luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
1975 commits 1 branch 0 tags 214 MiB
Commit graph

340 commits

Author SHA1 Message Date
vishalnayak dc4f97b61b Vault SSH: Zeroaddress roles and CIDR overlap check 2015-08-29 15:24:15 -04:00
Jeff Mitchell 5fa76b5640 Add base_url option to GitHub auth provider to allow selecting a custom endpoint. Fixes #572. 2015-08-28 06:28:43 -07:00
Vishal Nayak d4609dea28 Merge pull request #578 from hashicorp/exclude-cidr-list 
Vault SSH: Added exclude_cidr_list option to role
 2015-08-28 07:59:46 -04:00
vishalnayak b12a2f0013 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
Jeff Mitchell a4fc4a8e90 Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470. 2015-08-27 12:24:37 -07:00
vishalnayak fbff20d9ab Vault SSH: Docs for default CIDR value 2015-08-27 13:10:15 -04:00
vishalnayak 5063a0608b Vault SSH: Default CIDR for roles 2015-08-27 13:04:15 -04:00
vishalnayak 702a869010 Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
vishalnayak 5b08e01bb1 Vault SSH: Create .ssh directory if not present. Closes #573 2015-08-27 08:45:34 -04:00
Jeff Mitchell 9db8a5c744 Merge pull request #567 from hobbeswalsh/master 
Spaces in displayName break AWS IAM
 2015-08-26 12:37:52 -04:00
Robin Walsh 34b84367b5 Adding one more test (for no-op case) 2015-08-26 09:26:20 -07:00
Robin Walsh 4b7c2cc114 Adding unit test for normalizeDisplayName() 2015-08-26 09:23:33 -07:00
Jeff Mitchell 2098446d47 Ensure that the 'file' audit backend can successfully open its given path before returning success. Fixes #550. 2015-08-26 09:13:10 -07:00
Jeff Mitchell 2d8bfff02b Explicitly check for blank leases in AWS, and give a better error message if lease_max cannot be parsed. Fixes #569. 2015-08-26 09:04:47 -07:00
Robin Walsh 8530f14fee s/string replacement/regexp replacement 2015-08-24 17:00:54 -07:00
Robin Walsh 69f5abdc91 spaces in displayName break AWS IAM 2015-08-24 16:12:45 -07:00
vishalnayak c35d78b3cb Vault SSH: Documentation update 2015-08-24 14:18:37 -04:00
vishalnayak e6987beb61 Vault SSH: Replace args with named vars 2015-08-24 14:07:07 -04:00
vishalnayak eb91a3451b Merging with master 2015-08-24 13:55:20 -04:00
vishalnayak 44c07cff5b Vault SSH: Cleanup of aux files in install script 2015-08-24 13:50:46 -04:00
Jeff Mitchell f7845234b4 Merge pull request #555 from hashicorp/toggleable-hostname-enforcement 
Allow enforcement of hostnames to be toggleable for certificates.
 2015-08-21 19:23:09 -07:00
Jeff Mitchell 5695d57ba0 Merge pull request #561 from hashicorp/fix-wild-cards 
Allow hyphens in endpoint patterns of most backends
 2015-08-21 11:40:42 -07:00
vishalnayak 6822af68e1 Vault SSH: Undo changes which does not belong to wild card changes 2015-08-21 09:58:15 -07:00
vishalnayak 6c2927ede0 Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
vishalnayak 0ffad79548 Vault SSH: Make the script readable 2015-08-20 16:12:17 -07:00
Jeff Mitchell 133380915a Disallow non-client X509 key usages for client TLS cert authentication. 2015-08-20 15:50:47 -07:00
Jeff Mitchell 41b85a1c83 Allow enforcement of hostnames to be toggleable for certificates. Fixes #451. 2015-08-20 14:33:37 -07:00
Vishal Nayak beca9f1596 Merge pull request #385 from hashicorp/vishal/vault 
SSH Secret Backend for Vault
 2015-08-20 10:03:15 -07:00
Bernhard K. Weisshuhn 8a5361ea79 skip revoke permissions step on cassandra rollback (drop user is enough) 2015-08-20 11:15:43 +02:00
Bernhard K. Weisshuhn 86cde438a5 avoid dashes in generated usernames for cassandra to avoid quoting issues 2015-08-20 11:15:28 +02:00
vishalnayak 451d2b0532 Vault SSH: Removing script file 2015-08-19 12:59:52 -07:00
vishalnayak 76ed3bec74 Vault SSH: 1024 is default key size and removed 4096 2015-08-19 12:51:33 -07:00
vishalnayak 5b1ba99757 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-18 19:00:38 -07:00
vishalnayak 251cd997ad Vault SSH: TLS client creation test 2015-08-18 19:00:27 -07:00
Armon Dadgar aefb92b74c Merge pull request #534 from ctennis/lease_reader 
Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works
 2015-08-18 19:00:18 -07:00
Jeff Mitchell 3cc4bd0b96 Fix AWS, again, and update Godeps. 2015-08-18 18:12:51 -07:00
vishalnayak 9324db7979 Vault SSH: verify echo test 2015-08-18 16:48:50 -07:00
vishalnayak 0c0ca91d2e Vault SSH: Fix backend test cases 2015-08-18 15:40:52 -07:00
vishalnayak b91ebbc6e2 Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak 9db318fc55 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
vishalnayak b2f29c517b Vault SSH: Install script is optional now. Default script will be for Linux host. 2015-08-13 17:07:43 -07:00
vishalnayak 7f9babed2a Vault SSH: CLI embellishments 2015-08-13 16:55:47 -07:00
vishalnayak d670b50e78 Vault SSH: Introduced allowed_users option. Added helpers getKey and getOTP 2015-08-13 14:18:30 -07:00
Caleb Tennis a36910799e Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 15:33:06 -04:00
vishalnayak 2320bfb1e4 Vault SSH: Helper for OTP creation and role read 2015-08-13 11:12:30 -07:00
vishalnayak c11bcecbbb Vault SSH: Mandate default_user. Other refactoring 2015-08-13 10:36:31 -07:00
vishalnayak 8e946f27cc Vault SSH: cidr to cidr_list 2015-08-13 08:46:55 -07:00
vishalnayak 7d3025fd6e Vault SSH: Default lease duration, policy/ to role/ 2015-08-12 17:36:27 -07:00
vishalnayak 330ef396ca Vault SSH: Default lease of 5 min for SSH secrets 2015-08-12 17:10:35 -07:00
vishalnayak 2d23ffe3d2 Vault SSH: Exposed verify request/response messges to agent 2015-08-12 13:22:48 -07:00
vishalnayak f84347c542 Vault SSH: Added SSHAgent API 2015-08-12 10:48:58 -07:00
vishalnayak 93dfa67039 Merging changes from master 2015-08-12 09:28:16 -07:00
vishalnayak 0abf07cb91 Vault SSH: Website doc v1. Removed path_echo 2015-08-12 09:25:28 -07:00
Armon Dadgar d1a09e295a Merge pull request #509 from ekristen/github-fix 
Reimplements #459
 2015-08-11 10:06:10 -07:00
Armon Dadgar 3b9a6d5e33 Fixing merge conflict 2015-08-11 10:04:47 -07:00
Erik Kristensen 611965844b reimplements #459 2015-08-09 11:25:45 -06:00
Michael S. Fischer 21ab4d526c Provide working example of TLS certificate authentication 
Fixes #474
 2015-08-07 15:15:53 -07:00
Erik Kristensen ae34ec2bff adding basic tests 2015-08-06 17:50:34 -06:00
Erik Kristensen 2233f993ae initial pass at JWT secret backend 2015-08-06 17:49:44 -06:00
vishalnayak e5080a7f32 Merging with master 2015-08-06 18:44:40 -04:00
vishalnayak 32502977f6 Vault SSH: Automate OTP typing if sshpass is installed 2015-08-06 17:00:50 -04:00
vishalnayak 0af97b8291 Vault SSH: uninstall dynamic keys using script 2015-08-06 15:50:12 -04:00
vishalnayak 3dd8fe750d Vault SSH: Script to install dynamic keys in target 2015-08-06 14:48:19 -04:00
Paul Hinze fc9de56736 Update vault code to match latest aws-sdk-go APIs 2015-08-06 11:37:08 -05:00
Seth Vargo bfd4b818b8 Update to latest aws and move off of hashicorp/aws-sdk-go 2015-08-06 12:26:41 -04:00
vishalnayak 9aa075f3c7 Vault SSH: Added 'echo' path to SSH 2015-08-04 15:30:24 -04:00
vishalnayak 476da10f1c Vault SSH: Testing OTP creation 2015-08-03 19:04:07 -04:00
Erik Kristensen 26387f6535 remove newline 2015-08-03 16:34:24 -06:00
Erik Kristensen f9c49f4a57 fix bug #488 2015-08-03 15:47:30 -06:00
vishalnayak 8409ba7210 Vault SSH: CRUD tests for named keys 2015-08-03 16:18:14 -04:00
Rusty Ross 719ac6e714 update doc for app-id 
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
 2015-08-03 09:44:26 -07:00
vishalnayak b7c7befe68 Vault SSH: CRUD test for lookup API 2015-08-03 11:22:00 -04:00
vishalnayak c4bd85c241 Vault SSH: CRUD test for dynamic role 2015-07-31 15:17:40 -04:00
vishalnayak b592dcc3af Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-31 13:24:28 -04:00
vishalnayak c7ef0b95c2 Vault SSH: CRUD test case for OTP Role 2015-07-31 13:24:23 -04:00
Armon Dadgar 03728af495 Merge pull request #464 from bgirardeau/master 
Add Multi-factor authentication with Duo
 2015-07-30 17:51:31 -07:00
Bradley Girardeau aa55d36f03 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
vishalnayak 61c9f884a4 Vault SSH: Review Rework 2015-07-29 14:21:36 -04:00
Bradley Girardeau d26b77b4f4 mfa: code cleanup 2015-07-28 11:55:46 -07:00
Bradley Girardeau 6697012dd3 mfa: improve edge cases and documentation 2015-07-27 21:14:00 -07:00
Bradley Girardeau 06863d08f0 mfa: add to userpass backend 2015-07-27 21:14:00 -07:00
Bradley Girardeau 4eb1beb31c ldap: add mfa support to CLI 2015-07-27 21:14:00 -07:00
Bradley Girardeau 8fa5a349a5 ldap: add mfa to LDAP login 2015-07-27 21:14:00 -07:00
Vishal Nayak 4b4df4271d Vault SSH: Refactoring 2015-07-27 16:42:03 -04:00
Vishal Nayak 2e7612a149 Vault SSH: admin_user/default_user fix 2015-07-27 15:03:10 -04:00
Vishal Nayak e9f507caf0 Vault SSH: Refactoring 2015-07-27 13:02:31 -04:00
Raymond Pete 1ca09a74b3 name slug check 2015-07-26 22:21:16 -04:00
Vishal Nayak b532ee0bf4 Vault SSH: Dynamic Key test case fix 2015-07-24 12:13:26 -04:00
Vishal Nayak e8daf2d0a5 Vault SSH: keys/ designated special path 2015-07-23 18:12:13 -04:00
Vishal Nayak e998face87 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-23 17:20:34 -04:00
Vishal Nayak 791a250732 Vault SSH: Support OTP key type from CLI 2015-07-23 17:20:28 -04:00
Vishal Nayak 47197d4cb3 Vault SSH: Added vault server otp verify API 2015-07-22 16:00:58 -04:00
Vishal Nayak 93f7448487 Vault SSH: Vault agent support 2015-07-22 14:15:19 -04:00
Bradley Girardeau e8d26d244b ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Vishal Nayak 27e66e175f Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-17 17:22:17 -04:00
Bradley Girardeau 301a22295d ldap: add ability to set policies based on username as well as groups 2015-07-14 15:46:15 -07:00
Bradley Girardeau 0e2edc2378 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Armon Dadgar 504a7ca7c1 auth/userpass: store password as hash instead of direct. Credit @kenbreeman 2015-07-13 15:09:24 +10:00
Armon Dadgar da4650ccb4 auth/userpass: protect against timing attack. Credit @kenbreeman 2015-07-13 15:01:18 +10:00