws-ec2.html.md
2016-06-15 13:32:36 +02:00
vishalnayak
8e03c1448b
Merge branch 'master-oss' into bind-account-id-aws-ec2
...
Conflicts:
builtin/credential/aws-ec2/backend_test.go
builtin/credential/aws-ec2/path_login.go
builtin/credential/aws-ec2/path_role.go
2016-06-14 14:46:08 -04:00
Ivan Fuyivara
0ffbef0ccd
added tests, nil validations and doccumentation
2016-06-14 16:58:50 +00:00
vishalnayak
26f7fcf6a1
Added bound_account_id to aws-ec2 auth backend
2016-06-14 11:58:19 -04:00
vishalnayak
4a078f8726
RabbitMQ docs++
2016-06-14 10:22:30 -04:00
Jeff Mitchell
04a03bcb54
Add updated wrapping information
2016-06-14 05:59:50 +00:00
Jon Benson
7883e98eb8
Update aws-ec2.html.md
2016-06-09 23:08:08 -07:00
vishalnayak
c6a27f2fa8
s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN
2016-06-09 14:00:56 -04:00
vishalnayak
308294db46
Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token
2016-06-09 13:45:56 -04:00
Jeff Mitchell
41decb2e16
update sys-health docs with HEAD info
2016-06-09 12:30:23 -04:00
Jeff Mitchell
351f536913
Don't check parsability of a ttl
key on write.
...
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.
The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.
Fixes #1505
2016-06-08 20:14:36 -04:00
Jeff Mitchell
2b4b6559e3
Merge pull request #1504 from hashicorp/token-store-roles-renewability
...
Add renewable flag to token store roles
2016-06-08 15:56:54 -04:00
Laura Bennett
5ccb4fe907
Merge pull request #1498 from hashicorp/pki-list
...
PKI List Functionality
2016-06-08 15:42:50 -04:00
Jeff Mitchell
cf8f38bd4c
Add renewable flag to token store roles
2016-06-08 15:17:22 -04:00
Laura Bennett
fc8c73584b
url fix
2016-06-08 14:53:33 -04:00
Jeff Mitchell
65d8973864
Add explicit max TTL capability to token creation API
2016-06-08 14:49:48 -04:00
Laura Bennett
08cd10d541
Updates for pki/certs list functionality
2016-06-08 14:37:57 -04:00
Jeff Mitchell
b8c30aea18
Merge pull request #1502 from hashicorp/pr-1425
...
Staging area for me to fix up PR 1425
2016-06-08 12:31:31 -04:00
Jeff Mitchell
29ee2666e7
Update docs
2016-06-08 12:23:04 -04:00
Jeff Mitchell
3cce72b10d
Update docs with max_parallel
2016-06-08 12:22:18 -04:00
Jeff Mitchell
72a25d018c
Add permit pool and cleanhttp support to Swift
2016-06-08 12:20:21 -04:00
Jeff Mitchell
da6371ffc3
Merge remote-tracking branch 'origin/master' into pr-1425
2016-06-08 12:10:29 -04:00
Vishal Nayak
ab543414f6
Merge pull request #788 from doubledutch/master
...
RabbitMQ Secret Backend
2016-06-08 10:02:24 -04:00
Jeff Mitchell
7308031e4d
Add more entries to the 0.6 upgrade notes
2016-06-06 16:04:02 -04:00
Vinay Hiremath
584c2b9c10
Small grammatical error
...
"invaliding" => "invalidating"
2016-06-03 11:07:54 -07:00
Jeff Mitchell
33764e85b1
Merge pull request #1324 from hashicorp/sethvargo/doc_gpg
...
Add a page for step-by-step gpg/keybase
2016-06-03 13:24:57 -04:00
Jeff Mitchell
a147c3346c
Make some updates to PGP documentation
2016-06-03 13:23:20 -04:00
vishalnayak
315f9c868c
Provide option to disable host key checking
2016-06-01 11:08:24 -04:00
vishalnayak
dbee3cd81b
Address review feedback
2016-06-01 10:36:58 -04:00
vishalnayak
5c25265fce
rename aws.html.md as aws-ec2.html.md
2016-05-30 14:11:15 -04:00
vishalnayak
a072f2807d
Rename aws as aws-ec2
2016-05-30 14:11:15 -04:00
vishalnayak
30fa7f304b
Allow * to be set for allowed_users
2016-05-30 03:12:43 -04:00
vishalnayak
971b2cb7b7
Do not allow any username to login if allowed_users is not set
2016-05-30 03:01:47 -04:00
Jeff Mitchell
81e14262cd
Remove reference to cookies altogether
...
Fixes #1437
2016-05-26 09:29:41 -04:00
vishalnayak
21605ee9d8
Typo fix: s/Vault/Consul
2016-05-24 18:22:20 -04:00
Seth Vargo
b1959e1f26
Use updated architecture diagram
...
As much as we love @armon's omnigraffle, this new diagram better matches
the Vault branding 😄 .
2016-05-23 20:10:51 -04:00
Kevin Pike
111ef09a18
Update rabbitmq lease docs
2016-05-20 23:28:41 -07:00
Jeff Mitchell
caf77109ba
Add cubbyhole wrapping documentation
2016-05-19 13:33:51 -04:00
Jeff Mitchell
a13807e759
Merge pull request #1318 from steve-jansen/aws-logical-assume-role
...
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
Stuart Glenn
b75eed61ed
Add documentation on Swift backend configuration
2016-05-16 17:29:40 -05:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Vishal Nayak
53fc941761
Merge pull request #1300 from hashicorp/aws-auth-backend
...
AWS EC2 instances authentication backend
2016-05-14 19:42:03 -04:00
vishalnayak
4122ed860b
Rename 'role_name' to 'role'
2016-05-13 14:31:13 -04:00
Jeff Mitchell
b850f876a7
Merge pull request #1407 from z00m1n/patch-1
...
fix PostgreSQL sample code
2016-05-12 17:07:48 -07:00
cmclaughlin
cdf715b94a
Document configuring listener to use a CA cert
2016-05-12 15:34:47 -07:00
Steven Samuel Cole
e3bb3a4efb
fix PostgreSQL sample code
...
The current sample configuration line fails with `Error initializing backend of type postgresql: failed to check for native upsert: pq: unsupported sslmode "disabled"; only "require" (default), "verify-full", "verify-ca", and "disable" supported`.
2016-05-12 23:22:41 +02:00
vishalnayak
7e8a2d55d0
Update docs and path names to the new patterns
2016-05-12 11:45:10 -04:00
Jeff Mitchell
aecc3ad824
Add explicit maximum TTLs to token store roles.
2016-05-11 16:51:18 -04:00
vishalnayak
ddcaf26396
Merge branch 'master-oss' into aws-auth-backend
2016-05-10 14:50:00 -04:00
Jeff Mitchell
d899f9d411
Don't revoke CA certificates with leases.
2016-05-09 19:53:28 -04:00
Jeff Mitchell
d77563994c
Merge pull request #1346 from hashicorp/disable-all-caches
...
Disable all caches
2016-05-07 16:33:45 -04:00
Steve Jansen
597d59962c
Adds sts:AssumeRole support to the AWS secret backend
...
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens. For example, STS federated tokens cannot
invoke IAM APIs, such as Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Jeff Mitchell
3e71221839
Merge remote-tracking branch 'origin/master' into aws-auth-backend
2016-05-05 10:04:52 -04:00
Chris Jansen
ea21dec7b4
Add scala vault library to list of client libs
2016-05-04 18:04:28 +01:00
Jeff Mitchell
3600b2573d
Update website docs re token store role period parsing
2016-05-04 02:17:20 -04:00
vishalnayak
b7c48ba109
Change image/ to a more flexible /role endpoint
2016-05-03 23:36:59 -04:00
Jeff Mitchell
8572190b64
Plumb disabling caches through the policy store
2016-05-02 22:36:44 -04:00
vishalnayak
9f2a111e85
Allow custom endpoint URLs to be supplied to make EC2 API calls
2016-05-02 17:21:52 -04:00
Jeff Mitchell
4182d711c3
Merge branch 'master-oss' into aws-auth-backend
2016-04-29 14:23:16 +00:00
Jeff Mitchell
81da06de05
Fix fetching parameters in token store when it's optionally in the URL
2016-04-28 15:15:37 -04:00
vishalnayak
2a2dc0befb
Added allow_instance_migration to the role tag
2016-04-28 11:43:48 -04:00
vishalnayak
b7b1f80a83
Updated docs
2016-04-28 11:25:47 -04:00
vishalnayak
779d73ce2b
Removed existence check on blacklist/roletags, docs fixes
2016-04-27 21:29:32 -04:00
vishalnayak
de1a1be564
tidy endpoint fixes
2016-04-26 10:22:29 -04:00
vishalnayak
21854776af
Added cooldown period for periodic tidying operation
2016-04-26 10:22:29 -04:00
vishalnayak
5a2e1340df
Removed redundant AWS public certificate. Docs update.
2016-04-26 10:22:29 -04:00
vishalnayak
58c485f519
Support providing multiple certificates.
...
Append all the certificates to the PKCS#7 parser during signature verification.
2016-04-26 10:22:29 -04:00
Jeff Mitchell
fd977bb478
Updating to docs
2016-04-26 10:22:29 -04:00
vishalnayak
9d4a7c5901
Docs update
2016-04-26 10:22:29 -04:00
Sean Chittenden
5a33edb57d
Change to the pre-0.6.4 Consul Check API
...
Consul is never going to pass in more than 1K of output. This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden
3228d25c65
Add a small bit of wording re: disable_registration
...
Consul service registration for Vault requires Consul 0.6.4.
2016-04-25 18:01:13 -07:00
Sean Chittenden
dd3219ec56
Provide documentation and example output
2016-04-25 18:01:13 -07:00
Sean Chittenden
60006f550f
Various refactoring to clean up code organization
...
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
Sean Chittenden
0c23acb818
Comment nits
2016-04-25 18:00:54 -07:00
Jeff Mitchell
c12dcba9bc
Merge pull request #1266 from sepiroth887/azure_backend
...
added Azure Blobstore backend support
2016-04-25 15:53:09 -04:00
Jeff Mitchell
0f0a6ae368
Merge pull request #1282 from rileytg/patch-1
...
change github example team to admins
2016-04-25 15:45:01 -04:00
Sean Chittenden
f6bec6e017
Wordsmith the docs around the list
command.
...
Prompted by: feedback from conference attendees at PGConf '16
2016-04-20 18:13:58 -04:00
Jeff Mitchell
4e53f4b1a4
Use UseNumber() on json.Decoder to have numbers be json.Number objects
...
instead of float64. This fixes some display bugs.
2016-04-20 18:38:20 +00:00
Jeff Mitchell
ee8dd1ab6a
Add vault-php-sdk to libraries page
2016-04-20 13:59:39 +00:00
Jeff Mitchell
d7ba52f86b
Backtick "region" in S3 config
2016-04-15 17:03:35 -04:00
Jeff Mitchell
b90286996f
Update cert website docs
2016-04-13 16:28:23 +00:00
Seth Vargo
2e13b1c033
Not strictly required
2016-04-12 21:55:04 +01:00
Seth Vargo
2926be9ca7
Add a page for step-by-step gpg/keybase
2016-04-12 21:44:07 +01:00
Simon Dick
66f84077d3
Should be renew not revoke
2016-04-12 14:04:26 +01:00
Adam Kunicki
7fb48fd2c8
Add unofficial client library written in Kotlin
...
I've been working on a Vault client written in Kotlin. Still a work in progress but will soon be on-par with the official Ruby client.
2016-04-11 09:37:42 -07:00
Christopher "Chief" Najewicz
67e8328a76
Update github doc with note about slugifying team
2016-04-10 11:11:40 -04:00
Kevin Pike
0bea2498a8
Remove example parameters
2016-04-08 09:49:10 -07:00
Kevin Pike
a86e5e3cd9
Support verify_connection flag
2016-04-08 09:44:15 -07:00
Kevin Pike
fc61a7695b
Fix RabbitMQ documentation
...
PostgreSQL -> RabbitMQ
2016-04-08 09:30:20 -07:00
Kevin Pike
23492e9572
Fix RabbitMQ URLs
2016-04-08 09:29:00 -07:00
Kevin Pike
e3db8c999e
Merge branch 'master' of github.com:doubledutch/vault
2016-04-08 09:25:28 -07:00
Sean Chittenden
09ad6317ea
Merge pull request #1297 from hashicorp/f-bsd-mlock
...
F bsd mlock
2016-04-06 13:57:34 -07:00
Sean Chittenden
b08b57aba9
Clarify that Darwin and BSD are supported w/ mlock
...
Word smith a tad.
2016-04-05 22:18:44 -07:00
vishalnayak
e3a1ee92b5
Utility Enhancements
2016-04-05 20:32:59 -04:00
Jeff Mitchell
ebfc8c3fb1
Merge pull request #1293 from gliptak/patch-2
...
Correct typo in base64 parameters
2016-04-05 09:38:00 -04:00
Gábor Lipták
ce2dd5d869
Correct typo in base64 parameters
2016-04-05 09:20:43 -04:00
Gábor Lipták
a8edba907f
Update transit read key output
2016-04-05 09:16:47 -04:00
Jeff Mitchell
d72e462686
Merge pull request #1290 from steve-jansen/patch-2
...
Adds note on GH-1102 fix to secret/aws doc
2016-04-05 08:37:39 -04:00
Steve Jansen
d2b3d924ca
Adds note on GH-1102 fix to secret/aws doc
...
Add note related to #1102 , which leads to a non-obvious AWS error message on 0.5.0 or earlier.
2016-04-04 21:30:41 -04:00
Steve Jansen
89c7f312e4
Fix typo in iam permission for STS
2016-04-04 21:20:26 -04:00
Riley Guerin
5620e00f9c
fix typo
2016-04-01 07:49:25 -07:00
Riley Guerin
0fac5b906e
change github example team to admins
...
somewhat recently github has gone away from the previous model of an "owners" team
https://help.github.com/articles/converting-your-previous-owners-team-to-the-improved-organization-permissions/
you can be an "Owner" of the org still but this does not map to vault as one *might* expect given these docs
2016-04-01 07:48:54 -07:00
Jeff Mitchell
18c8b6eba8
Update 0.6 upgrade info
2016-04-01 10:11:32 -04:00
Jeff Mitchell
121a5b37f2
Add revoke-prefix changelog/website info
2016-04-01 10:06:29 -04:00
Jeff Mitchell
2efaf5272c
Documentation update
2016-03-31 18:07:43 -04:00
Gérard de Vos
eadf2faf83
Update index.html.md
...
According to the source it is expecting a description. log_raw is one of the options.
2016-03-31 14:19:03 +02:00
Gérard de Vos
13763203b6
Update index.html.md
...
description -> log_raw
2016-03-31 14:06:19 +02:00
Tobias Haag
175e3cc354
added Azure backend support
...
updated Godeps
added website docs
updated vendor
2016-03-30 19:49:38 -07:00
Vishal Nayak
9932efea08
Merge pull request #1268 from hashicorp/fix-audit-doc
...
Fix audit docs
2016-03-30 00:55:39 -04:00
vishalnayak
7a34cea28d
Fix audit docs
2016-03-30 00:54:40 -04:00
Vishal Nayak
05b4c7102f
Revert "Change mysql connection to match new"
2016-03-23 15:18:09 -04:00
Chris Mague
e27bcaf9a4
Change mysql connection to match new
...
Documentation update to reflect mysql config connection from the old to the newer format
2016-03-23 12:09:06 -07:00
Amit Khare
218a713293
Update userpass.html.md
2016-03-23 10:47:28 -04:00
Christian Winther
ec0af1c71d
Update sys-step-down.html.md
2016-03-20 18:02:32 +01:00
Cem Ezberci
7ad97279d5
Fix a typo
2016-03-19 21:24:17 -07:00
Jeff Mitchell
5edad1137a
Add some clarification to advertise_addr
2016-03-19 10:21:51 -04:00
Jeff Mitchell
b4a4f211da
Some generic docs updates
2016-03-18 09:57:21 -04:00
Jeff Mitchell
4211ed2845
Add exclude_cn_from_sans to PKI docs
2016-03-17 16:58:06 -04:00
Vishal Nayak
2c0c901eac
Merge pull request #1216 from hashicorp/userpass-update
...
Userpass: Update the password and policies associated to user
2016-03-16 14:58:28 -04:00
vishalnayak
2914ff7502
Use helper for existence check. Avoid panic by fetching default values for field data
2016-03-16 11:26:33 -04:00
vishalnayak
1513ade19a
Added API documentation for userpass backend
2016-03-15 22:19:31 -04:00
Vishal Nayak
7db7b47fdd
Merge pull request #1210 from hashicorp/audit-id-path
...
Rename id to path and path to file_path, print audit backend paths
2016-03-15 20:13:21 -04:00
Jeff Mitchell
747ab4b4d1
Merge pull request #1215 from hashicorp/issue-1212
...
Add list support to certs in cert auth backend.
2016-03-15 14:58:23 -04:00
Jeff Mitchell
21b2a658e2
Remove name param from docs
2016-03-15 14:58:10 -04:00
Jeff Mitchell
93c60ef707
Merge pull request #1196 from hashicorp/reload-listener-tls
...
Add reload capability for Vault listener certs
2016-03-15 14:09:34 -04:00
Jeff Mitchell
8bf935bc2b
Add list support to certs in cert auth backend.
...
Fixes #1212
2016-03-15 14:07:40 -04:00
vishalnayak
65c1040149
Documentation to provide optional parameters to token store API
2016-03-14 19:36:53 -04:00
vishalnayak
1dedf8d0e3
Rename 'name' as 'path' in audit API docs
2016-03-14 18:33:51 -04:00
vishalnayak
71fc07833f
Rename id to path and path to file_path, print audit backend paths
2016-03-14 17:15:07 -04:00
Jeff Mitchell
a798bdb822
Update app-id docs to use new endpoint
2016-03-14 16:43:02 -04:00
Jeff Mitchell
9bfd24cd69
s/hash_accessor/hmac_accessor/g
2016-03-14 14:52:29 -04:00
Jeff Mitchell
9f5cc38ff7
Merge pull request #1208 from mhurne/aws-secret-backend-docs-fix
...
AWS permissions documentation fixes
2016-03-14 14:36:33 -04:00
Jeff Mitchell
0e3764832a
Add test for listener reloading, and update website docs.
2016-03-14 14:05:47 -04:00
Matt Hurne
4ee6b04405
AWS permissions documentation fixes: add missing permissions needed to attach and detach managed policies to IAM users, add missing comma, remove extraneous comma
2016-03-14 09:39:32 -04:00
vishalnayak
0602bb25f1
Remove redundant variables
2016-03-11 21:36:38 -05:00
vishalnayak
3e9bffd84f
Doc update for syslog and file backends
2016-03-11 21:14:39 -05:00
Jeff Mitchell
77b90c6745
Add query parameters to /sys/health
to specify return codes.
...
Fixes #1199
2016-03-11 00:41:25 -05:00
Vishal Nayak
343e6f1671
Merge pull request #998 from chrishoffman/mssql
...
Sql Server (mssql) secret backend
2016-03-10 22:30:24 -05:00
Chris Hoffman
8c3539df35
Docs updates
2016-03-10 21:15:25 -05:00
Chris Hoffman
5af33afd90
Adding verify_connection to config, docs updates, misc cleanup
2016-03-09 23:08:05 -05:00
Jeff Mitchell
fa2ba47a5c
Merge branch 'master' into token-roles
2016-03-09 17:23:34 -05:00
Jeff Mitchell
6df72e6efd
Merge pull request #1168 from hashicorp/revoke-force
...
Add forced revocation.
2016-03-09 16:59:52 -05:00
Vishal Nayak
b2ad836077
Merge pull request #1188 from hashicorp/token-accessors
...
Accessor paths for lookup and revocation of tokens
2016-03-09 15:38:21 -05:00
vishalnayak
007142262f
Provide accessor to revove-accessor in the URL itself
2016-03-09 13:08:37 -05:00
Jeff Mitchell
d571a1e85d
Add website docs
2016-03-09 12:49:12 -05:00
AndrewBrown-JustEat
c3a2238037
Minor documentation change
2016-03-09 14:50:23 +00:00
vishalnayak
926e7513d7
Added docs for /sys/capabilities-accessor
2016-03-09 09:48:32 -05:00
vishalnayak
7407c27778
Add docs for new token endpoints
2016-03-09 09:31:09 -05:00
Jeff Mitchell
123d7b71d4
Add a necessary IAM permission to the example
2016-03-08 21:29:34 -05:00
vishalnayak
3b463c2d4e
use errwrap to check the type of error message, fix typos
2016-03-07 18:36:26 -05:00
Jeff Mitchell
cc1f5207b3
Merge branch 'master' into token-roles
2016-03-07 10:03:54 -05:00
vishalnayak
73943546c3
Documentation for capabilities and capabilities-self APIs
2016-03-07 06:13:56 -05:00
Jeff Mitchell
3e7bca82a1
Merge pull request #1146 from hashicorp/step-down
...
Provide 'sys/step-down' and 'vault step-down'
2016-03-03 12:30:08 -05:00
Jeff Mitchell
5c55c34d6b
Update cubbyhole text to be more explicit.
...
Fixes #1165
2016-03-03 10:58:58 -05:00
Chris Hoffman
0b4a8f5b94
Adding mssql secret backend
2016-03-03 09:19:17 -05:00
Jeff Mitchell
7c5f810bc0
Address first round of feedback
2016-03-01 15:30:37 -05:00
Jeff Mitchell
02362a5873
Update token documentation
2016-03-01 14:00:52 -05:00
vishalnayak
fd585ecf8a
removed datatype and corrected a sentense
2016-03-01 11:21:29 -05:00
vishalnayak
724823b8f7
zeroaddress documentation fix
2016-03-01 10:57:00 -05:00
Jeff Mitchell
3cc35a554b
Update doc, it's now 10 seconds
2016-02-29 10:09:11 -05:00
Jeff Mitchell
11ddd2290b
Provide 'sys/step-down' and 'vault step-down'
...
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.
Fixes #1093
2016-02-26 19:43:55 -05:00
Jeff Mitchell
b61f43d34c
Update documentation around VAULT_TLS_SERVER_NAME
2016-02-25 12:29:05 -05:00
Jeff Mitchell
8ca847c9b3
Be more explicit about buffer type
2016-02-24 22:05:39 -05:00
Jeff Mitchell
151eaf9ec0
Add documentation for pki/tidy
2016-02-24 21:31:29 -05:00
Jeff Mitchell
36672bbf1f
Add information about the cert renewal enhancements to the upgrade guide
2016-02-24 21:24:20 -05:00
Jeff Mitchell
842f6670d1
Add upgrade information
2016-02-24 21:13:44 -05:00
vishalnayak
69bcbb28aa
rename verify_cert as disable_binding and invert the logic
2016-02-24 21:01:21 -05:00
vishalnayak
cf0156e5b4
documentation for the config endpoint
2016-02-24 17:13:24 -05:00
Matt Hurne
f4d8852259
Add note that STS credentials can only be generated for user inline policies in AWS secret backend documentation
2016-02-23 09:06:52 -05:00
vishalnayak
c9899a5300
postgres: connection_url fix
2016-02-22 11:22:49 -05:00
Kevin Pike
264c9cc40e
Merge branch 'master' into rabbitmq
2016-02-21 14:55:06 -08:00
Kevin Pike
c755065415
Add RabbitMQ secret backend
2016-02-21 14:52:57 -08:00
vishalnayak
a43bd9131b
changelog++
2016-02-19 16:52:19 -05:00
vishalnayak
38b55bd8b1
Don't deprecate value field yet
2016-02-19 16:07:06 -05:00
vishalnayak
380b662c3d
mysql: provide allow_verification option to disable connection_url check
2016-02-19 16:07:05 -05:00
Jeff Mitchell
fef282f078
Some website config updates
2016-02-19 15:27:02 -05:00
Jeff Mitchell
50d3b68c8d
Merge pull request #1078 from eyal-lupu/master
...
ZooKeeper Backend: Authnetication and Authorization support
2016-02-19 15:13:09 -05:00
Jeff Mitchell
be073f8499
Update upgrade website section with information about the 0.5.1 PKI changes
2016-02-19 14:42:59 -05:00
Jeff Mitchell
7fc4ee1ed7
Disallow 1024-bit RSA keys.
...
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
2016-02-19 14:33:02 -05:00
Jeff Mitchell
05b5ff69ed
Address some feedback on ldap escaping help text
2016-02-19 13:47:26 -05:00
Jeff Mitchell
c67871c36e
Update LDAP documentation with a note on escaping
2016-02-19 13:16:18 -05:00
Jeff Mitchell
9f4273589f
Remove root-protected references from transit docs
2016-02-18 12:45:18 -05:00
Jeff Mitchell
695a822545
Merge pull request #1075 from rajanadar/patch-14
...
adding full response for intermediate/generate
2016-02-18 10:16:53 -05:00
Jeff Mitchell
c431c2204d
Merge pull request #1074 from rajanadar/patch-13
...
added missing fields to read role
2016-02-18 10:16:14 -05:00
Eyal Lupu
dd2c7a6bc8
Update index.html.md
...
typo in docs
2016-02-15 16:52:43 +00:00
Eyal Lupu
c04b8ab287
Update index.html.md
...
Documentation: Zookeeper authentication and ACLs
2016-02-15 16:38:14 +00:00
Eyal Lupu
35074dff51
Update index.html.md
...
Zookeeper authentication and authorization documentations
2016-02-15 16:20:32 +00:00
Raja Nadar
e7d20c0ef3
adding full response for intermediate/generate
...
1. adding superset of fields in response, so that folks can see all possible response fields.
2. also added the less important "warnings" field
2016-02-14 14:42:37 -08:00
Raja Nadar
2d918196ca
added missing fields to read role
...
added the lease and token type field to the read role response.
2016-02-14 13:00:42 -08:00
Raja Nadar
b0d05ebcb3
fixing response fields of /pki/issue
...
1. added the private_key_type field
2. changed "serial" to "serial_number"
3. added the warnings field
2016-02-14 12:41:43 -08:00
Jeff Minard
1985fa3313
Minor spelling fix
2016-02-13 08:41:16 -08:00
techraf
812736b475
Fixes typo
2016-02-12 22:34:07 +09:00
Jeff Mitchell
aaed354aca
Add note about client libraries to 0.5 upgrade page
2016-02-10 12:10:51 -05:00
Jeff Mitchell
69f7aca258
Add change of exit code for status to upgrade page
2016-02-10 08:01:54 -05:00
Vishal Nayak
fff201014d
Merge pull request #1021 from hashicorp/vault-seal-1006
...
Sealing vault in standby mode
2016-02-03 15:22:16 -05:00
Mukhtar Haji
f27e691c6c
Correct a small typo
2016-02-03 20:08:33 +00:00
vishalnayak
eeea9710b6
Generalized the error message and updated doc
2016-02-03 15:06:18 -05:00
merri-j
3a996e11fd
Add postgresql to bullet list of backends
2016-02-03 14:04:55 -05:00
Jeff Mitchell
159754acf2
Use capabilities to determine upsert-ability in transit.
2016-02-02 10:03:14 -05:00
Jeff Mitchell
5ef8839e48
Revert "Re-add upsert into transit. Defaults to off and a new endpoint /config"
...
This reverts commit dc27d012c0357f93bfd5bd8d480f3e229166307a.
2016-02-02 09:26:25 -05:00
Jeff Mitchell
6e6382d410
Some rewording based on feedback
2016-02-01 20:24:28 -05:00
Jeff Mitchell
f9bced579b
+list of
2016-02-01 20:17:06 -05:00
Jeff Mitchell
66494faa3f
Add an install/upgrade section. Add general and 0.5 upgrade procedures.
2016-02-01 20:17:06 -05:00
Jeff Mitchell
1d385b4de3
Re-add upsert into transit. Defaults to off and a new endpoint /config
...
can be used to turn it on for a given mount.
2016-02-01 20:13:57 -05:00
Jeff Mitchell
ca5e4dd955
Merge pull request #980 from rajanadar/patch-8
...
fixing the return type of verify otp
2016-02-01 14:10:14 -05:00
Jeff Mitchell
fc6d23a54e
Allow the format to be specified as pem_bundle, which creates a
...
concatenated PEM file.
Fixes #992
2016-02-01 13:19:41 -05:00
Jeff Mitchell
af73d965a4
Cassandra:
...
* Add ability to change protocol version
* Remove config as a root path, use normal ACLs
* Update docs
2016-02-01 10:27:26 -05:00
Jeff Mitchell
9a21d03689
Update documentation around default_lease_ttl and max_lease_ttl.
...
Fixes #1004
2016-02-01 09:44:42 -05:00
Jeff Mitchell
d0eb0813b1
Add vault-java-drver to libraries
2016-01-29 21:02:54 -05:00
Jeff Mitchell
df536a8f0a
Fix token backend doc bug
...
Fixes #990
2016-01-29 21:01:08 -05:00
Devin Christensen
4112809fb5
Make the PostgreSQL backend more performant
2016-01-29 13:47:10 -07:00
Jeff Mitchell
5f178e1927
Update transit docs to no longer claim upsert functionality
2016-01-29 14:43:52 -05:00
Jeff Mitchell
68dc0e2dd3
Merge pull request #945 from quixoten/postgres_physical
...
Add support for PostgreSQL as a physical backend
2016-01-29 10:35:38 -05:00
Jeff Mitchell
2015118958
Add listing of roles to PKI
2016-01-28 15:18:07 -05:00
Jeff Mitchell
63c6172c17
Add list documentationf for mysql
2016-01-28 15:06:52 -05:00
Jeff Mitchell
62e3ac83f8
Add list support for postgres roles
2016-01-28 14:41:50 -05:00
Jeff Mitchell
904e2b36b6
Update SSH documentation with list
2016-01-28 14:41:43 -05:00
Raja Nadar
e4438d9705
fixed the return type of /ssh/lookup api
2016-01-28 01:04:35 -08:00
Raja Nadar
b8fa5c6fd4
fix return type of post /ssh/creds
...
added sample json for both otp and dynamic credentials
2016-01-28 00:56:59 -08:00
Raja Nadar
7aabad7808
better description
2016-01-27 21:58:54 -08:00
Raja Nadar
67da86eeab
fixing the return type of verify otp
...
it seems to be 200 on valid OTP and 204 on invalid OTP. (i think it should be an error.. 400 or 404)
but for the moment, fixing the docs to match the existing behavior.
2016-01-27 20:04:11 -08:00
Devin Christensen
737df30939
Improve naming
...
Hopefully this naming scheme will be more straightforward.
2016-01-27 17:15:48 -07:00
Jeff Mitchell
b7a49922a9
Update etcd sync option to be a string.
...
Ping #921
2016-01-27 17:15:52 -05:00
Jeff Mitchell
b0bd06f5a4
Merge pull request #921 from faradayio/hosted-etcd-support
...
Load-balanced etcd support
2016-01-27 17:09:43 -05:00
Hanno Hecker
0db33274b7
discover bind dn with anonymous binds
2016-01-27 17:06:27 +01:00
Hanno Hecker
22c22095d2
samaccountname as login example
2016-01-27 09:25:05 +01:00
Hanno Hecker
c6acb340a8
docs for binddn/bindpass
2016-01-27 07:51:10 +01:00
Jeff Mitchell
1107a068b7
Merge pull request #972 from rajanadar/patch-7
...
added the delete api details to generic backend
2016-01-26 09:49:06 -05:00
Jeff Mitchell
bc04e4eec2
Merge pull request #971 from rajanadar/patch-6
...
added the delete api details to cubbyhole
2016-01-26 09:48:47 -05:00
Jeff Mitchell
92d42aa6c7
Merge pull request #969 from rajanadar/patch-4
...
fixing the description of the /lookup/<token> api
2016-01-26 09:48:22 -05:00
Raja Nadar
741c23cb4a
added the delete api details to generic backend
...
documentation was missing this api description
2016-01-25 23:56:33 -08:00
Raja Nadar
64c9eb969d
added the delete api details to cubbyhole
...
cubbyhole delete api details were missing. added them.
2016-01-25 23:47:33 -08:00
Raja Nadar
f02aa2c2c0
fixing an incorrect json response field name
...
changed a read-role api response field from 'revocation_cql' to 'rollback_cql'
didn't verify it using a real cassandra server test, but looked at the source code json schema definition here:
https://github.com/hashicorp/vault/blob/master/builtin/logical/cassandra/path_roles.go
func pathRoles(b *backend) *framework.Path
please feel free to discard the PR, if i am looking at the wrong source location or something.
2016-01-25 23:42:20 -08:00
Raja Nadar
cf9b3c7c66
fixing the description of the /lookup/<token> api
2016-01-25 23:26:29 -08:00
Nicki Watt
c57072d39a
AWS secret backend - docs when using existing policy
2016-01-26 01:43:14 +00:00
Nicki Watt
35a0d28620
Docs for AWS backend when using an existing policy
2016-01-26 01:39:24 +00:00
Devin Christensen
93c64375e9
Merge 'upstream/master' into postgres_physical
2016-01-25 13:43:16 -07:00
Jeff Mitchell
05e337727f
Document changes
2016-01-25 14:47:16 -05:00
Jeff Mitchell
abd9fe1b73
Merge pull request #961 from rajanadar/patch-3
...
fixed login link,request params,add json response
2016-01-23 14:45:27 -05:00
Raja Nadar
d3434f8f03
clarify default mountpoint
2016-01-23 11:02:00 -08:00
Devin Christensen
9d776351a3
Merge 'upstream/master' into postgres_physical
2016-01-22 20:56:07 -07:00
Raja Nadar
9b82736b9a
fixed login link,request params,add json response
...
1. fix login link
2. added personal access token to request message
3. added a sample json response
2016-01-22 17:38:32 -08:00
Raja Nadar
b0f33d4d19
mention that this is an unauthenticated endpoint
2016-01-22 17:10:16 -08:00
Raja Nadar
dac5997e14
update sys-init.html.md
...
change response field from 'initialize' to 'initialized'
2016-01-22 16:45:59 -08:00
Devin Christensen
c226b0be7d
Update naming and pull DDL for upsert back out
2016-01-22 17:15:10 -07:00
Devin Christensen
32b712ddb1
Move the upsert definition back into the code
2016-01-22 09:47:02 -07:00
Devin Christensen
bfbdc72e03
Remove options for column configuration
2016-01-22 08:41:31 -07:00
Jeff Mitchell
7b2407093b
0.7 -> 1.0
2016-01-22 10:07:32 -05:00
Jeff Mitchell
3955604d3e
Address more list feedback
2016-01-22 10:07:32 -05:00
Jeff Mitchell
7d1d003ba0
Update documentation and use ParseBool for list query param checking
2016-01-22 10:07:32 -05:00
Jeff Mitchell
be1b4c8a46
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-22 10:07:32 -05:00
Jeff Mitchell
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
Jeff Mitchell
d621d7ebe7
Add C# library and do some reorg on the library page
2016-01-22 10:03:02 -05:00
Devin Christensen
512b1ddf6c
Merge 'upstream/master' into postgres_physical
2016-01-21 13:04:27 -07:00
Dmitriy Gromov
4abca91d66
Renamed sts duration to ttl and added STS permissions note.
2016-01-21 14:28:34 -05:00
Dmitriy Gromov
0b5e35c8cd
documenting the new aws/sts endpoint
2016-01-21 14:05:10 -05:00
Devin Christensen
06641570c7
Remove DDL statements from the code
2016-01-20 18:52:49 -07:00
Devin Christensen
fc94487f55
Add support for PostgreSQL as a physical backend
2016-01-19 17:00:09 -07:00
Jeff Mitchell
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
Jeff Mitchell
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
Jorge Ferreira
306c63b1be
/encryption key/master key/
2016-01-19 15:42:50 +00:00
Jeff Mitchell
1001566a26
Keep ordering consistent in config doc, and put HA backends first
2016-01-14 13:55:53 -05:00
Seth Vargo
e40c77ff27
Use HTTPS + www where appropriate
2016-01-14 13:42:47 -05:00
Jeff Mitchell
d949043cac
Merge pull request #914 from hashicorp/acl-rework
...
More granular ACL capabilities
2016-01-12 21:11:52 -05:00
Ziyi, LIU
5204da4edd
Fix typo
...
Change "...implements is own login endpoint..." to "...implements its own login endpoint..."
2016-01-12 22:22:13 +08:00
Jeff Mitchell
e815db8756
Update audit sys docs
2016-01-11 19:08:23 -05:00
Eric Kidd
69434fd13e
etcd: Allow disabling sync for load balanced etcd
...
Some etcd configurations (such as that provided by compose.io) place the
etcd cluster behind multiple load balancers or proxies. In this
configuration, calling Sync (or AutoSync) on the etcd client will
replace the load balancer addresses with the underlying etcd server
address.
This will cause the etcd client to bypass the load balancers, and may
cause the connection to fail completely if the etcd servers are
protected by a firewall.
This patch provides a "sync" option for the etcd backend, which defaults
to the current behavior, but which can be used to turn off of sync.
This corresponds to etcdctl's --no-sync option.
2016-01-11 13:56:58 -05:00
Eric Kidd
ebabcd857a
etcd: Document existing username and password options
...
These options were present in the source code, but not in the
documentation. They're needed to connect to some hosted etcd services.
2016-01-11 11:30:51 -05:00
Jeff Mitchell
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Paul Seiffert
3a0ea3bcaa
Add documentation for the DynamoDB backend
2016-01-08 17:34:31 +01:00
Jeff Mitchell
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
Jeff Mitchell
d4bc51751e
Fix typo in docs
2016-01-05 11:45:23 -05:00
Jeff Mitchell
e54edd54ac
Update documentation with policy fetching information.
2016-01-05 11:26:19 -05:00
kenjones-cisco
496e9962d0
Fixes mis-placed html tag
2015-12-31 10:37:01 -05:00
Jeff Mitchell
a7a02b3043
Cert documentation fix.
...
Fixes #899
2015-12-30 16:44:24 -05:00
Jeff Mitchell
6cdb8aeb4f
Merge branch 'master' into f-disable-tls
2015-12-29 12:59:02 -05:00
Jeff Mitchell
41d6e0e085
Merge pull request #882 from hashicorp/clarify-physical-support
...
Clarify stance on physical backend support
2015-12-29 11:40:23 -06:00
bashtoni
8248d15a5b
Doc grammar fix
2015-12-22 21:27:08 +00:00
Jeff Mitchell
dca0e72f10
Clarify stance on physical backend support
2015-12-22 10:50:31 -05:00
kenjones
c02013f631
add missing html tag
2015-12-20 14:20:30 -05:00
Jeff Mitchell
8bba9497ac
Some copyediting/simplifying of the Consul page
2015-12-18 10:07:40 -05:00
kenjones
0d74de9da4
Update secret backend Consul documentation
...
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
2015-12-18 09:44:31 -05:00
Jeff Mitchell
1261791e6f
Update etcd config docs with new options in 0.4.
...
Ping #780
2015-12-17 10:34:41 -05:00
Terry Corley
d6884b85e1
Change API endpoint path for app-id
...
The /login path was confusing because its not relative and not consistent with other documentation. Other documentation (e.g., username and password at https://www.vaultproject.io/docs/auth/userpass.html ) uses relative path.
2015-12-15 12:45:04 -06:00
Jeff Mitchell
db7a2083bf
Allow setting the advertise address via an environment variable.
...
Fixes #581
2015-12-14 21:22:55 -05:00
Jeff Mitchell
ff9745bb00
Update Changelog and documentation with separate-HA-backend info.
2015-12-14 21:04:58 -05:00
Jeff Mitchell
7dca03eb3f
Update documentation with Consul backend token_type
parameter.
...
Fixes #854
2015-12-14 20:54:13 -05:00
Johan Haals
fce85c12e2
Add vault-java to libraries
...
vault-java implements the basic HTTP API, more endpoints are in the
pipeline
2015-12-14 19:04:05 +01:00
Jeff Mitchell
e25b3ad344
Update documentation to be consistent with return codes
...
Fixes #831
2015-12-10 10:26:40 -05:00
Jeff Mitchell
448efd56fa
Merge branch 'master' into pki-csrs
2015-12-08 10:57:53 -05:00
Jeff Mitchell
902b7b0589
Add a warning about consistency of IAM credentials as a stop-gap.
...
Ping #687
2015-12-08 10:56:34 -05:00
Jeff Mitchell
eee8386ea9
Add info about cert backend not checking CRL revocation.
2015-12-05 15:12:43 -05:00
Jeff Mitchell
bf0909a892
Tab -> space doc fix
2015-12-05 15:04:54 -05:00
Jeff Mitchell
1dbfcc3b45
Merge branch 'master' into pki-csrs
2015-12-03 15:23:08 -05:00
Jeff Mitchell
3bdbd66f7d
Remove datacenter from Consul configuration, as it cannot actually do
...
anything
Fixes #816
2015-12-03 15:16:37 -05:00
Jeff Mitchell
4eec9d69e8
Change allowed_base_domain to allowed_domains and allow_base_domain to
...
allow_bare_domains, for comma-separated multi-domain support.
2015-11-30 23:49:11 -05:00
Jeff Mitchell
b6c49ddf01
Remove token display names from input options as there isn't a viable
...
use-case for it at the moment
2015-11-30 18:07:42 -05:00
Armon Dadgar
60ad2e0bbd
website: updating documentation
2015-11-25 12:23:56 -08:00
Jeff Mitchell
d461929c1d
Documentation update
2015-11-20 13:13:57 -05:00
Jeff Mitchell
22a6d6fa22
Merge branch 'master' into pki-csrs
2015-11-20 12:48:38 -05:00
Jeff Mitchell
25e359084c
Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up
2015-11-19 17:14:22 -05:00
Jeff Mitchell
af3d6ced8e
Update validator function for URIs. Change example of entering a CA to a
...
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
2015-11-19 11:35:17 -05:00
Jeff Mitchell
71f9ea8561
Make it clear that generating/setting a CA cert will overwrite what's
...
there.
2015-11-19 09:51:18 -05:00
Jeff Mitchell
a95228e4ee
Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint.
2015-11-19 09:51:18 -05:00
Jeff Mitchell
c461652b40
Address some feedback from review
2015-11-19 09:51:18 -05:00
Jeff Mitchell
ed62afec14
Large documentation updates, remove the pathlength path in favor of
...
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
2015-11-19 09:51:18 -05:00
Jeff Mitchell
ea676ad4cc
Add tests for intermediate signing and CRL, and fix a couple things
...
Completes extra functionality.
2015-11-19 09:51:17 -05:00
Jeff Mitchell
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell
45e7e61d71
Update audit documentation around what hash is used
2015-11-18 10:42:42 -05:00
Jeff Mitchell
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell
10913e2e6b
Update cert documentation to note requiring sudo access.
2015-11-06 16:09:42 -05:00
Jeff Mitchell
ffa879d6e2
Update S3 docs
2015-11-06 09:26:09 -05:00
Jeff Mitchell
08dbc70c9f
Switch etcd default port to 2379, in line with 2.x.
...
Fixes #753
2015-11-05 09:47:50 -05:00
Sander van Harmelen
4ad533a5ba
Add a line to the documentation to describe the new feature
2015-11-04 15:36:24 +01:00
Jeff Mitchell
a4322afedb
Merge pull request #746 from hashicorp/issue-677
...
Add a PermitPool to physical and consul/inmem
2015-11-03 15:26:58 -05:00
Jeff Mitchell
7f44a1b812
Add configuration parameter for max parallel connections to Consul
2015-11-03 15:26:07 -05:00
Jeff Mitchell
73e3aa1d64
Add create-orphan to documentation
2015-11-03 15:15:33 -05:00
Jeff Mitchell
d3f7546602
Fix trailing whitespace complaints
2015-11-03 10:52:20 -05:00
Jeff Mitchell
f0a25ed581
Clarify that CRLs are not fetched by Vault
2015-11-03 10:52:20 -05:00
Jeff Mitchell
154fc24777
Address first round of feedback from review
2015-11-03 10:52:20 -05:00
Jeff Mitchell
59cc61cc79
Add documentation for CRLs and some minor cleanup.
2015-11-03 10:52:20 -05:00
Jeff Mitchell
e2d4a5fe0f
Documentation update around path/key name encryption.
...
Make it clear that path/key names in generic are not encrypted.
Fixes #697
2015-10-29 11:21:40 -04:00
Jeff Mitchell
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
Jeff Mitchell
57290b6d92
Minor format fix in environment documentation
2015-10-28 09:56:28 -04:00
Jason Antman
c7ff26b650
add documentation for GitHub Auth Backend 'ttl' and 'max_ttl' parameters
2015-10-23 09:30:48 -04:00
Jason Antman
b27e80d090
add GitHub Enterprise base_url to docs
...
In https://github.com/hashicorp/vault/issues/716 @jefferai confirmed that the GitHub Auth Backend supports GitHub enterprise using an undocumented ``base_url`` parameter. This adds that parameter to the relevant documentation page.
2015-10-23 09:18:07 -04:00
Jeff Mitchell
0168ce491b
Update token documentation to better explain token durations
2015-10-22 13:02:37 -04:00
Jeff Mitchell
189b72c3ba
Document the renew-self call
2015-10-21 10:53:20 -04:00
Jeff Mitchell
bc40e652bf
Remove revoke-self from sys API documentation as it's in the token-store instead
2015-10-21 10:46:41 -04:00
Jeff Mitchell
9f0b1547bb
Allow disabling the physical storage cache with 'disable_cache'.
...
Fixes #674 .
2015-10-12 13:00:32 -04:00
Seth Vargo
50f720bc06
Remove tabs from terminal output
...
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
2015-10-12 12:10:22 -04:00
vishalnayak
644a655920
mysql: made max_open_connections configurable
2015-10-01 21:15:56 -04:00