e8a36eb752
replacing "a key usage mode" as it is confusing ( #9194 )
...
Since the context of this page is transit and encryption keys, the use of the word "key" to mean effectively common seems ill advised. Proposing an alternative wording.
2020-06-11 07:50:31 -04:00
e959bc8e45
changelog++
2020-06-10 21:37:33 -07:00
821940f905
fix: invalidate cached clients after a config change in the aws secrets backend ( #9186 )
2020-06-10 20:53:48 -07:00
5ca6057295
website: remove whitepaper link from subnav ( #9190 )
2020-06-10 16:01:23 -04:00
c86c138ea0
changelog++
2020-06-10 13:33:51 -04:00
40699d2b9e
Improving transit batch encrypt and decrypt latencies ( #8775 )
...
Optimized batch items decoder bypassing mapstructure
2020-06-10 13:31:46 -04:00
f8993f7dc0
changelog++
2020-06-09 17:01:42 -07:00
e1a432a167
AWS: Add iam_groups parameter to role create/update ( #8811 )
...
Allows vault roles to be associated with IAM groups in the AWS
secrets engine, since IAM groups are a recommended way to manage
IAM user policies. IAM users generated against a vault role will
be added to the IAM Groups. For a credential type of
`assumed_role` or `federation_token`, the policies sent to the
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will
be the policies from each group in `iam_groups` combined with the
`policy_document` and `policy_arns` parameters.
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2020-06-09 16:56:12 -07:00
315d1ba9c5
Explain what lease tidy does. ( #9178 )
2020-06-09 16:54:06 -04:00
9cd5ff27b8
changelog++
2020-06-09 10:40:50 -04:00
8aee6262c1
Allow InfluxDB to use insecure TLS without cert bundle ( #8778 )
...
Moves the configuration of insecure TLS and TLS version outside of the certificate bundle.
2020-06-09 10:38:58 -04:00
3b4ba9d1fb
Upgrade raft library ( #9170 )
...
* Upgrade raft library
* Update vendor
* Update physical/raft/snapshot_test.go
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
* Update physical/raft/snapshot_test.go
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-06-08 16:34:20 -07:00
77dfab2b62
operator: init -status to return JSON ( #8773 )
2020-06-08 14:35:39 -04:00
27cf73afa8
fix error message for when an invalid uri_sans is provided via the api ( #8772 )
2020-06-08 13:43:56 -04:00
15661719fa
document all of the supported elliptic curves ( #8722 )
2020-06-08 11:26:56 -04:00
76e78605a9
Fixed minor typo in secrets documentation page ( #8856 )
2020-06-08 11:17:26 -04:00
61e795c5e2
Add namespace parameter to ssh helper config ( #9160 )
2020-06-08 08:16:03 -07:00
4e13db3912
[docs/telemetry] Unnecessary comma in HCL example ( #8817 )
2020-06-08 11:07:28 -04:00
009ef0b8a4
document response wrapping behavior ( #8156 )
...
Document response wrapping behavior so that it's clear how
WrappingLookupFuncs should behave.
2020-06-08 10:50:48 -04:00
38ca50cdd9
update to include vault_format ( #8876 )
2020-06-08 10:40:03 -04:00
6e97db6d68
Add note about flag -target=recovery for auto-unseal mode ( #9163 )
2020-06-08 09:26:49 -04:00
bf2ce8d1cb
docs: fix port number in curl command for aws rotate root iam creds ( #9157 )
2020-06-05 16:00:49 -07:00
0565e28592
docs: document raft and mlock interaction ( #9093 )
...
* docs: document raft and mlock interaction
* docs: expand on mlock issue when raft is used
* Update website/pages/docs/configuration/index.mdx
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2020-06-05 15:02:55 -07:00
e2d5d92b77
Github markdown doesn't use "^" for superscript, have to be explicit ( #9156 )
2020-06-05 16:55:33 -05:00
6937ec9817
changelog++
2020-06-05 15:56:38 -04:00
40730db136
certutil/helpers.go: Allow 3072 RSA key sizes. ( #8343 )
2020-06-05 15:54:41 -04:00
dd9c3b9133
Sync Protobuf dependencies between core and sdk ( #9154 )
...
* update go.mod/sum for root and sdk folders to sync protobuf versions
* run 'go mod vendor'
* bump github.com/golang/protobuf to v1.4.2
2020-06-05 14:15:12 -05:00
f8f4ae4ab2
Document and give an example of the input size limits when using the FF3-1 transform. ( #9151 )
...
* Document and give an example of the input size limits when using the FF3-1
transform.
2020-06-05 07:45:18 -05:00
fdba917b66
Fix feature flag persistence: we shouldn't have excluded dr primaries, they too must write feature flags. DR secondaries might not need depend on feature flags being there, but a DR primary could also be (or become) a perf primary. ( #9148 )
2020-06-04 13:00:33 -04:00
85d6886778
changelog++
2020-06-03 12:28:47 -07:00
e0e29a9586
docs/k8s: Add OpenShift K8s beta documentation ( #9135 )
...
* doc/k8s: add OpenShift examples
* Update requirements
* Update website/pages/docs/platform/k8s/helm/openshift.mdx
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
* Fix ha example
* Fix ha doc
* Update image references
* Fix formatting
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-03 15:10:37 -04:00
cc16c6d08e
fix: remove mount prefix from config path used to invalidate connections ( #9129 )
2020-06-03 12:04:55 -07:00
a60ba90a20
updated 1.3.2 and 1.4.0 upgrade guides to note AWS STS region issue fixed in 1.4.1 ( #9137 )
2020-06-03 10:27:45 -07:00
438345c390
Update OpenLDAP secret engine to v0.1.3 ( #9123 )
...
* Adds ability to use password policies
Operations:
Updated go.mod for OpenLDAP to v0.1.3
Ran `go mod tidy`
Ran `go mod vendor`
2020-06-03 10:37:00 -06:00
7622bee530
Docs updates for vault-helm 0.6.0 release ( #9116 )
...
* Docs updates for vault-helm 0.6.0 release
* added openshift and postStart values
* noting that openshift support is a beta feature
2020-06-03 11:44:32 -04:00
fa17e22050
Docs updates for vault-k8s 0.4.0 ( #9107 )
...
* Adding changes for vault-k8s 0.4.0
* add note about run-as-same-user rejecting root
2020-06-03 10:06:20 -04:00
fbd9fd4510
Fix upgrade guide ( #9133 )
2020-06-02 16:27:19 -07:00
475fe0eede
Token creation counters ( #9052 )
...
* Add token creation counters.
* Created a utility to change TTL to bucket name.
* Add counter covering token creation for response wrapping.
* Fix namespace label, with a new utility function.
2020-06-02 13:40:54 -05:00
5ca4d819d1
Update OpenLDAP Secrets Docs with Password Policies ( #9088 )
...
* Update OpenLDAP docs to use password policies
2020-06-02 11:34:01 -06:00
bd587da491
Add docs for password policies ( #8974 )
...
* Add docs for password policies
2020-06-02 11:12:22 -06:00
ab0bbc595b
agent/raft: fix typo in help strings ( #9114 )
2020-06-02 10:17:08 -04:00
34fab8ae09
Update gcp secrets plugin ( #9004 )
2020-06-01 11:02:33 -07:00
eb0b3ac286
Merge PR #9100 : Add key_version to Transit Logical Response
2020-06-01 13:16:01 -04:00
9dd67cbeb6
Merge PR #9027 : Integrated Storage (Raft): Add Support for max_entry_size Config
2020-06-01 10:17:24 -04:00
da3377ce6a
changelog++
2020-05-29 14:23:09 -04:00
8870b2e51c
Add mongodbatlas static roles support ( #8987 )
...
* Refactor PG container creation.
* Rework rotation tests to use shorter sleeps.
* Refactor rotation tests.
* Add a static role rotation test for MongoDB Atlas.
2020-05-29 14:21:23 -04:00
a098e313a9
correct sockaddr.is_contained example ( #9104 )
...
Syntax for sockaddr.is_contained should be outer, inner - i.e. range, IP. See https://docs.hashicorp.com/sentinel/imports/sockaddr/ for reference.
2020-05-29 10:51:31 -07:00
4481521c0e
Extend agent template tests to also validate that updated templates get re-rendered. ( #9097 )
2020-05-29 13:36:59 -04:00
12d704d97f
Provide token ttl and issue time in the audit log. ( #9091 )
...
* Populate a token_ttl and token_issue_time field on the Auth struct of audit log entries, and in the Auth portion of a response for login methods
* Revert go fmt, better zero checking
* Update unit tests
* changelog++
2020-05-29 12:30:47 -05:00
0e3229a3d8
add missing styles for mdx components ( #9103 )
2020-05-29 13:29:24 -04:00
Andy Assareh