3500535db3
vault: fix detection of missing trailing slash. Fixes #157
2015-05-07 12:18:50 -07:00
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
c3a793ccdf
Lowercase again
2015-04-30 14:27:32 -04:00
57a7a41a42
Add test that ensure keylength check is working
...
Not likely to fail, but if it did would result in complete failure, so
probably good to have a test for it.
2015-04-30 13:12:47 -05:00
2de4965598
Use lowercase
2015-04-30 13:37:47 -04:00
ea0c41aa81
Add test to verify unique encrypted values
...
It wasn't immediately clear that the proper random seeding was taking
place. This ensures that the same plaintext encrypted twice does not
result in the same ciphertext. It will also be a good test to keep
around incase of future regressions.
2015-04-30 12:15:41 -05:00
f17d65507f
Use UTC in tests
2015-04-28 22:18:00 -04:00
95c8001388
Disable mlock in tests
2015-04-28 22:18:00 -04:00
eef1a10e8e
vault: fix more test race conditions
2015-04-28 19:17:45 -07:00
e80111502b
vault: way more verbose error if mlock fails [GH-59]
2015-04-28 18:56:16 -07:00
b5f8f3b05a
vault: add helper/mlock for doing mlock
2015-04-28 14:59:43 -07:00
2e55c3de68
vault: ability to toggle mlock on core
2015-04-27 16:40:14 -07:00
a2bd832519
vault: token create should return various metadata for logging
2015-04-25 20:21:35 -07:00
f1d8730c46
vault: restrict mlockall to just linux for now. Fixes #31
2015-04-23 16:10:50 -07:00
2f0995d650
vault: Swap the HAEnabled check with the sealed check
2015-04-20 12:19:09 -07:00
c5f914cb34
vault: Lock memory when possible
2015-04-19 13:42:47 -07:00
a03268bc32
vault: Adding an epoch prefix to keys to support eventual online key rotation
2015-04-17 16:51:13 -07:00
4473abd6ce
vault: core enforcement of limited use tokens
2015-04-17 11:57:56 -07:00
538c795f9b
vault: Adding method to consume a limited use token
2015-04-17 11:51:04 -07:00
fd3948d476
vault: Tokens can have a use count specified
2015-04-17 11:34:25 -07:00
b65e1b3e22
vault: using a constant to make @mitchellh feel better
2015-04-15 17:19:59 -07:00
95c37c1c4d
Clarify Barrier encryption defaults.
...
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
2015-04-15 18:24:23 -05:00
818ce0a045
vault: token store allows specifying display_name
2015-04-15 14:24:07 -07:00
76b69b2514
vault: thread the display name through
2015-04-15 14:12:34 -07:00
e6fd2f2ce5
vault: Default key size to 256bit.
2015-04-15 13:33:47 -07:00
3ee434a783
vault: Allow AES key to be up to 256 bits. Fixes #7
2015-04-15 13:33:47 -07:00
9f7143cf44
vault: expose the current leader
2015-04-14 16:53:40 -07:00
445f64eb39
vault: leader should advertise address
2015-04-14 16:44:48 -07:00
ec8a41d2d2
vault: rename internal variable
2015-04-14 16:11:39 -07:00
7579cf76ab
vault: testing standby mode
2015-04-14 16:08:14 -07:00
2820bec479
vault: testing standby mode
2015-04-14 16:06:58 -07:00
a0e1b90b81
vault: reject operation if standby
2015-04-14 14:09:11 -07:00
d7102e2661
vault: first pass at HA standby mode
2015-04-14 14:06:15 -07:00
0be49a97b7
vault: stopExpiration should be idempotent
2015-04-14 13:32:56 -07:00
255e0fbda4
vault: enable physical cache in core
2015-04-14 11:08:04 -07:00
0f15aef9bb
vault: fix tests
2015-04-13 20:42:07 -07:00
a44eb0dcd0
http: renew endpoints
2015-04-13 20:42:07 -07:00
209b275bfd
logical/framework: allow max session time
2015-04-11 16:41:08 -07:00
33d66f0130
vault: token store allows unlimited renew
2015-04-11 16:28:16 -07:00
a360ca4928
logical/framework: AuthRenew callback, add LeaseExtend
...
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
5eff7f1b57
vault: upper bound on test
2015-04-10 21:22:17 -07:00
992028e23e
vault: the expiration time should be relative to the issue time
2015-04-10 21:21:06 -07:00
f2c0f79435
vault: Split SecurityBarrier interface to BarrierStorage
2015-04-10 16:43:35 -07:00
a6d974c74e
vault: revoking a token should revoke all secrets it has generated
2015-04-10 15:12:04 -07:00
c22d18a5be
vault: re-use revokeSalted to share logic
2015-04-10 15:06:54 -07:00
1e2863e2b8
vault: remove unused RevokeAll method
2015-04-10 14:59:49 -07:00
b10fbc4d83
vault: Adding token based revocation
2015-04-10 14:48:08 -07:00
98679ee7b8
vault: Split expiration manager views to index by token
2015-04-10 14:21:23 -07:00
39c51ede2e
vault: testing renewAuthEntry
2015-04-10 14:07:06 -07:00
13836e8612
vault: groundwork to allow auth renew
2015-04-10 13:59:49 -07:00
Armon Dadgar