Armon Dadgar
a03268bc32
vault: Adding an epoch prefix to keys to support eventual online key rotation
2015-04-17 16:51:13 -07:00
Armon Dadgar
4473abd6ce
vault: core enforcement of limited use tokens
2015-04-17 11:57:56 -07:00
Armon Dadgar
538c795f9b
vault: Adding method to consume a limited use token
2015-04-17 11:51:04 -07:00
Armon Dadgar
fd3948d476
vault: Tokens can have a use count specified
2015-04-17 11:34:25 -07:00
Armon Dadgar
b65e1b3e22
vault: using a constant to make @mitchellh feel better
2015-04-15 17:19:59 -07:00
Aaron Bedra
95c37c1c4d
Clarify Barrier encryption defaults.
...
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
2015-04-15 18:24:23 -05:00
Armon Dadgar
818ce0a045
vault: token store allows specifying display_name
2015-04-15 14:24:07 -07:00
Armon Dadgar
76b69b2514
vault: thread the display name through
2015-04-15 14:12:34 -07:00
Armon Dadgar
e6fd2f2ce5
vault: Default key size to 256bit.
2015-04-15 13:33:47 -07:00
Armon Dadgar
3ee434a783
vault: Allow AES key to be up to 256 bits. Fixes #7
2015-04-15 13:33:47 -07:00
Armon Dadgar
9f7143cf44
vault: expose the current leader
2015-04-14 16:53:40 -07:00
Armon Dadgar
445f64eb39
vault: leader should advertise address
2015-04-14 16:44:48 -07:00
Armon Dadgar
ec8a41d2d2
vault: rename internal variable
2015-04-14 16:11:39 -07:00
Armon Dadgar
7579cf76ab
vault: testing standby mode
2015-04-14 16:08:14 -07:00
Armon Dadgar
2820bec479
vault: testing standby mode
2015-04-14 16:06:58 -07:00
Armon Dadgar
a0e1b90b81
vault: reject operation if standby
2015-04-14 14:09:11 -07:00
Armon Dadgar
d7102e2661
vault: first pass at HA standby mode
2015-04-14 14:06:15 -07:00
Armon Dadgar
0be49a97b7
vault: stopExpiration should be idempotent
2015-04-14 13:32:56 -07:00
Armon Dadgar
255e0fbda4
vault: enable physical cache in core
2015-04-14 11:08:04 -07:00
Mitchell Hashimoto
0f15aef9bb
vault: fix tests
2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
a44eb0dcd0
http: renew endpoints
2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
209b275bfd
logical/framework: allow max session time
2015-04-11 16:41:08 -07:00
Mitchell Hashimoto
33d66f0130
vault: token store allows unlimited renew
2015-04-11 16:28:16 -07:00
Mitchell Hashimoto
a360ca4928
logical/framework: AuthRenew callback, add LeaseExtend
...
/cc @armon - Going with this "standard library" of callbacks approach
to make extending leases in a customizable way easy. See the docs/tests
above.
2015-04-11 14:46:09 -07:00
Mitchell Hashimoto
5eff7f1b57
vault: upper bound on test
2015-04-10 21:22:17 -07:00
Mitchell Hashimoto
992028e23e
vault: the expiration time should be relative to the issue time
2015-04-10 21:21:06 -07:00
Armon Dadgar
f2c0f79435
vault: Split SecurityBarrier interface to BarrierStorage
2015-04-10 16:43:35 -07:00
Armon Dadgar
a6d974c74e
vault: revoking a token should revoke all secrets it has generated
2015-04-10 15:12:04 -07:00
Armon Dadgar
c22d18a5be
vault: re-use revokeSalted to share logic
2015-04-10 15:06:54 -07:00
Armon Dadgar
1e2863e2b8
vault: remove unused RevokeAll method
2015-04-10 14:59:49 -07:00
Armon Dadgar
b10fbc4d83
vault: Adding token based revocation
2015-04-10 14:48:08 -07:00
Armon Dadgar
98679ee7b8
vault: Split expiration manager views to index by token
2015-04-10 14:21:23 -07:00
Armon Dadgar
39c51ede2e
vault: testing renewAuthEntry
2015-04-10 14:07:06 -07:00
Armon Dadgar
13836e8612
vault: groundwork to allow auth renew
2015-04-10 13:59:49 -07:00
Armon Dadgar
e7fe48c33f
vault: refactor expiration timer management
2015-04-09 12:39:12 -07:00
Armon Dadgar
5a3ab973e6
vault: Simplify common lease logic
2015-04-09 12:29:13 -07:00
Armon Dadgar
4679febdf3
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 12:14:04 -07:00
Armon Dadgar
7df486482b
vault: Adding LeaseIssue for renew to allow limiting maximum lease length
2015-04-09 11:54:32 -07:00
Mitchell Hashimoto
9a034c4ab8
vault: lookup-self should allow unauthenticated requests
2015-04-08 22:09:47 -07:00
Armon Dadgar
8ebc29d1b9
vault: audit broker profiles each backend
2015-04-08 17:09:36 -07:00
Armon Dadgar
e25886859e
vault: router generates metrics per operation
2015-04-08 17:09:10 -07:00
Armon Dadgar
82c5d9c478
vault: Enforce non-renewability
2015-04-08 17:03:46 -07:00
Armon Dadgar
512b3d7afd
vault: Adding metrics profiling
2015-04-08 16:43:17 -07:00
Armon Dadgar
429ad7e5cb
vault: Handle auth entry without lease
2015-04-08 15:43:26 -07:00
Armon Dadgar
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
7e4f47a9e6
vault: proper meta parameter for vaultstorage (tests pass now)
2015-04-07 14:37:50 -07:00
Mitchell Hashimoto
9378d0388a
vault: token store inehrits policies by default
2015-04-07 14:19:52 -07:00
Mitchell Hashimoto
8dce065972
vault: use mapstructure to decode token args
...
JSON sends as interface{}, so we can't decode directly into types.
2015-04-07 14:16:35 -07:00
Armon Dadgar
a8d4319ad5
vault: Update LRU on GetPolicy
2015-04-06 16:43:05 -07:00
Armon Dadgar
f022ec97c4
vault: Adding policy LRU cache
2015-04-06 16:41:48 -07:00