Commit graph

2804 commits

Author SHA1 Message Date
Vu Pham e5f955f9a7 Updated naming for OCI Auth and Object Storage plugins (#7423) 2019-09-05 10:26:05 -07:00
Jim Kalafut 6d4d4b5636
Update docs sidebar for CF and OCI (#7421) 2019-09-04 15:31:21 -07:00
Vu Pham a09d13c54a Added OCI Auth plugin documentation (#7284) 2019-09-04 13:25:08 -07:00
Vu Pham 9c8dc4d179 OCI KMS plugin documentation (#7283) 2019-09-04 13:23:06 -07:00
Vu Pham 3318e883e1 OCI Object Storage documentation (#7282) 2019-09-04 13:22:20 -07:00
Jim Kalafut 7919bfb3de
Fix sidebar order (#7409) 2019-09-03 09:32:44 -07:00
Yoko 17ea1fb294
Fixed typo - --> _ (#7391) 2019-08-29 12:44:31 -07:00
Noelle Daley f1c1d47b34 fix ciphertext typo (#7366) 2019-08-26 19:40:00 -04:00
Becca Petrin 64ecf46fb6
rename pcf to cf maintaining backwards compat (#7346) 2019-08-26 09:55:08 -07:00
Becca Petrin efba500548
describe API calls made by the cf client (#7351) 2019-08-22 11:53:27 -07:00
Jason O'Donnell a23f7e71b6
docs: update vault helm doc (#7348)
* docs: update vault helm doc

* Update wording per review
2019-08-22 13:09:22 -04:00
Jeff Malnick ba4fbd4df8
Allow setting file mode on vault agent sink file (#7275)
* feat: enable setting mode on vault agent sink file

* doc: update vault agent file sink with mode configuration
2019-08-21 20:41:55 -07:00
Michael Gaffney 9da6460f4d
Add docs for Vault Agent Auto-auth Certificate Method (#7344)
Closes #7343
2019-08-21 10:34:26 -04:00
Tommy Murphy fc3f1896ad telemetry: add stackdriver metrics sink (#6957)
* telemetry: add stackdriver metrics sink

* telemetry: stackdriver go mod tidy
2019-08-20 14:47:08 -07:00
Joel Thompson ac18a44fae secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles (#6789)
* secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles

AWS now allows you to pass policy ARNs as well as, and in addition to,
policy documents for AssumeRole and GetFederationToken (see
https://aws.amazon.com/about-aws/whats-new/2019/05/session-permissions/).
Vault already collects policy ARNs for iam_user credential types; now it
will allow policy ARNs for assumed_role and federation_token credential
types and plumb them through to the appropriate AWS calls.

This brings along a minor breaking change. Vault roles of the
federation_token credential type are now required to have either a
policy_document or a policy_arns specified. This was implicit
previously; a missing policy_document would result in a validation error
from the AWS SDK when retrieving credentials. However, it would still
allow creating a role that didn't have a policy_document specified and
then later specifying it, after which retrieving the AWS credentials
would work. Similar workflows in which the Vault role didn't have a
policy_document specified for some period of time, such as deleting the
policy_document and then later adding it back, would also have worked
previously but will now be broken.

The reason for this breaking change is because a credential_type of
federation_token without either a policy_document or policy_arns
specified will return credentials that have equivalent permissions to
the credentials the Vault server itself is using. This is quite
dangerous (e.g., it could allow Vault clients access to retrieve
credentials that could modify Vault's underlying storage) and so should
be discouraged. This scenario is still possible when passing in an
appropriate policy_document or policy_arns parameter, but clients should
be explicitly aware of what they are doing and opt in to it by passing
in the appropriate role parameters.

* Error out on dangerous federation token retrieval

The AWS secrets role code now disallows creation of a dangerous role
configuration; however, pre-existing roles could have existed that would
trigger this now-dangerous code path, so also adding a check for this
configuration at credential retrieval time.

* Run makefmt

* Fix tests

* Fix comments/docs
2019-08-20 12:34:41 -07:00
Jim Kalafut 3ce3e40db7
Update role parameters in JWT API docs (#7328)
This is a temporary revert related to https://github.com/hashicorp/vault-plugin-auth-jwt/issues/66.
Once that change is in a released Vault, this docs change should be reverted back.
2019-08-16 08:09:15 -07:00
Jeff Mitchell 87f649bf99 Prep for 1.2.2 2019-08-14 16:54:16 -04:00
skarsol 073ff32900 Add section for consul 1.4+ (#6366) 2019-08-14 10:19:14 -04:00
Didi Kohen a14b44ee8b Add some more detail for the root generation process (#5720)
* Add some more detail for the root generation process

* Remove mention of old OTP and OTP provided on the start request
2019-08-14 10:16:10 -04:00
IPv4v6 8fe861ec04 add examples for ECC key sizes in documentation (#2952)
* add examples for ECC key sizes in documentation

Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>

* remove links to Go documentation
2019-08-14 10:08:41 -04:00
Calvin Leung Huang 675593bd18 docs: add 1.2.1 upgrade guide (#7274) 2019-08-14 09:45:09 -04:00
Jim Kalafut 4653861333
Fix PCF API docs field names (#7302) 2019-08-12 10:55:23 -07:00
Michel Boucey badb089ffb Add gothic, a Haskell KVv2 engine API client (#7301) 2019-08-12 13:30:25 -04:00
Jason O'Donnell ac16dec5c4
docs: update k8s helm doc (#7279) 2019-08-08 17:05:01 -04:00
Jeff Mitchell c9d4e83350 Bump some versions to prep 2019-08-05 17:43:12 -04:00
Jason O'Donnell 13ffbcd984
doc: add k8s vault-helm doc (#7193)
* doc: add k8s vault-helm doc

* Replace TODO with security warning

* Add TLS example

* Add production deployment checklist

* Add kube hardening guide

* Fix link to configuration values

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Fix typo in example

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Remove anchors, add tolerations/selector

* Fix rendering of global configuration

* Fix sidebar navigation and update links

* Add sidebar title to run doc

* Add platform index.html

* Add relative links

* Rename file

* Fix titles

* Add syntax highlighting to examples

* Move platforms in navigation bar
2019-08-05 17:15:28 -04:00
ncabatoff 439ea99c83
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true (#7241)
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true, i.e. return 200 instead of 429.
2019-08-05 16:44:41 -04:00
Jim Kalafut 4584c84d79
Add docs for OIDC verbose_oidc_logging (#7236) 2019-08-01 14:41:35 -07:00
Jeff Mitchell a9ba15a075
Add AppRole upgrade issue to upgrade guide for 1.2.0 (#7234) 2019-08-01 11:50:43 -04:00
Jim Kalafut beea6358f3
Fix GCP docs formatting (#7120) 2019-08-01 08:00:42 -07:00
Andre Hilsendeger 8f8af53394 docs: add connection options for MySQL storage backend (#7171) 2019-08-01 08:00:00 -07:00
Eko Simanjuntak a6b45bd2df fixing typo on chiphertext prefix (#7189) 2019-08-01 07:41:52 -07:00
Paul Banks 2c62c96fee Fix JSON example syntax in identity docs (#7227) 2019-07-31 15:23:00 -07:00
Becca Petrin 5c9228a021
Fix tag (#7221)
* fix tag

* Update index.html.md.erb
2019-07-30 15:51:31 -07:00
Becca Petrin 0b31996aa7
improve tls cert docs (#7132) 2019-07-30 13:57:36 -07:00
Jeff Mitchell 20aeba2fbe Fix PCF location in sidebar 2019-07-30 16:12:55 -04:00
Calvin Leung Huang 1eb7e3cd43 docs: add kmip docs/api to the sidebar (#7218) 2019-07-30 15:59:07 -04:00
Calvin Leung Huang d9ec7ea38c docs: add pcf docs/api to sidebar (#7219) 2019-07-30 15:58:51 -04:00
Jeff Mitchell fc79848856
Add token helper partial and pull into auth docs (#7220) 2019-07-30 15:58:32 -04:00
Jeff Mitchell e118b41d09 Fix yml exception in PCF docs 2019-07-30 15:02:53 -04:00
Jeff Mitchell 01987f972c Add 1.2.0 upgrade guide 2019-07-30 12:37:45 -04:00
Jeff Mitchell 1d75ace163 Update files for release 2019-07-30 00:23:20 -04:00
Björn Wenzel f4334ec824 Vault-CRD to synchronize Secrets with Kubernetes (#7105) 2019-07-29 11:04:42 +02:00
Jim Kalafut e3484526b8
Update identity token docs (#7195) 2019-07-26 09:59:38 -07:00
Jeff Mitchell 4c77d69fff Prep for rc1 release 2019-07-25 13:08:49 -04:00
Michel Vocks 524d101008 Added s3 storage path parameter (#7157) 2019-07-24 12:48:26 -04:00
Jonathan Sokolowski 325c06b2cc Add -dev-no-store-token to vault server command (#7104)
When starting a vault dev server the token helper is invoked to store
the dev root token.
This option gives the user the ability to not store the token.

Storing the token can be undesirable in certain circumstances
(e.g.  running local tests) as the user's existing vault token is
clobbered without warning.

Fixes #1861
2019-07-24 12:41:07 -04:00
Jim Kalafut 62e2aeb952
Rename entity group membership template parameters (#7099) 2019-07-19 10:08:47 -07:00
Mike Jarmy 0d4ae949a8
Add 'log-format' CLI flag, along with associated config flag, for 'vault server' command. (#6840)
* Read config before creating logger when booting vault server

* Allow for specifying log output in JSON format in a config file, via a 'log_level' flag

* Create parser for log format flag

* Allow for specifying log format in a config file, via a 'log_format' flag. Also, get rid of 'log_json' flag.

* Add 'log-format' command line flag

* Update documentation to include description of log_format setting

* Tweak comment for VAULT_LOG_FORMAT environment variable

* add test for ParseEnvLogFormat()

* clarify how log format is set

* fix typos in documentation
2019-07-18 15:59:27 -04:00
Jason O'Donnell be2e98a1f3
doc: Add default SSL note to PG storage (#7125) 2019-07-18 14:37:24 -04:00