luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
15984 commits 1 branch 0 tags 214 MiB
Commit graph

804 commits

Author SHA1 Message Date
Loann Le 67f2f4ea2d
vault documentation: doc cleanup effort-batch4 (#16711) 
* cleanup effort

* modified text

* Update website/content/docs/internals/integrated-storage.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
 2022-08-12 15:39:58 -07:00
Austin Gebauer 7bda58a1fd
secrets/db: update documentation on password policies (#16679) 2022-08-10 17:52:20 -07:00
Calvin Leung Huang 42de4a40b2
docs: update agent template certificate section (#16573) 
* docs: update agent template certificate section

* extend template language section

* make recommendation to use pkiCert over secret
 2022-08-10 19:38:56 -04:00
Tom Proctor 2d167b3427
Docs: Update Vault CSI Provider SecretProviderClass config options (#16506) 2022-08-10 21:30:20 +01:00
Loann Le 6d3cd5249e
modified wording (#16655) 2022-08-09 15:09:49 -07:00
Rachel Culpepper c367f883a0
Vault-5626: add key wrapping guide for transit import (#16365) 
* add key wrapping guide for transit import

* link to key wrap guide from transit overview

* add new page to nav

* fix formatting

* fix note format

* fix link
 2022-08-09 16:14:15 -05:00
Josh Black 005903f1ae
Clarify upgrades post 1.11 (#16650) 2022-08-09 13:57:58 -07:00
Chris Capurso 52d6287d4b
update license FAQ docs with termination changes (#16634) 
* update license FAQ docs with termination changes

* change intro statement

* change temp eval license issuance callout

* PR feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2022-08-09 11:27:57 -07:00
Chris Capurso 707fcad006
Add custom metadata to namespace API and CLI docs (#16633) 
* add custom_metadata to ns api docs

* update ns CLI docs to add custom-metadata flag
 2022-08-09 14:10:41 -04:00
Kevin 9365250dfc
fix typo in Discovering the service account issuer (#16641) 2022-08-09 13:27:30 -04:00
Milena Zlaticanin 78e8c135fc
Hana - Add username customization (#16631) 
* implement username customization feature

* adding changelog

* update database capabilities doc

* update database capabilities doc

Co-authored-by: Zlaticanin <milena@hashicorp.com>
 2022-08-08 16:01:34 -05:00
Austin Gebauer 59831a8d5c
identity/oidc: adds client_secret_post token endpoint authentication method (#16598) 
* identity/oidc: adds client_secret_post token endpoint authentication method

* fix test

* adds changelog
 2022-08-08 08:41:09 -07:00
Meggie b7365df464
Adding PGX change to release & upgrade notes (#16613) 
Also some heading size tidying
 2022-08-05 14:57:47 -04:00
Austin Gebauer 67339b71e8
identity/oidc: fixes validation of the request and request_uri parameters (#16600) 
* identity/oidc: add request_parameter_supported to discovery document

* adds changelog
 2022-08-05 11:55:15 -07:00
Austin Gebauer a2bc8cfb96
identity/oidc: change the state parameter to optional (#16599) 
* identity/oidc: change the state parameter to optional

* adds changelog

* update docs
 2022-08-05 11:37:24 -07:00
David Fleming f08143cec8
Fix Link: OIDC Provider Config - Okta (#16607) 
Okta was pointing at /docs/auth/jwt/oidc-providers/kubernetes.  Updated to point at /docs/auth/jwt/oidc-providers/okta
 2022-08-05 12:40:03 -04:00
Jason O'Donnell bc93baaaab
auth/kerberos: add remove_instance_name config (#16594) 
* auth/kerberos: add remove_instance_name config

* Update website

* Fix doc

* Fix doc

* changelog
 2022-08-04 16:38:12 -04:00
Loann Le 85539da102
vault documentation: updated architecture doc page (#16569) 
* updated content

* fixed spelling error

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/architecture.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* updated content

* italicized barrier

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
 2022-08-04 11:29:31 -07:00
Chris Capurso 1820b771ce
fix typo in certificate (#16588) 2022-08-04 13:01:34 -04:00
Robert de Bock 4a6218ca45
Update raft.mdx (#16579) 
Explicitly explain that the content of a certificate or key is expected, not a path.
 2022-08-04 09:56:23 -04:00
Nick Cabatoff 5e504944d7
Document how replication uses cluster addresses. (#16545) 2022-08-04 09:10:23 -04:00
Ikko Ashimine 49bfd3a944
Fix typo in managed-keys.mdx (#16578) 
targetting -> targeting
 2022-08-04 09:02:13 -04:00
Kevin Wang d136ba385a
fix(docs): typos (#16555) 2022-08-03 08:58:27 -07:00
Mike Palmiotto c4140522a6
Docs/vault 7338 retry join known issue (#16540) 
* storage/raft: Add known issue for retry_join

* storage/raft: Update known issues with issue reference

* docs: Add return between includes
 2022-08-03 15:42:51 +02:00
Yoko Hyakuna dc0b4315f3
Move the IS Autopilot note from 1.11 upgrade guide (#16541) 
* Move the IS Autopilot note from 1.11 upgrade guide

* Minor update to the verbiage

* Update website/content/docs/upgrading/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Remove extra spaces

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2022-08-02 19:05:17 -07:00
Violet Hynes adb65bd0f2
VAULT-6615 Update docs for 1.12 quota changes (#16381) 
* VAULT-6615 Update docs for 1.12 quota changes

* VAULT-6615 Add info about globbing

* VAULT-6615 some small updates for role param

* Update website/content/docs/enterprise/lease-count-quotas.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/lease-count-quotas.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2022-08-02 15:37:56 -04:00
Loann Le ab27921d85
Vault documentation: updated install and ha files (#16498) 
* revised content

* Update website/content/docs/install.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/high-availability.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/high-availability.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/high-availability.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/internals/high-availability.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
 2022-08-02 11:40:09 -07:00
Chris Capurso 0474352f65
add merkle.flushDirty.outstanding_pages metric to docs (#16530) 2022-08-02 12:58:25 -04:00
Alexander Scheel 4987bcfcd6
Add KMIP CSPs + initial Seal Wrap list (#16515) 
* Add note on KMIP EA usage

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add wrapped parameters section to Seal Wrap docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-08-01 10:32:47 -04:00
Theron Voran 4dc7b71a28
docs/vault-k8s: updated for v0.17.0 release (#16492) 2022-07-28 14:23:47 -07:00
Jason O'Donnell e3f942f51c
agent: add disable_keep_alives configurable (#16479) 
agent: add disable_keep_alives config

Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
 2022-07-28 12:59:49 -07:00
Theron Voran 66ef22b735
docs/k8s: adding terraform config examples (#16121) 
Adding a terraform examples page for configuring vault-helm.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2022-07-26 20:43:26 -04:00
Tom Proctor bd0461619c
Docs: Add list of supported k8s versions for agent injector (#16433) 2022-07-26 15:59:27 +01:00
akshya96 6e0c04d602
vault-951Documentation (#16434) 2022-07-25 16:53:03 -07:00
Yoko Hyakuna 7b43bf4c68
Add a note referring to automated upgrade (#16444) 
* Add a note referring to automated upgrade

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2022-07-25 15:03:55 -07:00
tdsacilowski 887e77c2ae
Agent JWT auto auth remove_jwt_after_reading config option (#11969) 
Add a new config option for Vault Agent's JWT auto auth
`remove_jwt_after_reading`, which defaults to true. Can stop
Agent from attempting to delete the file, which is useful in k8s
where the service account JWT is mounted as a read-only file
and so any attempt to delete it generates spammy error logs.

When leaving the JWT file in place, the read period for new
tokens is 1 minute instead of 500ms to reflect the assumption
that there will always be a file there, so finding a file does not
provide any signal that it needs to be re-read. Kubernetes
has a minimum TTL of 10 minutes for tokens, so a period of
1 minute gives Agent plenty of time to detect new tokens,
without leaving it too unresponsive. We may want to add a
config option to override these default periods in the future.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
 2022-07-25 07:42:09 -06:00
Jason O'Donnell 140406143e
command/server: add dev-tls flag (#16421) 
* command/server: add dev-tls flag

* Add website documentation

* changelog

* Lower file permissions

* Update cert gen per review

* Add dev-tls-cert-dir flag and cert clean up

* fmt

* Update cert generation per review

* Remove unused function

* Add better error messages

* Log errors in cleanup, fix directory not existing bug

* Remove hidden flag from -dev-tls-cert-dir

* Add usage

* Update 16421.txt

* Update variable names for files

* Remove directory on cleanup
 2022-07-22 14:04:03 -04:00
Matt Schultz 31151671ab
Transform tokenization key auto-rotate docs (#16410) 
* Document auto rotate fields for transform tokenization endpoints.

* Update Transform tokenization docs to mention key auto-rotation.
 2022-07-21 15:48:58 -05:00
Steven Zamborsky c0b0c4fde7
Add an "Important Note" regarding EKS CSR approval. (#16406) 2022-07-21 13:34:03 -07:00
Wojtek Czekalski d05e8d1222
Fix typo in the docs (#16323) 
It's very confusing, `Volumes` are very similar to `volumes` and can cause confusion 😄
 2022-07-21 10:42:46 -04:00
Francois BAYART 24b9fa39bc
Update s3.mdx (#13630) 
fix IAM requirements to use KMS key
 2022-07-21 10:41:33 -04:00
Jason Peng 08b0cf40d5
Update reload.mdx (#14207) 
To match with the API version of docs- https://www.vaultproject.io/api-docs/system/plugins-reload-backend#sys-plugins-reload-backend.
 2022-07-21 10:39:25 -04:00
Pratik Khasnabis 3e4f4fdd55
Change AWS to Azure in Tutorial section (#15206) 
* Change AWS to Azure in Tutorial section

* trigger ci

Co-authored-by: taoism4504 <loann@hashicorp.com>
 2022-07-21 10:36:27 -04:00
Florent Tatard 9dc861a8b3
Missing word (#16269) 
Can't believe this went unnoticed for 5 years :)
 2022-07-20 08:54:10 -07:00
Loann Le 58a646c726
updated note (#16372) 2022-07-19 16:52:41 -07:00
Andy Assareh 1313a53702
formatting issue - missing list bullet (#16352) 2022-07-19 15:51:36 -07:00
Jakob Beckmann d72064cb81
[Kubernetes Secret Engine]: Role namespace configuration possible via LabelSelector (#16240) 
* docs(#16222): add documentation for changes in PR hashicorp/vault-plugin-secrets-kubernetes#10

* docs(#16222): add changelog entry

* docs(#16222): improve documentation to make the use case of setting both allowed_kubernetes_namespaces and allowed_kubernetes_namespace_selector parameters for role configuration
 2022-07-19 13:11:45 -05:00
Tom Proctor 460388d957
Docs: Add release notes for MSSQL TDE (#16326) 2022-07-19 11:52:59 +01:00
Austin Gebauer 1a71678954
docs/plugin-portal: adds missing HashiCorp supported plugins (#16346) 2022-07-18 22:42:49 -07:00
Mạnh Tử 6b3cc4adc0
docs(plugin-portal): added Harbor Robot Account plugin (#16320) 2022-07-18 18:03:32 -07:00
Yoko Hyakuna 745ea70434
Fix the contribution guide link (#16344) 2022-07-18 16:37:31 -07:00
Nestor Reyes e3ce0f0d1d
Update policies.mdx (#16312) 
548 From "builtin" to "built-in" to be consistent with the previous sentence. 

589 from "can not" to "cannot"
 2022-07-15 15:28:49 -07:00
Kit Haines a4b5813817
append slash to consul path in doc (#15260) 
Co-authored-by: Chulki Lee <chulki.lee@gmail.com>
 2022-07-14 12:27:31 -07:00
Alexander Scheel 0113f8c586
Update localhost:3000 links to be correct (#16301) 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-07-14 12:08:28 -07:00
Yoko Hyakuna cf0cb3be49
Update the policy examples (#16297) 
* Update the policy examples

* Adjusted the examples
 2022-07-14 08:01:22 -07:00
Alexander Scheel 662395be90
Back out panic message, add new warning to FIPS docs (#16243) 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-07-12 17:05:45 -04:00
VAL 90bef11019
Fix import statements for auth submodules (#16278) 2022-07-12 12:06:44 -07:00
Lucy Davinhart || Strawb System ebd0da3201
Clarification for local mounts in the context of DR (#16218) 
* Clarification for local mounts in the context of DR

The docs were unclear on this point, so @russparsloe and I looked into it.

Local mounts are indeed replicated to DR secondaries.

This is the opposite of what it says on https://developer.hashicorp.com/vault/tutorials/enterprise/performance-replication#disaster-recovery 
> Local backend mounts are not replicated and their use will require existing DR mechanisms if DR is necessary in your implementation.
So that page will also need updating

* changelog

* fix changelog syntax for local mount with DR (#16218)
 2022-07-12 10:17:12 -07:00
Austin Gebauer 4dda00ee1a
auth/oidc: Adds documentation for SecureAuth IdP (#16274) 2022-07-12 08:11:55 -07:00
Vishal Nayak c9e17d6219
Document autopilot config differences at a high level (#15000) 
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2022-07-11 14:37:44 -07:00
Joel Kenny 2f1502556a
docs/configuration: document CockroachDB HA mode (#16202) 
HA support for CockroachDB was added in #12965. This commit updates the docs
to reflect that support.
 2022-07-11 12:00:51 -07:00
Austin Gebauer 647c2eba42
auth/oidc: splits IdP setup guides into separate pages (#16167) 2022-07-11 10:20:24 -07:00
Loann Le e942fae6cc
Vault documentation: added info about new policy flag (#16244) 
* added info about new policy flag

* updated wording
 2022-07-07 12:54:27 -07:00
Loann Le 9ebaab28c2
added content for network guidance (#16242) 2022-07-07 11:18:45 -07:00
Yoko Hyakuna c54d33608c
Update 'master key' -> 'root key' (#16226) 2022-07-06 16:03:08 -07:00
akshya96 c70a2cd198
Minor grammar correction in help for login command (#16211) 
* Minor grammar correction in help for login command

* Fix login command help

Co-authored-by: Pero P <ppejovic@users.noreply.github.com>
 2022-07-06 09:17:11 -07:00
Loann Le 752c7374a9
vault documentation: updated examples to use volumes (#16175) 
* updated examples to use volumes

* Update website/content/docs/platform/k8s/helm/examples/ha-with-consul.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/examples/standalone-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2022-07-05 08:32:51 -07:00
Michael Hofer 96e52760e3
docs(seal): improve readability, fix master key occurrence and typos (#16220) 2022-07-01 10:21:49 -07:00
Cristian Iaroi 5727762ce5
Adding Vault HydrantID Pki Plugin (#16058) 
repository: https://github.com/PaddyPowerBetfair/vault-plugin-hydrant-pki
raised issue: #16011
also updated docs (link to page for PR)
 2022-07-01 07:55:17 -07:00
aphorise 8b5f7da595
Docs/ekm sql provider corrections and troubleshooting (#15968) 2022-07-01 10:47:03 +01:00
Alexander Scheel 60add7d2be
Document additional FIPS restrictions (#16208) 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-06-30 16:14:07 -05:00
AnPucel 7a5d3e80dd
Developer Quickstart docs improvements (#16199) 
- Make the dev quick start link readily available on the client library documentation page
- Move the full code samples to the top of the dev quickstart page so that they're easily accessible.
- Update the api/readme to have a link to the dev quickstart
 2022-06-30 08:50:35 -07:00
AnPucel ed9ae70822
Add curl commands to Dev Quickstart guide (#16176) 2022-06-29 15:50:48 -07:00
Nick Cabatoff 0893b427b1
Rewrite a confusing bit of policies docs re parameter constraints. (#16182) 2022-06-29 12:28:49 -04:00
Christopher Swenson 80c5c56a40
docs/platform: Add brief GitHub Actions page (#16129) 
I added a small example from the main docs along with some explanation,
and added links to the main docs and the tutorial.

I also took this opportunity to sort the platform left nav bar.
 2022-06-27 09:47:26 -07:00
Christopher Swenson 2e56c7fe0a
Update consul-template to latest for pkiCert fix (#16087) 
Update consul-template to latest for pkiCert fix

So that we get the fixes in https://github.com/hashicorp/consul-template/pull/1590
and https://github.com/hashicorp/consul-template/pull/1591.

I tested manually that this no longer causes `pkiCert` to get into an
infinite failure loop when the cert expires, and that the key and CA certificate are also accessible.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2022-06-27 08:39:36 -07:00
Rachel Culpepper f4758a9282
Specify the size of the ephemeral key for transit imports (#16135) 
* specify the size of the ephemeral key

* specify aes key size in api docs
 2022-06-24 10:28:09 -05:00
Justin Clayton 88ebc43055
minor typo fix (#16114) 
Consult -> Consul
 2022-06-22 14:52:42 -07:00
Tom Proctor 770a57bdf0
Docs: Fix typo for Lambda extension env var config (#16108) 2022-06-22 17:28:31 +01:00
Rowan Smith 5815f6968e
fix typo in release notes (#16099) 
cont > count
 2022-06-22 10:39:43 -04:00
Tom Proctor caf00b9f3c
OIDC/Kubernetes docs: Improve instructions for setting bound_audiences (#16080) 2022-06-22 09:27:19 +01:00
Lucy Davinhart || Strawb System 549005e4b7
website: Update replication docs to mention Integrated Storage (#16063) 2022-06-21 10:55:15 -07:00
Rachel Culpepper 22f1cb5426
fix incorrect HSM mechanisms (#16081) 2022-06-21 10:13:30 -05:00
swayne275 d1e72b185a
fix docs typo - couple to few (#16068) 2022-06-20 11:03:55 -06:00
claire bontempo 5e149969ec
change rotation_period to algorithm (#16051) 2022-06-20 08:39:22 -07:00
Rachel Culpepper a73018572a
Vault-5619: Transit BYOK Documentation (#15817) 
* add api documentation

* add guide for wrapping keys

* fix formatting and tweak wording

* add hash function

* remove convergent param

* fix hash function description

* add security note

* fix mechanism

* fix notes

* add spaces

* fix hash function and add context
 2022-06-17 14:53:39 -05:00
Christopher Swenson 4ea2b0036d
Update helm standalone TLS doc for k8s 1.22 (#16029) 
Update helm standalone TLS doc for k8s 1.22

The `CertificateSigningRequest` for `v1beta1` API is no longer
available, and now requires the `signerName` parameter.

Many thanks to @DavidRBanks for the helpful notes in
https://github.com/hashicorp/vault-helm/issues/243#issuecomment-962551898

I tested this on Kubernetes 1.21 and 1.24. I also adjusted the `tr`
command to work better on macOS (and still works fine on Linux).
 2022-06-17 10:07:39 -07:00
Christopher Swenson bfc70928a6
docs: Add how to rotate SQL Server key (#15993) 2022-06-17 08:59:27 -07:00
Jason O'Donnell dd2ced661b
agent: add disable_idle_connections configurable (#15986) 
* agent: add disable_keep_alives configurable

* Add empty test

* Add website doc

* Change to disable_idle_connections

* Update tests and doc

* Add note about env

* Changelog

* Change to slice

* Remove unused disable keep alive methods

* Add invalid value test
 2022-06-16 18:06:22 -04:00
Loann Le 006b531bf9
Vault documentation: updated client count faqs for 1.11 (#16007) 
* stashed changes

changes stashed

* Update faq.mdx

Updated links

* Update website/content/docs/concepts/client-count/faq.mdx

* added image

* fixed image name

* updated text

* fixed spacing

* fixed spacing

* added missing info

* missed a period
 2022-06-16 11:05:55 -07:00
Alexander Scheel 6cf9cb7a93
Add additional usage clarifications to EA docs (#16017) 
- Document Transit and sys random endpoint in 1.11+
 - Document PKI and SSH CAs only, no leaves

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-06-16 13:56:22 -04:00
Alexander Scheel 491a2311b6
Document limitations in FIPS 140-2 migrations (#16012) 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-06-16 10:18:47 -04:00
Loann Le 11121a829a
Vault documentation: release notes for 1.11.0 (#16005) 
* added new content

* new content

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
 2022-06-15 18:25:14 -07:00
VAL 753e925f22
Use new -mount syntax for all KV subcommands in 1.11 docs (#16002) 
* Use new -mount syntax for all KV subcommands in 1.11 docs

* Use more appropriate heading size for mount flag syntax

* Add the explanatory syntax blurb from the -help text

* Adjust some wording
 2022-06-15 19:07:50 -04:00
Austin Gebauer 7d0a252d55
auth/gcp: adds note on custom endpoints to configuration section (#15990) 2022-06-15 10:06:58 -07:00
Loann Le 1d90d2c674
updated table for vault 1.11 release (#15856) 2022-06-15 09:40:49 -07:00
Theron Voran 7992c7b22e
docs/vault-k8s: update the service annotation (#15965) 
The injector's `service` annotation is really the vault address to
use, and not just the name of the service.

Also change a couple mentions of "controller" to "injector".
 2022-06-14 11:03:00 -07:00
Kyle MacDonald 9a003cb7b3
docs: update double use of "note" in client faq (#15958) 2022-06-13 13:37:58 -04:00
Alexander Scheel 28916301c1
Document agent injecting PKI CAs (#15930) 
* Document agent injecting PKI CAs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove extra empty-string conditional
 2022-06-13 13:15:54 -04:00
Nick Cabatoff 9ffa7ae257
Add 1.10 upgrade note for SSCT on Consul. (#15873) 2022-06-13 11:48:53 -04:00
Violet Hynes c1e2d9c062
VAULT-6091 Document Duration Format String (#15920) 
* VAULT-6091 Document duration format

* VAULT-6091 Document duration format

* VAULT-6091 Update wording

* VAULT-6091 Update to duration format string, replace everywhere I've found so far

* VAULT-6091 Add the word 'string' to the nav bar

* VAULT-6091 fix link

* VAULT-6091 fix link

* VAULT-6091 Fix time/string, add another reference

* VAULT-6091 add some misses for references to this format
 2022-06-13 08:51:07 -04:00
Austin Gebauer ec778e3d9f
docs/oidc: adds missing steps for Google Workspace configuration (#15943) 2022-06-10 16:29:49 -07:00
Violet Hynes abf65c8a0b
VAULT-5095 Update docs to reflect that child namespaces do not inherit parent quotas (#15906) 
* VAULT-5095 Update docs to reflect current behaviour

* Update website/content/api-docs/system/lease-count-quotas.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update website/content/api-docs/system/rate-limit-quotas.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
 2022-06-10 11:53:01 -04:00
Mark Lewis 50a5a1d16f
Update index.mdx (#15861) 
Typo
 2022-06-10 11:44:43 -04:00
Austin Gebauer 1bd49383cd
secrets/db: documents credential types and snowflake key pair auth (#15892) 2022-06-09 15:56:50 -07:00
Austin Gebauer 4cfec18bae
docs/postgres: replaces lib/pq with pgx (#15901) 2022-06-09 14:37:14 -07:00
Peter Wilson bb55a1127f
Removed IRC reference in architecture internals doc (#15904) 
* Removed IRC reference in architecture internals doc
 2022-06-09 15:41:14 +01:00
VAL 48ed15c445
Use KV helpers in docs and dev quickstart guide (#15902) 2022-06-08 17:37:02 -07:00
akshya96 fbda6d5110
Kv cas parameter documentation (#15885) 
* adding cas documentation changes

* remove extra space

* remove -
 2022-06-08 16:51:08 -07:00
Robert 91b298d274
Update Consul secrets features docs, api-docs for 1.11 (#15854) 
* Overhaul consul docs and api-docs for new 1.11 features

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
 2022-06-08 13:54:55 -05:00
Victor Rodriguez d922225fcd
Update KMIP documentation to reflect Vault 1.11 changes. (#15868) 
Update documentation to reflect new KMIP features in Vault 1.11.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
 2022-06-08 13:58:45 -04:00
Alexander Scheel 5c03fe6a30
Use manual_chain for cross-signed intermediates (#15876) 
This adds a note that manual_chain is required for cross-signed
intermediates, as Vault will not automatically associate the
cross-signed pair during chain construction. During issuance, the chain
is used verbatim from the issuer, so no chain detection will be used
then.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-06-08 13:13:45 -04:00
Ikko Ashimine dc6924e764
docs: fix typo in configurations.mdx (#15863) 
paramters -> parameters
 2022-06-08 09:03:45 -04:00
Robert 770a91ab83
Update GCP auth docs (#15855) 
* Add automatic GCE identity token login
 2022-06-07 18:22:09 -05:00
Josh Black 99ea53daaf
Autopilot enterprise docs (#15589) 2022-06-07 14:32:45 -07:00
Christopher Swenson 9754629a2b
Update AWS auth docs for SHA-1 deprecation (#15741) 
Update AWS auth docs for SHA-1 deprecation

We now recommend `/rsa2048` as the preferred AWS signature moving
foward, as `/pkcs7` and `/signature` will stop working by default in
Vault 1.12 without setting `GODEBUG=x509sha1=1` in the Vault deployment
due to the move to Go 1.18.

I also took this oppoturnity to try to make the docs less confusing
and more consistent with all of the usages of signature, PKCS#7, DSA,
and RSA terminology.

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2022-06-07 12:45:46 -07:00
Calvin Leung Huang 426e3a5583
docs: add pkiCert example on agent template docs (#15836) 2022-06-07 10:33:17 -07:00
Loann Le a4d86d503f
updated table (#15850) 2022-06-07 10:22:21 -07:00
Alexander Scheel 2884141dd9
Add support notes, Entropy Augmentation notes, RH repo (#15843) 
* Add support notes, Entropy Augmentation notes, RH repo

This adds a known-panic w.r.t. Entropy Augmentation due to restrictions
in how BoringCrypto's RNG works. Additionally adds the RH Access
container repository and adds a note about restricted support scenarios.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Wording changes per Scott

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-06-07 11:23:26 -04:00
Brian Candler e912ccaa66
Fixes for -listing-visibility flag values in CLI tools (#15838) 
See also: #15833, #15209

Signed-off-by: Brian Candler <b.candler@pobox.com>
 2022-06-07 09:49:13 -04:00
Tom Proctor 4ee10e4809
docs: Update CSI Provider command line arguments (#15810) 2022-06-07 10:20:47 +01:00
Michael Williams 69fbba5a52
Update documentation to reduce confusion about default_extensions. (#14069) 2022-06-06 15:53:05 -04:00
Scott Miller 6bfdfa0a4d
Document Convergent Tokenization and Token Lookup (#15819) 
* Document Convergent Tokenization and Token Lookup

* tweaks

* Fix sample response

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/index.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* update awkward text

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>
 2022-06-06 13:34:08 -05:00
Tom Proctor cf3e245302
Add upgrade and config docs for MSSQL EKM Provider (#13859) 2022-06-06 11:28:48 +01:00
Chris Capurso 76bc7a25b8
add missing patch capability to policy docs (#15704) 2022-06-03 15:40:47 -04:00
Nick Cabatoff c15f524993
Add details to CHANGELOG and 1.10 upgrade note regarding new 412 error response resulting from SSCTs. (#15770) 2022-06-02 16:16:28 -04:00
Loann Le 6201506456
added link to tutorial (#15762) 2022-06-02 10:15:21 -07:00
Alexander Scheel ab10435ab7
More PKI docs updates (#15757) 
* Add missing key_ref parameter to gen root docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add API docs section on key generation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about managed key access

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-06-02 12:42:56 -04:00
Loann Le da09b3d62d
Vault documentation: vault overview page proposal (#15569) 
* updated vault overview page

* add images

* replace the image with clearer one

* removed video

* testing image size

* modified based on writer feedback

* Add more description about HCP Vault (#15588)

* added more content

* testing diagram size

* added new image file

* marketing-modified-image

* cleaned up text

* updated link

* Update what-is-vault.mdx

updated text

* incorporated feedback

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
 2022-06-01 15:32:30 -07:00
Christopher Swenson 9de0dbaef9
Add note about X.509 SHA-1 deprecation to relevant plugins (#15672) 
Add note about X.509 SHA-1 deprecation to relevant plugins

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2022-06-01 12:41:11 -07:00
amcbarnett 413cc2e4c0
Update fips1402.mdx (#15598) 
* Update fips1402.mdx

Added Link to new Compliance letter and details on what makes this different from Seal Wrap

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2022-06-01 11:02:11 -04:00
Pratik Khasnabis af5e65e9bd
Update to fix the concept of root key, which is not sharded as written here. (#15726) 
This explanation of root key is incorrect. Root key is not sharded and reconstructed. The root key is encrypted by the unseal key which is sharded and reconstructed back in the unsealing process.
The explanation differed from the correct one at https://www.vaultproject.io/docs/concepts/seal
 2022-06-01 09:54:26 -04:00
Loann Le 47fc5311e8
updated learn link (#15717) 2022-05-31 14:55:06 -07:00
Tom Proctor 1c2f3c8ddf
docs: Improve sample commands for querying k8s API (#15686) 2022-05-31 21:20:31 +01:00
Austin Gebauer 7a88c86db2
auth/gcp: adds documentation for custom endpoint overrides (#15673) 2022-05-31 10:16:24 -07:00
Jim Kalafut c9a0fdb4ff
Fix K8s secrets docs typo (#15695) 2022-05-31 08:10:15 -07:00
Steven Clark 69296e9edf
Add a little more information about PKI and replicated data sets to the PKI docs. (#15683) 
* Add a little more information about PKI and replicated data sets.

 - Add a TOC to the PKI considerations page
 - Merge in the existing certificate storage into a new Replicated DataSets
   section
 - Move the existing Cluster Scalability section from the api-docs into the
   considerations page.
 2022-05-31 10:04:51 -04:00
Alexander Scheel 1331c2aa12
Add recommendations on key types and PKI performance (#15580) 
* Add recommendations on key types and PKI performance

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/secrets/pki/considerations.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
 2022-05-31 09:21:16 -04:00
akshya96 4c45c909ee
adding documentaion changes (#15656) 2022-05-27 15:08:19 -07:00
Christopher Swenson 23c135f2a6
docs/k8s: update for latest helm release 0.20.1 (#15647) 2022-05-26 11:59:54 -07:00
Loann Le 21d9ff0d99
added a reference to a note for deprecated features (#15610) 2022-05-25 15:24:34 -07:00
Theron Voran f38f0ee323
docs/database/elasticsearch: use_old_xpack option (#15601) 
Also creating/adding a note to the 1.11 upgrade guide
 2022-05-25 12:15:42 -07:00
John-Michael Faircloth fc04699f57
Fix plugin reload mounts (#15579) 
* fix plugin reload mounts

* do not require sys/ prefix

* update plugin reload docs with examples

* fix unit test credential read path

* update docs to reflect correct cli usage

* allow sys/auth/foo or auth/foo

* append trailing slash if it doesn't exist in request

* add changelog

* use correct changelog number
 2022-05-25 13:37:42 -05:00
Christopher Swenson 5f9386abad
Add deprecation note about X.509/SHA-1 (#15581) 
Add deprecation note about X.509/SHA-1

In preparation for moving to Go 1.18 in Vault 1.12.

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
 2022-05-25 10:11:17 -07:00
Peter Wilson bcb30223bf
Added support for VAULT_PROXY_ADDR + Updated docs (#15377) 
Updated documentation to describe the behavior when supplying `VAULT_HTTP_PROXY`. Also added support for `VAULT_PROXY_ADDR` as a 'better name' for `VAULT_HTTP_PROXY`.
 2022-05-24 13:38:51 -04:00
davidadeleon 0026788d4b
api/monitor: Adding log format to monitor command and debug (#15536) 
* Correct handling of "unspecified" log level

* Setting log-format default on monitor path

* Create changelog file

* Update website/content/api-docs/system/monitor.mdx

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
 2022-05-24 13:10:53 -04:00
Loann Le 9dd1a4ff93
Vault documentation: reorganized docs by moving recovery key description (#15563) 
* reorg docs for recovery keys

* fixed a sentence

* Minor format update & removed duplicated notes

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
 2022-05-23 15:42:57 -07:00
Austin Gebauer 6fe639eb35
auth/okta: documents API token minimal permissions (#15566) 2022-05-23 14:57:14 -07:00
Alexander Scheel 36c981bfe4
Add more PKI usage best practices to documentation (#15562) 
* Add note about cross-cluster CRL URIs

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note that short TTLs are relative to quantity

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note to make sure default is configured

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about automating certificate renewal

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-05-23 12:00:24 -04:00
Alexander Scheel 92dbe3b22a
Fix Learn->Tutorial in internal PKI docs (#15531) 
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2022-05-23 11:53:13 -04:00