Commit graph

4473 commits

Author SHA1 Message Date
Yoko Hyakuna cf0cb3be49
Update the policy examples (#16297)
* Update the policy examples

* Adjusted the examples
2022-07-14 08:01:22 -07:00
Loann Le e6b24b09f0
update sys-mfa-doc (#16291) 2022-07-13 10:36:52 -07:00
Yoko Hyakuna 485b7b0abe
Remove the callout note about Ent (#16288) 2022-07-13 09:00:11 -07:00
Alexander Scheel 662395be90
Back out panic message, add new warning to FIPS docs (#16243)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-07-12 17:05:45 -04:00
VAL 90bef11019
Fix import statements for auth submodules (#16278) 2022-07-12 12:06:44 -07:00
Lucy Davinhart || Strawb System ebd0da3201
Clarification for local mounts in the context of DR (#16218)
* Clarification for local mounts in the context of DR

The docs were unclear on this point, so @russparsloe and I looked into it.

Local mounts are indeed replicated to DR secondaries.

This is the opposite of what it says on https://developer.hashicorp.com/vault/tutorials/enterprise/performance-replication#disaster-recovery 
> Local backend mounts are not replicated and their use will require existing DR mechanisms if DR is necessary in your implementation.
So that page will also need updating

* changelog

* fix changelog syntax for local mount with DR (#16218)
2022-07-12 10:17:12 -07:00
Austin Gebauer 4dda00ee1a
auth/oidc: Adds documentation for SecureAuth IdP (#16274) 2022-07-12 08:11:55 -07:00
Vishal Nayak c9e17d6219
Document autopilot config differences at a high level (#15000)
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-07-11 14:37:44 -07:00
Joel Kenny 2f1502556a
docs/configuration: document CockroachDB HA mode (#16202)
HA support for CockroachDB was added in #12965. This commit updates the docs
to reflect that support.
2022-07-11 12:00:51 -07:00
Austin Gebauer 647c2eba42
auth/oidc: splits IdP setup guides into separate pages (#16167) 2022-07-11 10:20:24 -07:00
Austin Gebauer c00e605b48
secrets/k8s: updates API docs for kubernetes_host with correct env var (#16251) 2022-07-08 08:52:42 -07:00
Steven Clark d04b143bd5
pki: When a role sets key_type to any ignore key_bits value when signing a csr (#16246)
* pki: When a role sets key_type to any ignore key_bits value when signing

 - Bypass the validation for the role's key_bits value when signing CSRs
   if the key_type is set to any. We still validate the key is at least
   2048 for RSA backed CSRs as we did in 1.9.x and lower.
2022-07-08 10:56:15 -04:00
Loann Le e942fae6cc
Vault documentation: added info about new policy flag (#16244)
* added info about new policy flag

* updated wording
2022-07-07 12:54:27 -07:00
Loann Le 9ebaab28c2
added content for network guidance (#16242) 2022-07-07 11:18:45 -07:00
Yoko Hyakuna c54d33608c
Update 'master key' -> 'root key' (#16226) 2022-07-06 16:03:08 -07:00
akshya96 c70a2cd198
Minor grammar correction in help for login command (#16211)
* Minor grammar correction in help for login command

* Fix login command help

Co-authored-by: Pero P <ppejovic@users.noreply.github.com>
2022-07-06 09:17:11 -07:00
Loann Le 752c7374a9
vault documentation: updated examples to use volumes (#16175)
* updated examples to use volumes

* Update website/content/docs/platform/k8s/helm/examples/ha-with-consul.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/examples/standalone-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-07-05 08:32:51 -07:00
Michael Hofer 96e52760e3
docs(seal): improve readability, fix master key occurrence and typos (#16220) 2022-07-01 10:21:49 -07:00
Cristian Iaroi 5727762ce5
Adding Vault HydrantID Pki Plugin (#16058)
repository: https://github.com/PaddyPowerBetfair/vault-plugin-hydrant-pki
raised issue: #16011
also updated docs (link to page for PR)
2022-07-01 07:55:17 -07:00
aphorise 8b5f7da595
Docs/ekm sql provider corrections and troubleshooting (#15968) 2022-07-01 10:47:03 +01:00
Alexander Scheel 60add7d2be
Document additional FIPS restrictions (#16208)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-30 16:14:07 -05:00
Alexander Scheel d4cdafc314
Document PKI root rotation, replacement paths (#16206)
See also: https://discuss.hashicorp.com/t/missing-pki-secret-engine-api-documentation-for-root-rotate-and-root-replace-endpoints/41215

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-30 10:45:49 -07:00
AnPucel 7a5d3e80dd
Developer Quickstart docs improvements (#16199)
- Make the dev quick start link readily available on the client library documentation page
- Move the full code samples to the top of the dev quickstart page so that they're easily accessible.
- Update the api/readme to have a link to the dev quickstart
2022-06-30 08:50:35 -07:00
AnPucel 3215cdbd32
Dynamic parameter for mountpaths in OpenApi Spec generation(#15835)
"generic_mount_paths" query parameter for OpenApiSpec generation
2022-06-30 07:43:04 -07:00
AnPucel ed9ae70822
Add curl commands to Dev Quickstart guide (#16176) 2022-06-29 15:50:48 -07:00
Ciara Clements 7288bb3c57
changed "activate" to "active (#16189) 2022-06-29 10:10:53 -07:00
Nick Cabatoff 0893b427b1
Rewrite a confusing bit of policies docs re parameter constraints. (#16182) 2022-06-29 12:28:49 -04:00
akshya96 6164e5e7e1
documentation changes for limit parameter (#16161) 2022-06-27 13:29:14 -07:00
Christopher Swenson 80c5c56a40
docs/platform: Add brief GitHub Actions page (#16129)
I added a small example from the main docs along with some explanation,
and added links to the main docs and the tutorial.

I also took this opportunity to sort the platform left nav bar.
2022-06-27 09:47:26 -07:00
Chris Capurso 9501d44ed5
Add endpoints to provide ability to modify logging verbosity (#16111)
* add func to set level for specific logger

* add endpoints to modify log level

* initialize base logger with IndependentLevels

* test to ensure other loggers remain unchanged

* add DELETE loggers endpoints to revert back to config

* add API docs page

* add changelog entry

* remove extraneous line

* add log level field to Core struct

* add godoc for getLogLevel

* add some loggers to c.allLoggers
2022-06-27 11:39:53 -04:00
Christopher Swenson 2e56c7fe0a
Update consul-template to latest for pkiCert fix (#16087)
Update consul-template to latest for pkiCert fix

So that we get the fixes in https://github.com/hashicorp/consul-template/pull/1590
and https://github.com/hashicorp/consul-template/pull/1591.

I tested manually that this no longer causes `pkiCert` to get into an
infinite failure loop when the cert expires, and that the key and CA certificate are also accessible.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-06-27 08:39:36 -07:00
Alexander Scheel bf657b43ae
Clarify LIST /certs doesn't include imports (#16144)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-24 15:25:10 -05:00
Rachel Culpepper f4758a9282
Specify the size of the ephemeral key for transit imports (#16135)
* specify the size of the ephemeral key

* specify aes key size in api docs
2022-06-24 10:28:09 -05:00
Austin Gebauer 686a9fa39c
secrets/k8s: fix api docs for generated_role_rules json (#16127) 2022-06-23 13:05:06 -07:00
Alexander Scheel eeb4029eb1
Add signature_bits to sign-intermediate, sign-verbatim (#16124)
* Add signature_bits to sign-intermediate

This endpoint was lacking the signature_bits field like all the other
endpoints. Notably, in #15478, the ability to customize the intermediate
CSR's signature bits was removed without checking for the ability to
customize the final (root-signed) intermediate certificate's value.

This adds in that missing ability, bringing us parity with root
generation and role-based signing.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add signature_bits to sign-verbatim

This endpoint was also lacking the signature_bits field, preventing
other signature hash functions from being utilized here.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-23 14:07:27 -04:00
Jason Sturges 16c5d5ba11
Fix typo in remount (#16100)
"utlizie" => "utilize"
2022-06-22 17:28:10 -07:00
Justin Clayton 88ebc43055
minor typo fix (#16114)
Consult -> Consul
2022-06-22 14:52:42 -07:00
Victor Rodriguez 7f6e281893
Add new KMIP backend operation parameters to API documentation. (#16107)
The KMIP backend has four new parameters for the API call to create or update a
role:

  - operation_decrypt
  - operation_encrypt
  - operation_import
  - operation_query
2022-06-22 13:28:03 -04:00
Tom Proctor 770a57bdf0
Docs: Fix typo for Lambda extension env var config (#16108) 2022-06-22 17:28:31 +01:00
Rowan Smith 5815f6968e
fix typo in release notes (#16099)
cont > count
2022-06-22 10:39:43 -04:00
Tom Proctor caf00b9f3c
OIDC/Kubernetes docs: Improve instructions for setting bound_audiences (#16080) 2022-06-22 09:27:19 +01:00
Lucy Davinhart || Strawb System 549005e4b7
website: Update replication docs to mention Integrated Storage (#16063) 2022-06-21 10:55:15 -07:00
Rachel Culpepper 22f1cb5426
fix incorrect HSM mechanisms (#16081) 2022-06-21 10:13:30 -05:00
swayne275 d1e72b185a
fix docs typo - couple to few (#16068) 2022-06-20 11:03:55 -06:00
Alexander Scheel 50f0d439ad
Clarify that the returned chain is used everywhere (#16064)
The returned chain on the issuer is presented both for signing request
responses and (if the default issuer) on the /ca_chain path. Overriding
the issuers' automatically constructed chain with a manual_chain allows
removal of the root CA if desired.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-20 12:04:15 -04:00
claire bontempo 5e149969ec
change rotation_period to algorithm (#16051) 2022-06-20 08:39:22 -07:00
Rachel Culpepper a73018572a
Vault-5619: Transit BYOK Documentation (#15817)
* add api documentation

* add guide for wrapping keys

* fix formatting and tweak wording

* add hash function

* remove convergent param

* fix hash function description

* add security note

* fix mechanism

* fix notes

* add spaces

* fix hash function and add context
2022-06-17 14:53:39 -05:00
Christopher Swenson 4ea2b0036d
Update helm standalone TLS doc for k8s 1.22 (#16029)
Update helm standalone TLS doc for k8s 1.22

The `CertificateSigningRequest` for `v1beta1` API is no longer
available, and now requires the `signerName` parameter.

Many thanks to @DavidRBanks for the helpful notes in
https://github.com/hashicorp/vault-helm/issues/243#issuecomment-962551898

I tested this on Kubernetes 1.21 and 1.24. I also adjusted the `tr`
command to work better on macOS (and still works fine on Linux).
2022-06-17 10:07:39 -07:00
Rémi Lapeyre 6205cf6999
Document LIST sys/quotas/lease-count (#15679) 2022-06-17 10:04:55 -07:00
Christopher Swenson bfc70928a6
docs: Add how to rotate SQL Server key (#15993) 2022-06-17 08:59:27 -07:00
Jason O'Donnell dd2ced661b
agent: add disable_idle_connections configurable (#15986)
* agent: add disable_keep_alives configurable

* Add empty test

* Add website doc

* Change to disable_idle_connections

* Update tests and doc

* Add note about env

* Changelog

* Change to slice

* Remove unused disable keep alive methods

* Add invalid value test
2022-06-16 18:06:22 -04:00
Calvin Leung Huang 1254689dd4
docs: Fix sample request on okta verify nonce (#16026) 2022-06-16 14:36:12 -07:00
Loann Le 006b531bf9
Vault documentation: updated client count faqs for 1.11 (#16007)
* stashed changes

changes stashed

* Update faq.mdx

Updated links

* Update website/content/docs/concepts/client-count/faq.mdx

* added image

* fixed image name

* updated text

* fixed spacing

* fixed spacing

* added missing info

* missed a period
2022-06-16 11:05:55 -07:00
Alexander Scheel 6cf9cb7a93
Add additional usage clarifications to EA docs (#16017)
- Document Transit and sys random endpoint in 1.11+
 - Document PKI and SSH CAs only, no leaves

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-16 13:56:22 -04:00
Alexander Scheel 491a2311b6
Document limitations in FIPS 140-2 migrations (#16012)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-16 10:18:47 -04:00
Alexander Scheel 4e6a9741ee
Add explicit cn_validations field to PKI Roles (#15996)
* Add cn_validations PKI Role parameter

This new parameter allows disabling all validations on a common name,
enabled by default on sign-verbatim and issuer generation options.

Presently, the default behavior is to allow either an email address
(denoted with an @ in the name) or a hostname to pass validation.
Operators can restrict roles to just a single option (e.g., for email
certs, limit CNs to have strictly email addresses and not hostnames).

By setting the value to `disabled`, CNs of other formats can be accepted
without validating their contents against our minimal correctness checks
for email/hostname/wildcard that we typically apply even when broad
permissions (allow_any_name=true, enforce_hostnames=false, and
allow_wildcard_certificates=true) are granted on the role.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update PKI tests for cn_validation support

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add PKI API documentation on cn_validations

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-16 06:53:27 -07:00
Loann Le 11121a829a
Vault documentation: release notes for 1.11.0 (#16005)
* added new content

* new content

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-06-15 18:25:14 -07:00
VAL 753e925f22
Use new -mount syntax for all KV subcommands in 1.11 docs (#16002)
* Use new -mount syntax for all KV subcommands in 1.11 docs

* Use more appropriate heading size for mount flag syntax

* Add the explanatory syntax blurb from the -help text

* Adjust some wording
2022-06-15 19:07:50 -04:00
Austin Gebauer 7d0a252d55
auth/gcp: adds note on custom endpoints to configuration section (#15990) 2022-06-15 10:06:58 -07:00
Loann Le 1d90d2c674
updated table for vault 1.11 release (#15856) 2022-06-15 09:40:49 -07:00
Theron Voran 7992c7b22e
docs/vault-k8s: update the service annotation (#15965)
The injector's `service` annotation is really the vault address to
use, and not just the name of the service.

Also change a couple mentions of "controller" to "injector".
2022-06-14 11:03:00 -07:00
Alexander Scheel aeb09e8ec9
Clarify permitted_dns_domains are Name Constraints (#15972)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-14 12:46:56 -04:00
Kyle MacDonald 9a003cb7b3
docs: update double use of "note" in client faq (#15958) 2022-06-13 13:37:58 -04:00
Alexander Scheel 28916301c1
Document agent injecting PKI CAs (#15930)
* Document agent injecting PKI CAs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove extra empty-string conditional
2022-06-13 13:15:54 -04:00
Nick Cabatoff 9ffa7ae257
Add 1.10 upgrade note for SSCT on Consul. (#15873) 2022-06-13 11:48:53 -04:00
Violet Hynes c1e2d9c062
VAULT-6091 Document Duration Format String (#15920)
* VAULT-6091 Document duration format

* VAULT-6091 Document duration format

* VAULT-6091 Update wording

* VAULT-6091 Update to duration format string, replace everywhere I've found so far

* VAULT-6091 Add the word 'string' to the nav bar

* VAULT-6091 fix link

* VAULT-6091 fix link

* VAULT-6091 Fix time/string, add another reference

* VAULT-6091 add some misses for references to this format
2022-06-13 08:51:07 -04:00
Austin Gebauer ec778e3d9f
docs/oidc: adds missing steps for Google Workspace configuration (#15943) 2022-06-10 16:29:49 -07:00
Hridoy Roy 0514503d2c
docs for activity log noncontiguous billing period changes (#15882)
* docs for activity log noncontiguous return changes

* add description of default start and end time to clarify meaning of billing period
2022-06-10 09:27:24 -07:00
Violet Hynes abf65c8a0b
VAULT-5095 Update docs to reflect that child namespaces do not inherit parent quotas (#15906)
* VAULT-5095 Update docs to reflect current behaviour

* Update website/content/api-docs/system/lease-count-quotas.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update website/content/api-docs/system/rate-limit-quotas.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-06-10 11:53:01 -04:00
Mark Lewis 50a5a1d16f
Update index.mdx (#15861)
Typo
2022-06-10 11:44:43 -04:00
Alexander Scheel 0320673c97
Fix location of not_before_duration on ssh docs (#15926)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-10 10:14:44 -04:00
Gabriel Santos 57eeb33faa
SSH secrets engine - Enabled creation of key pairs (CA Mode) (#15561)
* Handle func

* Update - check if key_type and key_bits are allowed

* Update - fields

* Generating keys based on provided key_type and key_bits

* Returning signed key

* Refactor

* Refactor update to common logic function

* Descriptions

* Tests added

* Suggested changes and tests added and refactored

* Suggested changes and fmt run

* File refactoring

* Changelog file

* Update changelog/15561.txt

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>

* Suggested changes - consistent returns and additional info to test messages

* ssh issue key pair documentation

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
2022-06-10 09:48:19 -04:00
Austin Gebauer 1bd49383cd
secrets/db: documents credential types and snowflake key pair auth (#15892) 2022-06-09 15:56:50 -07:00
Austin Gebauer 4cfec18bae
docs/postgres: replaces lib/pq with pgx (#15901) 2022-06-09 14:37:14 -07:00
Peter Wilson bb55a1127f
Removed IRC reference in architecture internals doc (#15904)
* Removed IRC reference in architecture internals doc
2022-06-09 15:41:14 +01:00
VAL 48ed15c445
Use KV helpers in docs and dev quickstart guide (#15902) 2022-06-08 17:37:02 -07:00
akshya96 fbda6d5110
Kv cas parameter documentation (#15885)
* adding cas documentation changes

* remove extra space

* remove -
2022-06-08 16:51:08 -07:00
Robert 91b298d274
Update Consul secrets features docs, api-docs for 1.11 (#15854)
* Overhaul consul docs and api-docs for new 1.11 features

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2022-06-08 13:54:55 -05:00
Victor Rodriguez d922225fcd
Update KMIP documentation to reflect Vault 1.11 changes. (#15868)
Update documentation to reflect new KMIP features in Vault 1.11.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-06-08 13:58:45 -04:00
Alexander Scheel 5c03fe6a30
Use manual_chain for cross-signed intermediates (#15876)
This adds a note that manual_chain is required for cross-signed
intermediates, as Vault will not automatically associate the
cross-signed pair during chain construction. During issuance, the chain
is used verbatim from the issuer, so no chain detection will be used
then.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-08 13:13:45 -04:00
Ikko Ashimine dc6924e764
docs: fix typo in configurations.mdx (#15863)
paramters -> parameters
2022-06-08 09:03:45 -04:00
Robert 770a91ab83
Update GCP auth docs (#15855)
* Add automatic GCE identity token login
2022-06-07 18:22:09 -05:00
Josh Black 99ea53daaf
Autopilot enterprise docs (#15589) 2022-06-07 14:32:45 -07:00
Christopher Swenson 9754629a2b
Update AWS auth docs for SHA-1 deprecation (#15741)
Update AWS auth docs for SHA-1 deprecation

We now recommend `/rsa2048` as the preferred AWS signature moving
foward, as `/pkcs7` and `/signature` will stop working by default in
Vault 1.12 without setting `GODEBUG=x509sha1=1` in the Vault deployment
due to the move to Go 1.18.

I also took this oppoturnity to try to make the docs less confusing
and more consistent with all of the usages of signature, PKCS#7, DSA,
and RSA terminology.

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-06-07 12:45:46 -07:00
Calvin Leung Huang 426e3a5583
docs: add pkiCert example on agent template docs (#15836) 2022-06-07 10:33:17 -07:00
Loann Le a4d86d503f
updated table (#15850) 2022-06-07 10:22:21 -07:00
Alexander Scheel 2884141dd9
Add support notes, Entropy Augmentation notes, RH repo (#15843)
* Add support notes, Entropy Augmentation notes, RH repo

This adds a known-panic w.r.t. Entropy Augmentation due to restrictions
in how BoringCrypto's RNG works. Additionally adds the RH Access
container repository and adds a note about restricted support scenarios.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Wording changes per Scott

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-07 11:23:26 -04:00
Brian Candler e912ccaa66
Fixes for -listing-visibility flag values in CLI tools (#15838)
See also: #15833, #15209

Signed-off-by: Brian Candler <b.candler@pobox.com>
2022-06-07 09:49:13 -04:00
Tom Proctor 4ee10e4809
docs: Update CSI Provider command line arguments (#15810) 2022-06-07 10:20:47 +01:00
Alexander Scheel b3ad79fb70
Fix listing_visibility value documentation (#15833)
* Match listing_visibility in system/auth with system/mounts

See also: #15209

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix path-help for listing_visibility

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-06 16:44:46 -04:00
Michael Williams 69fbba5a52
Update documentation to reduce confusion about default_extensions. (#14069) 2022-06-06 15:53:05 -04:00
Scott Miller 6bfdfa0a4d
Document Convergent Tokenization and Token Lookup (#15819)
* Document Convergent Tokenization and Token Lookup

* tweaks

* Fix sample response

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/index.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* update awkward text

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>
2022-06-06 13:34:08 -05:00
Tom Proctor cf3e245302
Add upgrade and config docs for MSSQL EKM Provider (#13859) 2022-06-06 11:28:48 +01:00
Chris Capurso 76bc7a25b8
add missing patch capability to policy docs (#15704) 2022-06-03 15:40:47 -04:00
Nick Cabatoff c15f524993
Add details to CHANGELOG and 1.10 upgrade note regarding new 412 error response resulting from SSCTs. (#15770) 2022-06-02 16:16:28 -04:00
Loann Le e576a8fc48
update sample code (#15765) 2022-06-02 10:58:50 -07:00
Alexander Scheel 9a3a7d40ca
Fix copy/paste typo in PKI key generation docs (#15761)
As caught by Ivana, thank you!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 13:21:35 -04:00
Loann Le 6201506456
added link to tutorial (#15762) 2022-06-02 10:15:21 -07:00
Alexander Scheel ab10435ab7
More PKI docs updates (#15757)
* Add missing key_ref parameter to gen root docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add API docs section on key generation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about managed key access

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 12:42:56 -04:00
Loann Le da09b3d62d
Vault documentation: vault overview page proposal (#15569)
* updated vault overview page

* add images

* replace the image with clearer one

* removed video

* testing image size

* modified based on writer feedback

* Add more description about HCP Vault (#15588)

* added more content

* testing diagram size

* added new image file

* marketing-modified-image

* cleaned up text

* updated link

* Update what-is-vault.mdx

updated text

* incorporated feedback

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-06-01 15:32:30 -07:00
Christopher Swenson 9de0dbaef9
Add note about X.509 SHA-1 deprecation to relevant plugins (#15672)
Add note about X.509 SHA-1 deprecation to relevant plugins

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 12:41:11 -07:00
amcbarnett 413cc2e4c0
Update fips1402.mdx (#15598)
* Update fips1402.mdx

Added Link to new Compliance letter and details on what makes this different from Seal Wrap

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 11:02:11 -04:00
Pratik Khasnabis af5e65e9bd
Update to fix the concept of root key, which is not sharded as written here. (#15726)
This explanation of root key is incorrect. Root key is not sharded and reconstructed. The root key is encrypted by the unseal key which is sharded and reconstructed back in the unsealing process.
The explanation differed from the correct one at https://www.vaultproject.io/docs/concepts/seal
2022-06-01 09:54:26 -04:00
Loann Le 47fc5311e8
updated learn link (#15717) 2022-05-31 14:55:06 -07:00
Tom Proctor 1c2f3c8ddf
docs: Improve sample commands for querying k8s API (#15686) 2022-05-31 21:20:31 +01:00
Steven Clark 2e215975ff
Add integration tests for aliased PKI paths (root/rotate, root/replace) (#15703)
* Add integration tests for aliased PKI paths (root/rotate, root/replace)

 - Add tests for the two api endpoints
 - Also return the issuer_name field within the generate root api response

* Add key_name to generate root api endpoint response and doc updates

 - Since we are now returning issuer_name, we should also return key_name
 - Update the api-docs for the generate root endpoint responses and add
   missing arguments that we accept.
2022-05-31 15:00:20 -04:00
Austin Gebauer 7a88c86db2
auth/gcp: adds documentation for custom endpoint overrides (#15673) 2022-05-31 10:16:24 -07:00
Jim Kalafut c9a0fdb4ff
Fix K8s secrets docs typo (#15695) 2022-05-31 08:10:15 -07:00
Steven Clark 69296e9edf
Add a little more information about PKI and replicated data sets to the PKI docs. (#15683)
* Add a little more information about PKI and replicated data sets.

 - Add a TOC to the PKI considerations page
 - Merge in the existing certificate storage into a new Replicated DataSets
   section
 - Move the existing Cluster Scalability section from the api-docs into the
   considerations page.
2022-05-31 10:04:51 -04:00
Alexander Scheel 1331c2aa12
Add recommendations on key types and PKI performance (#15580)
* Add recommendations on key types and PKI performance

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/secrets/pki/considerations.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-05-31 09:21:16 -04:00
akshya96 4c45c909ee
adding documentaion changes (#15656) 2022-05-27 15:08:19 -07:00
Christopher Swenson 23c135f2a6
docs/k8s: update for latest helm release 0.20.1 (#15647) 2022-05-26 11:59:54 -07:00
Austin Gebauer 4d9f3431b8
secrets/mongodbatlas: adds missing organization_id to API docs (#15624) 2022-05-26 08:08:29 -07:00
Loann Le 21d9ff0d99
added a reference to a note for deprecated features (#15610) 2022-05-25 15:24:34 -07:00
Theron Voran f38f0ee323
docs/database/elasticsearch: use_old_xpack option (#15601)
Also creating/adding a note to the 1.11 upgrade guide
2022-05-25 12:15:42 -07:00
John-Michael Faircloth fc04699f57
Fix plugin reload mounts (#15579)
* fix plugin reload mounts

* do not require sys/ prefix

* update plugin reload docs with examples

* fix unit test credential read path

* update docs to reflect correct cli usage

* allow sys/auth/foo or auth/foo

* append trailing slash if it doesn't exist in request

* add changelog

* use correct changelog number
2022-05-25 13:37:42 -05:00
Tom Proctor 46b1a119dd
Add API docs for Kubernetes secrets engine (#15564)
* Add API docs for Kubernetes secret engine
* alphabetical ordering for K-items in docs sidebar

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>
2022-05-25 18:25:19 +01:00
Christopher Swenson 5f9386abad
Add deprecation note about X.509/SHA-1 (#15581)
Add deprecation note about X.509/SHA-1

In preparation for moving to Go 1.18 in Vault 1.12.

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-05-25 10:11:17 -07:00
Brian Kassouf df8ae055be
Add an API for exporting activity log data (#15586)
* Add an API for exporting activity log data

* Add changelog entry

* Switch to error logs
2022-05-24 17:00:46 -07:00
Peter Wilson bcb30223bf
Added support for VAULT_PROXY_ADDR + Updated docs (#15377)
Updated documentation to describe the behavior when supplying `VAULT_HTTP_PROXY`. Also added support for `VAULT_PROXY_ADDR` as a 'better name' for `VAULT_HTTP_PROXY`.
2022-05-24 13:38:51 -04:00
davidadeleon 0026788d4b
api/monitor: Adding log format to monitor command and debug (#15536)
* Correct handling of "unspecified" log level

* Setting log-format default on monitor path

* Create changelog file

* Update website/content/api-docs/system/monitor.mdx

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2022-05-24 13:10:53 -04:00
Loann Le 9dd1a4ff93
Vault documentation: reorganized docs by moving recovery key description (#15563)
* reorg docs for recovery keys

* fixed a sentence

* Minor format update & removed duplicated notes

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-05-23 15:42:57 -07:00
Austin Gebauer 6fe639eb35
auth/okta: documents API token minimal permissions (#15566) 2022-05-23 14:57:14 -07:00
Alexander Scheel 36c981bfe4
Add more PKI usage best practices to documentation (#15562)
* Add note about cross-cluster CRL URIs

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note that short TTLs are relative to quantity

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note to make sure default is configured

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about automating certificate renewal

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-23 12:00:24 -04:00
Alexander Scheel 92dbe3b22a
Fix Learn->Tutorial in internal PKI docs (#15531)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-23 11:53:13 -04:00
Chris Capurso 6d62f9a4ed
FAQ doc updates for removal of stored licenses in 1.11 (#15314)
* initial updates for license FAQs for 1.11

* add links, tense fixes

* Update deprecation doc link

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* fix links

* fix a couple missed version-specific links

* change 1 to one

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-05-23 11:42:58 -04:00
Alexander Scheel 464da0ee46
Link FIPS binary sources from the FIPS docs (#15554)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 16:18:51 -05:00
Christopher Swenson 644345b1cc
Add usage documentation for new Kubernetes Secrets Engine (#15527)
Add usage documentation for new Kubernetes Secrets Engine

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-05-20 13:37:15 -07:00
Alexander Scheel 69b870d675
Add role patching test case (#15545)
* Add tests for role patching

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Prevent bad issuer names on update

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on PATCH operations

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 15:30:22 -04:00
Loann Le 76ec17215e
Vault documentation: updated key share/unseal images (#15526)
* updated images

* added new image files
2022-05-20 10:59:30 -07:00
Jason Peng a331575c01
Update oracle.mdx (#15257)
Added Alpine Linux restrictions as https://github.com/hashicorp/vault-plugin-database-oracle pointed out.
2022-05-20 13:40:05 -04:00
Alexander Scheel 59ccb9cc05
Fix typo in allowed_uri_sans_template doctype (#15537)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 12:23:50 -04:00
Alexander Scheel 2b337b3be9
Clarify KU/EKU parameters on sign-verbatim (#15535)
* Clarify KU/EKU parameters on sign-verbatim

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify default in empty list
2022-05-20 11:56:31 -04:00
Alejandro Medina f969c05772
Update seal.mdx (#15463) 2022-05-20 08:43:05 -04:00
Andy Assareh c559f6e8b7
typo: adding missing word 'may' (#14503) 2022-05-20 08:41:51 -04:00
Andy Assareh d0fb5bd986
typo: embeds -> embedded (#15520) 2022-05-20 08:33:34 -04:00
claudex 226d7c4c59
Fix typo in documentation (#15530) 2022-05-20 08:22:57 -04:00
Loann Le 201ac71da6
Vault documentation: updated all references from Learn to Tutorial (#15514)
* updated learn to tutorial

* correct spelling
2022-05-19 18:04:46 -07:00
Alexander Scheel faea196991
Rebase #14178 / Add not_before_duration API parameter to Root/Intermediate CA generation (#15511)
* PKI - Add not_before_duration API parameter to:
  - Root CA generation
  - Intermediate CA generation
  - Intermediate CA signing

* Move not_before_duration to addCACommonFields

This gets applied on both root generation and intermediate signing,
which is the correct place to apply this.

Co-authored-by: guysv <sviryguy@gmail.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Resolves: #10631

Co-authored-by: guysv <sviryguy@gmail.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test case for root/generate, sign-intermediate

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update path role description

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add new not_before_duration to relevant docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: guysv <sviryguy@gmail.com>
2022-05-19 12:35:08 -04:00
Alexander Scheel f3d52108b4
Add more CA usage best practices (#15467)
* Add leaf not after best practice

Also suggest concrete recommendations for lifetimes of various issuers.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add advice to use a proper CA hierarchy

Also mention name constraints and HSM backing.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add section on safer usage of Roles

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial RBAC example for PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-19 11:43:38 -04:00
Alexander Scheel f31149089f
Update FIPS documentation to clarify mlock (#15502)
This clarifies a limitation of the FIPS based container images,
to note that due to OpenShift requirements, we need to suggest
ways of disabling mlock or allowing Vault to set mlock.
2022-05-19 09:31:47 -04:00
Robert c2f49204d9
Fix small typos, update docs terminology (#15504) 2022-05-18 17:23:46 -05:00
Loann Le 561d8d45f8
updated warning (#15459) 2022-05-18 08:26:25 -07:00
Steven Clark 7bc9cd2867
Protect against key and issuer name re-use (#15481)
* Protect against key and issuer name re-use
 - While importing keys and issuers verify that the provided name if any has not been used by another key that we did not match against.
 - Validate an assumption within the key import api, that we were provided a single key
 - Add additional tests on the new key generation and key import handlers.

* Protect key import api end-users from using "default" as a name
 - Do not allow end-users to provide the value of default as a name for key imports
   as that would lead to weird and wonderful behaviors to the end-user.

* Add missing api-docs for PKI key import
2022-05-18 10:31:39 -04:00
Tom Proctor 1bb40eee16
Update documentation for vault-helm v0.20.0 release (#15450) 2022-05-18 09:50:15 +01:00
Jason O'Donnell d450b7899f
docs: add note about requiring 3.6+ helm (#15480) 2022-05-17 17:02:26 -04:00
Hamid Ghaf 66c6de50a7
Username format login mfa (#15363)
* change username_template to username_format for login MFA

* fixing a test

* Update website/content/docs/auth/login-mfa/faq.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-05-17 16:31:50 -04:00
Alexander Scheel f6ac1be13a
Start documentation for FIPS variants of Vault Enterprise (#15475)
* Begin restructuring FIPS documentation

This creates a new FIPS category under Enterprise and copies the
FIPS-specific seal wrap documentation into it.

We leave the existing Seal Wrap page at the old path, but document that
the FIPS-specific portions of it have moved.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial FIPS 140-2 inside documentation

This documents the new FIPS 140-2 Inside binary and how to use and
validate it. This also documents which algorithms are certified for
use in the BoringCrypto distribution.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about FIPS algorithm restrictions

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-17 16:28:20 -04:00
Alexander Scheel a8c0efb487
Add documentation on rotation primitives (#15466)
* Begin PKI rotation primitive documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Finish importing rotation primitive docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update all titles consistently

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing links in rotation primitives doc

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add sections documenting execution in Vault

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* typo fixes

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-17 11:44:17 -04:00
Jason O'Donnell 9024b94731
docs: add note about upndomain for AD secret engine (#15445) 2022-05-17 11:42:16 -04:00