Commit graph

804 commits

Author SHA1 Message Date
André Freitas c59bb185bc
Fix typos in architecture page (#16978)
Some minor typos fix after I read the whole page.
2022-09-01 12:02:50 -07:00
Ikko Ashimine 2444e92917
docs: fix typo in faq.mdx (#16979)
occuring -> occurring
2022-09-01 10:01:01 -07:00
Mike Palmiotto 2c16be25e3
Add deprecation status to auth/secrets list (#16849)
* auth: Add Deprecation Status to auth list -detailed
* secrets: Add Deprecation Status to secrets list -detailed
* Add changelog entry for deprecation status list
2022-08-31 16:11:14 -04:00
John-Michael Faircloth 96b97017b1
docs: update plugin docs for secrets/auth multiplexing (#16923)
* docs: update plugin docs for secrets/auth multiplexing

* update index

* update plugin development

* fix spacing in code snippet

* update links to multiplexing resources

* add note on sdk version and update db example text

* Update website/content/docs/plugins/plugin-architecture.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* reword index intro

* Update website/content/docs/plugins/plugin-development.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/plugins/plugin-development.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* remove word and fix code format

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-31 11:21:20 -07:00
Viacheslav Vasilyev d0b7362e36
OpenLDAP secrets documentation, reflect some other objects may have userPassword (#8918)
* Update index.mdx

* Docs: OpenLDAP userPassword clarity

corrected grammar slightly

Co-authored-by: aphorise <aphorise@gmail.com>
2022-08-31 09:58:25 -07:00
Zalary Young bed027db81
adds note about aws kms_key_id alias (#10693)
Co-authored-by: zalary <zalary@hashicorp.com>
2022-08-31 09:35:06 -07:00
Nick Cabatoff 1997fbb73f
Point people in the right direction for tokens used in transit autounseal. (#16951) 2022-08-31 10:37:25 -04:00
Andy Assareh 0a0efd47a4
Doc only: Dead Server Cleanup added in Vault 1.7 (#14297) 2022-08-31 08:34:47 -04:00
Sean Ellefson 11e53a956b
Added missing _ character to parameter (#14441) 2022-08-31 08:32:42 -04:00
Ivan Buymov 99213c2616
Add retry policy and fix documentation for Cassandra storage backend (#10467)
* add simple_retry policy and initial_connection_timeout options,
fix docs for connection_timeout

* Cassandra: policy fix - added changelog.

Co-authored-by: Mehdi Ahmadi <aphorise@gmail.com>
2022-08-30 11:00:48 -07:00
Milena Zlaticanin cf332842cc
update azure docs (#16819) 2022-08-29 14:55:37 -05:00
Brian Shumate 534142ff46
Docs: Update Internals > Telemetry (#9323)
* Docs: Update Internals > Telemetry

- More clarification and detail around vault.core.leadership_lost

* Update website/pages/docs/internals/telemetry.mdx

Co-authored-by: Mark Gritter <mgritter@hashicorp.com>

* Docs: Telemetry vault.core.leadership_lost

Improved text reading.

* Update website/pages/docs/internals/telemetry.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Docs: Telemetry vault.core.leadership_lost clarity.

Co-authored-by: Mark Gritter <mgritter@hashicorp.com>
Co-authored-by: aphorise <aphorise@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-26 16:48:38 -07:00
Loann Le 53477ea6f7
vault documentation: doc cleanup effort-batch5 (#16913)
* clean up efforts

* clean up effort

* Update website/content/docs/internals/telemetry.mdx

* Update website/content/docs/internals/telemetry.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/telemetry.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/telemetry.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-08-26 15:48:56 -07:00
Alexander Scheel 43e722c69a
Let PKI tidy associate revoked certs with their issuers (#16871)
* Refactor tidy steps into two separate helpers

This refactors the tidy go routine into two separate helpers, making it
clear where the boundaries of each are: variables are passed into these
method and concerns are separated. As more operations are rolled into
tidy, we can continue adding more helpers as appropriate. Additionally,
as we move to make auto-tidy occur, we can use these as points to hook
into periodic tidying.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor revInfo checking to helper

This allows us to validate whether or not a revInfo entry contains a
presently valid issuer, from the existing mapping. Coupled with the
changeset to identify the issuer on revocation, we can begin adding
capabilities to tidy to update this association, decreasing CRL build
time and increasing the performance of OCSP.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor issuer fetching for revocation purposes

Revocation needs to gracefully handle using the old legacy cert bundle,
so fetching issuers (and parsing them) needs to be done slightly
differently than other places. Refactor this from revokeCert into a
common helper that can be used by tidy.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Allow tidy to associate revoked certs, issuers

When revoking a certificate, we need to associate the issuer that signed
its certificate back to the revInfo entry. Historically this was
performed during CRL building (and still remains so), but when running
without CRL building and with only OCSP, performance will degrade as the
issuer needs to be found each time.

Instead, allow the tidy operation to take over this role, allowing us to
increase the performance of OCSP and CRL in this scenario, by decoupling
issuer identification from CRL building in the ideal case.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for tidy updates

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on new tidy parameter, metrics

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor tidy config into shared struct

Finish adding metrics, status messages about new tidy operation.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-08-26 10:13:45 -07:00
conor-mccullough d5508cc80f
The "DELETE API" links to a nonexistent subsection of the /sys/license/status page from 1.11.x onwards. Not sure if the suggestion to restart the service should remain in this edit - I found a restart of all Vault servers cleared this message where other attempts failed - happy to remove it if preferred, though. (#16895) 2022-08-26 09:07:10 -07:00
Brian Shumate b07c2d7e6d
Docs: Update Sentinel index (#11580)
- Remove doubled "tokens"

Co-authored-by: Mehdi Ahmadi <aphorise@gmail.com>
2022-08-26 11:28:18 -04:00
aphorise 2005b92a2a
Docs: Agent parameters: error_on_missing_key & exit_on_retry_failure (#14902)
* Agent parameters:  &  example corrected and another added with inter-links between agent-template and agent-config pages.

* Agent parameters - typo in template_config description / text.
2022-08-26 11:27:36 -04:00
aphorise 68ac26c2b2
Docs: Integrated Storage & Raft protocol clarity - minor edit. (#16828) 2022-08-26 11:24:59 -04:00
andrea-berling 7b7e590d3e
Update google-cloud-storage backend documentation (#14455)
* Update google-cloud-storage backend documentation

Add mentions the environment variables that can be used to configure the backend instead of using the stanza parameters

* Add changelog file

* Fix some typos

* Update website/content/docs/configuration/storage/google-cloud-storage.mdx

Commit suggestion #1

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/google-cloud-storage.mdx

Commit suggestion #2

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/google-cloud-storage.mdx

Commit suggestion #3

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-26 09:59:40 -05:00
Brian Shumate 1e9d4c8e72
Audit device: Clarifications based on feedback (#16881)
- Update blocked audit device to use feedback from #6484
- This PR supersedes #6484
2022-08-26 09:19:49 -04:00
aphorise b5c0184643
Docs: Client Count Concept clarity. (#16795)
* Docs: Client Count Concept clarity. Closes #12849

* Update website/content/docs/concepts/client-count/index.mdx

* Docs: Client Count Concept clarity merged #13197 too.

* Update website/content/docs/concepts/client-count/index.mdx

Co-authored-by: Max Bowsher <maxbowsher@gmail.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Hridoy Roy <hridoyroy@berkeley.edu>
Co-authored-by: Max Bowsher <maxbowsher@gmail.com>
2022-08-24 12:56:54 -07:00
Jan Prinsloo ff7a95d1ac
Documentation grammar update for https://www.vaultproject.io/docs/concepts/seal#migration-post-vault-1-5-1 (#13092)
* Update seal.mdx

The following sentence does not read easily:
"Take down the old active node, update its configuration of the old active node to use the new seal blocks (completely unaware of the old seal type) and bring it back up."
I have changed this to the sentence below, which I believe reads better.
Take down the old active node, update its configuration to use the new seal blocks (completely unaware of the old seal type) and bring it back up.

* Update website/content/docs/concepts/seal.mdx

* trigger ci

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: taoism4504 <loann@hashicorp.com>
2022-08-24 09:05:02 -04:00
DevOps Rob 9e20e4128d
updated usage example (#9081)
* updated usage example

* Docs: updated examples with base64 - removed herestring for echo instead that's more simple.

* Docs: updated examples with base64 - removed herestring for echo instead that's more simple.

Co-authored-by: Mehdi Ahmadi <aphorise@gmail.com>
2022-08-24 09:03:30 -04:00
aphorise d0eb5b9cfc
Docs: SSH CA Config & Comments. Resolves: #7529 (#16826)
* Docs: SSH CA Config & Comments. Resolves: #7529

* Docs: SSH CA Config & Comments. Added changelog note.

* Docs: SSH CA Config & Comments.

* Docs: SSH CA Config & Comments. Cipher feedback.

* Docs: SSH CA Config & Comments. Removed changelog file not needed for docs.
2022-08-24 08:27:36 -04:00
Yoko Hyakuna 483886f227
Change all occurrence of 'backend' to 'secrets engine' (#16859) 2022-08-23 19:58:54 -07:00
Yoko Hyakuna fd9c894fdc
adds documentation for enabling mutual TLS with the CloudFoundry API (#16857) 2022-08-23 16:20:21 -07:00
Christopher Swenson 41d1731e26
Add VAULT_ASSUMED_ROLE_ARN parameter to VLE docs (#16677)
Added in https://github.com/hashicorp/vault-lambda-extension/pull/69

Wait to merge until a new version of VLE has been released.
2022-08-23 11:33:36 -07:00
Kit Haines e9e3b4995b
Add _remaining tidy metrics. (#16702)
* Add _remaining tidy metrics.

* Add two extra metrics during tidy.

* Update test and documentation for remaining tidy metrics.
2022-08-23 12:17:17 -04:00
Nate Armstrong 96084c7cf4
Update phrasing (#16824)
Tiny changes to make sentences flow a bit nicer.
2022-08-22 16:19:53 -07:00
Geoffrey Grosenbach 174594a45f
Use HCL syntax for code snippet (#12517)
Use `hcl` so the code snippet is more readable and is highlighted correctly.
2022-08-22 13:47:41 -07:00
Steven Zamborsky 6d6d8c2765
Update apiVersion of the ClusterRoleBinding example (#16808) 2022-08-22 09:49:46 -07:00
Yoko Hyakuna e7e21a36ef
Clarify keytab gen process #12880 (#16803) 2022-08-21 19:19:08 -07:00
Yoko Hyakuna 1ec3e21d83
included jwt_claim expiration error message (#16804) 2022-08-21 19:15:31 -07:00
Mike Green 6be8e7adca
Docs/autopilot typo fix and DR autopilot clarification (#12596)
* autopilot cleanup and parameter typo cleanup

* clarify DR AP lives now

* typo myself cleanup

* trigger ci

Co-authored-by: aphorise <aphorise@gmail.com>
Co-authored-by: taoism4504 <loann@hashicorp.com>
2022-08-19 14:30:13 -07:00
Mike Green 08171ee9d6
Telemetry typo fix in vault.secret.kv.count (#12631) 2022-08-19 13:06:57 -07:00
Mike Palmiotto 9ecab66535
Clarify key distribution in shamir unsealing (#16737)
* Clarify key distribution in shamir unsealing

* Further clarify contradictory statements
2022-08-19 16:03:39 -04:00
Alexander Scheel 49fd772fcc
Add per-issuer AIA URI information to PKI secrets engine (#16563)
* Add per-issuer AIA URI information

Per discussion on GitHub with @maxb, this allows issuers to have their
own copy of AIA URIs. Because each issuer has its own URLs (for CA and
CRL access), its necessary to mint their issued certs pointing to the
correct issuer and not to the global default issuer. For anyone using
multiple issuers within a mount, this change allows the issuer to point
back to itself via leaf's AIA info.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on per-issuer AIA info

Also add it to the considerations page as something to watch out for.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for per-issuer AIA information

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Refactor AIA setting on the issuer

This introduces a common helper per Steve's suggestion.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify error messages w.r.t. AIA naming

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify error messages regarding AIA URLs

This clarifies which request parameter the invalid URL is contained
in, disambiguating the sometimes ambiguous usage of AIA, per suggestion
by Max.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Rename getURLs -> getGlobalAIAURLs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Correct AIA acronym expansion word orders

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix bad comment suggesting re-generating roots

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add two entries to URL tests

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-08-19 11:43:44 -04:00
Alexander Scheel 0c22c76907
Allow marking issuers as revoked (#16621)
* Allow marking issuers as revoked

This allows PKI's issuers to be considered revoked and appear on each
others' CRLs. We disable issuance (via removing the usage) and prohibit
modifying the usage via the regular issuer management interface.

A separate endpoint is necessary because issuers (especially if signed
by a third-party CA using incremental serial numbers) might share a
serial number (e.g., an intermediate under cross-signing might share the
same number as an external root or an unrelated intermediate).

When the next CRL rebuild happens, this issuer will then appear on
others issuers CRLs, if they validate this issuer's certificate.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on revoking issuers

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for issuer revocation semantics

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Notate that CRLs will be rebuilt

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix timestamp field from _utc -> to _rfc3339

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Ensure serial-based accesses shows as revoked

Thanks Kit!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add warning when revoking default issuer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-08-18 18:08:31 -04:00
Loann Le a0ba3202a8
vault documentation: updated use cases doc (#16783)
* incorporated feedback

* added link
2022-08-18 15:00:12 -07:00
Robert f7c20bc745
docs: add multi-host connection string info to postgres secrets API docs (#16780)
* Add multihost connection string information to postgres API docs

* Add note about replication manager
2022-08-18 14:38:30 -05:00
Yoko Hyakuna 404edd4c08
Mount paths case-sensitivity (#16743)
* Add a callout note about case-sensitivity

* Update website/content/docs/commands/secrets/enable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/secrets/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/secrets/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/secrets/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/secrets/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-17 09:57:47 -07:00
Yoko Hyakuna 224d2e9794
Fix typos (#16749) 2022-08-17 09:47:56 -07:00
Yoko Hyakuna 7193f380b6
Fix the referenced learn link (#16747) 2022-08-17 09:47:35 -07:00
Theron Voran 2ab297a24f
docs/vault-helm: updates for the v0.21.0 release (#16731)
Also added a partial for the helm version note.
2022-08-16 14:56:30 -07:00
Yoko Hyakuna 511e442909
Update the Vault Agent config example (#16751)
* Update the Vault Agent config example

* Update index.mdx

* Update the Vault Agent config example - edit

Small additions.

* Update the Vault Agent config example - edit2

Added IP note too.

* Minor fix: add missing 'Vault'

Co-authored-by: aphorise <aphorise@gmail.com>
2022-08-16 14:42:02 -07:00
Loann Le d5254b6a29
vault documentation: general doc cleanup (#16446)
* editorial work

* edited

* added resources

* rewrote use cases

* added links

* updated content

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Suggested edits on Vault use cases (#16502)

* Suggested edits on Vault use cases

* Remove redundant sentense

* Update website/content/docs/use-cases.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/use-cases.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/use-cases.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/use-cases.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/use-cases.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* fixed spelling error

* fixed subject-verb agreement

* added missing comma

* incorporate feedback

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-08-16 14:08:32 -07:00
jweissig 2cdfce9967
docs: Update required OpenShift version (#9738)
Helm 3 support was added in OpenShift 4.3 [1]. So, we might support 4.X but if we require Helm 3 then we need to start at 4.3. Just didn't want someone to try 4.0-4.2 and wonder why it wasn't working because Helm 3 isn't supported.

[1] https://www.openshift.com/blog/openshift-4-3-deploy-applications-with-helm-3
2022-08-16 15:45:06 -04:00
Eadinator 0424db473d
docs: k8s auth, differentiate between different identities in use (#9288) 2022-08-16 15:39:01 -04:00
Alexander Scheel 1e6730573c
Add proof possession revocation for PKI secrets engine (#16566)
* Allow Proof of Possession based revocation

Revocation by proof of possession ensures that we have a private key
matching the (provided or stored) certificate. This allows callers to
revoke certificate they own (as proven by holding the corresponding
private key), without having an admin create innumerable ACLs around
the serial_number parameter for every issuance/user.

We base this on Go TLS stack's verification of certificate<->key
matching, but extend it where applicable to ensure curves match, the
private key is indeed valid, and has the same structure as the
corresponding public key from the certificate.

This endpoint currently is authenticated, allowing operators to disable
the endpoint if it isn't desirable to use, via ACL policies.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify error message on ParseDERKey

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Leave revoke-with-key authenticated

After some discussion, given the potential for DoS (via submitting a lot
of keys/certs to validate, including invalid pairs), it seems best to
leave this as an authenticated endpoint. Presently in Vault, there's no
way to have an authenticated-but-unauthorized path (i.e., one which
bypasses ACL controls), so it is recommended (but not enforced) to make
this endpoint generally available by permissive ACL policies.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add API documentation on PoP

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add acceptance tests for Proof of Possession

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Exercise negative cases in PoP tests

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-08-16 14:01:26 -04:00
Yoko Hyakuna 0926143363
Fix a typo -> 'authorised' should be 'authorized' (#16730) 2022-08-15 20:27:59 -07:00
Loann Le 67f2f4ea2d
vault documentation: doc cleanup effort-batch4 (#16711)
* cleanup effort

* modified text

* Update website/content/docs/internals/integrated-storage.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-08-12 15:39:58 -07:00
Austin Gebauer 7bda58a1fd
secrets/db: update documentation on password policies (#16679) 2022-08-10 17:52:20 -07:00
Calvin Leung Huang 42de4a40b2
docs: update agent template certificate section (#16573)
* docs: update agent template certificate section

* extend template language section

* make recommendation to use pkiCert over secret
2022-08-10 19:38:56 -04:00
Tom Proctor 2d167b3427
Docs: Update Vault CSI Provider SecretProviderClass config options (#16506) 2022-08-10 21:30:20 +01:00
Loann Le 6d3cd5249e
modified wording (#16655) 2022-08-09 15:09:49 -07:00
Rachel Culpepper c367f883a0
Vault-5626: add key wrapping guide for transit import (#16365)
* add key wrapping guide for transit import

* link to key wrap guide from transit overview

* add new page to nav

* fix formatting

* fix note format

* fix link
2022-08-09 16:14:15 -05:00
Josh Black 005903f1ae
Clarify upgrades post 1.11 (#16650) 2022-08-09 13:57:58 -07:00
Chris Capurso 52d6287d4b
update license FAQ docs with termination changes (#16634)
* update license FAQ docs with termination changes

* change intro statement

* change temp eval license issuance callout

* PR feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-09 11:27:57 -07:00
Chris Capurso 707fcad006
Add custom metadata to namespace API and CLI docs (#16633)
* add custom_metadata to ns api docs

* update ns CLI docs to add custom-metadata flag
2022-08-09 14:10:41 -04:00
Kevin 9365250dfc
fix typo in Discovering the service account issuer (#16641) 2022-08-09 13:27:30 -04:00
Milena Zlaticanin 78e8c135fc
Hana - Add username customization (#16631)
* implement username customization feature

* adding changelog

* update database capabilities doc

* update database capabilities doc

Co-authored-by: Zlaticanin <milena@hashicorp.com>
2022-08-08 16:01:34 -05:00
Austin Gebauer 59831a8d5c
identity/oidc: adds client_secret_post token endpoint authentication method (#16598)
* identity/oidc: adds client_secret_post token endpoint authentication method

* fix test

* adds changelog
2022-08-08 08:41:09 -07:00
Meggie b7365df464
Adding PGX change to release & upgrade notes (#16613)
Also some heading size tidying
2022-08-05 14:57:47 -04:00
Austin Gebauer 67339b71e8
identity/oidc: fixes validation of the request and request_uri parameters (#16600)
* identity/oidc: add request_parameter_supported to discovery document

* adds changelog
2022-08-05 11:55:15 -07:00
Austin Gebauer a2bc8cfb96
identity/oidc: change the state parameter to optional (#16599)
* identity/oidc: change the state parameter to optional

* adds changelog

* update docs
2022-08-05 11:37:24 -07:00
David Fleming f08143cec8
Fix Link: OIDC Provider Config - Okta (#16607)
Okta was pointing at /docs/auth/jwt/oidc-providers/kubernetes.  Updated to point at /docs/auth/jwt/oidc-providers/okta
2022-08-05 12:40:03 -04:00
Jason O'Donnell bc93baaaab
auth/kerberos: add remove_instance_name config (#16594)
* auth/kerberos: add remove_instance_name config

* Update website

* Fix doc

* Fix doc

* changelog
2022-08-04 16:38:12 -04:00
Loann Le 85539da102
vault documentation: updated architecture doc page (#16569)
* updated content

* fixed spelling error

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* updated content

* italicized barrier

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-08-04 11:29:31 -07:00
Chris Capurso 1820b771ce
fix typo in certificate (#16588) 2022-08-04 13:01:34 -04:00
Robert de Bock 4a6218ca45
Update raft.mdx (#16579)
Explicitly explain that the content of a certificate or key is expected, not a path.
2022-08-04 09:56:23 -04:00
Nick Cabatoff 5e504944d7
Document how replication uses cluster addresses. (#16545) 2022-08-04 09:10:23 -04:00
Ikko Ashimine 49bfd3a944
Fix typo in managed-keys.mdx (#16578)
targetting -> targeting
2022-08-04 09:02:13 -04:00
Kevin Wang d136ba385a
fix(docs): typos (#16555) 2022-08-03 08:58:27 -07:00
Mike Palmiotto c4140522a6
Docs/vault 7338 retry join known issue (#16540)
* storage/raft: Add known issue for retry_join

* storage/raft: Update known issues with issue reference

* docs: Add return between includes
2022-08-03 15:42:51 +02:00
Yoko Hyakuna dc0b4315f3
Move the IS Autopilot note from 1.11 upgrade guide (#16541)
* Move the IS Autopilot note from 1.11 upgrade guide

* Minor update to the verbiage

* Update website/content/docs/upgrading/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Remove extra spaces

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-02 19:05:17 -07:00
Violet Hynes adb65bd0f2
VAULT-6615 Update docs for 1.12 quota changes (#16381)
* VAULT-6615 Update docs for 1.12 quota changes

* VAULT-6615 Add info about globbing

* VAULT-6615 some small updates for role param

* Update website/content/docs/enterprise/lease-count-quotas.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/lease-count-quotas.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-08-02 15:37:56 -04:00
Loann Le ab27921d85
Vault documentation: updated install and ha files (#16498)
* revised content

* Update website/content/docs/install.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/high-availability.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/high-availability.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/high-availability.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/high-availability.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-08-02 11:40:09 -07:00
Chris Capurso 0474352f65
add merkle.flushDirty.outstanding_pages metric to docs (#16530) 2022-08-02 12:58:25 -04:00
Alexander Scheel 4987bcfcd6
Add KMIP CSPs + initial Seal Wrap list (#16515)
* Add note on KMIP EA usage

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add wrapped parameters section to Seal Wrap docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-08-01 10:32:47 -04:00
Theron Voran 4dc7b71a28
docs/vault-k8s: updated for v0.17.0 release (#16492) 2022-07-28 14:23:47 -07:00
Jason O'Donnell e3f942f51c
agent: add disable_keep_alives configurable (#16479)
agent: add disable_keep_alives config

Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
2022-07-28 12:59:49 -07:00
Theron Voran 66ef22b735
docs/k8s: adding terraform config examples (#16121)
Adding a terraform examples page for configuring vault-helm.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-26 20:43:26 -04:00
Tom Proctor bd0461619c
Docs: Add list of supported k8s versions for agent injector (#16433) 2022-07-26 15:59:27 +01:00
akshya96 6e0c04d602
vault-951Documentation (#16434) 2022-07-25 16:53:03 -07:00
Yoko Hyakuna 7b43bf4c68
Add a note referring to automated upgrade (#16444)
* Add a note referring to automated upgrade

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-07-25 15:03:55 -07:00
tdsacilowski 887e77c2ae
Agent JWT auto auth remove_jwt_after_reading config option (#11969)
Add a new config option for Vault Agent's JWT auto auth
`remove_jwt_after_reading`, which defaults to true. Can stop
Agent from attempting to delete the file, which is useful in k8s
where the service account JWT is mounted as a read-only file
and so any attempt to delete it generates spammy error logs.

When leaving the JWT file in place, the read period for new
tokens is 1 minute instead of 500ms to reflect the assumption
that there will always be a file there, so finding a file does not
provide any signal that it needs to be re-read. Kubernetes
has a minimum TTL of 10 minutes for tokens, so a period of
1 minute gives Agent plenty of time to detect new tokens,
without leaving it too unresponsive. We may want to add a
config option to override these default periods in the future.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-25 07:42:09 -06:00
Jason O'Donnell 140406143e
command/server: add dev-tls flag (#16421)
* command/server: add dev-tls flag

* Add website documentation

* changelog

* Lower file permissions

* Update cert gen per review

* Add dev-tls-cert-dir flag and cert clean up

* fmt

* Update cert generation per review

* Remove unused function

* Add better error messages

* Log errors in cleanup, fix directory not existing bug

* Remove hidden flag from -dev-tls-cert-dir

* Add usage

* Update 16421.txt

* Update variable names for files

* Remove directory on cleanup
2022-07-22 14:04:03 -04:00
Matt Schultz 31151671ab
Transform tokenization key auto-rotate docs (#16410)
* Document auto rotate fields for transform tokenization endpoints.

* Update Transform tokenization docs to mention key auto-rotation.
2022-07-21 15:48:58 -05:00
Steven Zamborsky c0b0c4fde7
Add an "Important Note" regarding EKS CSR approval. (#16406) 2022-07-21 13:34:03 -07:00
Wojtek Czekalski d05e8d1222
Fix typo in the docs (#16323)
It's very confusing, `Volumes` are very similar to `volumes` and can cause confusion 😄
2022-07-21 10:42:46 -04:00
Francois BAYART 24b9fa39bc
Update s3.mdx (#13630)
fix IAM requirements to use KMS key
2022-07-21 10:41:33 -04:00
Jason Peng 08b0cf40d5
Update reload.mdx (#14207)
To match with the API version of docs- https://www.vaultproject.io/api-docs/system/plugins-reload-backend#sys-plugins-reload-backend.
2022-07-21 10:39:25 -04:00
Pratik Khasnabis 3e4f4fdd55
Change AWS to Azure in Tutorial section (#15206)
* Change AWS to Azure in Tutorial section

* trigger ci

Co-authored-by: taoism4504 <loann@hashicorp.com>
2022-07-21 10:36:27 -04:00
Florent Tatard 9dc861a8b3
Missing word (#16269)
Can't believe this went unnoticed for 5 years :)
2022-07-20 08:54:10 -07:00
Loann Le 58a646c726
updated note (#16372) 2022-07-19 16:52:41 -07:00
Andy Assareh 1313a53702
formatting issue - missing list bullet (#16352) 2022-07-19 15:51:36 -07:00
Jakob Beckmann d72064cb81
[Kubernetes Secret Engine]: Role namespace configuration possible via LabelSelector (#16240)
* docs(#16222): add documentation for changes in PR hashicorp/vault-plugin-secrets-kubernetes#10

* docs(#16222): add changelog entry

* docs(#16222): improve documentation to make the use case of setting both allowed_kubernetes_namespaces and allowed_kubernetes_namespace_selector parameters for role configuration
2022-07-19 13:11:45 -05:00
Tom Proctor 460388d957
Docs: Add release notes for MSSQL TDE (#16326) 2022-07-19 11:52:59 +01:00
Austin Gebauer 1a71678954
docs/plugin-portal: adds missing HashiCorp supported plugins (#16346) 2022-07-18 22:42:49 -07:00
Mạnh Tử 6b3cc4adc0
docs(plugin-portal): added Harbor Robot Account plugin (#16320) 2022-07-18 18:03:32 -07:00