Commit graph

2827 commits

Author SHA1 Message Date
Alessandro De Blasis c96362d466 agent: allow AppRole Auto-Auth when bind_secret_id = false (#6324)
* agent: allow AppRole Auto-Auth when bind_secret_id = false
2019-04-01 16:27:54 -04:00
Daniel Andrei Mincă e8f14b6554 grammar fix and space stripping (#6507)
- remove the 'a' and comma from 'When using a Auto Unseal, there are...'
  because everything needs to be in a single sentence
- strip extra spaces after end of propositions (there were 2 spaces
  instead of normally 1)

Resolves:
Related:
Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>
2019-04-01 08:23:46 -04:00
Matias Ozdy 63705661b4 Add missing = in dynamodb_table tf (#6493) 2019-03-28 08:24:56 -07:00
Jim Kalafut bc48dd1cc8
Update OIDC docs (#6485) 2019-03-27 11:47:05 -07:00
Thomas Kula 5a3937f9c1 Small typo fix to transit.html.md (#6482) 2019-03-26 17:32:26 -05:00
ncabatoff 5579e3cea5 Document sentinel namespace "token.namespace". (#6429) 2019-03-26 12:22:49 -07:00
Ryan Canty b72e3b8de1 Fixed typo in GCP auth docs (#6461)
* Fixed typo in GCP auth docs
2019-03-25 14:12:09 -04:00
Jeff Mitchell 1a191d80ff Update text around seal migration in 1.1 2019-03-25 12:44:22 -04:00
Jim Kalafut ac9885053e
Fix sidebar order (#6464) 2019-03-23 17:00:44 -05:00
Sean Malloy 29f3e0ed62 Add Docs For Prometheus Metrics (#6434)
Prometheus metrics were added as part of the Vault v1.1.0 release in PR #5308.
But no documentation was created. Adds the telemetry configuration docs and
the API docs.
2019-03-23 16:53:43 -05:00
Jeff Mitchell cdcd269b47 Add missing serial_number parameter from pki docs 2019-03-23 12:14:32 -04:00
Laura Gjerman-Uva 6193d4a0ac update AWS Auth API docs to show that role_id is the default for ec2_alias and iam_alias (auth/aws/config/identity endpoint) (#6460) 2019-03-22 15:09:54 -05:00
Jeff Mitchell 602d1e1a75
Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459) 2019-03-22 11:15:37 -05:00
Alex Sherwin c545e863fc Fixed grammatical issue in Auth Methods overview (#6456) 2019-03-22 10:36:14 -05:00
Jeff Mitchell 0794d89d9d Minor updates to JWT docs 2019-03-22 01:15:59 -04:00
Alex Sherwin 8e2942258f Fixing grammar in behavioral overview (#6451) 2019-03-21 20:49:52 -07:00
Daniel Santos 7d945f2ddd Fix misleading Agent Auth Overview doc page (#6443)
* Fix misleading Agent Auth Overview doc page

The example configuration in the Vault Agent Overview page is using wrong syntax
The configuration block is `cache` but doc is referencing it as `caching`

* Update website/source/docs/agent/index.html.md

Co-Authored-By: danlsgiga <danlsgiga@gmail.com>
2019-03-20 12:42:31 -04:00
Jim Kalafut e399d39f0e
Remove beta docs (#6431) 2019-03-18 16:38:54 -07:00
Brian Shumate d5dd532714 Minor grammar edits 2019-03-18 16:07:10 -04:00
Jeff Mitchell 3ea735045f Prep for release 2019-03-18 15:16:30 -04:00
ncabatoff fab1fde145
Move listener config from 'cache' block to top-level 'listener' blocks. Allow cache without auto-auth. (#6421)
* Since we want to use the Agent listener for #6384, move listener config
from top-level 'cache' block to new top-level 'listeners' block.

* Make agent config allow cache and listener blocks without auto-auth
configured.
2019-03-15 14:58:53 -04:00
Michel Vocks 4ee5f7dffe Docs: Update Agent overview page (#6420)
* Updated agent docs

* Updated overview agent page

* Updated complete links to short links
2019-03-15 12:33:31 -04:00
Andrej van der Zee 85fb1784b5 Cassandra plugin: Support for datacenter aware deployments (#6127)
* Added option 'local_datacenter' to Casssandra database plugin for DC aware Casssandra deployments.

* Fixed spelling errors in Cassandra database plugin.

* Added website documentation.

* Added local_datacenter to Cassanra database plugin.

* Reverted datacenter-aware change in deprecated Cassandra builtin secret engine.
2019-03-14 13:37:28 -07:00
Vishal Nayak f7907c2809 Agent: Listener refactoring and socket file system permissions (#6397)
* Listener refactoring and file system permissions

* added listenerutil and move some common code there

* Added test for verifying socket file permissions

* Change default port of agent to 8200

* address review feedback

* Address review feedback

* Read socket options from listener config
2019-03-14 11:53:14 -07:00
Jeff Mitchell b86edf3d8e Fix table 2019-03-14 12:24:11 -04:00
Jeff Mitchell 4eaf4112e7 Add namespace properties to Sentinel docs 2019-03-14 12:22:02 -04:00
Juan Fontes cb08ec433b Update aws docs (#6408) 2019-03-13 17:31:22 -07:00
Richard Flosi fd182f9099 Update hashi-consent-manager to v1.0.8 (#6401) 2019-03-12 18:29:37 -07:00
Jeff Mitchell 8c8553b065 Add a bit on testing upgrades in advance 2019-03-09 11:57:51 -05:00
Jeff Mitchell d2beb6e312 Update login command docs 2019-03-08 15:37:38 -05:00
Jeff Escalante 42acb433e6 correct quotes in docs layout (#6368) 2019-03-07 17:00:24 -08:00
Yoko e795a244b3 policy capabilities: write --> update (#6373) 2019-03-07 16:34:47 -05:00
Alessandro De Blasis 4b7f595b4c docs: pki - adding missing ext_key_usage_oids desc (#6367)
Adding missing entries

Just copied over the FieldSchema descriptions
2019-03-07 14:07:10 -05:00
Eero Niemi 1238545276 Fixed typo (#6363)
Fixed typo, rolset -> roleset
2019-03-07 09:50:13 -05:00
Becca Petrin 54c70efd88
update path for mounting plugin (#6351) 2019-03-06 15:57:03 -08:00
Calvin Leung Huang 66734fb03c
docs/agent-caching: update cache-clear endpoint (#6354) 2019-03-06 11:13:43 -08:00
Becca Petrin 1c34a1d21e
update partnership doc (#6352) 2019-03-06 10:27:12 -08:00
Calvin Leung Huang 0ebce62537 docs/agent-caching: add note about compatibility with older server versions 2019-03-05 14:12:04 -08:00
Vishal Nayak d0b9454518
Agent Cache doc updates (#6331)
* Agent Cache doc updates

* doc update

* Add renewal management section

* doc updates

* paraphrase the orphan token case
2019-03-05 15:19:52 -05:00
Vishal Nayak d8f39d54c9
Change agent's port to 8007 (#6348) 2019-03-05 12:57:17 -05:00
Jim Kalafut 1274a8d3d4
Update JWT plugin dependency and docs (#6345) 2019-03-05 09:46:04 -08:00
Becca Petrin 1909b20217 merge master 2019-03-05 09:39:53 -08:00
Chris Hoffman 8a57b90b47
Transit Auto Seal Docs (#6332)
* adding transit seal docs

* add missing backtick
2019-03-05 08:45:44 -05:00
Jim Kalafut a34099b9bb
Use HashTypeMap and remove structs in batch HMAC (#6334) 2019-03-04 14:49:29 -08:00
martinwaite 04c174214c Batch hmac - (#5850) (#5875) 2019-03-04 12:26:20 -08:00
Naoki Ainoya 7b395315dd fix doc to add missing permission to use gcpkms seal (#6327) 2019-03-04 11:46:06 -05:00
Jeff Mitchell d71b0e7b10
Add missing consistency param in docs for Cassandra in combined DB (#6330) 2019-03-04 10:21:33 -05:00
Becca Petrin 5dbd09cf2f
Merge pull request #6250 from chrissphinx/patch-1
fix example that was out-of-date
2019-02-28 10:28:24 -08:00
Becca Petrin 76f42975d6
Merge pull request #6251 from paulftw/patch-1
[Documentation] Update secrets-engines.html.md
2019-02-28 10:09:29 -08:00
Becca Petrin 4ecaa1b597
Merge pull request #6304 from bradjones1/patch-2
RabbitMQ 'vhost' parameter on roles endpoint should be 'vhosts'
2019-02-28 10:03:47 -08:00
Becca Petrin 7b4a184a52
Merge pull request #6224 from hashicorp/dp.fix-consul-storage-doc-6171
Fix example in documentation. Resolves [issue 6171]
2019-02-28 09:55:55 -08:00
Becca Petrin 4cf21cda87
Merge pull request #6221 from emilymye/website
Remove unsupported config delete for GCP auth docs
2019-02-28 09:52:52 -08:00
Becca Petrin 5829774e91
Support env vars for STS region (#6284) 2019-02-28 09:31:06 -08:00
Andrey Kuzmin b496fea4ad Etcd timeouts (#6285)
* Configurable lock and request etcd timeouts.

If etcd cluster placed on slow servers - request timeouts may be much greater, then hardcoded default values.
Also, in etcd setup, like above - may be need to greater lock timeout.

* Configurable lock and request etcd timeouts.

Docs.

* Use user friendly timeout syntax.

To allow specify more readable time values.
2019-02-27 18:34:29 -08:00
Anton R. Yuste 4120aa2da0 Specify the userpass name creating the alias entity (#6289) 2019-02-27 18:28:33 -08:00
Jon Currey e9891013b3 Fix typo on Seal page of concepts docs (#6290) 2019-02-27 18:27:36 -08:00
John O'Sullivan 62f454c972 Documenting -dev-plugin-dir vault server option (#6307)
Based on an answer from Brian Kassouf on the Google Group: https://groups.google.com/d/msg/vault-tool/7Qf9Hn1w3jA/yGUIKZxHGAAJ
2019-02-27 18:24:49 -08:00
Brad Jones da99b6d088
RabbitMQ 'vhost' parameter on roles endpoint should be 'vhosts'
In deploying this, I noted that passing `vhost` was unsuccessful, yet `vhosts` is.
2019-02-27 15:19:54 -07:00
vishalnayak 1d16601b7f Agent caching docs superscript beta 2019-02-26 10:36:24 -05:00
vishalnayak dee2e1797d Add Beta superscript to caching docs 2019-02-26 10:28:55 -05:00
vishalnayak 2ab27e6087 Agent doc update for beta testers 2019-02-26 10:20:55 -05:00
vishalnayak f04b4d1668 Change agent's default port number to 8100 2019-02-26 10:02:12 -05:00
Calvin Leung Huang 5b5ec851c7 Agent caching docs (#6272)
* WIP agent caching docs

* More docs updates

* Add caching/index.html to docs_detailed_categories.yml

* Some more docs updates

* Some more docs updates

* updates

* address review feedback

* fix sample config

* Update website/source/docs/agent/caching/index.html.md

Co-Authored-By: calvn <cleung2010@gmail.com>

* fix config for sidebar display

* Add environment variable to the docs
2019-02-26 09:57:17 -05:00
Jim Kalafut 9bac5158cd
Update JWT docs for OIDC feature (#6270) 2019-02-21 17:06:23 -08:00
Becca Petrin 81cfa79d02 add note about sts region to doc 2019-02-21 16:57:52 -08:00
Chris Hoffman 481c38c7d0
adding 1.1 upgrade docs (#6279) 2019-02-21 17:41:06 -05:00
Brian Kassouf 40399cb387
Update config.rb 2019-02-20 17:24:53 -08:00
Becca Petrin 65b8ad9187 allow aws region in cli login 2019-02-20 16:43:21 -08:00
Brian Kassouf 5cd0e97654
release prep 2019-02-20 11:12:09 -08:00
Paul Korzhyk acb97878b4
Update secrets-engines.html.md
That sentence sounds weird to me. I think this way is better.
2019-02-17 12:35:20 +02:00
chrissphinx fda98fdb4a
fix example that was out-of-date
showing how to allow users auth'd with userpass method to modify their own passwords
2019-02-16 14:04:05 -05:00
dp-h e8bc0e7ab2 Revert "Add trailing slash for example in Vault Consul Storage Backend documentation. Fixes [issue 6171]"
This reverts commit 7726fdd1aaf7848dc5af9d4867e76bd1588f7bac.

Revert to go through proper PR. Apologies.
2019-02-14 13:40:17 -07:00
Dan Brown 8cf24e8551 Docs EA update 1.0 (#6219)
* Confirm RA against Vault 1.0

Change product_version frontmatter to ea_version and increase to 1.0

* Update frontmatter key

Change product_version frontmatter to ea_version
2019-02-13 10:06:54 -05:00
Brian Shumate c7ceffba30 Update configuration/listener documentation (#6228)
- Clarify that PROXY protocol version 1 is currently supported
- Add missing backtick to fix formatting issue
2019-02-13 09:27:05 -05:00
dp-h 72880b965a Add trailing slash for example in Vault Consul Storage Backend documentation. Fixes [issue 6171] 2019-02-12 17:05:31 -07:00
dominic ed6d45eece Revert "Add trailing slash for example in Vault Consul Storage Backend documentation. Fixes [issue 6171]"
This reverts commit b275f2a1e6d74400bb3cf702d1e03c90d31624cb.

Pushed to master, my apologies. Will do proper PR for this.
2019-02-12 16:49:34 -07:00
dominic f11a29d13c Add trailing slash for example in Vault Consul Storage Backend documentation. Fixes [issue 6171] 2019-02-12 16:47:17 -07:00
Emily Ye 79c8f05dee remove unsupported config delete docs 2019-02-12 13:48:30 -08:00
vishalnayak 8a6cd92f85 Update transit docs 2019-02-12 14:27:17 -05:00
Jeff Mitchell 3fb3ee3f49 Bump versions for release 2019-02-12 08:55:58 -05:00
Sean Carolan 58ba07f666 Make this easier for new users (#6211) 2019-02-11 17:34:22 -05:00
Clint 0db43e697b Add signed key constraints to SSH CA [continued] (#6030)
* Adds the ability to enforce particular ssh key types and minimum key
lengths when using Signed SSH Certificates via the SSH Secret Engine.
2019-02-11 13:03:26 -05:00
Andrej van der Zee 604e8dd0f0 Added socket keep alive option to Cassandra plugin. (#6201) 2019-02-10 18:34:50 -05:00
Michel Vocks 1ddd194c28 Added missing backslash in iam identity guide (#6193) 2019-02-08 09:56:36 -08:00
Brian Nuszkowski 707c6d1813 Add SHA1 signing/verification support to transit engine (#6037)
* Add SHA1 signing/verification support to transit engine

* Update signing/verification endpoint documentation to include sha1 hash algorithm
2019-02-07 15:31:31 -08:00
Graham Land 13e60dbb40 Add Vault supported log levels (#6185)
Documentation : Add the supported log level configurations

`Supported log levels: Trace, Debug, Error, Warn, Info.`
2019-02-07 11:27:08 -08:00
Martins Sipenko ea56be1e69 Fix section heading size (#6137) 2019-02-07 11:18:58 -08:00
Eero Niemi f9cb767d9c Fixed typo (newtwork -> network) (#6177) 2019-02-07 13:06:38 -05:00
Jeff Mitchell ea61e8fbec Remove refresh_interval from kvv1 API docs and CLI docs since kv get doesn't use it 2019-02-06 21:51:08 -05:00
Aidan Daniels-Soles 39893a1e15 Fix wrong file name in service definition (#6174) 2019-02-06 15:43:03 -05:00
d 97a73d6bf8 Revert "fixed trailing slash in consul.html.md example"
This reverts commit 4310bb58c83285ebd9cfcb302b70d1db432a11e2.

Accidental push to master, my apologies. See PR https://github.com/hashicorp/vault/pull/6175
2019-02-05 17:42:15 -07:00
Dominic Porreco 778e6add49 fixed trailing slash in consul.html.md example 2019-02-05 17:01:39 -07:00
Jeff Mitchell 5f249d4005
Add allowed_response_headers (#6115) 2019-02-05 16:02:15 -05:00
Aidan Daniels-Soles 86f096449b Replace special hyphen (#6165) 2019-02-05 10:48:26 -08:00
Brian Shumate 18c8f390f9 Update AppRole API docs (#6047)
- Use consistent "Create/Update" heading text style
2019-02-04 11:17:16 -05:00
nickwales e2429522fa Removed typo (#6162) 2019-02-04 11:13:37 -05:00
Matthew Potter 5e374d5cd1 Add libvault to the list of elixir libraries (#6158) 2019-02-04 11:12:29 -05:00
Yoko a9392f9840
Adding a mention for 'kv-v2' as type (#6151) 2019-02-01 11:26:08 -08:00
Jeff Mitchell adccccae69 Update example output for PKI serial -> serial_number
Fixes #6146
2019-02-01 10:29:34 -05:00
Jeff Mitchell b2cc9ebd3a Remove regenerate-key docs as it no longer exists 2019-02-01 09:29:40 -05:00
Jeff Mitchell 47accf8086 Add role_id as an alias name source for AWS and change the defaults 2019-01-30 15:51:45 -05:00
Donald Guy 4363453017 Docs: Azure auth example using metadata service (#6124)
There are probably better ways to massage this but I think it would be helpful to have something like this included
2019-01-30 12:13:39 -08:00
nathan r. hruby a643664c5b bump dato and rack to fix website builds 2019-01-30 11:10:49 -07:00
Brian Shumate 2337df4b2b Update documentation for command operator unseal (#6117)
- Add migrate command option
2019-01-28 10:27:51 -05:00
Gordon Shankman cd2f7bbde8 Adding support for SSE in the S3 storage backend. (#5996) 2019-01-26 16:48:08 -05:00
Calvin Leung Huang 34af3daeb0 docs: update agent sample config (#6096) 2019-01-24 07:25:03 -05:00
Jeff Mitchell 3f1a7d4fdd
Update to latest etcd and use the new repository packages (#6087)
This will be necessary for go mod work

Additionally, the srv api has changed. This adapts to it.
2019-01-23 14:35:03 -05:00
Jeff Mitchell 5e126f6de8
Implement JWS-compatible signature marshaling (#6077)
This currently only applies to ECDSA signatures, and is a toggleable
option.
2019-01-23 12:31:34 -05:00
gitirabassi 1aaacda3ec small fixes to docs and indexes 2019-01-18 02:14:57 +01:00
Jim Kalafut 0f2fcfb6f1
Update JWT docs with new jwt_supported_algs parameter (#6069) 2019-01-17 15:27:20 -08:00
Yoko e5c6b421e0 Fixed the broken link (#6052)
* Fixed the broken link

* Fixing the broken link

* Fixes redirect to Tokens guide

The separate redirect within learn.hashicorp.com will be fixed on its own repo.
2019-01-16 17:06:28 -08:00
Yoko e09f058ada
Adding the CLI flag placement info (#6027)
* Adding the CLI flag placement info

* Adding the definition of 'options' and 'args'

* tweaked the wording a little bit

* Added more description in the example

* Added a link to 'Flags' in the doc for options def
2019-01-15 11:24:50 -08:00
Jeff Mitchell f75f4e75c7 Prepare for 1.0.2 2019-01-15 11:25:11 -05:00
Jim Kalafut 960eb45014
Remove unnecessary permission 2019-01-10 16:18:10 -08:00
Seth Vargo e726f13957 Simplify permission requirements for GCP things (#6012) 2019-01-10 10:05:21 -08:00
Dilan Bellinghoven f9dacbf221 Add docker-credential-vault-login to Third-Party Tools (#6003)
* Added Docker credential helper to list of Third-Party tools

* website/source/api/relatedtools.html.md: Fixed a typo
2019-01-10 10:46:18 -05:00
Yoko 9a4de34dce Allowed characters in paths (#6015) 2019-01-10 10:39:20 -05:00
Vishal Nayak 0c30f46587
Add option to configure ec2_alias values (#5846)
* Add option to configure ec2_alias values

* Doc updates

* Fix overwriting of previous config value

* s/configEntry/config

* Fix formatting

* Address review feedback

* Address review feedback
2019-01-09 18:28:29 -05:00
Yoko 0a97f95ff4
Document upper limit on Transit encryption size (#6014) 2019-01-08 17:57:43 -08:00
Giacomo Tirabassi 0d3845c537 Influxdb secret engine built-in plugin (#5924)
* intial work for influxdb secret plugin

* fixed typo

* added comment

* added documentation

* added tests

* fixed tests

* added vendoring

* minor testing issue with hardcoded values

* minor fixes
2019-01-08 17:26:16 -08:00
Julien Blache 91d432fc85 FoundationDB backend TLS support and housekeeping (#5800)
* Fix typo in documentation

* Update fdb-go-install.sh for new release tags

* Exclude FoundationDB bindings from vendoring, delete vendored copy

FoundationDB bindings are tightly coupled to the server version and
client library version used in a specific deployment. Bindings need
to be installed using the fdb-go-install.sh script, as documented in
the foundationdb backend documentation.

* Add TLS support to FoundationDB backend

TLS support appeared in FoundationDB 5.2.4, raising the minimum API version
for TLS-aware FoundationDB code to 520.

* Update documentation for FoundationDB TLS support
2019-01-08 09:01:44 -08:00
Seth Vargo 46cbfb0e4b Fix formatting (#6009)
The new markdown parser is less forgiving
2019-01-08 08:51:37 -08:00
Jeff Escalante a22275d4e0 remove extra analytics page call (#5997) 2019-01-07 11:18:55 -05:00
Thomas Kula 4265579aaa Fix small typo in azure.html.md (#6004) 2019-01-07 10:03:22 -05:00
Aric Walker c065b46f42 Remove duplicate "Users can" from policy md (#6002) 2019-01-07 07:02:28 -08:00
Seth Vargo c3f1043c24 Reduce required permissions for the GCPCKMS auto-unsealer (#5999)
This changes the behavior of the GCPCKMS auto-unsealer setup to attempt
encryption instead of a key lookup. Key lookups are a different API
method not covered by roles/cloudkms.cryptoKeyEncrypterDecrypter. This
means users must grant an extended scope to their service account
(granting the ability to read key data) which only seems to be used to
validate the existence of the key.

Worse, the only roles that include this permission are overly verbose
(e.g. roles/viewer which gives readonly access to everything in the
project and roles/cloudkms.admin which gives full control over all key
operations). This leaves the user stuck between choosing to create a
custom IAM role (which isn't fun) or grant overly broad permissions.

By changing to an encrypt call, we get better verification of the unseal
permissions and users can reduce scope to a single role.
2019-01-04 16:29:31 -05:00
Seth Vargo 1917bb406d Fix audit docs (#6000)
These appear to have been converted to (bad) HTML. This returns them to
their original markdown format.
2019-01-04 13:45:50 -06:00
Iain Gray ecdacbb90a Update DG to Vault 1.0 (#5855)
* Update DG to Vault 1.0

* as per comments  - chrishoffman

* Removed stray bracket and added quotes

* updated as per conversations with Dan
2019-01-03 10:10:37 -05:00
Mike Wickett 46576acff3 website: add print styles for docs (#5958) 2019-01-03 09:24:10 -05:00
Graham Land 2e92372710 Docs: Add Auto Unseal Rekey example (#5952)
* Add KMS Rekey example

I've had customers looking for AWS KMS rekeying examples today - when using pgp keys.
This example would have clarified what they needed to do.

* Replaced KMS reference with Auto Unseal

``` bash
Rekey an Auto Unseal vault and encrypt the resulting recovery keys with PGP:
```
2019-01-03 09:23:43 -05:00
Becca Petrin d7f31fe5e4
Merge pull request #5892 from jen20/jen20/dynamodb-capacity-doc
docs: Clarify the utility of DynamoDB capacities
2018-12-20 11:54:26 -08:00
Becca Petrin d108843a0a
Merge pull request #5947 from hmalphettes/master
Docs: JWT API - List Roles: fix the path
2018-12-20 09:15:57 -08:00
Becca Petrin f4ea0e001f
Merge pull request #5940 from hashicorp/je.website-local-run-docs
Improve local development instruction
2018-12-20 09:11:13 -08:00
R.B. Boyer 0ebb30938c website: fix simple typo (#5979) 2018-12-19 14:46:54 -08:00
Clint 004ca032e8
add MSSQL storage docs to sidebar (#5978) 2018-12-19 14:06:42 -06:00
Graham Land c1fa76e9e2 Docs: Add example for Vault init Auto Unseal with PGP Keys (#5951)
* Add example for AWS KMS AutoUnseal with PGP Keys

A customer could not figure how to get this working today. 
This example would have helped them. We don't mention KMS anywhere in this section.

* Changed reference from AWS KMS to Auto Unseal

``` bash
Initialize Auto Unseal, but encrypt the recovery keys with pgp keys:
```
2018-12-18 11:42:10 -05:00
Janosch Maier b95fbbafe9 Docs: Fix project resource name in gcp roleset documentation (#5966)
The resource name when referring to a GCP project needs to have a "s". This PR adds the missing letter in the documentation.
2018-12-17 16:22:02 -08:00
vishalnayak 689163e7ed Upgrade guide for 0.11.6 2018-12-14 12:22:50 -05:00
Jeff Mitchell 8e229fed4a Prep for release 2018-12-14 10:42:59 -05:00
Matthew Irish 4e06fd698e update help output examples and mention openapi fragment support (#5954) 2018-12-14 09:12:03 -05:00
Jeff Mitchell d9d47bb252 Update Consul ACL example
Fixes #5831
2018-12-13 17:18:28 -05:00
Hugues Malphettes 726d79d854
Merge branch 'master' into master 2018-12-14 05:21:41 +08:00
Jeff Mitchell 1d847b3acc Add sidebar link for approle autoauth docs 2018-12-13 09:51:47 -05:00
Hugues Malphettes 6ea6844ef9
JWT API - List Roles: fix the path
With vault-1.0.0 and vault-0.11.4 a different path is needed to list the jwt registered roles:

```
$ vault list auth/jwt/roles
No value found at auth/jwt/roles/

$ vault list auth/jwt/role
Keys
----
myrole
```
I hope this helps!
2018-12-13 06:27:30 +08:00
Sergey Trasko f24a4f189e Fixed markdown for cert documentation (#5735) 2018-12-12 15:27:28 -05:00
Joel Thompson 286b3f4e9f auth/aws: Clarify docs for cross-account access with IAM auth (#5900)
The docs hadn't been updated to reflect the ability to do cross-account
AWS IAM auth, and so it was a bit confusing as to whether that was
supported. This removes the ambiguity by explicitly mentioning AWS IAM
principals.
2018-12-12 15:21:27 -05:00
Bert Roos cfa008896d Added comma for readability (#5941)
Signed-off-by: Bert Roos <Bert-R@users.noreply.github.com>
2018-12-12 09:23:20 -05:00
Graham Land 53c6b36613 Fixing a couple of small typos (#5942) 2018-12-12 05:56:58 -08:00
Jeff Escalante eddfd7ff23 improve bootstrap script and local development instructions 2018-12-11 19:46:52 -05:00
emily 94c03d1072 Update GCP auth BE docs (#5753)
Documented changes from https://github.com/hashicorp/vault-plugin-auth-gcp/pull/55
* Deprecating `project_id` for `bound_projects` and making it optional
* Deprecating `google_certs_endpoint` (unused)
* Adding group aliases 

Also, some general reformatting
2018-12-10 12:54:18 -08:00
Jeff Mitchell c67ef8be09
Update PKI docs (#5929) 2018-12-10 10:24:47 -05:00
Tommy Murphy d3774e6aaa Correct GCE Token Parameter (#5667)
As written the GCE token curl results in an error: "non-empty audience parameter required".

Google's docs (https://cloud.google.com/compute/docs/instances/verifying-instance-identity) confirm that the parameter is 'audience' not 'aud'.
2018-12-07 15:10:30 -08:00
Matthew Irish a447dac803
change ui url so that it includes the trailing slash (#5890) 2018-12-05 12:25:16 -06:00
Chris Hoffman 561502394a
fixing redirect (#5908) 2018-12-05 12:06:15 -05:00
Chris Hoffman 57536e0c41
adding a redirect for old style upgrade guide location (#5905) 2018-12-05 10:54:10 -05:00
Chris Hoffman cebbe43f70
removing beta tag (#5904) 2018-12-05 10:45:22 -05:00
Jim Kalafut cb52f36c38 Update downloads.html.erb (#5899) 2018-12-05 10:40:33 -05:00
Chris Hoffman 1da490e929
adding upgrade guide for 1.0 (#5903)
* adding upgrade guide for 1.0

* fixing sidebar
2018-12-05 10:33:53 -05:00
ncabatoff b53437a2f8
Fix documentation re substitutions. It appears this was broken from day one. (#5896) 2018-12-04 13:14:00 -05:00
Jim Kalafut 3552019795
Update operator migrate docs (#5895) 2018-12-04 08:49:42 -08:00
James Nugent 65e7a2660d docs: Clarify the utility of DynamoDB capacities
When configuring DynamoDB, the read and write capacities configured only
have any effect if the table does not exist. As per the comment in the
code [1], the configuration of an existing table is never modified. This
was not previously reflected in the documentation - this commit
rectifies that.

[1]: https://github.com/hashicorp/vault/blob/master/physical/dynamodb/dynamodb.go#L743-L745
2018-12-03 17:55:18 -06:00
Martin 6c0ce0b11f Typo in policy template doc (#5887) 2018-12-03 14:36:17 -05:00
RJ Spiker 1a5149dceb website: @hashicorp dependency bumps (#5874) 2018-12-03 12:17:10 -05:00
RJ Spiker 14f5c88a38 website: responsive styling updates (#5858)
* docs-sidenav version bump with required updates to #inner styles

* website - fix ie11 responsive rendering bug
2018-12-03 12:09:28 -05:00
Jeff Mitchell 149e14f8fa Some release prep work 2018-12-03 10:01:06 -05:00
Jim Kalafut 1f3ea9b30a
Fix docs typos (#5881) 2018-11-30 14:32:04 -08:00
Martins Sipenko 3c0d63169c Fix config/sts docs (#5839) 2018-11-30 11:08:47 -08:00
Mike Christof a82ff1f92e fixed api/secret/ssh docs (#5833) 2018-11-30 10:55:33 -08:00
Lucy Davinhart 046e5fcf57 Document /sys/health?perfstandbyok (#5870)
* Document /sys/health?perfstandbyok

Discovered that in Vault Enterprise 0.11.5, `/sys/health?standbyok` returns a 473 status for performance standby nodes, compared to a 200 for standard standby nodes.

Turns out there was an additional `perfstandbyok` option added, here:
e5aaf80764

* Update health.html.md

Slight tweak to wording for perfstandbyok
2018-11-29 09:57:30 -08:00
Martins Sipenko 640bae4b65 Remove false statement from docs. (#5854) 2018-11-27 07:47:34 -05:00
Clint dfe585c7f7 Agent kube projected token (#5725)
* Add support for custom JWT path in Agent: kubernetes auth

- add support for "token_path" configuration
- add a reader for mocking in tests

* add documentation for token_path
2018-11-19 14:28:17 -08:00
Jennifer Yip 5ad06760d6 Update share image (#5776) 2018-11-19 17:24:13 -05:00
Jennifer Yip 6421670cfe Add consent manager to vaultproject.io (#5808)
* Add consent manager

* Add Hull and Hotjar
2018-11-19 17:23:03 -05:00
Richard Flosi 7daa57ccf3 Update section-header to 4.0.0 (#5821) 2018-11-19 17:20:54 -05:00
Jeff Escalante 15c22a414e update docs sidenav (#5810) 2018-11-19 17:20:03 -05:00
Atthavit Wannasakwong 4344bb8ec1 fix wrong IAM action name in docs (#5812)
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/api-permissions-reference.html
2018-11-17 09:10:50 -08:00
Jeff Escalante 0a2e62d2d6 add ruby version to root (#5802) 2018-11-16 08:19:50 -05:00
Richard Flosi 34bdb080f8 Update section-header usage for vaultproject.io (#5799) 2018-11-16 08:16:58 -05:00
Janosch Maier 192c8b5c84 Fix incorrect parameter name in docs (#5798) 2018-11-15 13:56:12 -08:00
Clint 7db8d4031e
Add read config endpoint docs (#5790)
* Add read config endpoint docs

* fix response code, remove empty fields from sample response
2018-11-15 11:51:06 -06:00
Yoko 4c6de9f808
Fixing broken link (#5794) 2018-11-15 09:23:05 -08:00
Jim Kalafut d45220159d
Fix incorrect parameter name in docs (#5793)
Fixes https://github.com/hashicorp/vault-plugin-auth-gcp/issues/56
2018-11-14 17:16:04 -08:00
RJ Spiker 2a3e8a6604 website: add js-utils and update components to accommodate (#5751) 2018-11-14 11:13:02 -08:00
Becca Petrin 8f82809c78
Update docs to match running builtins as plugins (#5727) 2018-11-14 09:17:12 -08:00
Brian Kassouf 119ae7e26d
Update downloads.html.erb 2018-11-13 20:01:17 -08:00
Brian Kassouf d7f8f9f312
Update config.rb 2018-11-13 19:58:41 -08:00
Vishal Nayak c144bc4b34
Recommend IAM auth over EC2 (#5772)
* Recommend IAM auth over EC2

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
2018-11-13 18:49:25 -05:00
Vishal Nayak 086e7c6a41
Fix CLI flag name for rekeying (#5774) 2018-11-13 14:27:14 -05:00
Jim Kalafut a6b6898cca
Add docs for openapi endpoint (#5766) 2018-11-13 09:39:19 -08:00
Jeff Mitchell 41460ffb29
Add note about seal migration not being supported for secondaries currently (#5762) 2018-11-12 09:41:05 -05:00
Jeff Escalante 517589eff3 Add redirect for /intro/index.html, remove old unused redirects file (#5728)
* add redirect for /intro/index.html, remove old unused redirects file

* adjust redirect link
2018-11-09 13:12:11 -05:00
Jeff Escalante f792a5f59b update website readme with instructions for updating navigation (#5748) 2018-11-09 13:11:46 -05:00
Jim Kalafut 7e799faaaf
Fix sidebar order (#5744) 2018-11-09 09:46:28 -08:00
Jeff Mitchell b30cd2e97f Update forwarded-for docs to indicate it supports cidrs, not just single hosts 2018-11-09 10:28:00 -05:00
Jeff Escalante 313b1ebdca update dependencies, including content hyphenation fix (#5736) 2018-11-08 10:44:06 -08:00
Seth Vargo f79d2f06fa Add missing link to API docs (#5719) 2018-11-07 07:04:16 -08:00
Jeff Mitchell 8b6b344d86
Add default-service/default-batch to token store roles (#5711) 2018-11-07 09:45:09 -05:00
Jeff Mitchell 6e4f990902 Better documentation around increment
Fixes #5701
2018-11-06 17:42:20 -05:00
Jeff Mitchell 5cfe558ec8 Add a reminder about local auth methods and policies 2018-11-06 14:51:57 -05:00
RJ Spiker 7a02e1a25c website: remove deleted markdown reference from docs sidenav .yml (#5703) 2018-11-06 09:05:20 -08:00
Chris Griggs 275559deb4 moving VIP guide (#5693) 2018-11-05 19:50:55 -05:00
Mike Wickett 62db2920b9 website: Add analytics and swap CTA & docs section order (#5684)
* website: Add analytics tracking for components and outbound links

* website: Update component dependencies

* website: Swap cta and documentation sections
2018-11-05 17:29:09 -05:00
Yoko 19b9f41fc5 Added a missing redirect link (#5634) 2018-11-05 14:07:48 -05:00
RJ Spiker 08a2250647 website: dependency bumps and handle multi-exports (#5677)
* website: dep bumps and handle multi-exports

* website: remove unused hashi-logo-grid dep
2018-11-05 11:59:34 -06:00
Jeff Escalante 227954983c update downloads component to add analytics (#5678) 2018-11-02 19:33:37 -04:00
Nicolas Corrarello 0b44a55d22 Adding support for Consul 1.4 ACL system (#5586)
* Adding support for Consul 1.4 ACL system

* Working tests

* Fixed logic gate

* Fixed logical gate that evaluate empty policy or empty list of policy names

* Ensure tests are run against appropiate Consul versions

* Running tests against official container with a 1.4.0-rc1 tag

* policies can never be nil (as even if it is empty will be an empty array)

* addressing feedback, refactoring tests

* removing cast

* converting old lease field to ttl, adding max ttl

* cleanup

* adding missing test

* testing wrong version

* adding support for local tokens

* addressing feedback
2018-11-02 10:44:12 -04:00
Jeff Mitchell 87ffca230e Add batch token info to token store, approle, mount tuning 2018-11-01 14:51:06 -04:00
Raymond Kao 24187b2e99 Fixed wording from "SQL" to "MongoDB" for clarity (#5643)
The original wording made it appear as if SQL statements were being executed against a MongoDB backend, which is incorrect and confusing.  Fixed to better reflect what is actually occurring.
2018-11-01 09:26:05 -04:00
Jeff Mitchell 756e4c5f89 Update jwt to pull in groups claim delimiter pattern 2018-10-31 16:04:39 -04:00
Brian Shumate 113380c461 docs: update JWT auth method (#5655)
- Add convenience/contextual link to API documnetation
2018-10-31 11:03:04 -04:00
Jeff Mitchell 6c488921ff Fix website/path-help docs around pki/tidy 2018-10-30 21:33:30 -04:00
Jeff Mitchell 605a7e30ad
Add the ability for secret IDs in agent approle to be wrapped (#5654) 2018-10-30 20:53:49 -04:00
Jeff Escalante 71f68f2199 fix sidebar links (#5653) 2018-10-30 20:51:38 -04:00
Jeff Mitchell 217e244e17 Make MFA links work again 2018-10-30 14:27:00 -04:00
Jeff Mitchell 6d20c8fce2
Add approle agent method removing secret ID file by default. (#5648)
Also, massively update tests.
2018-10-30 14:09:04 -04:00
RJ Spiker 3223d661ce website: community page content update (#5641) 2018-10-30 12:33:51 -04:00
Aleksey Zhukov 5361205d5b WIP Agent AppRole auto-auth (#5621) 2018-10-30 12:17:19 -04:00
Benjamin Dos Santos 1f86528ad8 docs(systemd): Capabilities had been removed (#5579)
* docs(systemd): `Capabilities` had been removed

The `Capabilities=` unit file setting has been removed and is ignored for
backwards compatibility. `AmbientCapabilities=` and `CapabilityBoundingSet=`
should be used instead.

8f968c7321/NEWS (L1357)

* style: remove trailing white space
2018-10-30 10:18:08 -04:00
Balazs Nagy ca5c60642e Use tidy_revoked_certs instead of tidy_revocation_list (#5608) 2018-10-29 19:29:35 -04:00
RJ Spiker fca7cb3794 website: update sidebar_title in front matter to use <code> (#5636)
* website: replace deprecated <tt> with <code> in front matter sidebar_title

* website: wrap front matter sidebar_title in <code> for commands pages
2018-10-29 15:58:37 -04:00
Christophe Tafani-Dereeper fb89c1adc5 Fix typo ('Gase' -> 'Case') (#5638) 2018-10-29 15:19:35 -04:00
Mike Wickett af70c2234b website: update component dependencies (#5637) 2018-10-29 14:29:44 -04:00
Ben Boeckel 1e3d41ffa9 website: add missing @ to example (#5560)
* website: remove mention of `@` in command

The command does not contain the mentioned `@` symbol and can be
confusing.

* docs: use `policy-name` instead of `my-policy`

Just making things consistent.
2018-10-29 13:12:48 -04:00
Seth Vargo 5fcdd6c4e3 More formatting fixes (#5582) 2018-10-29 13:12:19 -04:00
Jeff Mitchell 3c1a82e60c
Add token type to sentinel docs, fix up some names, and better codify what Sentinel reports for various token types (#5630) 2018-10-27 11:07:27 -07:00
RJ Spiker 5f88be68bc website: adjust downloads page responsive behaviors (#5624) 2018-10-26 21:16:55 -04:00
Jeffrey Hogan cd35ecf02e Use H3 for parameters to match existing pattern (#5566) 2018-10-26 19:13:14 -04:00
Chris Hoffman fa380e9be4
Fix seal migration docs (#5623)
* fixing seal migration docs

* do not use deprecated command

* adding redirect for old docs
2018-10-26 10:04:51 -07:00
Joel Thompson 62b54c8a5c Update awskms seal docs (#5618)
The seal already supported an endpoint configuration, but it wasn't
documented, so adding the docs for it. Also adding a note on required
KMS permissions.
2018-10-26 06:18:04 -07:00
Chris Hoffman bbca4729b6
Updating seal docs (#5616)
* updating seal docs

* fixing api docs
2018-10-25 16:44:53 -07:00
RJ Spiker e1bff4b447 website: adjust button-container behavior based on design feedback (#5613) 2018-10-25 14:25:51 -07:00
Seth Vargo a0cffd4c3f Update docs and permissions (#5612) 2018-10-25 14:10:11 -07:00
Justin Shoffstall 65014f790f Clarify that Perf Standbys require Consul backend (#5539)
* Clarify that Perf Standbys require Consul backend

* Fixed for line length
2018-10-25 13:13:44 -07:00
Alan Tang a69793ae32 fix duplicated word (#5599)
I think that is a duplicated word.
2018-10-24 18:15:24 -07:00
Mike Wickett de34464767 website: change production env var to workaround Dato bug 2018-10-24 13:52:49 -06:00
Mike Wickett bf6c6e12ee website: fix redirects to learn 2018-10-24 13:46:56 -06:00
RJ Spiker 34fdbd785a website - downloads page style adjustments 2018-10-24 13:46:56 -06:00
RJ Spiker 66acfb293b website - fix broken .button-container styles 2018-10-24 13:46:56 -06:00
Mike Wickett 49c07c436d website: add temporary callout to download v1.0 beta 2018-10-24 13:46:56 -06:00
RJ Spiker bbd45ac633 website - dependency version bumps 2018-10-24 13:46:55 -06:00
Mike Wickett 3139263ed6 website: add redirects for intro/getting-started content to Learn 2018-10-24 13:46:43 -06:00
Mike Wickett 2953cd5191 website: fix small font size on code samples 2018-10-24 13:46:43 -06:00
Mike Wickett 9b6026153b website: remove GA snippet - Segment handles this 2018-10-24 13:46:43 -06:00
Jeff Escalante bff998390e Website: small fix for the sidebar (#5595)
* sidebar attempted fix

* fix html errors

* a couple css updates
2018-10-24 12:21:37 -07:00
Andy Manoske 9c2c9d5e13
Update partnerships.html.md 2018-10-23 14:56:55 -07:00
Andy Manoske e19b90e056
Update partnerships.html.md 2018-10-23 14:56:17 -07:00
Andy Manoske f8314f47aa
Update partnerships.html.md 2018-10-23 14:55:51 -07:00
Andy Manoske caad3aff9c
Fix broken links
fix links to old guides infrastructure
2018-10-23 14:22:18 -07:00
Andy Manoske 75c3a5ee9e
Update docs_detailed_categories.yml 2018-10-23 14:01:48 -07:00
Andy Manoske b355c6a3ce
Update partnerships.html.md 2018-10-23 13:58:33 -07:00