luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
2847 commits 1 branch 0 tags 214 MiB
Commit graph

627 commits

Author SHA1 Message Date
Jorge Ferreira 306c63b1be /encryption key/master key/ 2016-01-19 15:42:50 +00:00
Seth Vargo 6d655d75fe Do not use compressed javascripts 
Minifier gets really confused when you give it already-compressed
javascript.
 2016-01-14 15:00:41 -05:00
Jeff Mitchell 1001566a26 Keep ordering consistent in config doc, and put HA backends first 2016-01-14 13:55:53 -05:00
Seth Vargo 94f590581a Add scripts to deploy via Atlas 2016-01-14 13:42:53 -05:00
Seth Vargo e40c77ff27 Use HTTPS + www where appropriate 2016-01-14 13:42:47 -05:00
Seth Vargo d210b561a2 ImageOptim 2016-01-14 13:42:34 -05:00
Seth Vargo 13b1e8f9df Fix image asset URLs 2016-01-14 13:42:28 -05:00
Seth Vargo 2d7555f442 Remove Heroku stuff 2016-01-14 13:42:13 -05:00
Jeff Mitchell 5873824ee2 Version 0.4.1 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWls/HAAoJEFGFLYc0j/xMarQH/i6rW+wLm9DadkFV23jwjttt
 TRumTPDoBxHQDoB0wkC4CmA8UiZnzc68o5OlxisC8KAz/89HWZf8sUDxkOSY1vUX
 BGDkiv+KF6LiDRAdDyIqK6PYUkKHaJgue9Vnwu5+1iRv1sjK5PyPb992Wmt/DtOM
 nRn8Hn5qmmDCUm79TKXpZNMs/CRx21VM7q2Sm139kLzTr0Qg2Oyxcp3mB8TR7LtV
 ATdMQ//HzL/tGJ6Yw7zkgZzdf7EMFFO1SSVqAzqag6kqNqwjvmDGrQaTzkdl7anv
 72zMXqVcryeSL6DRZuR+OrHs63aaoTwIXcqO56nBrZ1NAEqkI0oCcvDZNLt7yi4=
 =YCXl
 -----END PGP SIGNATURE-----

Merge tag 'v0.4.1'

Version 0.4.1
 2016-01-14 09:57:21 -05:00
Jeff Mitchell eeac69939c Bump values to 0.4.1 2016-01-13 17:28:17 -05:00
Jeff Mitchell d949043cac Merge pull request #914 from hashicorp/acl-rework 
More granular ACL capabilities
 2016-01-12 21:11:52 -05:00
Ziyi, LIU 5204da4edd Fix typo 
Change "...implements is own login endpoint..." to "...implements its own login endpoint..."
 2016-01-12 22:22:13 +08:00
Jeff Mitchell e815db8756 Update audit sys docs 2016-01-11 19:08:23 -05:00
Eric Kidd 69434fd13e etcd: Allow disabling sync for load balanced etcd 
Some etcd configurations (such as that provided by compose.io) place the
etcd cluster behind multiple load balancers or proxies.  In this
configuration, calling Sync (or AutoSync) on the etcd client will
replace the load balancer addresses with the underlying etcd server
address.

This will cause the etcd client to bypass the load balancers, and may
cause the connection to fail completely if the etcd servers are
protected by a firewall.

This patch provides a "sync" option for the etcd backend, which defaults
to the current behavior, but which can be used to turn off of sync.
This corresponds to etcdctl's --no-sync option.
 2016-01-11 13:56:58 -05:00
Eric Kidd ebabcd857a etcd: Document existing username and password options 
These options were present in the source code, but not in the
documentation.  They're needed to connect to some hosted etcd services.
 2016-01-11 11:30:51 -05:00
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
Paul Seiffert 3a0ea3bcaa Add documentation for the DynamoDB backend 2016-01-08 17:34:31 +01:00
Jeff Mitchell a094eedce2 Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell d4bc51751e Fix typo in docs 2016-01-05 11:45:23 -05:00
Jeff Mitchell e54edd54ac Update documentation with policy fetching information. 2016-01-05 11:26:19 -05:00
Jonathan Thomas df5f5d68bd Merge pull request #888 from aedotj/patch-1 
Fixed "edit this page" not clickable
 2016-01-04 11:29:21 -08:00
kenjones-cisco 496e9962d0 Fixes mis-placed html tag 2015-12-31 10:37:01 -05:00
Jeff Mitchell a7a02b3043 Cert documentation fix. 
Fixes #899
 2015-12-30 16:44:24 -05:00
Jeff Mitchell 6cdb8aeb4f Merge branch 'master' into f-disable-tls 2015-12-29 12:59:02 -05:00
Jeff Mitchell 41d6e0e085 Merge pull request #882 from hashicorp/clarify-physical-support 
Clarify stance on physical backend support
 2015-12-29 11:40:23 -06:00
Greg G 911431ac27 Fixed "edit this page" not clickable 
The link in .edit-page-link is moved using top and right properties, which makes it "under" the layer of the rest of the page (at least in the docs). Changing the z-index fixes it.
 2015-12-28 17:51:27 +01:00
bashtoni 8248d15a5b Doc grammar fix 2015-12-22 21:27:08 +00:00
Jeff Mitchell dca0e72f10 Clarify stance on physical backend support 2015-12-22 10:50:31 -05:00
Jeff Mitchell 8cfc45e0eb Merge pull request #879 from hashicorp/header 
fixes 'by HashiCorp' in the header
 2015-12-21 12:39:54 -05:00
captainill a8b013a4f3 cleanup footer 2015-12-20 11:56:28 -08:00
kenjones c02013f631 add missing html tag 2015-12-20 14:20:30 -05:00
captainill 2ec7a2f032 capitol C in by hashicorp lockup 2015-12-19 21:21:18 -08:00
Jeff Mitchell 8bba9497ac Some copyediting/simplifying of the Consul page 2015-12-18 10:07:40 -05:00
kenjones 0d74de9da4 Update secret backend Consul documentation 
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
 2015-12-18 09:44:31 -05:00
Jeff Mitchell 1261791e6f Update etcd config docs with new options in 0.4. 
Ping #780
 2015-12-17 10:34:41 -05:00
Terry Corley d6884b85e1 Change API endpoint path for app-id 
The /login path was confusing because its not relative and not consistent with other documentation. Other documentation (e.g., username and password at https://www.vaultproject.io/docs/auth/userpass.html) uses relative path.
 2015-12-15 12:45:04 -06:00
captainill 60c5975f87 flexbox should only have been used on website subpages 2015-12-15 10:14:25 -08:00
Jeff Mitchell db7a2083bf Allow setting the advertise address via an environment variable. 
Fixes #581
 2015-12-14 21:22:55 -05:00
Jeff Mitchell ff9745bb00 Update Changelog and documentation with separate-HA-backend info. 2015-12-14 21:04:58 -05:00
Jeff Mitchell 7dca03eb3f Update documentation with Consul backend token_type parameter. 
Fixes #854
 2015-12-14 20:54:13 -05:00
Johan Haals fce85c12e2 Add vault-java to libraries 
vault-java implements the basic HTTP API, more endpoints are in the
pipeline
 2015-12-14 19:04:05 +01:00
captainill dfbe08fe8f fix bug in js for sticky footer by replacing with flexbox 2015-12-11 17:21:06 -08:00
Dallas Reedy 4f839cce9e Fix typo 
futher => further
 2015-12-11 08:50:06 -08:00
Jeff Mitchell 016e0dd0f3 Bump website version 2015-12-10 12:49:58 -05:00
Jeff Mitchell e25b3ad344 Update documentation to be consistent with return codes 
Fixes #831
 2015-12-10 10:26:40 -05:00
Jeff Mitchell 448efd56fa Merge branch 'master' into pki-csrs 2015-12-08 10:57:53 -05:00
Jeff Mitchell 902b7b0589 Add a warning about consistency of IAM credentials as a stop-gap. 
Ping #687
 2015-12-08 10:56:34 -05:00
Jeff Mitchell eee8386ea9 Add info about cert backend not checking CRL revocation. 2015-12-05 15:12:43 -05:00
Jeff Mitchell bf0909a892 Tab -> space doc fix 2015-12-05 15:04:54 -05:00
Jeff Mitchell 1dbfcc3b45 Merge branch 'master' into pki-csrs 2015-12-03 15:23:08 -05:00
Jeff Mitchell 3bdbd66f7d Remove datacenter from Consul configuration, as it cannot actually do 
anything

Fixes #816
 2015-12-03 15:16:37 -05:00
Jeff Mitchell 4eec9d69e8 Change allowed_base_domain to allowed_domains and allow_base_domain to 
allow_bare_domains, for comma-separated multi-domain support.
 2015-11-30 23:49:11 -05:00
Jeff Mitchell b6c49ddf01 Remove token display names from input options as there isn't a viable 
use-case for it at the moment
 2015-11-30 18:07:42 -05:00
Armon Dadgar 60ad2e0bbd website: updating documentation 2015-11-25 12:23:56 -08:00
Jeff Mitchell d461929c1d Documentation update 2015-11-20 13:13:57 -05:00
Jeff Mitchell 22a6d6fa22 Merge branch 'master' into pki-csrs 2015-11-20 12:48:38 -05:00
Jeff Mitchell 25e359084c Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up 2015-11-19 17:14:22 -05:00
Jeff Mitchell af3d6ced8e Update validator function for URIs. Change example of entering a CA to a 
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
 2015-11-19 11:35:17 -05:00
Jeff Mitchell 71f9ea8561 Make it clear that generating/setting a CA cert will overwrite what's 
there.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell a95228e4ee Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00
Jeff Mitchell c461652b40 Address some feedback from review 2015-11-19 09:51:18 -05:00
Jeff Mitchell ed62afec14 Large documentation updates, remove the pathlength path in favor of 
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell ea676ad4cc Add tests for intermediate signing and CRL, and fix a couple things 
Completes extra functionality.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell 1c7157e632 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell 45e7e61d71 Update audit documentation around what hash is used 2015-11-18 10:42:42 -05:00
captainill 28ae7b2466 edit this page 2015-11-09 21:10:49 -08:00
captainill d931c62d94 sidebar 2015-11-09 21:08:05 -08:00
captainill 2af4092734 redesign header bulk 2015-11-09 20:58:06 -08:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell 10913e2e6b Update cert documentation to note requiring sudo access. 2015-11-06 16:09:42 -05:00
Jeff Mitchell ffa879d6e2 Update S3 docs 2015-11-06 09:26:09 -05:00
Jeff Mitchell 08dbc70c9f Switch etcd default port to 2379, in line with 2.x. 
Fixes #753
 2015-11-05 09:47:50 -05:00
Sander van Harmelen 4ad533a5ba Add a line to the documentation to describe the new feature 2015-11-04 15:36:24 +01:00
Jeff Mitchell a4322afedb Merge pull request #746 from hashicorp/issue-677 
Add a PermitPool to physical and consul/inmem
 2015-11-03 15:26:58 -05:00
Jeff Mitchell 7f44a1b812 Add configuration parameter for max parallel connections to Consul 2015-11-03 15:26:07 -05:00
Jeff Mitchell 73e3aa1d64 Add create-orphan to documentation 2015-11-03 15:15:33 -05:00
Jeff Mitchell d3f7546602 Fix trailing whitespace complaints 2015-11-03 10:52:20 -05:00
Jeff Mitchell f0a25ed581 Clarify that CRLs are not fetched by Vault 2015-11-03 10:52:20 -05:00
Jeff Mitchell 154fc24777 Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell 59cc61cc79 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jeff Mitchell ffa196da0e Note that the dev server does not fork 
Fixes #710.
 2015-10-30 12:47:56 -04:00
Seth Vargo f83eba4666 Force a trailing slash 2015-10-29 16:21:39 -04:00
Jeff Mitchell e2d4a5fe0f Documentation update around path/key name encryption. 
Make it clear that path/key names in generic are not encrypted.

Fixes #697
 2015-10-29 11:21:40 -04:00
Jeff Mitchell c1d8b97342 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Jeff Mitchell 57290b6d92 Minor format fix in environment documentation 2015-10-28 09:56:28 -04:00
Seth Vargo b057645d73 Use vendored fastly logo 2015-10-26 12:13:03 -04:00
Seth Vargo a710a80252 Use releases for releases 2015-10-26 00:06:17 -04:00
Jason Antman c7ff26b650 add documentation for GitHub Auth Backend 'ttl' and 'max_ttl' parameters 2015-10-23 09:30:48 -04:00
Jason Antman b27e80d090 add GitHub Enterprise base_url to docs 
In https://github.com/hashicorp/vault/issues/716 @jefferai confirmed that the GitHub Auth Backend supports GitHub enterprise using an undocumented ``base_url`` parameter. This adds that parameter to the relevant documentation page.
 2015-10-23 09:18:07 -04:00
Jeremiah Johnson d4a8c08feb fix typo in first-secret.html.md 2015-10-22 12:04:22 -06:00
Jeff Mitchell 0168ce491b Update token documentation to better explain token durations 2015-10-22 13:02:37 -04:00
Jeff Mitchell 189b72c3ba Document the renew-self call 2015-10-21 10:53:20 -04:00
Jeff Mitchell bc40e652bf Remove revoke-self from sys API documentation as it's in the token-store instead 2015-10-21 10:46:41 -04:00
mkb 1d29ae940a Minor grammar fix. 2015-10-20 13:42:46 -07:00
Sam Handler df0d335700 bundle update middleman-hashicorp 2015-10-12 14:28:43 -04:00
Jeff Mitchell 9f0b1547bb Allow disabling the physical storage cache with 'disable_cache'. 
Fixes #674.
 2015-10-12 13:00:32 -04:00
Jeff Mitchell 44706da08c Merge pull request #691 from hashicorp/sethvargo/tabs_spaces_oh_my 
Remove tabs from terminal output
 2015-10-12 12:39:44 -04:00
Seth Vargo 50f720bc06 Remove tabs from terminal output 
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
 2015-10-12 12:10:22 -04:00
Jeff Mitchell 55c26a909e Documentation updates to remove lease id and duration from generic 
backend example.
 2015-10-12 10:01:15 -04:00
Seth Vargo 89d40450cd Force a Ruby version 2015-10-08 13:22:20 -04:00
Sam Handler ed9bb36516 bundle update middleman-hashicorp 2015-10-07 17:41:50 -04:00
Sam Handler ad09203343 use github_url to generate edit_this_page link 2015-10-07 17:39:08 -04:00
Sam Handler 703c01c767 Add github_slug and website_root config vars 2015-10-07 17:38:22 -04:00
Vishal Nayak bf464b9a4b Merge pull request #661 from hashicorp/maxopenconns 
Parameterize max open connections in postgresql and mysql backends
 2015-10-03 16:55:20 -04:00
Curtis Allen c9213a809d update acl example 
Without `auth/token/lookup-self` read access you are unable to
authenticate. Update example to work as well as use new command output.
 2015-10-02 09:06:42 -06:00
vishalnayak 644a655920 mysql: made max_open_connections configurable 2015-10-01 21:15:56 -04:00
vishalnayak 2051101c43 postgresql: Configurable max open connections to the database 2015-10-01 20:11:24 -04:00
Colin Rymer e2b157aa79 Remove redundant wording for SSH OTP introduction. 2015-09-30 10:58:44 -04:00
Jeff Mitchell f711393de6 Merge pull request #649 from ipoval/master 
[code-gardening] fix typo in the documentation
 2015-09-29 19:01:58 -07:00
Paul Hinze aa774daf1c website: bundle update 
gets latest middleman-hashicorp w/ bugfix
 2015-09-29 18:56:47 -07:00
vishalnayak c3569bae5e Fixed gravatar hash 2015-09-29 14:12:58 -04:00
Ivan Povalyukhin 0bced67170 [code-gardening] fix typo in the documentation 2015-09-28 19:34:57 -07:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Sam Handler a0290f69df Add 'edit this page' link to footer 2015-09-24 14:10:32 -07:00
Sam Handler d8ab92dcd6 bundle update middleman-hashicorp 2015-09-24 13:53:13 -07:00
Sam Handler f963e0b67d Update README to point to Makefile 2015-09-24 13:52:27 -07:00
Sam Handler b274e94413 Add Makefile 2015-09-24 13:51:25 -07:00
Jeff Mitchell af27a99bb7 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Jeff Mitchell e38c21e0ca Documentation fix for global TTLs 2015-09-24 12:17:26 -04:00
Jeff Mitchell 8fa7d3bd0b Add revoke-self to docs 2015-09-24 12:05:00 -04:00
Dominic Luechinger 89511e6977 Fixes docs for new JWT secret backend 2015-09-24 16:47:17 +02:00
Spencer Herzberg 54c62fe5aa docs: pg username not prefixed with vault- 
due to
05fa4a4a48,
vault no longer prefixes the username with `vault-`
 2015-09-22 10:14:47 -05:00
Jeff Mitchell a5f52f43b1 Minor doc update to SSH 2015-09-21 16:26:07 -04:00
Jeff Mitchell 29c722dbb6 Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell 3eb38d19ba Update transit backend documentation, and also return the min decryption 
value in a read operation on the key.
 2015-09-21 16:13:43 -04:00
Jeff Mitchell ca33cd8423 Add API endpoint documentation to cubbyhole 2015-09-21 16:13:36 -04:00
Jeff Mitchell 273f13fb41 Add API endpoint documentation to generic 2015-09-21 16:13:29 -04:00
Jeff Mitchell 59ba17c601 Add clarity to the lease concepts document. 2015-09-21 08:56:26 -04:00
Jeff Mitchell 801e531364 Enhance transit backend: 
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
 2015-09-18 14:41:05 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint. 
Fixes #620.
 2015-09-17 13:22:30 -04:00
Jonathan Klein dff6e468f9 Grammar fix 2015-09-15 15:53:27 -04:00
Jeff Mitchell 538852d6d6 Add documentation for cubbyhole 2015-09-15 13:50:37 -04:00
vishalnayak 142cb563a6 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Jeff Mitchell ace611d56d Address items from feedback. Make MountConfig use values rather than 
pointers and change how config is read to compensate.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell 488d33c70a Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell 4239f9d243 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell f4239556d2 Merge pull request #508 from mfischer-zd/webdoc_environment 
docs: Document environment variables
 2015-09-09 11:29:10 -04:00
Jeff Mitchell 1a8bcfe18d Merge pull request #592 from blalor/patch-1 
Remove unused param to 'vault write aws/roles/deploy'
 2015-09-09 11:28:15 -04:00
Michael S. Fischer 24a5127fab docs: Document environment variables 2015-09-08 11:59:58 -07:00
Neo 4e3e9c38a2 Typo fix 2015-09-08 02:43:01 +02:00
Brian Lalor 2ae48fa586 Remove unused param to 'vault write aws/roles/deploy' 
The name is taken from the path, not the request body.  Having the duplicate key is confusing.
 2015-09-06 06:57:39 -04:00
Armon Dadgar 4eaacaf546 Merge pull request #590 from MarkVLK/patch-1 
Update mysql docs markdown to fix grammar error
 2015-09-04 19:13:50 -07:00
MarkVLK fae51d605f Update transit docs markdown to add missing word 
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
 2015-09-04 17:11:34 -07:00
MarkVLK cd292d5372 Update mysql docs markdown to fix grammar error 
Changed "... used to **generated** those credentials" to "... used to **generate** those credentials."
 2015-09-04 17:05:45 -07:00
Seth Vargo 6f248425a6 Update documentation around cookies 2015-09-03 10:36:59 -04:00
Vishal Nayak d4609dea28 Merge pull request #578 from hashicorp/exclude-cidr-list 
Vault SSH: Added exclude_cidr_list option to role
 2015-08-28 07:59:46 -04:00
vishalnayak b12a2f0013 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
Jeff Mitchell a4fc4a8e90 Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470. 2015-08-27 12:24:37 -07:00
vishalnayak fbff20d9ab Vault SSH: Docs for default CIDR value 2015-08-27 13:10:15 -04:00
vishalnayak 702a869010 Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00