Commit graph

3237 commits

Author SHA1 Message Date
Brian Shumate 41374ecd82 Add note about plugin_directory (#7584)
- Note that plugin_directory cannot be a symbolic link
2019-10-07 09:59:34 -04:00
Jim Kalafut e9560ea13c
Fix transit docs env var typo (#7572)
Fixes #7570
2019-10-04 12:45:02 -07:00
Brian Shumate 77311bf24f Docs: update Transit Secrets Engine Create Key (#7568)
- Use type that supports derivation in sample payload
2019-10-04 10:56:18 -07:00
ncabatoff e7fe4b6d92
Return a useful error on attempts to renew a token via sys/leases/renew (#7298) 2019-10-02 10:55:20 -04:00
Jim Kalafut 9c80c3770a
Fix identity token API docs (#7545) 2019-10-01 16:13:21 -07:00
Vu Pham 2176b5f701 Update oci-object-storage.html.md (#7543) 2019-10-01 16:08:34 -07:00
Jim Kalafut 153c4cc80e
Add 1.2+ role parameters back to JWT API docs (#7544)
This reverts 24c2f8c2ad76, which pulled the parameters while there were
outstanding bugs when using them with JWT auth.
2019-10-01 16:07:52 -07:00
Andy Manoske 6ff745af2c
Update index.html.md (#7506)
Feedback from customers re: audit information to explicitly expose where credential password creation takes place in the source code.
2019-09-26 09:53:07 -07:00
Ivan Kurnosov 1ad67097cd Fixed github-prod path (#7516) 2019-09-26 08:46:41 -04:00
Marc-Aurèle Brothier a9081a94b5 docs: add -verify documentation on operator rekey command (#7190) 2019-09-25 13:57:57 -07:00
Noel Quiles 1c589deef2 Update hashi-docs-sitemap to v0.1.6 (#7413) 2019-09-25 13:38:19 -07:00
Yoko 69795e5018 Fixed the hyperlink typo to blog (#7354) 2019-09-25 13:34:58 -07:00
Brian Shumate 54a45db46d Update sample request (#7431)
- Format curl command to be similar to other sample requests
- Add single quotes to URL for '?' so that example is functional
- Delete trailing space
2019-09-25 13:32:42 -07:00
minitux 88da7ecd82 Fix api auth approle documentation (#7382)
Change policies to token_policies
2019-09-25 13:27:27 -07:00
Vu Pham 2d84a1078f Use snake case for HA example (#7505) 2019-09-23 16:02:08 -07:00
Joel Thompson 551b7a5e5c secret/aws: Support permissions boundaries on iam_user creds (#6786)
* secrets/aws: Support permissions boundaries on iam_user creds

This allows configuring Vault to attach a permissions boundary policy to
IAM users that it creates, configured on a per-Vault-role basis.

* Fix indentation of policy in docs

Use spaces instead of tabs
2019-09-19 16:35:12 -07:00
Yahya 936af3650c [Docs] Fix typo in database sample request (#7492) 2019-09-19 10:14:34 +02:00
Graham Land 73b9e39775 Early indication of storage backend requirements (#7472)
A Vault Enterprise Pro customer in Japan has tried to get Vault DR replication working using Google Cloud Storage.
They were frustrated to learn that GCS may not have support for transactional updates which has resulted in a lot of wasted time.
The complaint was that this was not clear from our documentation.
This note may help customers to understand sooner that not all highly available backends support transactional updates.
2019-09-18 14:19:32 -07:00
Michael Gaffney fdc1274c70
Fix the transit trim key api doc (#7453) 2019-09-18 09:29:58 -04:00
Pavlos Ratis d5d5582b23 add more gcp examples (#6358) 2019-09-17 13:39:00 -07:00
Justin Weissig ec41f0d775 docs: fixed sample json payload parse error (#7484)
Fixed malformed json example (removed extra comma). Here's the payload parse error I was running into with the example.

```
{
  "rotation_period":"12h",
  "verification_ttl":43200,
}
```

Vault does not like this JSON.

```
curl -s \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload-2.json \
    http://127.0.0.1:8200/v1/identity/oidc/key/named-key-001 | jq
{
  "errors": [
    "failed to parse JSON input: invalid character '}' looking for beginning of object key string"
  ]
}
```
2019-09-17 11:42:01 +02:00
Jim Kalafut d9741060d2
Add OCI links to detailed index (#7483) 2019-09-16 16:05:47 -07:00
Becca Petrin d416b5a838
document role aws auth role name casing (#7356) 2019-09-16 11:55:03 -07:00
Jim Kalafut dc18e7d33f
Add Technology Preview disclaimer to Raft docs (#7478) 2019-09-16 08:44:04 -07:00
David Rubin a2a22e6611 Remove vaulted as supported nodejs client (#7404)
Vaulted is no longer maintained according to the readme. 

https://github.com/chiefy/vaulted#vaulted 

"No Longer Being Maintained Use node-vault for future support of Vault features!"
2019-09-13 16:33:15 -07:00
Joel Thompson 8a981004ec Add reading AWS root/config endpoint (#7245) 2019-09-13 10:07:04 -07:00
Michel Vocks f048a7c1be
Fixed wrong API method in API docs for identity token generation (#7462) 2019-09-13 09:08:18 +02:00
Laurent Godet 3de32582ae Fix kv destroy command (#7461) 2019-09-11 15:20:49 +02:00
Austin Heiman c1f41a5e77 document mysql and postgres generated password complexity (#7435) 2019-09-07 09:48:08 -07:00
Jim Kalafut 27377dd612
Document Postgres ha_table parameter (#7444)
Fixes #7416
2019-09-07 08:49:14 -07:00
Jim Kalafut 4859d253d5
Fix Azure auth api docs (#7446)
Fixes #6793, #6785
2019-09-06 15:38:12 -07:00
Yoko 72618cb5cf
Auto-unseal with Azure Key Vault (#7414)
* Added note based on Asana report

* Removed extra space
2019-09-06 15:03:37 -07:00
Jim Kalafut 210d6a4217
Update JWT docs re: host parameter (#7445) 2019-09-06 14:58:14 -07:00
Vu Pham e5f955f9a7 Updated naming for OCI Auth and Object Storage plugins (#7423) 2019-09-05 10:26:05 -07:00
Jim Kalafut 6d4d4b5636
Update docs sidebar for CF and OCI (#7421) 2019-09-04 15:31:21 -07:00
Vu Pham a09d13c54a Added OCI Auth plugin documentation (#7284) 2019-09-04 13:25:08 -07:00
Vu Pham 9c8dc4d179 OCI KMS plugin documentation (#7283) 2019-09-04 13:23:06 -07:00
Vu Pham 3318e883e1 OCI Object Storage documentation (#7282) 2019-09-04 13:22:20 -07:00
Jim Kalafut 7919bfb3de
Fix sidebar order (#7409) 2019-09-03 09:32:44 -07:00
Yoko 17ea1fb294
Fixed typo - --> _ (#7391) 2019-08-29 12:44:31 -07:00
Noelle Daley f1c1d47b34 fix ciphertext typo (#7366) 2019-08-26 19:40:00 -04:00
Becca Petrin 64ecf46fb6
rename pcf to cf maintaining backwards compat (#7346) 2019-08-26 09:55:08 -07:00
Becca Petrin efba500548
describe API calls made by the cf client (#7351) 2019-08-22 11:53:27 -07:00
Jason O'Donnell a23f7e71b6
docs: update vault helm doc (#7348)
* docs: update vault helm doc

* Update wording per review
2019-08-22 13:09:22 -04:00
Jeff Malnick ba4fbd4df8
Allow setting file mode on vault agent sink file (#7275)
* feat: enable setting mode on vault agent sink file

* doc: update vault agent file sink with mode configuration
2019-08-21 20:41:55 -07:00
Michael Gaffney 9da6460f4d
Add docs for Vault Agent Auto-auth Certificate Method (#7344)
Closes #7343
2019-08-21 10:34:26 -04:00
Tommy Murphy fc3f1896ad telemetry: add stackdriver metrics sink (#6957)
* telemetry: add stackdriver metrics sink

* telemetry: stackdriver go mod tidy
2019-08-20 14:47:08 -07:00
Joel Thompson ac18a44fae secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles (#6789)
* secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles

AWS now allows you to pass policy ARNs as well as, and in addition to,
policy documents for AssumeRole and GetFederationToken (see
https://aws.amazon.com/about-aws/whats-new/2019/05/session-permissions/).
Vault already collects policy ARNs for iam_user credential types; now it
will allow policy ARNs for assumed_role and federation_token credential
types and plumb them through to the appropriate AWS calls.

This brings along a minor breaking change. Vault roles of the
federation_token credential type are now required to have either a
policy_document or a policy_arns specified. This was implicit
previously; a missing policy_document would result in a validation error
from the AWS SDK when retrieving credentials. However, it would still
allow creating a role that didn't have a policy_document specified and
then later specifying it, after which retrieving the AWS credentials
would work. Similar workflows in which the Vault role didn't have a
policy_document specified for some period of time, such as deleting the
policy_document and then later adding it back, would also have worked
previously but will now be broken.

The reason for this breaking change is because a credential_type of
federation_token without either a policy_document or policy_arns
specified will return credentials that have equivalent permissions to
the credentials the Vault server itself is using. This is quite
dangerous (e.g., it could allow Vault clients access to retrieve
credentials that could modify Vault's underlying storage) and so should
be discouraged. This scenario is still possible when passing in an
appropriate policy_document or policy_arns parameter, but clients should
be explicitly aware of what they are doing and opt in to it by passing
in the appropriate role parameters.

* Error out on dangerous federation token retrieval

The AWS secrets role code now disallows creation of a dangerous role
configuration; however, pre-existing roles could have existed that would
trigger this now-dangerous code path, so also adding a check for this
configuration at credential retrieval time.

* Run makefmt

* Fix tests

* Fix comments/docs
2019-08-20 12:34:41 -07:00
Jim Kalafut 3ce3e40db7
Update role parameters in JWT API docs (#7328)
This is a temporary revert related to https://github.com/hashicorp/vault-plugin-auth-jwt/issues/66.
Once that change is in a released Vault, this docs change should be reverted back.
2019-08-16 08:09:15 -07:00
Jeff Mitchell 87f649bf99 Prep for 1.2.2 2019-08-14 16:54:16 -04:00
skarsol 073ff32900 Add section for consul 1.4+ (#6366) 2019-08-14 10:19:14 -04:00
Didi Kohen a14b44ee8b Add some more detail for the root generation process (#5720)
* Add some more detail for the root generation process

* Remove mention of old OTP and OTP provided on the start request
2019-08-14 10:16:10 -04:00
IPv4v6 8fe861ec04 add examples for ECC key sizes in documentation (#2952)
* add examples for ECC key sizes in documentation

Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>

* remove links to Go documentation
2019-08-14 10:08:41 -04:00
Calvin Leung Huang 675593bd18 docs: add 1.2.1 upgrade guide (#7274) 2019-08-14 09:45:09 -04:00
Jim Kalafut 4653861333
Fix PCF API docs field names (#7302) 2019-08-12 10:55:23 -07:00
Michel Boucey badb089ffb Add gothic, a Haskell KVv2 engine API client (#7301) 2019-08-12 13:30:25 -04:00
Jason O'Donnell ac16dec5c4
docs: update k8s helm doc (#7279) 2019-08-08 17:05:01 -04:00
Jeff Mitchell c9d4e83350 Bump some versions to prep 2019-08-05 17:43:12 -04:00
Jason O'Donnell 13ffbcd984
doc: add k8s vault-helm doc (#7193)
* doc: add k8s vault-helm doc

* Replace TODO with security warning

* Add TLS example

* Add production deployment checklist

* Add kube hardening guide

* Fix link to configuration values

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Fix typo in example

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Remove anchors, add tolerations/selector

* Fix rendering of global configuration

* Fix sidebar navigation and update links

* Add sidebar title to run doc

* Add platform index.html

* Add relative links

* Rename file

* Fix titles

* Add syntax highlighting to examples

* Move platforms in navigation bar
2019-08-05 17:15:28 -04:00
ncabatoff 439ea99c83
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true (#7241)
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true, i.e. return 200 instead of 429.
2019-08-05 16:44:41 -04:00
Jim Kalafut 4584c84d79
Add docs for OIDC verbose_oidc_logging (#7236) 2019-08-01 14:41:35 -07:00
Jeff Mitchell a9ba15a075
Add AppRole upgrade issue to upgrade guide for 1.2.0 (#7234) 2019-08-01 11:50:43 -04:00
Jim Kalafut beea6358f3
Fix GCP docs formatting (#7120) 2019-08-01 08:00:42 -07:00
Andre Hilsendeger 8f8af53394 docs: add connection options for MySQL storage backend (#7171) 2019-08-01 08:00:00 -07:00
Eko Simanjuntak a6b45bd2df fixing typo on chiphertext prefix (#7189) 2019-08-01 07:41:52 -07:00
Paul Banks 2c62c96fee Fix JSON example syntax in identity docs (#7227) 2019-07-31 15:23:00 -07:00
Becca Petrin 5c9228a021
Fix tag (#7221)
* fix tag

* Update index.html.md.erb
2019-07-30 15:51:31 -07:00
Becca Petrin 0b31996aa7
improve tls cert docs (#7132) 2019-07-30 13:57:36 -07:00
Jeff Mitchell 20aeba2fbe Fix PCF location in sidebar 2019-07-30 16:12:55 -04:00
Calvin Leung Huang 1eb7e3cd43 docs: add kmip docs/api to the sidebar (#7218) 2019-07-30 15:59:07 -04:00
Calvin Leung Huang d9ec7ea38c docs: add pcf docs/api to sidebar (#7219) 2019-07-30 15:58:51 -04:00
Jeff Mitchell fc79848856
Add token helper partial and pull into auth docs (#7220) 2019-07-30 15:58:32 -04:00
Jeff Mitchell e118b41d09 Fix yml exception in PCF docs 2019-07-30 15:02:53 -04:00
Jeff Mitchell 01987f972c Add 1.2.0 upgrade guide 2019-07-30 12:37:45 -04:00
Jeff Mitchell 1d75ace163 Update files for release 2019-07-30 00:23:20 -04:00
Björn Wenzel f4334ec824 Vault-CRD to synchronize Secrets with Kubernetes (#7105) 2019-07-29 11:04:42 +02:00
Jim Kalafut e3484526b8
Update identity token docs (#7195) 2019-07-26 09:59:38 -07:00
Jeff Mitchell 4c77d69fff Prep for rc1 release 2019-07-25 13:08:49 -04:00
Michel Vocks 524d101008 Added s3 storage path parameter (#7157) 2019-07-24 12:48:26 -04:00
Jonathan Sokolowski 325c06b2cc Add -dev-no-store-token to vault server command (#7104)
When starting a vault dev server the token helper is invoked to store
the dev root token.
This option gives the user the ability to not store the token.

Storing the token can be undesirable in certain circumstances
(e.g.  running local tests) as the user's existing vault token is
clobbered without warning.

Fixes #1861
2019-07-24 12:41:07 -04:00
Jim Kalafut 62e2aeb952
Rename entity group membership template parameters (#7099) 2019-07-19 10:08:47 -07:00
Mike Jarmy 0d4ae949a8
Add 'log-format' CLI flag, along with associated config flag, for 'vault server' command. (#6840)
* Read config before creating logger when booting vault server

* Allow for specifying log output in JSON format in a config file, via a 'log_level' flag

* Create parser for log format flag

* Allow for specifying log format in a config file, via a 'log_format' flag. Also, get rid of 'log_json' flag.

* Add 'log-format' command line flag

* Update documentation to include description of log_format setting

* Tweak comment for VAULT_LOG_FORMAT environment variable

* add test for ParseEnvLogFormat()

* clarify how log format is set

* fix typos in documentation
2019-07-18 15:59:27 -04:00
Jason O'Donnell be2e98a1f3
doc: Add default SSL note to PG storage (#7125) 2019-07-18 14:37:24 -04:00
Calvin Leung Huang ce829655a1
docs: update kmip scope delete api section (#7140)
* docs: update kmip scope delete api section

* fix wording in force param

* update scope delete example
2019-07-18 11:25:01 -07:00
Calvin Leung Huang f6d57042a1
docs: update kmip scope delete api section (#7127) 2019-07-16 14:05:48 -07:00
Martin Lee 6e672d398e Explain the dev server mounts a KV store (#7083)
Resolves #7081
2019-07-08 08:56:39 -07:00
Tim Arenz 54aaf8a87d Update tokens.html.md (#6697)
Fixing miner typo by adding dot.
2019-07-05 15:39:16 -07:00
Brian Shumate 39676b0b74 Update API docs for Create Token — resolves #7053 (#7056)
- Update sample `payload.json`
- Update sample response
2019-07-05 15:38:37 -07:00
Justin Weissig a5e762d36a docs: spelling (#6838)
Fixed minor spelling error: sychronized/synchronized.
2019-07-05 15:36:58 -07:00
Brian Shumate c041e7134c Update Cert Auth Login API docs — resolves #7039 (#7058)
- Add `--cert` and `--key` options to `curl` example so that it is
  clearer that the certificate and key must also be passed in
2019-07-05 15:36:20 -07:00
Daniel Mangum 3a6d8dbdd1 plugin docs: update example code snippet with correct imports and link to developing plugin backends tutorial (#6843)
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
2019-07-05 15:35:36 -07:00
Clint 28447e00a3 Combined Database backend: Add Static Account support to MySQL (#6970)
* temp support for mysql+static accounts

* remove create/update database user for static accounts

* update tests after create/delete removed

* small cleanups

* update postgresql setcredentials test

* temp support for mysql+static accounts

* Add Static Account support to MySQL

* add note that MySQL supports static roles

* remove code comment

* tidy up tests

* Update plugins/database/mysql/mysql_test.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update plugins/database/mysql/mysql.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* update what password we test

* refactor CreateUser and SetCredentials to use a common helper

* add close statements for statements in loops

* remove some redundant checks in the mysql test

* use root rotation statements as default for static accounts

* missed a file save
2019-07-05 14:52:56 -04:00
Michel Vocks 524c7517e9
Add namespace config option to agent auto-auth config (#6988)
* Added namespace option to vault agent auto-auth method

* Implemented review feedback
2019-07-03 09:33:20 +02:00
Garrett T 8fc4a63796 Set MaxIdleConns to reduce connection churn (postgresql physical) (#6967)
* Set MaxIdleConns to reduce connection churn (postgresql physical)

* Make new  "max_idle_connection" config option for physical postgresql

* Add docs for "max_idle_connections" for postgresql storage

* Add minimum version to docs for max_idle_connections
2019-07-02 15:03:56 -07:00
Michael Gaffney 4044cff8f2
Merge branch 'master' into mgaffney/kv-delete-version-after 2019-07-02 17:27:36 -04:00
emily 333d0425b9 fix permissions in GCP auth docs (#7035) 2019-07-01 15:13:36 -07:00
Jason O'Donnell 20e485a9d3
Add leeway parameters to JWT auth doc (#6947)
* Add leeway parameters to JWT auth doc

* Clarify leeway doc

* Apply suggestions from code review

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* Add note about only being applicable to JWT

* Update for negative values
2019-07-01 10:12:53 -04:00
Michel Vocks 2b5aca4300
Token identity support (#6267)
* Implemented token backend support for identity

* Fixed tests

* Refactored a few checks for the token entity overwrite. Fixed tests.

* Moved entity alias check up so that the entity and entity alias is only created when it has been specified in allowed_entity_aliases list

* go mod vendor

* Added glob pattern

* Optimized allowed entity alias check

* Added test for asterisk only

* Changed to glob pattern anywhere

* Changed response code in case of failure. Changed globbing pattern check. Added docs.

* Added missing token role get parameter. Added more samples

* Fixed failing tests

* Corrected some cosmetical review points

* Changed response code for invalid provided entity alias

* Fixed minor things

* Fixed failing test
2019-07-01 11:39:54 +02:00
Mike Ruth ee705088be Include Daytona as a third party tool (#6999)
* Include Daytona as third party tool

This is to include [Cruise's Daytona](https://github.com/cruise-automation/daytona) to the list of third party tools.
2019-06-30 20:49:11 -04:00
Vishal Nayak 2fcac90052
Raft Docs (#6966)
* Raft configuration doc

* API docs

* join sample

* Fix the Join API

* Add snapshot-force

* Update sys/storage subsection

* Use actual certs in examples

* Add sample configuration response

* Fix link

* remove TLS config options
2019-06-28 14:09:14 -04:00
Calvin Leung Huang 21059820d2
KMIP docs (#6969)
* docs: add docs/secrets/kmip

* Add KMIP API docs.

* small typo fix

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* format tables in api docs

* fix table formatting

* Fix wording.

* Remove references to tls_max_path_length.
2019-06-28 11:05:00 -07:00
Michael Gaffney 3b12c58e33
docs: Add delete-version-after to kv command line docs 2019-06-28 13:36:07 -04:00
Michael Gaffney 9366f95816 Remove delete-version-after from kv put and undelete subcommands
Removes the optional parameter "delete-version-after" from the following
CLI subcommands:

- kv put
- kv undelete
- kv rollback
2019-06-27 14:17:46 -04:00
Michael Gaffney 42324c22ff Add delete-version-after to kv CLI subcommands
Adds a new optional parameter "delete-version-after" to the following
CLI subcommands:

- kv metadata put
- kv put
- kv undelete
- kv rollback
2019-06-27 14:17:46 -04:00
Thomas Kula be998aeeac Cert auth method examples need to use https (#6961)
In order to present a client certificate to use the certificate
auth method, you must use https.
2019-06-27 11:04:09 -04:00
Lexman a4ba0e22ac Identity tokens documentation (#6971) 2019-06-26 07:31:10 -07:00
Jim Kalafut 4066a1d09c
Correct API docs examples (#6963) 2019-06-24 07:39:34 -07:00
Clint 4b00597609
Combined Database backend: remove create/delete support (#6951)
* remove create/update database user for static accounts

* update tests after create/delete removed

* small cleanups

* update postgresql setcredentials test
2019-06-23 15:58:07 -05:00
Jim Kalafut c7283f99ed
Update JWT tips (#6955) 2019-06-21 14:50:12 -07:00
Jim Kalafut 1074b5046f
Minor clean up JWT provider docs (#6952) 2019-06-21 11:49:08 -07:00
Anner J. Bonilla c98caa2cd7 update azure instructions (#6858)
Update instructions in regards to azure AD Authentication and OIDC
2019-06-21 11:28:12 -07:00
Jeff Escalante 7e7deeaa15 Add lockfile for website (#6940)
* add package-lock

* update package lock
2019-06-20 17:53:12 -04:00
Becca Petrin cd0f2ec5f6
Merge pull request #6913 from hashicorp/pcf-docs
PCF documentation
2019-06-20 09:28:06 -07:00
Aaron Bedra db25895001 Adds libvault to list of client libraries (#6890) 2019-06-20 08:01:12 -07:00
Brian Shumate 630de4d1ae Switch to simpler 'configured' (#6892) 2019-06-20 08:00:12 -07:00
Clint b55303eddb
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk

* fix issue of storing pointers and now copy

* update to use copy structure

* Remove file, put Item struct def. into other file

* add link

* clean up docs

* refactor internal data structure to hide heap method implementations. Other cleanup after feedback

* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods

* updates after feedback

* refactoring/renaming

* guard against pushing a nil item

* minor updates after feedback

* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC

* Initial Combined database backend implementation of static accounts and automatic rotation

* vendor updates

* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation

* add lock and setup of rotation queue

* vendor the queue

* rebase on new method signature of queue

* remove mongo tests for now

* update default role sql

* gofmt after rebase

* cleanup after rebasing to remove checks for ErrNotFound error

* rebase cdcr-priority-queue

* vendor dependencies with 'go mod vendor'

* website database docs for Static Role support

* document the rotate-role API endpoint

* postgres specific static role docs

* use constants for paths

* updates from review

* remove dead code

* combine and clarify error message for older plugins

* Update builtin/logical/database/backend.go

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* cleanups from feedback

* code and comment cleanups

* move db.RLock higher to protect db.GenerateCredentials call

* Return output with WALID if we failed to delete the WAL

* Update builtin/logical/database/path_creds_create.go

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* updates after running 'make fmt'

* update after running 'make proto'

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* update comment and remove and rearrange some dead code

* Update website/source/api/secret/databases/index.html.md

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* cleanups after review

* Update sdk/database/dbplugin/grpc_transport.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* code cleanup after feedback

* remove PasswordLastSet; it's not used

* document GenerateCredentials and SetCredentials

* Update builtin/logical/database/path_rotate_credentials.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* wrap pop and popbykey in backend methods to protect against nil cred rotation queue

* use strings.HasPrefix instead of direct equality check for path

* Forgot to commit this

* updates after feedback

* re-purpose an outdated test to now check that static and dynamic roles cannot share a name

* check for unique name across dynamic and static roles

* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials

* remove commented out code

* refactor to have loadstaticwals filter out wals for roles that no longer exist

* return error if nil input given

* add nil check for input into setStaticAccount

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* add constant for queue tick time in seconds, used for comparrison in updates

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* code cleanup after review

* remove misplaced code comment

* remove commented out code

* create a queue in the Factory method, even if it's never used

* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type

* document new method

* move rotation things into a specific file

* rename test file and consolidate some static account tests

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* update code comments, method names, and move more methods into rotation.go

* update comments to be capitalized

* remove the item from the queue before we try to destroy it

* findStaticWAL returns an error

* use lowercase keys when encoding WAL entries

* small cleanups

* remove vestigial static account check

* remove redundant DeleteWAL call in populate queue

* if we error on loading role, push back to queue with 10 second backoff

* poll in initqueue to make sure the backend is setup and can write/delete data

* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false

* add code comments on read-only loop

* code comment updates

* re-push if error returned from find static wal

* add locksutil and acquire locks when pop'ing from the queue

* grab exclusive locks for updating static roles

* Add SetCredentials and GenerateCredentials stubs to mockPlugin

* add a switch in initQueue to listen for cancelation

* remove guard on zero time, it should have no affect

* create a new context in Factory to pass on and use for closing the backend queue

* restore master copy of vendor dir
2019-06-19 14:45:39 -05:00
Becca Petrin 35faaef504 update field name to change from pr feedback 2019-06-19 09:54:18 -07:00
Alvin Huang 168a7ab1d5 pin github and netlify providers and fix config 2019-06-19 10:45:35 -04:00
Yoko ba82b04b15
Added a note about JWT (#6899) 2019-06-18 12:36:51 -07:00
Becca Petrin 57b2fbbd78 add to sidebar 2019-06-18 11:08:38 -07:00
Becca Petrin 7be6286966 fix typo 2019-06-18 09:32:14 -07:00
Becca Petrin 3fc63eb9d5 add api docs 2019-06-17 16:56:14 -07:00
Becca Petrin cd1b53b350 add agent docs 2019-06-17 15:24:10 -07:00
Becca Petrin 30d7f742b3 fix more typos 2019-06-17 15:09:43 -07:00
Becca Petrin 1ca20773c2 fix typos 2019-06-17 15:08:37 -07:00
Becca Petrin a420b966bb add docs 2019-06-17 15:00:30 -07:00
Becca Petrin ca165ffdef add es docs to sidebars 2019-06-17 12:05:57 -07:00
Becca Petrin 7927cc3a43
Update elasticdb.html.md 2019-06-17 11:24:42 -07:00
Becca Petrin 17a682da40 Merge branch 'opensource-master' into add-elasticsearch-auth 2019-06-17 11:12:51 -07:00
Becca Petrin fd2e859617 update doc to 7.1.1 2019-06-17 11:12:16 -07:00
Frederic Hemberger 8c5476fb0c Website(api/secret/identity): Fix whitespace in JSON examples (#6889) 2019-06-16 09:26:37 -04:00
Jason O'Donnell d2e620ae70
Fix multiline jwt config setup example (#6873) 2019-06-12 13:34:26 -04:00
Yoko 2b81ea64c3
Adding vault kv command doc (#6845)
* Adding vault kv command doc

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/destroy.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/destroy.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/undelete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>
2019-06-10 10:41:55 -07:00
Yoko daebe65d1c
upgrade guide warning about downgrading (#6836)
* upgrade guide warning about downgrading

* Changed the wording
2019-06-10 09:54:21 -07:00
Becca Petrin 5b9d49fc2d add elasticsearch database engine 2019-06-10 09:19:11 -07:00
Justin Weissig 0ae53eb5aa docs: minor fixes to improve sentence flow (#6839) 2019-06-06 08:25:59 -07:00
Lexman 9aa4662cec transit cache is an Interface implemented by wrapped versions of sync… (#6225)
* transit cache is an Interface implemented by wrapped versions of syncmap and golang-lru

* transit cache is an Interface implemented by wrapped versions of syncmap and golang-lru

* changed some import paths to point to sdk

* Apply suggestions from code review

Co-Authored-By: Lexman42 <Lexman42@users.noreply.github.com>

* updates docs with information on transit/cache-config endpoint

* updates vendored files

* fixes policy tests to actually use a cache where expected and renames the struct and storage path used for cache configurations to be more generic

* updates document links

* fixed a typo in a documentation link

* changes cache_size to just size for the cache-config endpoint
2019-06-04 15:40:56 -07:00
Justin Weissig fb75728c71 docs: minor spelling fix (#6818)
Fixed spelling: PostgresSQL/PostgreSQL.
2019-06-04 02:28:44 -05:00
Martin Lee 07978c08d6 Update pki-engine docs (#6238)
The user needs to set a decent TTL for the intermediate cert, otherwise all certs issued will be valid only for 30 minutes max.
2019-06-03 15:45:11 -05:00
Justin Weissig ff3e23e050 docs: fixed typos (#6809)
Fixed two typos: lifecyle + specfied.
2019-05-31 14:33:13 -05:00
Martin Lee b7dadc11e6 Add hard-won practical knowledge to the Okta notes (#6808) 2019-05-31 11:44:59 -05:00
Jim Kalafut 8f1eeda737
Fix OIDC API examples (#6803)
Fixes #6684
2019-05-30 21:50:34 -05:00
benz0 2e6686cc18 Explain owner role requirement (#6801) 2019-05-30 21:25:30 -05:00
Justin Weissig 3fc537da0b docs: spelling (#6799)
Fixed spelling: Specifiy/Specify.
2019-05-30 21:20:57 -05:00
Justin Weissig 7643eda03f docs: wording (#6798)
Fixed minor sentence flow: an sealed state -> a sealed state.
2019-05-29 19:13:13 -05:00
Justin Weissig 2d727a5640 docs: wording (#6746)
* docs: wording

Fixed wording: "lets create an"/"lets create a"

* Update website/source/docs/secrets/nomad/index.html.md

Co-Authored-By: Jeff Mitchell <jeffrey.mitchell@gmail.com>
2019-05-24 15:44:09 -04:00
Brian Shumate 543e149b8c Docs: Minor updates to PKI Secrets Engine (#6778)
* Docs: Minor updates to PKI Secrets Engine

- Update `ttl` and `max-lease-ttl` values from _43800_ which
  appears to be a typo, to _4380_; this helps avoid warnings
  like: "The expiration time for the signed certificate is
  after the CA's expiration time. If the new certificate is
  not treated as a root, validation paths with the
  certificate past the issuing CA's expiration time will
  fail." when following the Quick Start and using the tuned
  Root CA TTL of 8760h
- Change _my-role_ role name to _example-dot-com_ in **Setup**
  to help reduce confusion and match what is used in
  **Quick Start**

* ttl changes
2019-05-24 15:39:56 -04:00
Srikanth Venkatesh d08edf7483 Typo in concepts/policy-syntax (#6782) 2019-05-24 15:39:11 -04:00
Srikanth Venkatesh b9f67e5622 Fixed typo in documentation on vault internals/architecture (#6781) 2019-05-23 21:58:31 -07:00
nathan r. hruby 0762d9c6eb
fix indeting for mount options (#6780) 2019-05-23 19:09:52 -07:00
Joel Thompson 4e2ad1e568 docs: Fix Markdown formatting error in AWS Auth (#6745) 2019-05-15 21:12:08 -07:00
Jim Kalafut 1c507e3367
Update OIDC Provider Setup docs (#6739) 2019-05-15 11:57:18 -07:00
Justin Weissig e57866d558 docs: fixed typo (#6732)
Fixed typo: follwing/following.
2019-05-15 10:30:18 +02:00
Jeff Mitchell 4e83328aaf Fix recovery key backup path documentation 2019-05-14 10:58:19 -04:00
Rich FitzJohn 9b123dd352 Add link to R client on libraries list (#6722) 2019-05-13 16:14:49 -04:00
Justin Weissig cf3954f580 docs: fixed typo (#6721)
Fixed typo: appropiate/appropriate
2019-05-13 07:50:29 -04:00
Lexman b2850ac624
http timeout values are configurable (#6666)
* http timeout fields are configurable

* move return statement for server config tests outside of range loop

* adds documentation for configurable listener http_* values

* fixed some formatting for the docs markdown
2019-05-10 10:41:42 -07:00
bjorndolk e8f10814b6 Added HA backend for postgres based on dynamodb model (#5731)
Add optional HA support for postgres backend if Postgres version >= 9.5.
2019-05-10 12:48:42 -04:00
Jim Kalafut 826653e7f5
JWKS docs (#6645) 2019-05-09 13:32:50 -07:00
Justin Weissig 7bd9665a46 docs: better sentence flow (#6705)
Fixed for sentence flow: "When you bring up your server back up" to "When you bring your server back up".
2019-05-09 06:24:06 -04:00
Peter Souter 6623478406 Adds docs for session_token for awskms (#6691) 2019-05-07 08:27:06 -07:00
Mark Gritter 4b2193333a
Correct type for tls_skip_verify
Parses as boolean but needs to be represented as a string in configuration.
2019-05-06 16:02:36 -05:00
Travis Cosgrave 236d7c5e52 Add certificate auto-auth method to vault agent (#6652)
* adding auto auth for cert auth methods

* Adding Docs for Cert Auto-auth method

* fixes errors in docs

* wrong documentation title

* repariting a few typos in the docs and being very clear about where the certificates should be configured

* clarifying the name parameter documentation

* Fixes gofmt issues in command/agent.go

* Fix typo in docs

* Add nil check to Config for cert auto-auth and add test with and without a specified name
2019-05-06 10:39:27 -04:00
Justin Weissig 96ffab761e Fixed Typos (#6686)
Fixed typos: enviroment/environment x3.
2019-05-06 07:24:37 -04:00
Mark Gritter 91ed2c98a8
fix typo 2019-05-03 17:21:58 -05:00
Justin Weissig c18bf7709a Fixed Typo (#6678)
Fixed typo: telemtery/telemetry
2019-05-03 09:09:25 -07:00
Justin Weissig 15d8df84a0 Fixed Typo (#6672)
Fixed typo: overwritting/overwriting.
2019-05-02 11:59:01 -04:00
Russ Parsloe 86f39accf9 azurekeyvault doc fixed typos (#6663) 2019-05-01 13:37:01 -07:00
Justin Weissig 8d676312ee
Fixed Typo
Fixed typo: recomended/recommended.
2019-05-01 00:24:59 -07:00
Hugues Malphettes 520677fa9e [Doc]: PKI Fix allowed_uri_sans spelling mistake (#6660)
The doc of the PKI Role sample response currently reads:

`"allow_uri_sans": ["example.com","spiffe://*"],`

It should read:

  `"allowed_uri_sans": ["example.com","spiffe://*"],`
2019-04-30 17:48:51 -07:00
Justin Weissig e42e6d4ee3 Fixed Type (#6649)
Fixed typo. Changed procede to proceed.
2019-04-29 14:06:31 -07:00
Justin Weissig e2a0026964 Fixed Typo (#6650)
Fixed spelling: accesing/accessing.
2019-04-29 14:06:00 -07:00
Becca Petrin ba37546c08
Merge pull request #6642 from hashicorp/update-ad-docs
Update Active Directory secrets engine docs with new field
2019-04-29 13:48:09 -07:00
Becca Petrin e724d2f332 changes from feedback 2019-04-26 16:31:11 -07:00
Jim Kalafut 8f8ac67222
Minor GCP docs fixes (#6644) 2019-04-26 10:52:52 -07:00
Md Kamol Hasan 9b1b58f52a Add delete roleset option (#6635) 2019-04-26 10:48:34 -07:00
Justin Weissig 5737117129 Fixed typo (#6643)
Fixed type where zome should be zone.
2019-04-26 10:33:19 -07:00
Becca Petrin 7183bc9594 update ad docs with new field 2019-04-26 09:40:26 -07:00
Raja Nadar ffbe2c378d docs: added support for .net standard 2.0 as well (#6620)
.net standard 2.0 support
2019-04-23 14:50:16 -04:00
Becca Petrin 22a6e54957
Merge pull request #6380 from povils/aws_user_path
AWS add user_path option for role.
2019-04-23 09:05:35 -07:00
Brian Shumate e56a4b96bd Docs: add -type flag to token create command (#6621) 2019-04-23 10:58:50 +02:00
Brian Shumate 681d13fe27 Link directly to the hints (#6623)
* Link directly to the hints

* Wrap
2019-04-22 16:10:38 -07:00
Brian Shumate fb0a55614b Add type to documentation for create in token auth API (#6622)
* Add type to documentation for create in token auth API

* Wrapped
2019-04-22 12:15:21 -07:00
Povilas Susinskas 67f5bbe88f AWS backend: Add user_path option for role. 2019-04-22 18:07:21 +02:00
David Jiang 4381d922bb Update base64 decrypt command documentation (#6614)
* Update base64 decrypt command

* update to use --decode

* Apply suggestions from code review

Co-Authored-By: djiang <djiang09@gmail.com>
2019-04-18 22:40:13 -07:00
Brian Shumate 5aed4f0f76 Add some missing default values (#6611) 2019-04-18 22:24:20 -07:00
Brian Shumate 09aa4c7c15 Typo fixes (#6610) 2019-04-18 22:20:46 -07:00
Jeff Mitchell 9a7eb54a68 Merge branch '1.1.2' into master-oss 2019-04-18 18:49:49 -04:00
Jeff Mitchell fdea46f507 Prep for 1.1.2 2019-04-18 13:27:09 -04:00
Chris Hoffman b62468063a
Adding common prefix known issue to upgrade guide (#6575)
* Adding common prefix known issue to upgrade guide

* addressing feedback
2019-04-16 21:15:39 -04:00
Brian Kassouf e959b92040
Add known issue section to the upgrade guide (#6593) 2019-04-16 10:53:06 -07:00
Jeff Mitchell 213b9fd1cf Update to api 1.0.1 and sdk 0.1.8 2019-04-15 14:10:07 -04:00
Becca Petrin 6ded269700
Merge pull request #6268 from hashicorp/6234-aws-region
Add region to CLI for generating AWS login data
2019-04-12 16:15:38 -07:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jim Kalafut 75480642cf
Update JWT docs for bound_claims improvements (#6559) 2019-04-12 14:08:02 -07:00
Becca Petrin f20772310b Merge branch 'opensource-master' into 6234-aws-region 2019-04-12 11:13:17 -07:00
Michel Vocks a24474df5f
Fixed small issues in identity group alias API docs (#6569) 2019-04-12 09:05:37 +02:00
Brian Kassouf 494a332e96
Add upgrade guide for 1.1.1 (#6573) 2019-04-11 17:34:40 -07:00
Jeff Mitchell 3fba024c5f Update audit hmac'ing information on website docs 2019-04-11 16:38:43 -04:00
Jeff Mitchell a7038a871e Prep for 1.1 2019-04-11 11:16:22 -04:00
Jim Kalafut 22587672ec
Minor updates to OIDC docs (#6551) 2019-04-08 15:08:55 -07:00
Kamol Hasan 307cc20712 Correct gcp api doc 2019-04-08 18:55:36 +06:00
Calvin Leung Huang 5b26b699db docs: add Usage section in Namespaces docs (#6542) 2019-04-06 12:22:48 -04:00
Becca Petrin 4a4eab50a1 Merge branch 'opensource-master' into 6234-aws-region 2019-04-03 11:37:33 -07:00
Jan Brun Rasmussen cb37b2b4f3 Update OIDC docs for Azure (#6524)
Add section for configuration of external groups for Azure AD
2019-04-03 08:27:55 -07:00
Naoki Ainoya 7f488601f8 fix typo in gcpckms.html.md, cloudkms.cryptoKeys.get (#6515)
ref: https://github.com/hashicorp/vault/pull/6327/files#r270674452
2019-04-02 10:45:23 -07:00
Gavin Williams 197e717c29 [docs] Fix a minor issue with Azure secrets docs (#6517)
This will ensure that the docs render correctly.
2019-04-02 10:09:07 -05:00
Jim Kalafut 8a237e3ea5
Clarify config option wording (#6503)
Fixes #6123
2019-04-01 16:14:12 -07:00
ncabatoff 6652235e2a Highlight a sometimes surprising Vault behaviour: token revocation leads (#6489)
to lease revocation.
2019-04-01 15:34:30 -07:00
Becca Petrin 339cfcaaf8 merge master 2019-04-01 13:52:44 -07:00
Alessandro De Blasis c96362d466 agent: allow AppRole Auto-Auth when bind_secret_id = false (#6324)
* agent: allow AppRole Auto-Auth when bind_secret_id = false
2019-04-01 16:27:54 -04:00
Daniel Andrei Mincă e8f14b6554 grammar fix and space stripping (#6507)
- remove the 'a' and comma from 'When using a Auto Unseal, there are...'
  because everything needs to be in a single sentence
- strip extra spaces after end of propositions (there were 2 spaces
  instead of normally 1)

Resolves:
Related:
Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>
2019-04-01 08:23:46 -04:00
Matias Ozdy 63705661b4 Add missing = in dynamodb_table tf (#6493) 2019-03-28 08:24:56 -07:00
Jim Kalafut bc48dd1cc8
Update OIDC docs (#6485) 2019-03-27 11:47:05 -07:00
Thomas Kula 5a3937f9c1 Small typo fix to transit.html.md (#6482) 2019-03-26 17:32:26 -05:00
ncabatoff 5579e3cea5 Document sentinel namespace "token.namespace". (#6429) 2019-03-26 12:22:49 -07:00
Ryan Canty b72e3b8de1 Fixed typo in GCP auth docs (#6461)
* Fixed typo in GCP auth docs
2019-03-25 14:12:09 -04:00
Jeff Mitchell 1a191d80ff Update text around seal migration in 1.1 2019-03-25 12:44:22 -04:00
Jim Kalafut ac9885053e
Fix sidebar order (#6464) 2019-03-23 17:00:44 -05:00
Sean Malloy 29f3e0ed62 Add Docs For Prometheus Metrics (#6434)
Prometheus metrics were added as part of the Vault v1.1.0 release in PR #5308.
But no documentation was created. Adds the telemetry configuration docs and
the API docs.
2019-03-23 16:53:43 -05:00
Jeff Mitchell cdcd269b47 Add missing serial_number parameter from pki docs 2019-03-23 12:14:32 -04:00
Laura Gjerman-Uva 6193d4a0ac update AWS Auth API docs to show that role_id is the default for ec2_alias and iam_alias (auth/aws/config/identity endpoint) (#6460) 2019-03-22 15:09:54 -05:00
Jeff Mitchell 602d1e1a75
Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459) 2019-03-22 11:15:37 -05:00
Alex Sherwin c545e863fc Fixed grammatical issue in Auth Methods overview (#6456) 2019-03-22 10:36:14 -05:00
Jeff Mitchell 0794d89d9d Minor updates to JWT docs 2019-03-22 01:15:59 -04:00
Alex Sherwin 8e2942258f Fixing grammar in behavioral overview (#6451) 2019-03-21 20:49:52 -07:00
Daniel Santos 7d945f2ddd Fix misleading Agent Auth Overview doc page (#6443)
* Fix misleading Agent Auth Overview doc page

The example configuration in the Vault Agent Overview page is using wrong syntax
The configuration block is `cache` but doc is referencing it as `caching`

* Update website/source/docs/agent/index.html.md

Co-Authored-By: danlsgiga <danlsgiga@gmail.com>
2019-03-20 12:42:31 -04:00
Jim Kalafut e399d39f0e
Remove beta docs (#6431) 2019-03-18 16:38:54 -07:00
Brian Shumate d5dd532714 Minor grammar edits 2019-03-18 16:07:10 -04:00
Jeff Mitchell 3ea735045f Prep for release 2019-03-18 15:16:30 -04:00
ncabatoff fab1fde145
Move listener config from 'cache' block to top-level 'listener' blocks. Allow cache without auto-auth. (#6421)
* Since we want to use the Agent listener for #6384, move listener config
from top-level 'cache' block to new top-level 'listeners' block.

* Make agent config allow cache and listener blocks without auto-auth
configured.
2019-03-15 14:58:53 -04:00
Michel Vocks 4ee5f7dffe Docs: Update Agent overview page (#6420)
* Updated agent docs

* Updated overview agent page

* Updated complete links to short links
2019-03-15 12:33:31 -04:00
Andrej van der Zee 85fb1784b5 Cassandra plugin: Support for datacenter aware deployments (#6127)
* Added option 'local_datacenter' to Casssandra database plugin for DC aware Casssandra deployments.

* Fixed spelling errors in Cassandra database plugin.

* Added website documentation.

* Added local_datacenter to Cassanra database plugin.

* Reverted datacenter-aware change in deprecated Cassandra builtin secret engine.
2019-03-14 13:37:28 -07:00
Vishal Nayak f7907c2809 Agent: Listener refactoring and socket file system permissions (#6397)
* Listener refactoring and file system permissions

* added listenerutil and move some common code there

* Added test for verifying socket file permissions

* Change default port of agent to 8200

* address review feedback

* Address review feedback

* Read socket options from listener config
2019-03-14 11:53:14 -07:00
Jeff Mitchell b86edf3d8e Fix table 2019-03-14 12:24:11 -04:00
Jeff Mitchell 4eaf4112e7 Add namespace properties to Sentinel docs 2019-03-14 12:22:02 -04:00
Juan Fontes cb08ec433b Update aws docs (#6408) 2019-03-13 17:31:22 -07:00
Richard Flosi fd182f9099 Update hashi-consent-manager to v1.0.8 (#6401) 2019-03-12 18:29:37 -07:00
Jeff Mitchell 8c8553b065 Add a bit on testing upgrades in advance 2019-03-09 11:57:51 -05:00
Jeff Mitchell d2beb6e312 Update login command docs 2019-03-08 15:37:38 -05:00
Jeff Escalante 42acb433e6 correct quotes in docs layout (#6368) 2019-03-07 17:00:24 -08:00
Yoko e795a244b3 policy capabilities: write --> update (#6373) 2019-03-07 16:34:47 -05:00
Alessandro De Blasis 4b7f595b4c docs: pki - adding missing ext_key_usage_oids desc (#6367)
Adding missing entries

Just copied over the FieldSchema descriptions
2019-03-07 14:07:10 -05:00
Eero Niemi 1238545276 Fixed typo (#6363)
Fixed typo, rolset -> roleset
2019-03-07 09:50:13 -05:00
Becca Petrin 54c70efd88
update path for mounting plugin (#6351) 2019-03-06 15:57:03 -08:00
Calvin Leung Huang 66734fb03c
docs/agent-caching: update cache-clear endpoint (#6354) 2019-03-06 11:13:43 -08:00
Becca Petrin 1c34a1d21e
update partnership doc (#6352) 2019-03-06 10:27:12 -08:00
Calvin Leung Huang 0ebce62537 docs/agent-caching: add note about compatibility with older server versions 2019-03-05 14:12:04 -08:00
Vishal Nayak d0b9454518
Agent Cache doc updates (#6331)
* Agent Cache doc updates

* doc update

* Add renewal management section

* doc updates

* paraphrase the orphan token case
2019-03-05 15:19:52 -05:00
Vishal Nayak d8f39d54c9
Change agent's port to 8007 (#6348) 2019-03-05 12:57:17 -05:00
Jim Kalafut 1274a8d3d4
Update JWT plugin dependency and docs (#6345) 2019-03-05 09:46:04 -08:00
Becca Petrin 1909b20217 merge master 2019-03-05 09:39:53 -08:00
Chris Hoffman 8a57b90b47
Transit Auto Seal Docs (#6332)
* adding transit seal docs

* add missing backtick
2019-03-05 08:45:44 -05:00
Jim Kalafut a34099b9bb
Use HashTypeMap and remove structs in batch HMAC (#6334) 2019-03-04 14:49:29 -08:00
martinwaite 04c174214c Batch hmac - (#5850) (#5875) 2019-03-04 12:26:20 -08:00
Naoki Ainoya 7b395315dd fix doc to add missing permission to use gcpkms seal (#6327) 2019-03-04 11:46:06 -05:00
Jeff Mitchell d71b0e7b10
Add missing consistency param in docs for Cassandra in combined DB (#6330) 2019-03-04 10:21:33 -05:00
Becca Petrin 5dbd09cf2f
Merge pull request #6250 from chrissphinx/patch-1
fix example that was out-of-date
2019-02-28 10:28:24 -08:00
Becca Petrin 76f42975d6
Merge pull request #6251 from paulftw/patch-1
[Documentation] Update secrets-engines.html.md
2019-02-28 10:09:29 -08:00
Becca Petrin 4ecaa1b597
Merge pull request #6304 from bradjones1/patch-2
RabbitMQ 'vhost' parameter on roles endpoint should be 'vhosts'
2019-02-28 10:03:47 -08:00
Becca Petrin 7b4a184a52
Merge pull request #6224 from hashicorp/dp.fix-consul-storage-doc-6171
Fix example in documentation. Resolves [issue 6171]
2019-02-28 09:55:55 -08:00
Becca Petrin 4cf21cda87
Merge pull request #6221 from emilymye/website
Remove unsupported config delete for GCP auth docs
2019-02-28 09:52:52 -08:00
Becca Petrin 5829774e91
Support env vars for STS region (#6284) 2019-02-28 09:31:06 -08:00
Andrey Kuzmin b496fea4ad Etcd timeouts (#6285)
* Configurable lock and request etcd timeouts.

If etcd cluster placed on slow servers - request timeouts may be much greater, then hardcoded default values.
Also, in etcd setup, like above - may be need to greater lock timeout.

* Configurable lock and request etcd timeouts.

Docs.

* Use user friendly timeout syntax.

To allow specify more readable time values.
2019-02-27 18:34:29 -08:00
Anton R. Yuste 4120aa2da0 Specify the userpass name creating the alias entity (#6289) 2019-02-27 18:28:33 -08:00
Jon Currey e9891013b3 Fix typo on Seal page of concepts docs (#6290) 2019-02-27 18:27:36 -08:00
John O'Sullivan 62f454c972 Documenting -dev-plugin-dir vault server option (#6307)
Based on an answer from Brian Kassouf on the Google Group: https://groups.google.com/d/msg/vault-tool/7Qf9Hn1w3jA/yGUIKZxHGAAJ
2019-02-27 18:24:49 -08:00
Brad Jones da99b6d088
RabbitMQ 'vhost' parameter on roles endpoint should be 'vhosts'
In deploying this, I noted that passing `vhost` was unsuccessful, yet `vhosts` is.
2019-02-27 15:19:54 -07:00
vishalnayak 1d16601b7f Agent caching docs superscript beta 2019-02-26 10:36:24 -05:00
vishalnayak dee2e1797d Add Beta superscript to caching docs 2019-02-26 10:28:55 -05:00
vishalnayak 2ab27e6087 Agent doc update for beta testers 2019-02-26 10:20:55 -05:00
vishalnayak f04b4d1668 Change agent's default port number to 8100 2019-02-26 10:02:12 -05:00
Calvin Leung Huang 5b5ec851c7 Agent caching docs (#6272)
* WIP agent caching docs

* More docs updates

* Add caching/index.html to docs_detailed_categories.yml

* Some more docs updates

* Some more docs updates

* updates

* address review feedback

* fix sample config

* Update website/source/docs/agent/caching/index.html.md

Co-Authored-By: calvn <cleung2010@gmail.com>

* fix config for sidebar display

* Add environment variable to the docs
2019-02-26 09:57:17 -05:00
Jim Kalafut 9bac5158cd
Update JWT docs for OIDC feature (#6270) 2019-02-21 17:06:23 -08:00
Becca Petrin 81cfa79d02 add note about sts region to doc 2019-02-21 16:57:52 -08:00
Chris Hoffman 481c38c7d0
adding 1.1 upgrade docs (#6279) 2019-02-21 17:41:06 -05:00
Brian Kassouf 40399cb387
Update config.rb 2019-02-20 17:24:53 -08:00
Becca Petrin 65b8ad9187 allow aws region in cli login 2019-02-20 16:43:21 -08:00
Brian Kassouf 5cd0e97654
release prep 2019-02-20 11:12:09 -08:00
Paul Korzhyk acb97878b4
Update secrets-engines.html.md
That sentence sounds weird to me. I think this way is better.
2019-02-17 12:35:20 +02:00
chrissphinx fda98fdb4a
fix example that was out-of-date
showing how to allow users auth'd with userpass method to modify their own passwords
2019-02-16 14:04:05 -05:00
dp-h e8bc0e7ab2 Revert "Add trailing slash for example in Vault Consul Storage Backend documentation. Fixes [issue 6171]"
This reverts commit 7726fdd1aaf7848dc5af9d4867e76bd1588f7bac.

Revert to go through proper PR. Apologies.
2019-02-14 13:40:17 -07:00
Dan Brown 8cf24e8551 Docs EA update 1.0 (#6219)
* Confirm RA against Vault 1.0

Change product_version frontmatter to ea_version and increase to 1.0

* Update frontmatter key

Change product_version frontmatter to ea_version
2019-02-13 10:06:54 -05:00
Brian Shumate c7ceffba30 Update configuration/listener documentation (#6228)
- Clarify that PROXY protocol version 1 is currently supported
- Add missing backtick to fix formatting issue
2019-02-13 09:27:05 -05:00
dp-h 72880b965a Add trailing slash for example in Vault Consul Storage Backend documentation. Fixes [issue 6171] 2019-02-12 17:05:31 -07:00
dominic ed6d45eece Revert "Add trailing slash for example in Vault Consul Storage Backend documentation. Fixes [issue 6171]"
This reverts commit b275f2a1e6d74400bb3cf702d1e03c90d31624cb.

Pushed to master, my apologies. Will do proper PR for this.
2019-02-12 16:49:34 -07:00
dominic f11a29d13c Add trailing slash for example in Vault Consul Storage Backend documentation. Fixes [issue 6171] 2019-02-12 16:47:17 -07:00
Emily Ye 79c8f05dee remove unsupported config delete docs 2019-02-12 13:48:30 -08:00
vishalnayak 8a6cd92f85 Update transit docs 2019-02-12 14:27:17 -05:00
Jeff Mitchell 3fb3ee3f49 Bump versions for release 2019-02-12 08:55:58 -05:00
Sean Carolan 58ba07f666 Make this easier for new users (#6211) 2019-02-11 17:34:22 -05:00
Clint 0db43e697b Add signed key constraints to SSH CA [continued] (#6030)
* Adds the ability to enforce particular ssh key types and minimum key
lengths when using Signed SSH Certificates via the SSH Secret Engine.
2019-02-11 13:03:26 -05:00
Andrej van der Zee 604e8dd0f0 Added socket keep alive option to Cassandra plugin. (#6201) 2019-02-10 18:34:50 -05:00
Michel Vocks 1ddd194c28 Added missing backslash in iam identity guide (#6193) 2019-02-08 09:56:36 -08:00
Brian Nuszkowski 707c6d1813 Add SHA1 signing/verification support to transit engine (#6037)
* Add SHA1 signing/verification support to transit engine

* Update signing/verification endpoint documentation to include sha1 hash algorithm
2019-02-07 15:31:31 -08:00
Graham Land 13e60dbb40 Add Vault supported log levels (#6185)
Documentation : Add the supported log level configurations

`Supported log levels: Trace, Debug, Error, Warn, Info.`
2019-02-07 11:27:08 -08:00
Martins Sipenko ea56be1e69 Fix section heading size (#6137) 2019-02-07 11:18:58 -08:00
Eero Niemi f9cb767d9c Fixed typo (newtwork -> network) (#6177) 2019-02-07 13:06:38 -05:00
Jeff Mitchell ea61e8fbec Remove refresh_interval from kvv1 API docs and CLI docs since kv get doesn't use it 2019-02-06 21:51:08 -05:00
Aidan Daniels-Soles 39893a1e15 Fix wrong file name in service definition (#6174) 2019-02-06 15:43:03 -05:00
d 97a73d6bf8 Revert "fixed trailing slash in consul.html.md example"
This reverts commit 4310bb58c83285ebd9cfcb302b70d1db432a11e2.

Accidental push to master, my apologies. See PR https://github.com/hashicorp/vault/pull/6175
2019-02-05 17:42:15 -07:00
Dominic Porreco 778e6add49 fixed trailing slash in consul.html.md example 2019-02-05 17:01:39 -07:00
Jeff Mitchell 5f249d4005
Add allowed_response_headers (#6115) 2019-02-05 16:02:15 -05:00
Aidan Daniels-Soles 86f096449b Replace special hyphen (#6165) 2019-02-05 10:48:26 -08:00
Brian Shumate 18c8f390f9 Update AppRole API docs (#6047)
- Use consistent "Create/Update" heading text style
2019-02-04 11:17:16 -05:00
nickwales e2429522fa Removed typo (#6162) 2019-02-04 11:13:37 -05:00
Matthew Potter 5e374d5cd1 Add libvault to the list of elixir libraries (#6158) 2019-02-04 11:12:29 -05:00
Yoko a9392f9840
Adding a mention for 'kv-v2' as type (#6151) 2019-02-01 11:26:08 -08:00
Jeff Mitchell adccccae69 Update example output for PKI serial -> serial_number
Fixes #6146
2019-02-01 10:29:34 -05:00
Jeff Mitchell b2cc9ebd3a Remove regenerate-key docs as it no longer exists 2019-02-01 09:29:40 -05:00
Jeff Mitchell 47accf8086 Add role_id as an alias name source for AWS and change the defaults 2019-01-30 15:51:45 -05:00
Donald Guy 4363453017 Docs: Azure auth example using metadata service (#6124)
There are probably better ways to massage this but I think it would be helpful to have something like this included
2019-01-30 12:13:39 -08:00
nathan r. hruby a643664c5b bump dato and rack to fix website builds 2019-01-30 11:10:49 -07:00
Brian Shumate 2337df4b2b Update documentation for command operator unseal (#6117)
- Add migrate command option
2019-01-28 10:27:51 -05:00
Gordon Shankman cd2f7bbde8 Adding support for SSE in the S3 storage backend. (#5996) 2019-01-26 16:48:08 -05:00
Calvin Leung Huang 34af3daeb0 docs: update agent sample config (#6096) 2019-01-24 07:25:03 -05:00
Jeff Mitchell 3f1a7d4fdd
Update to latest etcd and use the new repository packages (#6087)
This will be necessary for go mod work

Additionally, the srv api has changed. This adapts to it.
2019-01-23 14:35:03 -05:00
Jeff Mitchell 5e126f6de8
Implement JWS-compatible signature marshaling (#6077)
This currently only applies to ECDSA signatures, and is a toggleable
option.
2019-01-23 12:31:34 -05:00
gitirabassi 1aaacda3ec small fixes to docs and indexes 2019-01-18 02:14:57 +01:00
Jim Kalafut 0f2fcfb6f1
Update JWT docs with new jwt_supported_algs parameter (#6069) 2019-01-17 15:27:20 -08:00
Yoko e5c6b421e0 Fixed the broken link (#6052)
* Fixed the broken link

* Fixing the broken link

* Fixes redirect to Tokens guide

The separate redirect within learn.hashicorp.com will be fixed on its own repo.
2019-01-16 17:06:28 -08:00
Yoko e09f058ada
Adding the CLI flag placement info (#6027)
* Adding the CLI flag placement info

* Adding the definition of 'options' and 'args'

* tweaked the wording a little bit

* Added more description in the example

* Added a link to 'Flags' in the doc for options def
2019-01-15 11:24:50 -08:00
Jeff Mitchell f75f4e75c7 Prepare for 1.0.2 2019-01-15 11:25:11 -05:00
Jim Kalafut 960eb45014
Remove unnecessary permission 2019-01-10 16:18:10 -08:00
Seth Vargo e726f13957 Simplify permission requirements for GCP things (#6012) 2019-01-10 10:05:21 -08:00
Dilan Bellinghoven f9dacbf221 Add docker-credential-vault-login to Third-Party Tools (#6003)
* Added Docker credential helper to list of Third-Party tools

* website/source/api/relatedtools.html.md: Fixed a typo
2019-01-10 10:46:18 -05:00
Yoko 9a4de34dce Allowed characters in paths (#6015) 2019-01-10 10:39:20 -05:00
Vishal Nayak 0c30f46587
Add option to configure ec2_alias values (#5846)
* Add option to configure ec2_alias values

* Doc updates

* Fix overwriting of previous config value

* s/configEntry/config

* Fix formatting

* Address review feedback

* Address review feedback
2019-01-09 18:28:29 -05:00
Yoko 0a97f95ff4
Document upper limit on Transit encryption size (#6014) 2019-01-08 17:57:43 -08:00
Giacomo Tirabassi 0d3845c537 Influxdb secret engine built-in plugin (#5924)
* intial work for influxdb secret plugin

* fixed typo

* added comment

* added documentation

* added tests

* fixed tests

* added vendoring

* minor testing issue with hardcoded values

* minor fixes
2019-01-08 17:26:16 -08:00
Julien Blache 91d432fc85 FoundationDB backend TLS support and housekeeping (#5800)
* Fix typo in documentation

* Update fdb-go-install.sh for new release tags

* Exclude FoundationDB bindings from vendoring, delete vendored copy

FoundationDB bindings are tightly coupled to the server version and
client library version used in a specific deployment. Bindings need
to be installed using the fdb-go-install.sh script, as documented in
the foundationdb backend documentation.

* Add TLS support to FoundationDB backend

TLS support appeared in FoundationDB 5.2.4, raising the minimum API version
for TLS-aware FoundationDB code to 520.

* Update documentation for FoundationDB TLS support
2019-01-08 09:01:44 -08:00
Seth Vargo 46cbfb0e4b Fix formatting (#6009)
The new markdown parser is less forgiving
2019-01-08 08:51:37 -08:00
Jeff Escalante a22275d4e0 remove extra analytics page call (#5997) 2019-01-07 11:18:55 -05:00
Thomas Kula 4265579aaa Fix small typo in azure.html.md (#6004) 2019-01-07 10:03:22 -05:00
Aric Walker c065b46f42 Remove duplicate "Users can" from policy md (#6002) 2019-01-07 07:02:28 -08:00
Seth Vargo c3f1043c24 Reduce required permissions for the GCPCKMS auto-unsealer (#5999)
This changes the behavior of the GCPCKMS auto-unsealer setup to attempt
encryption instead of a key lookup. Key lookups are a different API
method not covered by roles/cloudkms.cryptoKeyEncrypterDecrypter. This
means users must grant an extended scope to their service account
(granting the ability to read key data) which only seems to be used to
validate the existence of the key.

Worse, the only roles that include this permission are overly verbose
(e.g. roles/viewer which gives readonly access to everything in the
project and roles/cloudkms.admin which gives full control over all key
operations). This leaves the user stuck between choosing to create a
custom IAM role (which isn't fun) or grant overly broad permissions.

By changing to an encrypt call, we get better verification of the unseal
permissions and users can reduce scope to a single role.
2019-01-04 16:29:31 -05:00
Seth Vargo 1917bb406d Fix audit docs (#6000)
These appear to have been converted to (bad) HTML. This returns them to
their original markdown format.
2019-01-04 13:45:50 -06:00
Iain Gray ecdacbb90a Update DG to Vault 1.0 (#5855)
* Update DG to Vault 1.0

* as per comments  - chrishoffman

* Removed stray bracket and added quotes

* updated as per conversations with Dan
2019-01-03 10:10:37 -05:00
Mike Wickett 46576acff3 website: add print styles for docs (#5958) 2019-01-03 09:24:10 -05:00
Graham Land 2e92372710 Docs: Add Auto Unseal Rekey example (#5952)
* Add KMS Rekey example

I've had customers looking for AWS KMS rekeying examples today - when using pgp keys.
This example would have clarified what they needed to do.

* Replaced KMS reference with Auto Unseal

``` bash
Rekey an Auto Unseal vault and encrypt the resulting recovery keys with PGP:
```
2019-01-03 09:23:43 -05:00
Becca Petrin d7f31fe5e4
Merge pull request #5892 from jen20/jen20/dynamodb-capacity-doc
docs: Clarify the utility of DynamoDB capacities
2018-12-20 11:54:26 -08:00
Becca Petrin d108843a0a
Merge pull request #5947 from hmalphettes/master
Docs: JWT API - List Roles: fix the path
2018-12-20 09:15:57 -08:00
Becca Petrin f4ea0e001f
Merge pull request #5940 from hashicorp/je.website-local-run-docs
Improve local development instruction
2018-12-20 09:11:13 -08:00
R.B. Boyer 0ebb30938c website: fix simple typo (#5979) 2018-12-19 14:46:54 -08:00
Clint 004ca032e8
add MSSQL storage docs to sidebar (#5978) 2018-12-19 14:06:42 -06:00
Graham Land c1fa76e9e2 Docs: Add example for Vault init Auto Unseal with PGP Keys (#5951)
* Add example for AWS KMS AutoUnseal with PGP Keys

A customer could not figure how to get this working today. 
This example would have helped them. We don't mention KMS anywhere in this section.

* Changed reference from AWS KMS to Auto Unseal

``` bash
Initialize Auto Unseal, but encrypt the recovery keys with pgp keys:
```
2018-12-18 11:42:10 -05:00
Janosch Maier b95fbbafe9 Docs: Fix project resource name in gcp roleset documentation (#5966)
The resource name when referring to a GCP project needs to have a "s". This PR adds the missing letter in the documentation.
2018-12-17 16:22:02 -08:00
vishalnayak 689163e7ed Upgrade guide for 0.11.6 2018-12-14 12:22:50 -05:00
Jeff Mitchell 8e229fed4a Prep for release 2018-12-14 10:42:59 -05:00
Matthew Irish 4e06fd698e update help output examples and mention openapi fragment support (#5954) 2018-12-14 09:12:03 -05:00
Jeff Mitchell d9d47bb252 Update Consul ACL example
Fixes #5831
2018-12-13 17:18:28 -05:00
Hugues Malphettes 726d79d854
Merge branch 'master' into master 2018-12-14 05:21:41 +08:00
Jeff Mitchell 1d847b3acc Add sidebar link for approle autoauth docs 2018-12-13 09:51:47 -05:00
Hugues Malphettes 6ea6844ef9
JWT API - List Roles: fix the path
With vault-1.0.0 and vault-0.11.4 a different path is needed to list the jwt registered roles:

```
$ vault list auth/jwt/roles
No value found at auth/jwt/roles/

$ vault list auth/jwt/role
Keys
----
myrole
```
I hope this helps!
2018-12-13 06:27:30 +08:00
Sergey Trasko f24a4f189e Fixed markdown for cert documentation (#5735) 2018-12-12 15:27:28 -05:00
Joel Thompson 286b3f4e9f auth/aws: Clarify docs for cross-account access with IAM auth (#5900)
The docs hadn't been updated to reflect the ability to do cross-account
AWS IAM auth, and so it was a bit confusing as to whether that was
supported. This removes the ambiguity by explicitly mentioning AWS IAM
principals.
2018-12-12 15:21:27 -05:00
Bert Roos cfa008896d Added comma for readability (#5941)
Signed-off-by: Bert Roos <Bert-R@users.noreply.github.com>
2018-12-12 09:23:20 -05:00
Graham Land 53c6b36613 Fixing a couple of small typos (#5942) 2018-12-12 05:56:58 -08:00
Jeff Escalante eddfd7ff23 improve bootstrap script and local development instructions 2018-12-11 19:46:52 -05:00
emily 94c03d1072 Update GCP auth BE docs (#5753)
Documented changes from https://github.com/hashicorp/vault-plugin-auth-gcp/pull/55
* Deprecating `project_id` for `bound_projects` and making it optional
* Deprecating `google_certs_endpoint` (unused)
* Adding group aliases 

Also, some general reformatting
2018-12-10 12:54:18 -08:00
Jeff Mitchell c67ef8be09
Update PKI docs (#5929) 2018-12-10 10:24:47 -05:00
Tommy Murphy d3774e6aaa Correct GCE Token Parameter (#5667)
As written the GCE token curl results in an error: "non-empty audience parameter required".

Google's docs (https://cloud.google.com/compute/docs/instances/verifying-instance-identity) confirm that the parameter is 'audience' not 'aud'.
2018-12-07 15:10:30 -08:00
Matthew Irish a447dac803
change ui url so that it includes the trailing slash (#5890) 2018-12-05 12:25:16 -06:00
Chris Hoffman 561502394a
fixing redirect (#5908) 2018-12-05 12:06:15 -05:00
Chris Hoffman 57536e0c41
adding a redirect for old style upgrade guide location (#5905) 2018-12-05 10:54:10 -05:00
Chris Hoffman cebbe43f70
removing beta tag (#5904) 2018-12-05 10:45:22 -05:00
Jim Kalafut cb52f36c38 Update downloads.html.erb (#5899) 2018-12-05 10:40:33 -05:00
Chris Hoffman 1da490e929
adding upgrade guide for 1.0 (#5903)
* adding upgrade guide for 1.0

* fixing sidebar
2018-12-05 10:33:53 -05:00
ncabatoff b53437a2f8
Fix documentation re substitutions. It appears this was broken from day one. (#5896) 2018-12-04 13:14:00 -05:00
Jim Kalafut 3552019795
Update operator migrate docs (#5895) 2018-12-04 08:49:42 -08:00
James Nugent 65e7a2660d docs: Clarify the utility of DynamoDB capacities
When configuring DynamoDB, the read and write capacities configured only
have any effect if the table does not exist. As per the comment in the
code [1], the configuration of an existing table is never modified. This
was not previously reflected in the documentation - this commit
rectifies that.

[1]: https://github.com/hashicorp/vault/blob/master/physical/dynamodb/dynamodb.go#L743-L745
2018-12-03 17:55:18 -06:00
Martin 6c0ce0b11f Typo in policy template doc (#5887) 2018-12-03 14:36:17 -05:00
RJ Spiker 1a5149dceb website: @hashicorp dependency bumps (#5874) 2018-12-03 12:17:10 -05:00
RJ Spiker 14f5c88a38 website: responsive styling updates (#5858)
* docs-sidenav version bump with required updates to #inner styles

* website - fix ie11 responsive rendering bug
2018-12-03 12:09:28 -05:00
Jeff Mitchell 149e14f8fa Some release prep work 2018-12-03 10:01:06 -05:00
Jim Kalafut 1f3ea9b30a
Fix docs typos (#5881) 2018-11-30 14:32:04 -08:00
Martins Sipenko 3c0d63169c Fix config/sts docs (#5839) 2018-11-30 11:08:47 -08:00
Mike Christof a82ff1f92e fixed api/secret/ssh docs (#5833) 2018-11-30 10:55:33 -08:00
Lucy Davinhart 046e5fcf57 Document /sys/health?perfstandbyok (#5870)
* Document /sys/health?perfstandbyok

Discovered that in Vault Enterprise 0.11.5, `/sys/health?standbyok` returns a 473 status for performance standby nodes, compared to a 200 for standard standby nodes.

Turns out there was an additional `perfstandbyok` option added, here:
e5aaf80764

* Update health.html.md

Slight tweak to wording for perfstandbyok
2018-11-29 09:57:30 -08:00
Martins Sipenko 640bae4b65 Remove false statement from docs. (#5854) 2018-11-27 07:47:34 -05:00
Clint dfe585c7f7 Agent kube projected token (#5725)
* Add support for custom JWT path in Agent: kubernetes auth

- add support for "token_path" configuration
- add a reader for mocking in tests

* add documentation for token_path
2018-11-19 14:28:17 -08:00
Jennifer Yip 5ad06760d6 Update share image (#5776) 2018-11-19 17:24:13 -05:00
Jennifer Yip 6421670cfe Add consent manager to vaultproject.io (#5808)
* Add consent manager

* Add Hull and Hotjar
2018-11-19 17:23:03 -05:00
Richard Flosi 7daa57ccf3 Update section-header to 4.0.0 (#5821) 2018-11-19 17:20:54 -05:00
Jeff Escalante 15c22a414e update docs sidenav (#5810) 2018-11-19 17:20:03 -05:00
Atthavit Wannasakwong 4344bb8ec1 fix wrong IAM action name in docs (#5812)
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/api-permissions-reference.html
2018-11-17 09:10:50 -08:00
Jeff Escalante 0a2e62d2d6 add ruby version to root (#5802) 2018-11-16 08:19:50 -05:00
Richard Flosi 34bdb080f8 Update section-header usage for vaultproject.io (#5799) 2018-11-16 08:16:58 -05:00
Janosch Maier 192c8b5c84 Fix incorrect parameter name in docs (#5798) 2018-11-15 13:56:12 -08:00
Clint 7db8d4031e
Add read config endpoint docs (#5790)
* Add read config endpoint docs

* fix response code, remove empty fields from sample response
2018-11-15 11:51:06 -06:00
Yoko 4c6de9f808
Fixing broken link (#5794) 2018-11-15 09:23:05 -08:00
Jim Kalafut d45220159d
Fix incorrect parameter name in docs (#5793)
Fixes https://github.com/hashicorp/vault-plugin-auth-gcp/issues/56
2018-11-14 17:16:04 -08:00
RJ Spiker 2a3e8a6604 website: add js-utils and update components to accommodate (#5751) 2018-11-14 11:13:02 -08:00
Becca Petrin 8f82809c78
Update docs to match running builtins as plugins (#5727) 2018-11-14 09:17:12 -08:00
Brian Kassouf 119ae7e26d
Update downloads.html.erb 2018-11-13 20:01:17 -08:00
Brian Kassouf d7f8f9f312
Update config.rb 2018-11-13 19:58:41 -08:00
Vishal Nayak c144bc4b34
Recommend IAM auth over EC2 (#5772)
* Recommend IAM auth over EC2

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
2018-11-13 18:49:25 -05:00
Vishal Nayak 086e7c6a41
Fix CLI flag name for rekeying (#5774) 2018-11-13 14:27:14 -05:00
Jim Kalafut a6b6898cca
Add docs for openapi endpoint (#5766) 2018-11-13 09:39:19 -08:00
Jeff Mitchell 41460ffb29
Add note about seal migration not being supported for secondaries currently (#5762) 2018-11-12 09:41:05 -05:00
Jeff Escalante 517589eff3 Add redirect for /intro/index.html, remove old unused redirects file (#5728)
* add redirect for /intro/index.html, remove old unused redirects file

* adjust redirect link
2018-11-09 13:12:11 -05:00
Jeff Escalante f792a5f59b update website readme with instructions for updating navigation (#5748) 2018-11-09 13:11:46 -05:00
Jim Kalafut 7e799faaaf
Fix sidebar order (#5744) 2018-11-09 09:46:28 -08:00
Jeff Mitchell b30cd2e97f Update forwarded-for docs to indicate it supports cidrs, not just single hosts 2018-11-09 10:28:00 -05:00
Jeff Escalante 313b1ebdca update dependencies, including content hyphenation fix (#5736) 2018-11-08 10:44:06 -08:00
Seth Vargo f79d2f06fa Add missing link to API docs (#5719) 2018-11-07 07:04:16 -08:00
Jeff Mitchell 8b6b344d86
Add default-service/default-batch to token store roles (#5711) 2018-11-07 09:45:09 -05:00
Jeff Mitchell 6e4f990902 Better documentation around increment
Fixes #5701
2018-11-06 17:42:20 -05:00
Jeff Mitchell 5cfe558ec8 Add a reminder about local auth methods and policies 2018-11-06 14:51:57 -05:00
RJ Spiker 7a02e1a25c website: remove deleted markdown reference from docs sidenav .yml (#5703) 2018-11-06 09:05:20 -08:00
Chris Griggs 275559deb4 moving VIP guide (#5693) 2018-11-05 19:50:55 -05:00
Mike Wickett 62db2920b9 website: Add analytics and swap CTA & docs section order (#5684)
* website: Add analytics tracking for components and outbound links

* website: Update component dependencies

* website: Swap cta and documentation sections
2018-11-05 17:29:09 -05:00
Yoko 19b9f41fc5 Added a missing redirect link (#5634) 2018-11-05 14:07:48 -05:00
RJ Spiker 08a2250647 website: dependency bumps and handle multi-exports (#5677)
* website: dep bumps and handle multi-exports

* website: remove unused hashi-logo-grid dep
2018-11-05 11:59:34 -06:00
Jeff Escalante 227954983c update downloads component to add analytics (#5678) 2018-11-02 19:33:37 -04:00
Nicolas Corrarello 0b44a55d22 Adding support for Consul 1.4 ACL system (#5586)
* Adding support for Consul 1.4 ACL system

* Working tests

* Fixed logic gate

* Fixed logical gate that evaluate empty policy or empty list of policy names

* Ensure tests are run against appropiate Consul versions

* Running tests against official container with a 1.4.0-rc1 tag

* policies can never be nil (as even if it is empty will be an empty array)

* addressing feedback, refactoring tests

* removing cast

* converting old lease field to ttl, adding max ttl

* cleanup

* adding missing test

* testing wrong version

* adding support for local tokens

* addressing feedback
2018-11-02 10:44:12 -04:00
Jeff Mitchell 87ffca230e Add batch token info to token store, approle, mount tuning 2018-11-01 14:51:06 -04:00
Raymond Kao 24187b2e99 Fixed wording from "SQL" to "MongoDB" for clarity (#5643)
The original wording made it appear as if SQL statements were being executed against a MongoDB backend, which is incorrect and confusing.  Fixed to better reflect what is actually occurring.
2018-11-01 09:26:05 -04:00
Jeff Mitchell 756e4c5f89 Update jwt to pull in groups claim delimiter pattern 2018-10-31 16:04:39 -04:00
Brian Shumate 113380c461 docs: update JWT auth method (#5655)
- Add convenience/contextual link to API documnetation
2018-10-31 11:03:04 -04:00
Jeff Mitchell 6c488921ff Fix website/path-help docs around pki/tidy 2018-10-30 21:33:30 -04:00
Jeff Mitchell 605a7e30ad
Add the ability for secret IDs in agent approle to be wrapped (#5654) 2018-10-30 20:53:49 -04:00
Jeff Escalante 71f68f2199 fix sidebar links (#5653) 2018-10-30 20:51:38 -04:00
Jeff Mitchell 217e244e17 Make MFA links work again 2018-10-30 14:27:00 -04:00
Jeff Mitchell 6d20c8fce2
Add approle agent method removing secret ID file by default. (#5648)
Also, massively update tests.
2018-10-30 14:09:04 -04:00
RJ Spiker 3223d661ce website: community page content update (#5641) 2018-10-30 12:33:51 -04:00
Aleksey Zhukov 5361205d5b WIP Agent AppRole auto-auth (#5621) 2018-10-30 12:17:19 -04:00
Benjamin Dos Santos 1f86528ad8 docs(systemd): Capabilities had been removed (#5579)
* docs(systemd): `Capabilities` had been removed

The `Capabilities=` unit file setting has been removed and is ignored for
backwards compatibility. `AmbientCapabilities=` and `CapabilityBoundingSet=`
should be used instead.

8f968c7321/NEWS (L1357)

* style: remove trailing white space
2018-10-30 10:18:08 -04:00
Balazs Nagy ca5c60642e Use tidy_revoked_certs instead of tidy_revocation_list (#5608) 2018-10-29 19:29:35 -04:00
RJ Spiker fca7cb3794 website: update sidebar_title in front matter to use <code> (#5636)
* website: replace deprecated <tt> with <code> in front matter sidebar_title

* website: wrap front matter sidebar_title in <code> for commands pages
2018-10-29 15:58:37 -04:00
Christophe Tafani-Dereeper fb89c1adc5 Fix typo ('Gase' -> 'Case') (#5638) 2018-10-29 15:19:35 -04:00
Mike Wickett af70c2234b website: update component dependencies (#5637) 2018-10-29 14:29:44 -04:00
Ben Boeckel 1e3d41ffa9 website: add missing @ to example (#5560)
* website: remove mention of `@` in command

The command does not contain the mentioned `@` symbol and can be
confusing.

* docs: use `policy-name` instead of `my-policy`

Just making things consistent.
2018-10-29 13:12:48 -04:00
Seth Vargo 5fcdd6c4e3 More formatting fixes (#5582) 2018-10-29 13:12:19 -04:00
Jeff Mitchell 3c1a82e60c
Add token type to sentinel docs, fix up some names, and better codify what Sentinel reports for various token types (#5630) 2018-10-27 11:07:27 -07:00
RJ Spiker 5f88be68bc website: adjust downloads page responsive behaviors (#5624) 2018-10-26 21:16:55 -04:00
Jeffrey Hogan cd35ecf02e Use H3 for parameters to match existing pattern (#5566) 2018-10-26 19:13:14 -04:00
Chris Hoffman fa380e9be4
Fix seal migration docs (#5623)
* fixing seal migration docs

* do not use deprecated command

* adding redirect for old docs
2018-10-26 10:04:51 -07:00
Joel Thompson 62b54c8a5c Update awskms seal docs (#5618)
The seal already supported an endpoint configuration, but it wasn't
documented, so adding the docs for it. Also adding a note on required
KMS permissions.
2018-10-26 06:18:04 -07:00
Chris Hoffman bbca4729b6
Updating seal docs (#5616)
* updating seal docs

* fixing api docs
2018-10-25 16:44:53 -07:00
RJ Spiker e1bff4b447 website: adjust button-container behavior based on design feedback (#5613) 2018-10-25 14:25:51 -07:00
Seth Vargo a0cffd4c3f Update docs and permissions (#5612) 2018-10-25 14:10:11 -07:00
Justin Shoffstall 65014f790f Clarify that Perf Standbys require Consul backend (#5539)
* Clarify that Perf Standbys require Consul backend

* Fixed for line length
2018-10-25 13:13:44 -07:00
Alan Tang a69793ae32 fix duplicated word (#5599)
I think that is a duplicated word.
2018-10-24 18:15:24 -07:00
Mike Wickett de34464767 website: change production env var to workaround Dato bug 2018-10-24 13:52:49 -06:00
Mike Wickett bf6c6e12ee website: fix redirects to learn 2018-10-24 13:46:56 -06:00
RJ Spiker 34fdbd785a website - downloads page style adjustments 2018-10-24 13:46:56 -06:00
RJ Spiker 66acfb293b website - fix broken .button-container styles 2018-10-24 13:46:56 -06:00
Mike Wickett 49c07c436d website: add temporary callout to download v1.0 beta 2018-10-24 13:46:56 -06:00
RJ Spiker bbd45ac633 website - dependency version bumps 2018-10-24 13:46:55 -06:00