Commit graph

862 commits

Author SHA1 Message Date
Jeff Mitchell 8cb23835d7 Fix read panic when an empty argument is given.
Fixes #923
2016-01-12 08:46:49 -05:00
Jeff Mitchell a2bd31d493 Fix up PGP tests from earlier code fixes 2016-01-08 22:21:41 -05:00
Jeff Mitchell 676008b2c5 Lotsa warnings if you choose not to be safe 2016-01-08 17:35:07 -05:00
Jeff Mitchell 26e1837a82 Some minor rekey backup fixes 2016-01-08 14:09:40 -05:00
Jeff Mitchell a094eedce2 Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell 80866d036d update init/rekey documentation around keybase entries 2016-01-04 14:17:51 -05:00
Jeff Mitchell 5ef7efffe3 Disable cmd/server tests for now so we can get Travis back on track 2015-12-31 08:48:53 -05:00
Jeff Mitchell c642feebe2 Remove some outdated comments 2015-12-30 21:00:27 -05:00
Jeff Mitchell 0509ad9c29 Use RenewSelf instead of Renew if the token we're renewing is the same as the client 2015-12-30 14:41:50 -05:00
Nicki Watt 442d538deb Make token-lookup functionality available via Vault CLI 2015-12-29 20:18:59 +00:00
Jeff Mitchell fefa696a33 Merge pull request #886 from ooesili/ssh-error-fetching-username
Stop panic when vault ssh username fetching fails
2015-12-29 12:17:51 -06:00
Jeff Mitchell fa1676882f Merge pull request #853 from hashicorp/issue-850
Make TokenHelper an interface and split exisiting functionality
2015-12-29 12:01:49 -06:00
Jeff Mitchell 6cdb8aeb4f Merge branch 'master' into f-disable-tls 2015-12-29 12:59:02 -05:00
Nicki Watt eb4aaad082 Using LookupSelf() API method instead of raw HTTP call for auth command 2015-12-28 01:38:00 +00:00
Wesley Merkel 5a368fa9de Stop panic when vault ssh username fetching fails 2015-12-26 15:09:07 -07:00
Wim e8e492f574 Fix ipv6 address advertisement 2015-12-22 21:40:36 +01:00
Jeff Mitchell 1a324cf347 Make TokenHelper an interface and split exisiting functionality
Functionality is split into ExternalTokenHelper, which is used if a path
is given in a configuration file, and InternalTokenHelper which is used
otherwise. The internal helper no longer shells out to the same Vault
binary, instead performing the same actions with internal code. This
avoids problems using dev mode when there are spaces in paths or when
the binary is built in a container without a shell.

Fixes #850 among others
2015-12-22 10:23:30 -05:00
Jeff Mitchell 5017907785 Move telemetry metrics up to fix one possible race, but deeper problems in go-metrics can't be solved with this 2015-12-17 16:38:17 -05:00
Jeff Mitchell db7a2083bf Allow setting the advertise address via an environment variable.
Fixes #581
2015-12-14 21:22:55 -05:00
Jeff Mitchell 1e653442cd Ensure advertise address detection runs without a specified HA backend
Ping #840
2015-12-14 21:13:27 -05:00
Jeff Mitchell 521ea42f6b Merge pull request #840 from hashicorp/issue-395
Allow separate HA physical backend.
2015-12-14 20:56:47 -05:00
Jeff Mitchell 7ce8aff906 Address review feedback 2015-12-14 17:58:30 -05:00
Mathias Lafeldt b00b476c7a Show error if output format is invalid
Rather than silently using table as a fallback.
2015-12-14 17:14:22 +01:00
Jeff Mitchell ced0835574 Allow separate HA physical backend.
With no separate backend specified, HA will be attempted on the normal
physical backend.

Fixes #395.
2015-12-14 07:59:58 -05:00
Jeff Mitchell e941f699d3 Merge pull request #832 from mlafeldt/yaml-ouput
Allow to output secrets in YAML format
2015-12-11 12:04:41 -05:00
Mathias Lafeldt 61d4ef70f4 Allow to output secrets in YAML format
This can be done with https://github.com/ghodss/yaml, which reuses
existing JSON struct tags for YAML.
2015-12-10 11:32:31 +01:00
Mathias Lafeldt 607d12174d Output secrets sorted by key
Instead of printing them in random order each time `vault read` is invoked.
2015-12-10 10:08:23 +01:00
Armon Dadgar 985717b428 server: sanity check value for 'tls_disable' 2015-11-25 11:37:57 -08:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell 5d5d58ffe4 Fix unmount help output 2015-11-09 15:23:49 -05:00
Jeff Mitchell 75f1c1e40c Print version on startup.
Fixes #765
2015-11-09 13:52:55 -05:00
Jeff Mitchell 32e23bea71 Move environment variable reading logic to API.
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.

Fixes #618
2015-11-04 10:28:00 -05:00
Jeff Mitchell c1d8b97342 Add reset support to the unseal command.
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
2015-10-28 15:59:39 -04:00
Jeff Mitchell 7b25204a19 Fix cache disabling 2015-10-28 13:05:56 -04:00
voutasaurus 1da78942e8 Modifies documentation in output of vault server -dev
Environment variable setting is different in windows
2015-10-22 00:48:46 -07:00
Jeff Mitchell cba4e82682 Don't use http.DefaultClient
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
2015-10-15 17:54:00 -04:00
Jeff Mitchell 9f0b1547bb Allow disabling the physical storage cache with 'disable_cache'.
Fixes #674.
2015-10-12 13:00:32 -04:00
Jeff Mitchell b8455be005 Support and use TTL instead of lease for token creation 2015-10-09 19:52:13 -04:00
Jeff Mitchell ee92124357 Fix output of token-create help to use ttl instead of lease 2015-10-09 19:40:30 -04:00
Jeff Mitchell aa3055f816 Fix mount-tune CLI output 2015-10-09 16:03:31 -04:00
Jeff Mitchell d39580b38c Update CLI help text for init/rekey regarding base64-encoded keys 2015-10-08 11:09:30 -04:00
Jeff Mitchell 4e0a6c5e5f Adjust warnings message to make it clear they are from the server 2015-10-07 16:18:39 -04:00
Jeff Mitchell d740fd4a6a Add the ability for warnings to be added to responses. These are
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
2015-10-07 16:18:39 -04:00
vishalnayak 145aee229e Merge branch 'master' of https://github.com/hashicorp/vault 2015-10-03 00:07:34 -04:00
Jeff Mitchell 645932a0df Remove use of os/user as it cannot be run with CGO disabled 2015-10-02 18:43:38 -07:00
vishalnayak c7fd639b2e Remove format parameter 2015-10-02 14:10:24 -04:00
vishalnayak 3dd84446ab Github backend: enable auth renewals 2015-10-02 13:33:19 -04:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell 81e535dc2d Minor updates to passthrough and additional tests 2015-09-21 16:57:41 -04:00
Jeff Mitchell e7dfb4f943 Use 'ttl_seconds' in CLI output so as not to shadow actual 'ttl' parameter 2015-09-21 16:37:37 -04:00
Jeff Mitchell 425e286f90 If there's no lease, output ttl instead of lease_duration 2015-09-21 16:37:37 -04:00
Jeff Mitchell 15e1a2281d If lease_duration is not zero, output it even if there is no lease. 2015-09-21 16:37:37 -04:00
Jeff Mitchell 9c5dcac90c Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527 2015-09-18 14:01:28 -04:00
vishalnayak fdf05e8ead Adding type checking to ensure only BasicUi is affected 2015-09-17 11:37:21 -04:00
vishalnayak e885dff580 CLI: Avoiding CR when printing specific fields 2015-09-17 10:05:56 -04:00
hendrenj 0532682816 improve documentation for available log levels 2015-09-16 11:01:33 -06:00
vishalnayak c5a3b0c681 Typo fix 2015-09-11 21:36:20 -04:00
vishalnayak 142cb563a6 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Jeff Mitchell ace611d56d Address items from feedback. Make MountConfig use values rather than
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
Jeff Mitchell c460ff10ca Push a lot of logic into Router to make a bunch of it nicer and enable a
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell 971e4144ec Fix typo 2015-09-10 15:09:54 -04:00
Jeff Mitchell 488d33c70a Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell 4239f9d243 Add DynamicSystemView. This uses a pointer to a pointer to always have
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell 696d0c7b1d Plumb per-mount config options through API 2015-09-10 15:09:53 -04:00
vishalnayak 5063a0608b Vault SSH: Default CIDR for roles 2015-08-27 13:04:15 -04:00
Jeff Mitchell 3f45f3f41b Rename config lease_duration parameters to lease_ttl in line with current standardization efforts 2015-08-27 07:50:24 -07:00
Jeff Mitchell 8669a87fdd When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes. 2015-08-26 07:59:50 -07:00
Jeff Mitchell cc232e6f79 Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell c887df93cc Add support for pgp-keys argument to rekey, as well as tests, plus
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
Jeff Mitchell f57e7892e7 Don't store the given public keys in the seal config 2015-08-25 14:52:13 -07:00
Jeff Mitchell a7316f2e24 Handle people specifying PGP key files with @ in front 2015-08-25 14:52:13 -07:00
Jeff Mitchell 2f3e245b0b Add support for "pgp-tokens" parameters to init.
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
Jeff Mitchell a8ef0e8a80 Remove cookie authentication. 2015-08-21 19:46:23 -07:00
vishalnayak 1f5062a6e1 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-19 12:16:37 -07:00
Jeff Mitchell fe8c1c514d Add -no-verify option to CLI auth command, to avoid decrementing the token use count during auth. 2015-08-18 19:22:17 -07:00
vishalnayak 251cd997ad Vault SSH: TLS client creation test 2015-08-18 19:00:27 -07:00
vishalnayak 9324db7979 Vault SSH: verify echo test 2015-08-18 16:48:50 -07:00
vishalnayak 1f402fb42e Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-17 18:22:13 -07:00
vishalnayak b91ebbc6e2 Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
Armon Dadgar 7c12aaa24b command: Fixing setup of client certificates 2015-08-17 12:18:14 -07:00
vishalnayak 9db318fc55 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
vishalnayak 7f9babed2a Vault SSH: CLI embellishments 2015-08-13 16:55:47 -07:00
vishalnayak e782717ba8 Vault SSH: Renamed path with mountPoint 2015-08-12 10:30:50 -07:00
vishalnayak 33d7ef71b9 Vault SSH: Fixed constructor of SSH api 2015-08-12 09:56:17 -07:00
vishalnayak 93dfa67039 Merging changes from master 2015-08-12 09:28:16 -07:00
Michael S. Fischer 2b4c6ab0e2 command/meta.go: document environment variables
Document the environment variables which, if set, can provide default
values for configuration options.

Fixes #476
2015-08-07 15:13:30 -07:00
Matt Button 9f363913e9 Allow the vault token-create command to specify the token's id 2015-08-07 08:45:34 +00:00
vishalnayak e5080a7f32 Merging with master 2015-08-06 18:44:40 -04:00
vishalnayak 32502977f6 Vault SSH: Automate OTP typing if sshpass is installed 2015-08-06 17:00:50 -04:00
vishalnayak 0af97b8291 Vault SSH: uninstall dynamic keys using script 2015-08-06 15:50:12 -04:00
vishalnayak c7ef0b95c2 Vault SSH: CRUD test case for OTP Role 2015-07-31 13:24:23 -04:00
Karl Gutwin 4bad987e58 PR review updates 2015-07-30 13:21:41 -04:00
Karl Gutwin 151ec72d00 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
vishalnayak 61c9f884a4 Vault SSH: Review Rework 2015-07-29 14:21:36 -04:00
Vishal Nayak 4b4df4271d Vault SSH: Refactoring 2015-07-27 16:42:03 -04:00
Vishal Nayak e9f507caf0 Vault SSH: Refactoring 2015-07-27 13:02:31 -04:00
Vishal Nayak b532ee0bf4 Vault SSH: Dynamic Key test case fix 2015-07-24 12:13:26 -04:00
Vishal Nayak e998face87 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-23 17:20:34 -04:00
Vishal Nayak 791a250732 Vault SSH: Support OTP key type from CLI 2015-07-23 17:20:28 -04:00
Armon Dadgar ae28087f67 server: import sha512. Fixes #448 2015-07-23 13:51:45 -07:00
Karl Gutwin 1096f5a53e Avoid unnecessary abbreviation 2015-07-22 23:28:46 -04:00
Karl Gutwin 2e81d9047d Allow specifying a TLS minimum version 2015-07-22 23:19:41 -04:00
Nate Brown dec99f2bf6 Git ignore getting in the way 2015-07-14 15:57:06 -07:00
Nate Brown 5804c4a872 Fix travis build 2015-07-14 15:50:29 -07:00
Nate Brown 0ec0b41aa3 Telemetry object in config 2015-07-14 15:36:28 -07:00
Nate Brown d2c048d870 Disable hostname prefix for runtime telemetry 2015-07-13 13:17:57 -07:00
Vishal Nayak ed258f80c6 Vault SSH: Refactoring and fixes 2015-07-10 18:44:31 -06:00
Vishal Nayak ef11dd99f7 Vault SSH: Added comments to ssh_test 2015-07-10 16:59:32 -06:00
Vishal Nayak 89a0e37a89 Vault SSH: Backend and CLI testing 2015-07-10 16:18:02 -06:00
Vishal Nayak 3c7dd8611c Vault SSH: Test case skeleton 2015-07-10 09:56:14 -06:00
Vishal Nayak 73414154f8 Vault SSH: Made port number configurable 2015-07-06 16:56:45 -04:00
Vishal Nayak 170dae7f91 Vault SSH: Revoking key after SSH session from CLI 2015-07-06 11:05:02 -04:00
Vishal Nayak 425b69be32 Vault SSH: PR review rework: Formatting/Refactoring 2015-07-02 19:52:47 -04:00
Vishal Nayak a1e2705173 Vault SSH: PR review rework 2015-07-02 17:23:09 -04:00
Vishal Nayak bb16052141 Vault SSH: replaced concatenated strings by fmt.Sprintf 2015-07-01 20:35:11 -04:00
Vishal Nayak d691a95531 Vault SSH: PR review rework - 1 2015-07-01 11:58:49 -04:00
Vishal Nayak 8627f3c360 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-06-30 18:33:37 -04:00
Vishal Nayak 5e5e6788be Input validations, help strings, default_user support 2015-06-30 18:33:17 -04:00
Armon Dadgar e025c33ab9 command: source general options docs from common source 2015-06-30 12:01:23 -07:00
Karl Gutwin c12734b27c CLI docs 2015-06-30 09:04:57 -04:00
Karl Gutwin 0062d923cc Better error messages. 2015-06-30 08:59:38 -04:00
Vishal Nayak 91ed2dcdc2 Refactoring changes 2015-06-29 22:00:08 -04:00
Karl Gutwin 24d0af39b4 Initial sketch for client TLS auth 2015-06-29 15:33:16 -04:00
Vishal Nayak 29696d4b6b Creating SSH keys and removal of files in pure 'go' 2015-06-26 15:43:27 -04:00
Vishal Nayak 8c15e2313b ssh/lookup implementation and refactoring 2015-06-25 21:47:32 -04:00
Vishal Nayak b237a3bcc2 POC: Rework. Doing away with policy file. 2015-06-24 18:13:12 -04:00
Vishal Nayak f8d164f477 SSHs to multiple users by registering the respective host keys 2015-06-19 12:59:36 -04:00
Vishal Nayak 90605c6079 merging with master 2015-06-18 20:51:11 -04:00
Vishal Nayak 8d98968a54 Roles, key renewal handled. End-to-end basic flow working. 2015-06-18 20:48:41 -04:00
Armon Dadgar 9772a72772 command/read: Ensure only a single argument. Fixes #304 2015-06-18 16:00:41 -07:00
Armon Dadgar c54868120a command/path-help: rename command, better error if sealed. Fixes #234 2015-06-18 15:56:42 -07:00
Armon Dadgar 3533d87746 command/write: adding force flag for when no data fields are necessary. Fixes #357 2015-06-18 13:51:06 -07:00
Armon Dadgar 7394c7bd8d command/server: fixing output weirdness 2015-06-18 13:48:18 -07:00
Armon Dadgar 7bd1e7d826 command/auth: warn earlier about VAULT_TOKEN 2015-06-18 13:48:04 -07:00
Armon Dadgar 28f18119e0 command/auth: warn about the VAULT_TOKEN env var. Fixes #195 2015-06-17 19:19:02 -07:00
Vishal Nayak 2aed5f8798 Implementation for storing and deleting the host information in Vault 2015-06-17 22:10:47 -04:00
Armon Dadgar 3a2adcb3b8 cmomand/read: strip path prefix if necessary. Fixes #343 2015-06-17 18:33:15 -07:00
Armon Dadgar 6bc2b06de4 server: graceful shutdown for fast failover. Fixes #308 2015-06-17 18:24:56 -07:00
Vishal Nayak cfef144dc2 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-06-17 20:34:56 -04:00
Vishal Nayak 303a7cef9a Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-17 20:33:03 -04:00
Armon Dadgar 1f963ec1bb command/token-create: provide more useful output. Fixes #337 2015-06-17 16:59:50 -07:00
Vishal Nayak 3ed73d98c2 Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 12:39:49 -04:00
Mitchell Hashimoto 0ecf05c043 command/auth, github: improve cli docs
/cc @sethvargo
2015-06-16 10:05:11 -07:00
Seth Vargo 3a0e19cb4e Merge pull request #270 from sheldonh/no_export_vault_token
Don't recommend exporting VAULT_TOKEN
2015-06-01 11:52:40 -04:00
Armon Dadgar d605a437b6 Merge pull request #278 from Zhann/feature/add_dev_to_server_options_help
Add help info for -dev flag
2015-06-01 13:08:50 +02:00
Armon Dadgar 607fc295e5 command/rekey: use same language in rekey as init 2015-06-01 13:08:20 +02:00
Armon Dadgar fbc51109cc Merge pull request #273 from hashicorp/unseal-keys-notice
Change phrasing for unseal key notification
2015-06-01 13:06:52 +02:00
Steven De Coeyer 8155b3927e Add help info for -dev flag 2015-05-31 18:05:15 +02:00
Chris Bednarski 4e79210934 Updated phrasing to note restarts, stop, and other sealing scenarios 2015-05-28 17:07:38 -07:00
Chris Bednarski 528d0c6e28 Changed phrasing for unseal key notification 2015-05-28 17:02:09 -07:00
Armon Dadgar 7f26f5a4cb command/rekey: adding tests 2015-05-28 15:22:42 -07:00
Armon Dadgar 9a162191cd command/rekey: first pass at rekey 2015-05-28 15:08:09 -07:00
Armon Dadgar 42b91fe411 command/rotate: Adding new rotate command 2015-05-28 10:16:33 -07:00
Sheldon Hearn 6cda28f9e7 Don't recommend exporting VAULT_TOKEN
It's not needed by the dev server (which writes ~/.vault-token),
and breaks the Getting Started guide (e.g. #267).
2015-05-28 14:39:35 +02:00
Armon Dadgar 388022bac1 command/key-status: Adding new key-status command 2015-05-27 18:17:02 -07:00
Armon Dadgar 11b6abe886 Merge pull request #251 from DavidWittman/auth-prompt-without-args
Prompt for auth token when no args provided
2015-05-27 11:24:33 -07:00
David Wittman 5df1d725aa Add test for stdin input
Shamelessly borrowed this pattern from write_test.go
2015-05-23 13:23:38 -05:00
David Wittman 1411749222 Read from stdin with auth command 2015-05-23 13:23:37 -05:00
Ian Unruh 48778c5260 Add ability to read raw field from secret 2015-05-22 11:28:23 -07:00
Armon Dadgar 3713ef9fb7 command/renew: typo fix. Fixes #240 2015-05-21 11:03:25 -07:00
David Wittman fb898ecc1b Prompt for auth token when no args provided
This makes `vault auth` work as documented:

> If no -method is specified, then the token is expected. If it is not
> given on the command-line, it will be asked via user input. If the
> token is "-", it will be read from stdin.
2015-05-20 22:10:02 -05:00
Armon Dadgar a3ddd9ddb2 server: Minor copy change 2015-05-20 17:49:16 -07:00
Armon Dadgar 7e08d68e48 Merge pull request #222 from DavidWittman/config-backend-check
Fail gracefully if a physical backend is not supplied
2015-05-20 17:47:45 -07:00
Armon Dadgar 268db24819 command/listener: Request TLS client cert. Fixes #214 2015-05-20 16:01:40 -07:00
Ian Unruh faa07cc165 Improve unseal CLI message 2015-05-19 00:34:18 -07:00
David Wittman b04332f8fc Fail gracefully if a phys backend is not supplied 2015-05-18 22:55:12 -05:00
Seth Vargo 88d5d6a4c8 Use strconv.ParseBool 2015-05-15 16:41:30 -04:00
Seth Vargo a2831b0144 Explicitly check if tls_disable == 1 2015-05-15 16:39:30 -04:00
Emil Hessman f40dba1c48 command/token: add Env to Helper
Specify environment variables on the Helper rather than on
the command line.

Fixes command/token test failures on Windows.
2015-05-12 07:22:38 +02:00
Mitchell Hashimoto ce5786d133 Rename skip verify env 2015-05-11 11:27:54 -07:00
Mitchell Hashimoto 7c180fb6fd Merge pull request #181 from jefferai/fix-ca-path-walk
Fix CA path walking, and add TLS-related env vars.
2015-05-11 11:26:47 -07:00
Mitchell Hashimoto 66c8d2dd2a command: fix tests 2015-05-11 11:25:45 -07:00
Armon Dadgar 073820a6cc command/token: Use cmd on windows instead of sh 2015-05-11 11:08:08 -07:00
Mitchell Hashimoto 7bff682e8e command/*: -tls-skip-verify [GH-130] 2015-05-11 11:01:52 -07:00
Jeff Mitchell 4f8c9e8fe2 This adds one bugfix and one feature enhancement.
Bugfix: When walking a given CA path, the walk gives both files and
directories to the function. However, both were being passed in to be
read as certificates, with the result that "." (the given directory for
the CA path) would cause an error. This fixes that problem by simply
checking whether the given path in the walk is a directory or a file.

Feature enhancement: VAULT_CACERT, VAULT_CAPATH, and VAULT_INSECURE now
perform as expected.
2015-05-11 17:58:56 +00:00
Mitchell Hashimoto a3afed6811 command/meta: don't read token file if token is already set [GH-162] 2015-05-11 10:31:14 -07:00
Seth Vargo bbddaff5c9 Make the VAULT_TOKEN and VAULT_ADDR copy-pastable in dev mode
This allows someone to quickly start a dev mode server and hit the ground
running without the need to copy-paste twice.
2015-05-07 18:32:40 -04:00
Armon Dadgar b71afe54e5 Merge pull request #139 from fubar-coder/master
Escape backslash to allow usage of dev server on Windows using MinGW
2015-05-06 11:05:06 -07:00
Armon Dadgar a4b92ebb3a Merge pull request #133 from hashicorp/f-advertise
Attempt advertise address detection
2015-05-04 12:13:45 -07:00
Mark Junker 47d2cc8349 Escape backslash to allow usage of dev server on Windows using MinGW (partially fixes issue #95) 2015-05-04 09:20:40 +02:00
A.I 53d5a801e5 Fix lease_renewable output 2015-05-02 19:58:48 -07:00
Armon Dadgar c76b59812e command/server: Attempt advertise address detection 2015-05-02 15:57:40 -07:00
Mitchell Hashimoto c7ff8f8458 Merge pull request #82 from DavidWittman/75-auth-revoked-token
Check for invalid token when authing via cli
2015-05-02 13:20:57 -07:00
Mitchell Hashimoto 842a8ec818 command/format: add lease_renewable to output 2015-05-02 13:11:40 -07:00
David Wittman 2fff913263 Check for invalid token when authing via cli
If a token does not exist, the Read request returns without an
error, but the secret returned is `nil`, so we need to check for
that.

Closes #75
2015-04-28 21:50:51 -05:00
Mitchell Hashimoto 3d3274a66b command/server: fix one race condition 2015-04-28 19:11:46 -07:00
Mitchell Hashimoto d29ada47eb command/server: disable mlock in dev mode 2015-04-28 15:11:39 -07:00
Mitchell Hashimoto 006d4fccfd command/server: allow disabling mlock 2015-04-28 15:09:30 -07:00
Mitchell Hashimoto 6898c60292 command/server: warning if no mlock 2015-04-28 15:04:40 -07:00
Mitchell Hashimoto c53dc04d92 command/token: use executable path to find token helper [GH-60] 2015-04-28 14:52:55 -07:00
Matt Haggard 1346040c86 Update server.go
Did you mean "talking?"  Or something else?
2015-04-28 14:01:45 -06:00
Mitchell Hashimoto 3998804347 command: support custom CAs 2015-04-28 09:36:03 -07:00
Mitchell Hashimoto 244a0c56bc command/*: lets try to remove this before 0.1.0 2015-04-28 09:20:42 -07:00
Mitchell Hashimoto 1b0d75719d command/*: more TODO removal 2015-04-28 09:15:38 -07:00
Mitchell Hashimoto fc6569ad59 command/*: fix spacing 2015-04-28 09:15:21 -07:00
Mitchell Hashimoto 0e112bf026 command/* fill in the addr 2015-04-28 09:13:32 -07:00
Armon Dadgar ff352c32fe command/server: Catch error from core initialization. Fixes #42 2015-04-27 21:29:40 -07:00
Armon Dadgar 3b0c993909 command/write: test output 2015-04-27 15:08:03 -07:00
Armon Dadgar 4ff3acfbe3 command/write: handle writes with output 2015-04-27 14:55:43 -07:00
Armon Dadgar 06a4c6b08f command: refactor to share output formating code 2015-04-27 14:55:29 -07:00
Jack Pearkes b2a689bfc9 command/init: minor output text fix 2015-04-22 11:48:07 -07:00
Mitchell Hashimoto 3f9711fa63 command/status: no weird indentintg 2015-04-21 20:11:15 +02:00
Armon Dadgar d56a0ce2ef command/status: refactor to improve output 2015-04-20 13:37:32 -07:00
Armon Dadgar 2609977683 command/status: improve output when sealed 2015-04-20 12:21:35 -07:00
Armon Dadgar 52f8b2d8ef command/status: improve output when sealed 2015-04-20 12:19:25 -07:00
Armon Dadgar f76e5b2fc5 command: Rename seal-status to status 2015-04-20 12:11:21 -07:00
Armon Dadgar f1c97ab2cf command: Adding HA status 2015-04-20 12:08:54 -07:00
Mitchell Hashimoto fb3645214c command/token-create: add display name and one time use 2015-04-19 18:08:08 -07:00
Mitchell Hashimoto 58d476edd0 command/token-renew 2015-04-19 18:04:01 -07:00
Mitchell Hashimoto 0ebf2508e0 command/policy-delete 2015-04-19 16:36:11 -07:00
Mitchell Hashimoto 6c497a8708 command/read: handle 404s 2015-04-18 22:05:08 -07:00
Mitchell Hashimoto ee254a332e command/server: can set advertise addr 2015-04-17 12:56:31 -07:00
Mitchell Hashimoto 415e7cef22 command/server: config for setting stats addresses 2015-04-17 12:56:31 -07:00
Mitchell Hashimoto 44b634c0d5 command/server: not HA possibilities when starting 2015-04-17 12:56:31 -07:00
Armon Dadgar f04d33b170 command/server: Enable telemetry. cc: @mitchellh 2015-04-14 18:44:09 -07:00
Mitchell Hashimoto d251876363 command/read: output the duration 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto 0cc0fb066b command/renew 2015-04-13 20:42:07 -07:00
Armon Dadgar 770116b8e9 command: Set minimum TLS version to 1.2 2015-04-13 19:09:44 -07:00
Mitchell Hashimoto cc21b80a64 command/unseal: update error message 2015-04-12 18:41:42 -07:00
Mitchell Hashimoto 1f084139d5 command/unseal: can accept key from command-line 2015-04-12 18:39:41 -07:00
Mitchell Hashimoto e8fec8b658 command/meta: can force config 2015-04-12 17:51:38 -07:00
Mitchell Hashimoto 4fd3bd8ab1 command: can force address 2015-04-12 17:30:19 -07:00
Mitchell Hashimoto 8ef487a4f5 command/revoke: rename vars to leaseId 2015-04-10 20:49:10 -07:00
Mitchell Hashimoto 48205d166b rename vault id to lease id all over 2015-04-10 20:35:14 -07:00
Armon Dadgar 466c7575d3 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto 9366be4895 command/auth: should let <1 args go through 2015-04-07 23:53:45 -07:00
Mitchell Hashimoto 071b72186e command/auth: unify 2015-04-07 23:29:49 -07:00
Mitchell Hashimoto 73edbebd4d command/audit-enable 2015-04-07 22:42:04 -07:00
Mitchell Hashimoto 8e3746d347 helper/kv-builder 2015-04-07 22:30:25 -07:00
Mitchell Hashimoto 71923a3abc command/audit-disable 2015-04-07 18:23:50 -07:00
Mitchell Hashimoto 0b45ffcd66 command/audit-list 2015-04-07 18:19:44 -07:00
Mitchell Hashimoto d97d9b928a command/token-revoke 2015-04-07 14:36:17 -07:00
Mitchell Hashimoto 457694c28b command/token-create: test 2015-04-07 14:22:18 -07:00
Mitchell Hashimoto ee690ee3b3 command/token-create 2015-04-07 14:20:18 -07:00
Mitchell Hashimoto 7442bc1ef6 command/delete 2015-04-07 11:15:20 -07:00
Mitchell Hashimoto f2ee82a17f command/remount 2015-04-07 10:46:47 -07:00
Mitchell Hashimoto ce0b0202ea command/unmount: better output 2015-04-07 10:39:17 -07:00
Mitchell Hashimoto a5ef1b6437 command/unmount 2015-04-07 10:38:51 -07:00
Mitchell Hashimoto 169666972a command/server: env var for dev mode 2015-04-06 10:28:17 -07:00
Mitchell Hashimoto 62f4d1dd0e credential/github: CLI handler 2015-04-06 09:53:43 -07:00
Mitchell Hashimoto c1bca480e6 command/auth: test for other methods 2015-04-06 09:40:47 -07:00
Mitchell Hashimoto ba2feae3f8 command/auth: add -method-help flag 2015-04-06 09:38:16 -07:00
Mitchell Hashimoto 22197fefa7 command/unseal: print newline after reading password 2015-04-06 09:34:08 -07:00
Mitchell Hashimoto 481628c41f command/auth: framework for supporting more auth methods 2015-04-05 20:50:18 -07:00
Mitchell Hashimoto 8bfa12297d builtin/audit: add file audit 2015-04-04 18:10:25 -07:00
Mitchell Hashimoto b0da4056a0 command/server: tests 2015-04-04 17:43:20 -07:00
Mitchell Hashimoto 929931175c command/server: log levels 2015-04-04 12:11:10 -07:00
Mitchell Hashimoto afc71d2a7b command/server: cleaner output 2015-04-04 12:06:41 -07:00
Mitchell Hashimoto 2e3d6d6a0e command/help 2015-04-02 22:42:05 -07:00
Mitchell Hashimoto 8433b3bfa6 Revert "command/policy"
This reverts commit da81ab3b4c813b0c207555b9cdf46c6e67319546.
2015-04-01 23:07:49 -07:00
Mitchell Hashimoto 4a0810dd6a command/policy 2015-04-01 23:02:03 -07:00
Mitchell Hashimoto 20d6fdf83f command/policy-write 2015-04-01 23:00:15 -07:00
Mitchell Hashimoto ca5c55c3eb command/policies: read a single policy 2015-04-01 18:50:43 -07:00
Mitchell Hashimoto a31ae896b4 command/policy-list 2015-04-01 18:46:32 -07:00
Mitchell Hashimoto e87d41d352 command/auth-disable 2015-04-01 17:14:11 -07:00
Mitchell Hashimoto f21da26766 command/auth-enable 2015-04-01 17:09:11 -07:00
Mitchell Hashimoto 8b3b10abc8 command/mounts: columnize 2015-04-01 17:01:10 -07:00
Mitchell Hashimoto 3876970564 command/read 2015-04-01 16:44:20 -07:00
Mitchell Hashimoto cee51ddde9 command/server: support CredentialBackends 2015-04-01 15:48:13 -07:00
Mitchell Hashimoto b5e4e4bf25 command/read: better UX on vault read 2015-03-31 20:50:05 -07:00
Mitchell Hashimoto d6a57d8a2b command/revoke: prefix 2015-03-31 19:33:16 -07:00
Mitchell Hashimoto bbaa137f4e command/revoke: revoke 2015-03-31 19:21:02 -07:00
Mitchell Hashimoto 67e4bdf1e4 misc typos 2015-03-31 17:27:04 -07:00
Mitchell Hashimoto 4f2ca0bca9 command/write: new format 2015-03-31 17:16:26 -07:00
Mitchell Hashimoto 19283eb5f7 command/server: dev mode 2015-03-31 16:44:47 -07:00
Mitchell Hashimoto 61efbf4930 command/mount 2015-03-31 16:29:04 -07:00
Mitchell Hashimoto eba817a21c command/auth: validate the token 2015-03-31 15:22:52 -07:00
Mitchell Hashimoto 407b32ccd5 command/seal: test should use the token 2015-03-31 11:46:55 -07:00
Mitchell Hashimoto b62d0f187b command/seal 2015-03-30 23:39:56 -07:00
Mitchell Hashimoto 78a783a1b9 command/meta: tests passing 2015-03-30 23:30:30 -07:00
Mitchell Hashimoto 27d4d861e9 command/auth: add newline so reading token doesn't output 2015-03-30 23:24:41 -07:00
Mitchell Hashimoto b2e46896f6 command/meta: add token to client if we have it 2015-03-30 23:10:59 -07:00
Mitchell Hashimoto e40d0874e1 command/auth: tests work wihtout vault installed 2015-03-30 11:07:31 -07:00
Mitchell Hashimoto 47a293579f command/auth: setting tokens works 2015-03-30 10:55:41 -07:00
Mitchell Hashimoto e3593d8bdc command: load configuration 2015-03-30 10:25:24 -07:00
Mitchell Hashimoto cb09c95824 command/token: HelperPath 2015-03-30 10:11:17 -07:00
Mitchell Hashimoto 27bc188758 token/disk: implement unencrypted disk store 2015-03-30 09:21:59 -07:00
Mitchell Hashimoto 62e36ecb68 command/token: helper to read/write tokens from a helper 2015-03-29 17:42:26 -07:00
Mitchell Hashimoto e78c972351 command/auth: boilerplate 2015-03-29 16:42:45 -07:00
Mitchell Hashimoto bd471bfffb command/init: show root token 2015-03-29 16:25:53 -07:00
Mitchell Hashimoto db65fd7b95 command: unit tests pass 2015-03-29 16:20:34 -07:00
Armon Dadgar 2024c7a155 Fixing compilation errors due to API change 2015-03-24 16:20:05 -07:00
Mitchell Hashimoto 86a6062ba2 main: enable AWS backend 2015-03-20 19:32:18 +01:00
Mitchell Hashimoto 7b1402b104 command/mounts 2015-03-15 21:28:31 -07:00
Mitchell Hashimoto 9eb22bd3c0 command/read 2015-03-15 20:52:28 -07:00
Mitchell Hashimoto c206755bdc command/meta: VAULT_ADDR to set the addr via env var 2015-03-15 20:41:36 -07:00
Mitchell Hashimoto 602281213e command/write: can write arbitrary data from stdin 2015-03-15 20:40:12 -07:00
Mitchell Hashimoto 1d07df9db6 command/write 2015-03-15 20:35:33 -07:00
Mitchell Hashimoto ab722a5ec2 fix all tests 2015-03-15 17:10:33 -07:00
Mitchell Hashimoto fd8f84e00e command/unseal: tests 2015-03-13 20:17:55 -07:00
Mitchell Hashimoto e473c655ac website: imageoptim 2015-03-13 12:58:21 -07:00
Mitchell Hashimoto c84a9bcaed command/seal-status 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto 5c2915ba52 command/init: tests 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto 5c8a2812fe command/init: make the output a little nicer 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto 3c3e96575f command/init 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto f71f29b801 command/server: initial working 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto cb3e91b338 command/sever: copy the TCP keep alive listener 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto 393c6c6c20 command/server: support TLS 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto 61224ce312 command/server: tcp listener 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto 86c7a4c155 command/server: load config from flags 2015-03-12 15:30:07 -07:00
Mitchell Hashimoto d88c20e293 command/server: add config loading 2015-03-12 15:21:11 -07:00
Mitchell Hashimoto 853e21defb command/get,put 2015-03-04 11:08:13 -08:00
Mitchell Hashimoto 86d593a8f9 command/seal 2015-03-04 08:56:10 -08:00
Mitchell Hashimoto 115fd9c30d command/unseal: forward error along 2015-03-04 00:35:02 -08:00
Mitchell Hashimoto a524ef6537 helper/password: for reading passwords securely 2015-03-04 00:31:35 -08:00
Mitchell Hashimoto 2cb4c63208 command/unseal 2015-03-03 23:57:23 -08:00
Mitchell Hashimoto cedeb056df command/auth: document the serer options 2015-03-03 23:52:54 -08:00
Mitchell Hashimoto 38bfea80cc command/meta: server options 2015-03-03 23:49:37 -08:00
Mitchell Hashimoto 32e640c8d0 command/auth 2015-03-03 23:34:32 -08:00
Mitchell Hashimoto fdc3368ac0 command: version test 2015-03-03 23:14:54 -08:00
Mitchell Hashimoto ba870b8fd2 scripts 2015-03-03 23:14:18 -08:00
Mitchell Hashimoto adbae744fb basic main boilerplate stuff 2015-03-03 23:03:24 -08:00