Commit graph

892 commits

Author SHA1 Message Date
Loann Le e942fae6cc
Vault documentation: added info about new policy flag (#16244)
* added info about new policy flag

* updated wording
2022-07-07 12:54:27 -07:00
Loann Le 9ebaab28c2
added content for network guidance (#16242) 2022-07-07 11:18:45 -07:00
Yoko Hyakuna c54d33608c
Update 'master key' -> 'root key' (#16226) 2022-07-06 16:03:08 -07:00
akshya96 c70a2cd198
Minor grammar correction in help for login command (#16211)
* Minor grammar correction in help for login command

* Fix login command help

Co-authored-by: Pero P <ppejovic@users.noreply.github.com>
2022-07-06 09:17:11 -07:00
Loann Le 752c7374a9
vault documentation: updated examples to use volumes (#16175)
* updated examples to use volumes

* Update website/content/docs/platform/k8s/helm/examples/ha-with-consul.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/examples/standalone-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-07-05 08:32:51 -07:00
Michael Hofer 96e52760e3
docs(seal): improve readability, fix master key occurrence and typos (#16220) 2022-07-01 10:21:49 -07:00
Cristian Iaroi 5727762ce5
Adding Vault HydrantID Pki Plugin (#16058)
repository: https://github.com/PaddyPowerBetfair/vault-plugin-hydrant-pki
raised issue: #16011
also updated docs (link to page for PR)
2022-07-01 07:55:17 -07:00
aphorise 8b5f7da595
Docs/ekm sql provider corrections and troubleshooting (#15968) 2022-07-01 10:47:03 +01:00
Alexander Scheel 60add7d2be
Document additional FIPS restrictions (#16208)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-30 16:14:07 -05:00
AnPucel 7a5d3e80dd
Developer Quickstart docs improvements (#16199)
- Make the dev quick start link readily available on the client library documentation page
- Move the full code samples to the top of the dev quickstart page so that they're easily accessible.
- Update the api/readme to have a link to the dev quickstart
2022-06-30 08:50:35 -07:00
AnPucel ed9ae70822
Add curl commands to Dev Quickstart guide (#16176) 2022-06-29 15:50:48 -07:00
Nick Cabatoff 0893b427b1
Rewrite a confusing bit of policies docs re parameter constraints. (#16182) 2022-06-29 12:28:49 -04:00
Christopher Swenson 80c5c56a40
docs/platform: Add brief GitHub Actions page (#16129)
I added a small example from the main docs along with some explanation,
and added links to the main docs and the tutorial.

I also took this opportunity to sort the platform left nav bar.
2022-06-27 09:47:26 -07:00
Christopher Swenson 2e56c7fe0a
Update consul-template to latest for pkiCert fix (#16087)
Update consul-template to latest for pkiCert fix

So that we get the fixes in https://github.com/hashicorp/consul-template/pull/1590
and https://github.com/hashicorp/consul-template/pull/1591.

I tested manually that this no longer causes `pkiCert` to get into an
infinite failure loop when the cert expires, and that the key and CA certificate are also accessible.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-06-27 08:39:36 -07:00
Rachel Culpepper f4758a9282
Specify the size of the ephemeral key for transit imports (#16135)
* specify the size of the ephemeral key

* specify aes key size in api docs
2022-06-24 10:28:09 -05:00
Justin Clayton 88ebc43055
minor typo fix (#16114)
Consult -> Consul
2022-06-22 14:52:42 -07:00
Tom Proctor 770a57bdf0
Docs: Fix typo for Lambda extension env var config (#16108) 2022-06-22 17:28:31 +01:00
Rowan Smith 5815f6968e
fix typo in release notes (#16099)
cont > count
2022-06-22 10:39:43 -04:00
Tom Proctor caf00b9f3c
OIDC/Kubernetes docs: Improve instructions for setting bound_audiences (#16080) 2022-06-22 09:27:19 +01:00
Lucy Davinhart || Strawb System 549005e4b7
website: Update replication docs to mention Integrated Storage (#16063) 2022-06-21 10:55:15 -07:00
Rachel Culpepper 22f1cb5426
fix incorrect HSM mechanisms (#16081) 2022-06-21 10:13:30 -05:00
swayne275 d1e72b185a
fix docs typo - couple to few (#16068) 2022-06-20 11:03:55 -06:00
claire bontempo 5e149969ec
change rotation_period to algorithm (#16051) 2022-06-20 08:39:22 -07:00
Rachel Culpepper a73018572a
Vault-5619: Transit BYOK Documentation (#15817)
* add api documentation

* add guide for wrapping keys

* fix formatting and tweak wording

* add hash function

* remove convergent param

* fix hash function description

* add security note

* fix mechanism

* fix notes

* add spaces

* fix hash function and add context
2022-06-17 14:53:39 -05:00
Christopher Swenson 4ea2b0036d
Update helm standalone TLS doc for k8s 1.22 (#16029)
Update helm standalone TLS doc for k8s 1.22

The `CertificateSigningRequest` for `v1beta1` API is no longer
available, and now requires the `signerName` parameter.

Many thanks to @DavidRBanks for the helpful notes in
https://github.com/hashicorp/vault-helm/issues/243#issuecomment-962551898

I tested this on Kubernetes 1.21 and 1.24. I also adjusted the `tr`
command to work better on macOS (and still works fine on Linux).
2022-06-17 10:07:39 -07:00
Christopher Swenson bfc70928a6
docs: Add how to rotate SQL Server key (#15993) 2022-06-17 08:59:27 -07:00
Jason O'Donnell dd2ced661b
agent: add disable_idle_connections configurable (#15986)
* agent: add disable_keep_alives configurable

* Add empty test

* Add website doc

* Change to disable_idle_connections

* Update tests and doc

* Add note about env

* Changelog

* Change to slice

* Remove unused disable keep alive methods

* Add invalid value test
2022-06-16 18:06:22 -04:00
Loann Le 006b531bf9
Vault documentation: updated client count faqs for 1.11 (#16007)
* stashed changes

changes stashed

* Update faq.mdx

Updated links

* Update website/content/docs/concepts/client-count/faq.mdx

* added image

* fixed image name

* updated text

* fixed spacing

* fixed spacing

* added missing info

* missed a period
2022-06-16 11:05:55 -07:00
Alexander Scheel 6cf9cb7a93
Add additional usage clarifications to EA docs (#16017)
- Document Transit and sys random endpoint in 1.11+
 - Document PKI and SSH CAs only, no leaves

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-16 13:56:22 -04:00
Alexander Scheel 491a2311b6
Document limitations in FIPS 140-2 migrations (#16012)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-16 10:18:47 -04:00
Loann Le 11121a829a
Vault documentation: release notes for 1.11.0 (#16005)
* added new content

* new content

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/release-notes/1.11.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-06-15 18:25:14 -07:00
VAL 753e925f22
Use new -mount syntax for all KV subcommands in 1.11 docs (#16002)
* Use new -mount syntax for all KV subcommands in 1.11 docs

* Use more appropriate heading size for mount flag syntax

* Add the explanatory syntax blurb from the -help text

* Adjust some wording
2022-06-15 19:07:50 -04:00
Austin Gebauer 7d0a252d55
auth/gcp: adds note on custom endpoints to configuration section (#15990) 2022-06-15 10:06:58 -07:00
Loann Le 1d90d2c674
updated table for vault 1.11 release (#15856) 2022-06-15 09:40:49 -07:00
Theron Voran 7992c7b22e
docs/vault-k8s: update the service annotation (#15965)
The injector's `service` annotation is really the vault address to
use, and not just the name of the service.

Also change a couple mentions of "controller" to "injector".
2022-06-14 11:03:00 -07:00
Kyle MacDonald 9a003cb7b3
docs: update double use of "note" in client faq (#15958) 2022-06-13 13:37:58 -04:00
Alexander Scheel 28916301c1
Document agent injecting PKI CAs (#15930)
* Document agent injecting PKI CAs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove extra empty-string conditional
2022-06-13 13:15:54 -04:00
Nick Cabatoff 9ffa7ae257
Add 1.10 upgrade note for SSCT on Consul. (#15873) 2022-06-13 11:48:53 -04:00
Violet Hynes c1e2d9c062
VAULT-6091 Document Duration Format String (#15920)
* VAULT-6091 Document duration format

* VAULT-6091 Document duration format

* VAULT-6091 Update wording

* VAULT-6091 Update to duration format string, replace everywhere I've found so far

* VAULT-6091 Add the word 'string' to the nav bar

* VAULT-6091 fix link

* VAULT-6091 fix link

* VAULT-6091 Fix time/string, add another reference

* VAULT-6091 add some misses for references to this format
2022-06-13 08:51:07 -04:00
Austin Gebauer ec778e3d9f
docs/oidc: adds missing steps for Google Workspace configuration (#15943) 2022-06-10 16:29:49 -07:00
Violet Hynes abf65c8a0b
VAULT-5095 Update docs to reflect that child namespaces do not inherit parent quotas (#15906)
* VAULT-5095 Update docs to reflect current behaviour

* Update website/content/api-docs/system/lease-count-quotas.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update website/content/api-docs/system/rate-limit-quotas.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-06-10 11:53:01 -04:00
Mark Lewis 50a5a1d16f
Update index.mdx (#15861)
Typo
2022-06-10 11:44:43 -04:00
Austin Gebauer 1bd49383cd
secrets/db: documents credential types and snowflake key pair auth (#15892) 2022-06-09 15:56:50 -07:00
Austin Gebauer 4cfec18bae
docs/postgres: replaces lib/pq with pgx (#15901) 2022-06-09 14:37:14 -07:00
Peter Wilson bb55a1127f
Removed IRC reference in architecture internals doc (#15904)
* Removed IRC reference in architecture internals doc
2022-06-09 15:41:14 +01:00
VAL 48ed15c445
Use KV helpers in docs and dev quickstart guide (#15902) 2022-06-08 17:37:02 -07:00
akshya96 fbda6d5110
Kv cas parameter documentation (#15885)
* adding cas documentation changes

* remove extra space

* remove -
2022-06-08 16:51:08 -07:00
Robert 91b298d274
Update Consul secrets features docs, api-docs for 1.11 (#15854)
* Overhaul consul docs and api-docs for new 1.11 features

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2022-06-08 13:54:55 -05:00
Victor Rodriguez d922225fcd
Update KMIP documentation to reflect Vault 1.11 changes. (#15868)
Update documentation to reflect new KMIP features in Vault 1.11.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-06-08 13:58:45 -04:00
Alexander Scheel 5c03fe6a30
Use manual_chain for cross-signed intermediates (#15876)
This adds a note that manual_chain is required for cross-signed
intermediates, as Vault will not automatically associate the
cross-signed pair during chain construction. During issuance, the chain
is used verbatim from the issuer, so no chain detection will be used
then.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-08 13:13:45 -04:00
Ikko Ashimine dc6924e764
docs: fix typo in configurations.mdx (#15863)
paramters -> parameters
2022-06-08 09:03:45 -04:00
Robert 770a91ab83
Update GCP auth docs (#15855)
* Add automatic GCE identity token login
2022-06-07 18:22:09 -05:00
Josh Black 99ea53daaf
Autopilot enterprise docs (#15589) 2022-06-07 14:32:45 -07:00
Christopher Swenson 9754629a2b
Update AWS auth docs for SHA-1 deprecation (#15741)
Update AWS auth docs for SHA-1 deprecation

We now recommend `/rsa2048` as the preferred AWS signature moving
foward, as `/pkcs7` and `/signature` will stop working by default in
Vault 1.12 without setting `GODEBUG=x509sha1=1` in the Vault deployment
due to the move to Go 1.18.

I also took this oppoturnity to try to make the docs less confusing
and more consistent with all of the usages of signature, PKCS#7, DSA,
and RSA terminology.

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-06-07 12:45:46 -07:00
Calvin Leung Huang 426e3a5583
docs: add pkiCert example on agent template docs (#15836) 2022-06-07 10:33:17 -07:00
Loann Le a4d86d503f
updated table (#15850) 2022-06-07 10:22:21 -07:00
Alexander Scheel 2884141dd9
Add support notes, Entropy Augmentation notes, RH repo (#15843)
* Add support notes, Entropy Augmentation notes, RH repo

This adds a known-panic w.r.t. Entropy Augmentation due to restrictions
in how BoringCrypto's RNG works. Additionally adds the RH Access
container repository and adds a note about restricted support scenarios.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Wording changes per Scott

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-07 11:23:26 -04:00
Brian Candler e912ccaa66
Fixes for -listing-visibility flag values in CLI tools (#15838)
See also: #15833, #15209

Signed-off-by: Brian Candler <b.candler@pobox.com>
2022-06-07 09:49:13 -04:00
Tom Proctor 4ee10e4809
docs: Update CSI Provider command line arguments (#15810) 2022-06-07 10:20:47 +01:00
Michael Williams 69fbba5a52
Update documentation to reduce confusion about default_extensions. (#14069) 2022-06-06 15:53:05 -04:00
Scott Miller 6bfdfa0a4d
Document Convergent Tokenization and Token Lookup (#15819)
* Document Convergent Tokenization and Token Lookup

* tweaks

* Fix sample response

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/index.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/docs/secrets/transform/tokenization.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* Update website/content/api-docs/secret/transform.mdx

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>

* update awkward text

Co-authored-by: Matt Schultz <975680+schultz-is@users.noreply.github.com>
2022-06-06 13:34:08 -05:00
Tom Proctor cf3e245302
Add upgrade and config docs for MSSQL EKM Provider (#13859) 2022-06-06 11:28:48 +01:00
Chris Capurso 76bc7a25b8
add missing patch capability to policy docs (#15704) 2022-06-03 15:40:47 -04:00
Nick Cabatoff c15f524993
Add details to CHANGELOG and 1.10 upgrade note regarding new 412 error response resulting from SSCTs. (#15770) 2022-06-02 16:16:28 -04:00
Loann Le 6201506456
added link to tutorial (#15762) 2022-06-02 10:15:21 -07:00
Alexander Scheel ab10435ab7
More PKI docs updates (#15757)
* Add missing key_ref parameter to gen root docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add API docs section on key generation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about managed key access

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-06-02 12:42:56 -04:00
Loann Le da09b3d62d
Vault documentation: vault overview page proposal (#15569)
* updated vault overview page

* add images

* replace the image with clearer one

* removed video

* testing image size

* modified based on writer feedback

* Add more description about HCP Vault (#15588)

* added more content

* testing diagram size

* added new image file

* marketing-modified-image

* cleaned up text

* updated link

* Update what-is-vault.mdx

updated text

* incorporated feedback

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-06-01 15:32:30 -07:00
Christopher Swenson 9de0dbaef9
Add note about X.509 SHA-1 deprecation to relevant plugins (#15672)
Add note about X.509 SHA-1 deprecation to relevant plugins

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 12:41:11 -07:00
amcbarnett 413cc2e4c0
Update fips1402.mdx (#15598)
* Update fips1402.mdx

Added Link to new Compliance letter and details on what makes this different from Seal Wrap

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 11:02:11 -04:00
Pratik Khasnabis af5e65e9bd
Update to fix the concept of root key, which is not sharded as written here. (#15726)
This explanation of root key is incorrect. Root key is not sharded and reconstructed. The root key is encrypted by the unseal key which is sharded and reconstructed back in the unsealing process.
The explanation differed from the correct one at https://www.vaultproject.io/docs/concepts/seal
2022-06-01 09:54:26 -04:00
Loann Le 47fc5311e8
updated learn link (#15717) 2022-05-31 14:55:06 -07:00
Tom Proctor 1c2f3c8ddf
docs: Improve sample commands for querying k8s API (#15686) 2022-05-31 21:20:31 +01:00
Austin Gebauer 7a88c86db2
auth/gcp: adds documentation for custom endpoint overrides (#15673) 2022-05-31 10:16:24 -07:00
Jim Kalafut c9a0fdb4ff
Fix K8s secrets docs typo (#15695) 2022-05-31 08:10:15 -07:00
Steven Clark 69296e9edf
Add a little more information about PKI and replicated data sets to the PKI docs. (#15683)
* Add a little more information about PKI and replicated data sets.

 - Add a TOC to the PKI considerations page
 - Merge in the existing certificate storage into a new Replicated DataSets
   section
 - Move the existing Cluster Scalability section from the api-docs into the
   considerations page.
2022-05-31 10:04:51 -04:00
Alexander Scheel 1331c2aa12
Add recommendations on key types and PKI performance (#15580)
* Add recommendations on key types and PKI performance

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/secrets/pki/considerations.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-05-31 09:21:16 -04:00
akshya96 4c45c909ee
adding documentaion changes (#15656) 2022-05-27 15:08:19 -07:00
Christopher Swenson 23c135f2a6
docs/k8s: update for latest helm release 0.20.1 (#15647) 2022-05-26 11:59:54 -07:00
Loann Le 21d9ff0d99
added a reference to a note for deprecated features (#15610) 2022-05-25 15:24:34 -07:00
Theron Voran f38f0ee323
docs/database/elasticsearch: use_old_xpack option (#15601)
Also creating/adding a note to the 1.11 upgrade guide
2022-05-25 12:15:42 -07:00
John-Michael Faircloth fc04699f57
Fix plugin reload mounts (#15579)
* fix plugin reload mounts

* do not require sys/ prefix

* update plugin reload docs with examples

* fix unit test credential read path

* update docs to reflect correct cli usage

* allow sys/auth/foo or auth/foo

* append trailing slash if it doesn't exist in request

* add changelog

* use correct changelog number
2022-05-25 13:37:42 -05:00
Christopher Swenson 5f9386abad
Add deprecation note about X.509/SHA-1 (#15581)
Add deprecation note about X.509/SHA-1

In preparation for moving to Go 1.18 in Vault 1.12.

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-05-25 10:11:17 -07:00
Peter Wilson bcb30223bf
Added support for VAULT_PROXY_ADDR + Updated docs (#15377)
Updated documentation to describe the behavior when supplying `VAULT_HTTP_PROXY`. Also added support for `VAULT_PROXY_ADDR` as a 'better name' for `VAULT_HTTP_PROXY`.
2022-05-24 13:38:51 -04:00
davidadeleon 0026788d4b
api/monitor: Adding log format to monitor command and debug (#15536)
* Correct handling of "unspecified" log level

* Setting log-format default on monitor path

* Create changelog file

* Update website/content/api-docs/system/monitor.mdx

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2022-05-24 13:10:53 -04:00
Loann Le 9dd1a4ff93
Vault documentation: reorganized docs by moving recovery key description (#15563)
* reorg docs for recovery keys

* fixed a sentence

* Minor format update & removed duplicated notes

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-05-23 15:42:57 -07:00
Austin Gebauer 6fe639eb35
auth/okta: documents API token minimal permissions (#15566) 2022-05-23 14:57:14 -07:00
Alexander Scheel 36c981bfe4
Add more PKI usage best practices to documentation (#15562)
* Add note about cross-cluster CRL URIs

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note that short TTLs are relative to quantity

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note to make sure default is configured

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about automating certificate renewal

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-23 12:00:24 -04:00
Alexander Scheel 92dbe3b22a
Fix Learn->Tutorial in internal PKI docs (#15531)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-23 11:53:13 -04:00
Chris Capurso 6d62f9a4ed
FAQ doc updates for removal of stored licenses in 1.11 (#15314)
* initial updates for license FAQs for 1.11

* add links, tense fixes

* Update deprecation doc link

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* fix links

* fix a couple missed version-specific links

* change 1 to one

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-05-23 11:42:58 -04:00
Alexander Scheel 464da0ee46
Link FIPS binary sources from the FIPS docs (#15554)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 16:18:51 -05:00
Christopher Swenson 644345b1cc
Add usage documentation for new Kubernetes Secrets Engine (#15527)
Add usage documentation for new Kubernetes Secrets Engine

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-05-20 13:37:15 -07:00
Loann Le 76ec17215e
Vault documentation: updated key share/unseal images (#15526)
* updated images

* added new image files
2022-05-20 10:59:30 -07:00
Jason Peng a331575c01
Update oracle.mdx (#15257)
Added Alpine Linux restrictions as https://github.com/hashicorp/vault-plugin-database-oracle pointed out.
2022-05-20 13:40:05 -04:00
Alejandro Medina f969c05772
Update seal.mdx (#15463) 2022-05-20 08:43:05 -04:00
Andy Assareh c559f6e8b7
typo: adding missing word 'may' (#14503) 2022-05-20 08:41:51 -04:00
Andy Assareh d0fb5bd986
typo: embeds -> embedded (#15520) 2022-05-20 08:33:34 -04:00
claudex 226d7c4c59
Fix typo in documentation (#15530) 2022-05-20 08:22:57 -04:00
Loann Le 201ac71da6
Vault documentation: updated all references from Learn to Tutorial (#15514)
* updated learn to tutorial

* correct spelling
2022-05-19 18:04:46 -07:00
Alexander Scheel f3d52108b4
Add more CA usage best practices (#15467)
* Add leaf not after best practice

Also suggest concrete recommendations for lifetimes of various issuers.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add advice to use a proper CA hierarchy

Also mention name constraints and HSM backing.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add section on safer usage of Roles

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial RBAC example for PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-19 11:43:38 -04:00
Alexander Scheel f31149089f
Update FIPS documentation to clarify mlock (#15502)
This clarifies a limitation of the FIPS based container images,
to note that due to OpenShift requirements, we need to suggest
ways of disabling mlock or allowing Vault to set mlock.
2022-05-19 09:31:47 -04:00
Robert c2f49204d9
Fix small typos, update docs terminology (#15504) 2022-05-18 17:23:46 -05:00
Loann Le 561d8d45f8
updated warning (#15459) 2022-05-18 08:26:25 -07:00
Tom Proctor 1bb40eee16
Update documentation for vault-helm v0.20.0 release (#15450) 2022-05-18 09:50:15 +01:00
Jason O'Donnell d450b7899f
docs: add note about requiring 3.6+ helm (#15480) 2022-05-17 17:02:26 -04:00
Hamid Ghaf 66c6de50a7
Username format login mfa (#15363)
* change username_template to username_format for login MFA

* fixing a test

* Update website/content/docs/auth/login-mfa/faq.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-05-17 16:31:50 -04:00
Alexander Scheel f6ac1be13a
Start documentation for FIPS variants of Vault Enterprise (#15475)
* Begin restructuring FIPS documentation

This creates a new FIPS category under Enterprise and copies the
FIPS-specific seal wrap documentation into it.

We leave the existing Seal Wrap page at the old path, but document that
the FIPS-specific portions of it have moved.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial FIPS 140-2 inside documentation

This documents the new FIPS 140-2 Inside binary and how to use and
validate it. This also documents which algorithms are certified for
use in the BoringCrypto distribution.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about FIPS algorithm restrictions

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-17 16:28:20 -04:00
Alexander Scheel a8c0efb487
Add documentation on rotation primitives (#15466)
* Begin PKI rotation primitive documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Finish importing rotation primitive docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update all titles consistently

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing links in rotation primitives doc

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add sections documenting execution in Vault

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* typo fixes

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-17 11:44:17 -04:00
Austin Gebauer ec6e362d83
auth/oidc: adds documentation for JSON pointer user claim (#15454) 2022-05-16 15:31:02 -07:00
Austin Gebauer d3b167d029
auth/oidc: documents user claim constraint for optional google workspace config (#15456) 2022-05-16 15:29:58 -07:00
Loann Le bbbb0bfc14
Vault documentation: updated unseal information (#15446)
* updated unseal info

* Update architecture.mdx

fixed spelling error

* updated based on feedback

* added new image

* Update website/content/docs/commands/operator/init.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Updates for accuracy

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-05-16 14:44:23 -07:00
AnPucel 390310409e
Add note about concurrency to plugin dev docs (#15357)
* Add note about concurrency

* Adding arrow syntax
2022-05-16 11:42:38 -07:00
Alexander Scheel 9b58e88efc
Update considerations for multiple issuers (#15442)
Also adds auditing section about suggested un-HMAC'd request/response
parameters.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-16 13:13:37 -04:00
Alexander Scheel d2bc5b5e3d
Restructure PKI Documentation Section (#15413)
* Rename pki.mdx -> pki/index.mdx

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Split off quick-start document

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Split off considerations document

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Split off intermediate CA setup document

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Split off setup and usage document

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Consistent quick-start doc naming

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add table of contents to index

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-13 11:22:07 -04:00
eoinoreilly30 6b82692f67
Fix typo (#15391) 2022-05-12 11:28:22 -07:00
Theron Voran 558e9a364b
docs: update for vault-k8s 0.16.0 (#15379) 2022-05-12 11:04:36 -07:00
Christopher Swenson 4e4682247c
docs: fix typo in example custom db plugin (#15339) 2022-05-11 10:30:40 -07:00
Chris Capurso ad4523ea34
add license termination time to API and CLI docs (#15349)
* add license termination time to API and CLI docs

* ensure consistent time format
2022-05-11 10:05:38 -04:00
Calvin Leung Huang 15a9b32a58
docs: update dep table to include okta auth changes (#15354) 2022-05-10 13:45:57 -07:00
Scott Miller ff42cb555d
Link to the Learn guide for PKI with Managed Keys (#15340) 2022-05-10 07:24:59 -05:00
Robert 738753b187
secrets/consul: Add support for generating tokens with service and node identities (#15295)
Co-authored-by: Thomas L. Kula <kula@tproa.net>
2022-05-09 20:07:35 -05:00
Loann Le 0dc6728228
capped perf replication (#15338) 2022-05-09 14:38:35 -07:00
Loann Le 6985a39740
added note about parameters (#15334) 2022-05-09 11:05:39 -07:00
Loann Le d336600b77
Vault documentation: added disable parameter to seal stanza-related doc pages (#15329)
* add disable parameter

* modified note
2022-05-09 10:12:30 -07:00
davidadeleon 9e869c52fa
Add DR Metric scraping capability to debug command (#15316)
* Add server information as well as ability to collect metrics from DR secondary

* Update debug docs

Adding additional information around ability to gather metrics from DR secondary

* Fix broken link in updated doc

* Create 15316.txt

Create changelog entry

* Fix Formatting

* Update website/content/docs/commands/debug.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update changelog/15316.txt

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Trigger Build

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2022-05-06 16:04:08 -04:00
TylerGelinas 4be45db85b
Add ForgeRock to OIDC Providers (#15294) 2022-05-06 12:24:36 -07:00
Hamid Ghaf 2ee602cfdd
removing prem/pro references as part of removing some build targets (#15278) 2022-05-06 09:09:42 -04:00
Nick Cabatoff 1a21b00bf1
Fix bogus duration string: "1hr" should be "1h". (#15301) 2022-05-05 10:15:50 -04:00
Loann Le c5cf149f3c
added helm for install--no-verify (#15287) 2022-05-04 13:58:25 -07:00
Nick Cabatoff d90ab7ef87
Add upgrade note for #15108. (#15275) 2022-05-04 09:56:37 -04:00
Chris Capurso 5e6437ab70
Add build_date to CLI and API docs (#15268)
* update version cmd docs

* update status cmd docs

* update version-history cmd docs

* update sys/seal-status docs

* update sys/version-history docs
2022-05-03 16:37:55 -04:00
Calvin Leung Huang 888248f9cc
docs: update agent sections around auto-auth, caching, and templating (#15195)
* docs: update agent sections around auto-auth, caching, and templating

* Update website/content/docs/agent/template.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* address review feedback

* Example snippet updates

* review feedback on example note

* address review feedback

* use hcl syntax highlight on code blocks

* simplify exec param description

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-04-29 12:10:48 -07:00
Jason O'Donnell e9535bda2f
agent/auto-auth: Add min_backoff to set first backoff value (#15204)
* Add initial_backoff to auto-auth method

* Disable retries in client

* Fix bug

* Thread initial backoff to CT

* Add comment

* Change to min_backoff

* changelog

* remove initial references, review

* fix test

* Thread max_backoff through

* Add doc note for max_backoff/templating
2022-04-29 12:31:32 -04:00
Chris Capurso 15bad36e83
Fix sentence under Integrated Storage (Raft) Autopilot docs (#15231)
Co-authored-by: Peter Zujko <peter.zujko@klaviyo.com>
2022-04-29 11:26:32 -04:00
Loann Le 48a4c01b97
updated KI for upgrade guides (#15202) 2022-04-27 13:26:45 -07:00
Theron Voran 3d70b41049
docs: update the vault-lambda-extension docs (#15190)
Updates the layer version for the new release, and renames the docs
page from lambda-extension-cache -> lambda-extension, and includes a
redirect.
2022-04-27 08:27:18 -07:00
Loann Le cca8244040
Vault documentation: applied new guidelines to code blocks (#15191)
* applied new guidelines to codeblock

* updated text
2022-04-26 14:12:52 -07:00
Loann Le 5a47db75cc
Vault documentation: updated docs to include a note about seal requirement (#15172)
* add note about seal requirement

* fixed spelling error

* updated notes

* Update website/content/docs/configuration/seal/pkcs11.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/concepts/seal.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-04-26 12:13:03 -07:00
Nick Cabatoff 15ad2dd438
Add upgrade note for #15147. (#15154) 2022-04-25 12:55:58 -04:00
Chris Capurso 762c08833e
remove references to sys/license endpoint in docs (#14913) 2022-04-21 16:27:51 -04:00
Jason O'Donnell 716430d3e7
docs/agent: merge template and template config (#15117)
* docs/agent: merge template and template config

* Fix example

* Update per review
2022-04-21 16:23:27 -04:00
Nick Cabatoff 5fa60555c5
Correct the unit type for mount_table.size. (#15114) 2022-04-21 12:54:32 -04:00
Yoko Hyakuna e9f18bdad7
Elaborate the correlation between CLI and API (#15056)
* Add command help info

* Explain CLI and API correlation

* Update the heading level

* Updated the command example with more description

* Update website/content/docs/commands/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Incorporate review feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-04-21 09:17:24 -07:00
Peter Wilson fec9fa6841
Modified explanation on >=1 audit devices and successful requests (#15110) 2022-04-21 09:15:05 -04:00
Rémi Lapeyre bf4c4595f3
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751)
* Automatically bootstraps the Consul ACL system if no management token is given on the access config
2022-04-20 17:16:15 -05:00
Hamid Ghaf 6ff678000e
deprecating Legacy MFA (#14869)
* deprecating Legacy MFA

* removing legacy MFA doc json entry

* CL

* changing the link to legacy MFA in CL

* removing legacy MFA stuff from credentials' cli
2022-04-19 21:19:34 -04:00
Hamid Ghaf a1d73ddfec
VAULT-5422: Add rate limit for TOTP passcode attempts (#14864)
* VAULT-5422: Add rate limit for TOTP passcode attempts

* fixing the docs

* CL

* feedback

* Additional info in doc

* rate limit is done per entity per methodID

* refactoring a test

* rate limit OSS work for policy MFA

* adding max_validation_attempts to TOTP config

* feedback

* checking for non-nil reference
2022-04-14 13:48:24 -04:00
Hamid Ghaf 299d3f096e
supporting google authenticator with Okta auth (#14985)
* supporting google authenticator with Okta auth

* minor fix

* CL

* feedback

* Update changelog/14985.txt

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* updating docs

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-04-14 08:37:04 -04:00
Calvin Wu 18f9a7775c
Update default value of agent-cache-listener-port (#15018)
Base on this line and my experiment, I think the default value of
vault.hashicorp.com/agent-cache-listener-port should be 8200.

https://github.com/hashicorp/vault-k8s/blob/main/agent-inject/agent/agent.go#L30
2022-04-13 22:00:30 -07:00
Jim Kalafut af4fcdfed8
Fix docs typo (#15023) 2022-04-13 12:45:28 -07:00
kitography 3f955481b6
Typo fixes; numbering fixes. (#15010)
* Typo fixes; numbering fixes.

* Removes changes to numbering - these aren't visible (see https://riptutorial.com/markdown/example/1805/numbered-lists)
2022-04-13 15:01:04 -04:00
Rowan Smith 5074cec5cb
Update socket entry (#14569)
Page edited: https://www.vaultproject.io/docs/audit/socket. We should include a note detailing that Vault may become unresponsive due to a TCP based socket output becoming unavailable per https://www.vaultproject.io/docs/audit#blocked-audit-devices
2022-04-12 19:29:43 -07:00
Yoko Hyakuna 660fefe25b
Add Windows error (#14982) 2022-04-08 16:23:51 -07:00
akshya96 a0dbb30757
Vault 3992 documentation changes (#14918)
* doc changes

* adding config changes

* adding chnages to plugins

* using include

* making doc changes

* adding newline
2022-04-08 12:27:04 -07:00
VAL 5f80aec3c7
Don't clone OutputCurlString value (#14968)
* Don't clone OutputCurlString value, add flag to docs

* Add changelog
2022-04-08 09:58:50 -07:00
mryan-hashi 2f7635efe3
docs: added hello-vault-spring repo link to developer-qs.mdx. (#14928)
* Update developer-qs.mdx

docs: added link to Java / Spring Boot sample app repo in developer quick start.

* removed space.

* trigger ci

Co-authored-by: taoism4504 <loann@hashicorp.com>
2022-04-06 16:37:02 -07:00
VAL 2113ae1021
Mount flag syntax to mitigate confusion from KV-v2 path discrepancies (#14807)
* Add explanation to help text and flag usage text

* KV get with new mount flag

* Clearer naming

* KV Put, Patch, Metadata Get + corresponding tests

* KV Delete, Destroy, Rollback, Undelete, MetadataDelete, MetadataPatch, MetadataPut

* Update KV-v2 docs to use mount flag syntax

* Add changelog

* Run make fmt

* Clarify deprecation message in help string

* Address style comments
2022-04-06 13:58:06 -07:00
Bryce Kalow d88c81d4f8
website: fix usages of img tag (#14910)
* fix usages of img tag and integrate dev-portal workflows

* Adjust Makefile
2022-04-05 16:57:37 -04:00
Scott Miller e37fa346bb
Docs improvements for Managed Keys (#14756)
* Add more color around managed keys in their concepts page, and create additional links between
the various docs pages related to them.

* Typos
2022-04-05 09:54:35 -05:00
John-Michael Faircloth 8be46438f5
docs: fix formatting on plugin upgrade page (#14874)
* docs: fix formatting on plugin upgrade page

* fix more formatting issues
2022-04-05 08:40:37 -05:00
Loann Le 1b62e17f89
changed reference from learn to tutorial (#14868) 2022-04-04 10:05:34 -07:00
Loann Le 0cb1705397
updated references from learn to tutorial (#14867) 2022-04-04 10:05:16 -07:00
Loann Le 90fdfa6b78
updated references from learn to tutorial (#14866) 2022-04-04 10:04:50 -07:00
Austin Gebauer 1c8c67ce78
docs: add known issue to 1.10 release notes (#14859) 2022-04-01 16:41:18 -07:00
Loann Le 1bde888f95
fixed a link issue (#14850) 2022-04-01 14:53:41 -07:00
Loann Le 3c00ed849c
modified text (#14854) 2022-04-01 14:53:32 -07:00
Loann Le 95555b9dd4
Vault documentation: changing references from learn to tutorial (#14844)
* changed learn to tutorial references

* changed learn to tutorial

* Update website/content/docs/plugins/plugin-portal.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/platform/aws/run.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-04-01 13:37:38 -07:00
John-Michael Faircloth 43e5d12ed0
docs: add plugin definitions to the glossary (#14795)
* docs: add plugin definitions to the glossary

* clarify multiplexed plugin glossary

* Update website/content/docs/glossary.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-04-01 10:37:34 -05:00
Loann Le 34f634eb9e
updated the ssct faq page (#14806) 2022-03-31 19:50:24 -07:00
Theron Voran 3a75683aa5
docs: vault-k8s v0.15.0 release (#14776)
New default agent-image and agent-inject-containers annotation.
2022-03-30 10:27:28 -07:00
Calvin Leung Huang 7ec5e711d0
docs: small heading fix on 1.10 release notes (#14716) 2022-03-29 15:24:33 -07:00
John-Michael Faircloth f1aa1ed3af
docs: fix plugin redirects and clarify plugin scaling (#14732)
* docs: fix plugin redirects

* update scaling external plugin text

* fix broken link in audit logs
2022-03-29 15:03:57 -05:00
Loann Le bd43500104
removed duplicate entry (#14758) 2022-03-29 10:38:30 -07:00
Loann Le 905150ac3c
Vault documentation: added new vault lambda extension doc (#14717)
* added new lambda extension doc

* Suggestion to split the commands into individual code block (#14719)

* Suggestion to split the commands into individual code block

* Update lambda-extension-cache.mdx

* Update lambda-extension-cache.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-03-27 15:19:42 -07:00
Austin Gebauer e5b614ed9b
docs: adds known issue for UI sign in using OIDC auth method (#14708) 2022-03-24 12:28:21 -07:00
Loann Le c4236d55ba
fixed spelling error (#14705) 2022-03-24 11:30:41 -07:00
Austin Gebauer 7aba55c87c
docs: fix formatting in upgrade guide notes for oidc provider (#14678) 2022-03-24 10:09:03 -07:00
Loann Le e607ffa216
incorporated feedback (#14692) 2022-03-24 08:29:21 -07:00
Loann Le 3ad9e80c33
fixed broken links (#14683) 2022-03-23 22:31:27 -07:00
Loann Le d2f07e7f38
Vault documentation: added known issues to 1.10.x upgrade guide (#14685)
* added known issues

* Update upgrade-to-1.10.x.mdx
2022-03-23 21:48:23 -07:00
Loann Le 59293712f2
add link to AAD (#14684) 2022-03-23 21:40:33 -07:00
Loann Le 8bf59fe575
Vault documentation: fixed release note version for 1.10.0 (#14680)
* fixed version number

* added redirect for rn
2022-03-23 19:19:20 -07:00
Austin Gebauer 858efb9b3b
identity/oidc: updates documentation for PKCE, client types, and default resources (#14636)
* identity/oidc: updates documentation for PKCE, client types, and default resources

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/secrets/identity/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Adds note to upgrade guide

* Update website/content/api-docs/secret/identity/oidc-provider.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* list default key details

* stronger emphasis in upgrade guide

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-03-23 10:22:57 -07:00
Austin Gebauer 5c2d5d9c8e
docs/db2: adds documentation reference to db2 learn tutorial (#14655) 2022-03-23 10:08:34 -07:00
Austin Gebauer 135e6ece40
docs/ssct: service side to server side (#14654) 2022-03-23 09:12:52 -04:00
mickael-hc f13b0a74c4
docs: provide mfa configuration guidance (#14649) 2022-03-22 16:51:41 -04:00
John-Michael Faircloth 15e693bf91
docs/multiplexing: overhaul plugin documentation (#14509)
* docs/multiplexing: overhaul plugin documentation

* update nav data

* remove dupe nav data

* add external plugin section to index

* move custom plugin backends under internals/plugins

* remove ref to moved page

* revert moving custom plugin backends

* add building plugins from source section to plug dev

* add mux section to plugin arch

* add mux section to custom plugin page

* reorder custom database page

* use 'external plugin' where appropriate

* add link to plugin multiplexing

* fix example serve multiplex func call

* address review comments

* address review comments

* Minor format updates (#14590)

* mv Plugins to top-level; update upgrading plugins

* update links after changing paths

* add section on external plugin scaling characteristics

* add updates on plugin registration in plugin management page

* add plugin learn resource

* be more explicit about mux upgrade steps; add notes on when to avoid db muxing

* add plugin upgrade built-in section

* add caveats to built-in plugin upgrade

* improvements to built-in plugin override

* formatting, add redirects, correct multiplexing use case

* fix go-plugin link

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* remove single item list; add link to Database interface

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-22 15:07:32 -05:00
Loann Le da93aff7d4
Vault documentation: added release notes for vault 1.10 (#14605)
* create release notes file

* added content for Tranform FPE

* fixed spelling errors

* modified content for scaling db plugins

* updated based on feedback

* more feedback

* removed integrated storage enhancements per feedback

* removed extra wording

* fixed broken link

* updated verbage for db2 support based on feedback

* added link to readme for caching

* fixed broken link

* fixed out of place text

* added another known issue

* modified text

* changed forward statement

* added note
2022-03-22 11:16:59 -07:00
Loann Le 2911dccf62
Vault documentation: added new client count faqs for vault 1.10 (#14608) 2022-03-22 11:10:51 -07:00
Yoko Hyakuna f374938d31
Fix broken links referencing to API docs (#14565)
* Fix all '/api/' to '/api-docs/'

* Minor fixes

* Undo some of the unintentional changes
2022-03-17 18:14:48 -07:00
Pratyoy Mukhopadhyay 9aafd29540
Add mount move concepts page, update api docs (#14544)
* Add mount move concepts page, update api docs

* some renaming and link fixing

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/mount-migration.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-17 14:06:35 -07:00
Loann Le 1ef5e40d6c
New server side consistent token faq for vault 1.10 (#14550)
* new ssct faq page

* provide links to faq

* provided lik to login mfa tutorial
2022-03-17 12:08:27 -07:00
Loann Le a588b06978
added note (#14556) 2022-03-17 10:31:32 -07:00
Jim Kalafut 9733e8b858
Rename master key -> root key in docs (#14542) 2022-03-16 22:01:38 -07:00
Loann Le 01570eaa3a
agent injector doc for 1-10 (#14548) 2022-03-16 17:09:04 -07:00
Loann Le 80c56225dc
new vault docs (#14546) 2022-03-16 16:29:56 -07:00
Benjamin Chrobot 267e202624
docs: add missing k8s verb (#12374) 2022-03-16 14:24:19 -05:00
Hridoy Roy 0dfabe7ade
Server Side Consistency Docs (#14392)
* partial docs

* remove unnecessary docs link

* move SSCT upgrade notes to 1.10 instead of 0.10

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* docs updates

* Update website/content/docs/configuration/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-16 10:20:12 -07:00
mickael-hc ada3d31dd1
update security model (#14482)
compromised clients are not part of vault's threat model
2022-03-15 16:27:41 -04:00
Pratyoy Mukhopadhyay d222981cec
Fixes from mount move testing (#14492)
* Add validation, fix docs

* add changelog

* fmt fix

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
2022-03-15 11:11:23 -07:00
Jason O'Donnell dd4a3b339e
auth/ldap: add username_as_alias config flag (#14324) 2022-03-15 10:21:40 -04:00
swayne275 ec4d013047
add tip for how to force a secrets engine disable (#14363)
* add tip for how to force a secrets engine disable

* add warning to force disable secrets instructions

* clean up wording

* add force secrets engine disable info to api doc

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* feedback updates

* impl taoism feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-11 11:43:59 -07:00
Guillaume 6178f4e060
Added Enigma Vault secret plugin. Designed to be simple but complete, a good starting point for plugin developers (#14389) 2022-03-11 08:33:48 -05:00
Nick Cabatoff 57c6064863
Update error codes that are retried. (#14447) 2022-03-10 15:09:45 -05:00
Peter-Gess 5497f5e8d2
Fixing typo from "fo" to "of" (#14445) 2022-03-10 11:56:28 -08:00
Nick Cabatoff 6fc5a5d165
Add a place for us to link to external plugin examples/guides. (#14414) 2022-03-10 14:29:29 -05:00
hghaf099 b358bd6ffa
remove mount accessor from MFA config (#14406)
* remove mount accessor from MFA config

* Update login_mfa_duo_test.go

* DUO test with entity templating

* using identitytpl.PopulateString to perform templating

* minor refactoring

* fixing fmt failures in CI

* change username format to username template

* fixing username_template example
2022-03-09 09:14:30 -08:00
Jan Klaas Kollhof 756d0f0750
fix spelling of identity (#14318) 2022-03-08 15:59:15 -08:00
hghaf099 0bf9a38b36
Login MFA docs (#14317)
* MFA config docs

* correcting some issues

* feedback

* add a note about deleting methods

* Login MFA docs

* rename and mdx

* adding missing docs nav data

* some fixes

* interactive login request

* Apply suggestions from code review

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* feedback

* feedback

* Apply suggestions from code review

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* feedback on mount accessor

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update login-mfa.mdx

Co-authored-by: Josh Black <raskchanky@gmail.com>
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-07 16:26:00 -05:00
Rachel Culpepper 8aa18a20a2
Vault-4964: Update Managed Key documentation for AWS KMS (#14378)
* Add documentation for Managed Keys

 - Add concept, sys/api and pki updates related to managed keys

* Review feedback

 - Reworked quite a bit of the existing documentation based on feedback
   and a re-reading
 - Moved the managed keys out of the concepts section and into the
   enterprise section

* Address broken links and a few grammar tweaks

* add documentation for AWS KMS managed keys

* a couple small fixes

* # Conflicts:
#	website/content/api-docs/secret/pki.mdx
#	website/content/api-docs/system/managed-keys.mdx
#	website/content/docs/enterprise/managed-keys.mdx

* docs updates

* # Conflicts:
#	sdk/version/version_base.go
#	vault/seal_autoseal_test.go
#	website/content/api-docs/system/managed-keys.mdx
#	website/content/docs/enterprise/managed-keys.mdx

* remove endpoint env var

* Document Azure Key Vault parameters for managed keys.

* docs changes for aws kms managed keys

Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
Co-authored-by: Victor Rodriguez <vrizo@hashicorp.com>
2022-03-07 14:22:42 -06:00
Pratyoy Mukhopadhyay a85d4fe128
[VAULT-5268] Add mount move docs (#14314)
* add mount move docs

* add missed word

* Update website/content/api-docs/system/remount.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* one clarification

* docs changes from feedback

* couple things i missed

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-04 14:38:15 -08:00
Scott Miller 423f1b949b
Clarify certificate storage in Vault clustering (#14055)
* Clarify certificate storage in Vault clustering

* no_store clarification

* Update docs again, with new understanding of LocalStorage
2022-03-04 14:50:53 -06:00
Jason O'Donnell 1199a7a9f5
docs: fix typo in CF auth ca maintenance (#14366) 2022-03-03 18:25:57 -05:00
Jamie Finnigan 003d8fb1fe
update vault login docs to cover stdin default (#14336) 2022-03-03 12:45:41 -05:00
Loann Le c7a0dd41ea
fixed broken link (#14305) 2022-02-28 11:49:25 -08:00
Robert 2ea8be0567
docs: consul secret engine improvements, database secrets engine disable_escaping parameter (#14260)
* Update consul secrets engine docs and api-docs
* Update databases secrets engine docs and api-docs
2022-02-25 17:43:18 -06:00
Jim Kalafut 75caf59093
Replace docs references to PUT with POST (#14270)
The operations are handled identically, but ~85% of the references were
POST, and having a mix of PUT and POST was a source of questions.

A subsequent commit will update the internal use of "PUT" such as by
the API client and -output-curl-string.
2022-02-25 06:52:24 -08:00
Tom Proctor 3668275903
Quit agent endpoint with config (#14223)
* Add agent/v1/quit endpoint
  * Closes https://github.com/hashicorp/vault/issues/11089
* Agent quit API behind config setting
* Normalise test config whitespace
* Document config option

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2022-02-25 10:29:05 +00:00
Austin Gebauer 4d94ba8e14
agent/azure: adds ability to use specific user-assigned managed identities for auto auth (#14214)
* agent/azure: adds ability to use specific user assigned managed identity for auto auth

* add changelog

* change wording in error and docs

* Update website/content/docs/agent/autoauth/methods/azure.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/agent/autoauth/methods/azure.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* docs formatting

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-02-23 11:43:36 -08:00
Robert 5f3b67675b
Clarify service_registration stanza version (#14213)
* Clarify when service_registraion was introduced

Resolves https://github.com/hashicorp/vault/issues/8768
Language is modeled after the nomad acl version limits

> ~> Version information ACLs are only available on Nomad 0.7.0 and above.

1e720054e5/website/pages/docs/secrets/nomad/index.mdx

* Update phrasing to clarify vault isn't rquired

* rephrase

* Rewording statements

Co-authored-by: Spencer Owen <owenspencer@gmail.com>
2022-02-23 10:18:52 -05:00
Theron Voran eea7fb947a
docs/vault-k8s: path for agent-inject-token (#14212)
State the path where the token can be found when injected with the
agent-inject-token annotation.
2022-02-22 22:03:05 -08:00
Romain Aviolat 7845567ee6
fix(doc): mention that leases can be revoked from the UI (#14205) 2022-02-22 18:04:37 -08:00
Nick Cabatoff 5fe1c16201
Remove support for etcd v2 storage backend. (#14193) 2022-02-22 16:48:04 -05:00
Pratyoy Mukhopadhyay 345857fa1b
[VAULT-1011] Update autoauth docs (#13883)
* Update autoauth docs

* Update website/content/docs/agent/autoauth/index.mdx

Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>

Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2022-02-22 10:04:23 -08:00
Theron Voran a14f19802d
Fix link to Kubernetes 1.21 section (#13960) 2022-02-18 16:43:18 -08:00
Alexander Scheel f0dc3a553f
Switch to secure signing algorithm for SSH secrets engine (#14006)
* Explicitly call out SSH algorithm_signer default

Related: #11608

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use rsa-sha2-256 as the default SSH CA hash algo

As mentioned in the OpenSSH 8.2 release notes, OpenSSH will no longer be
accepting ssh-rsa signatures by default as these use the insecure SHA-1
algorithm.

For roles in which an explicit signature type wasn't specified, we
should change the default from SHA-1 to SHA-256 for security and
compatibility with modern OpenSSH releases.

See also: https://www.openssh.com/txt/release-8.2

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update docs mentioning new algorithm change

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix missing parenthesis, clarify new default value

* Add to side bar

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-18 10:44:01 -05:00
Calvin Leung Huang c839fc78d8
auth/ldap: add resp warning if userfilter doesn't consider userattr (#14095)
* auth/ldap: add resp warning if userfilter doesn't consider userattr

* add changelog entry
2022-02-17 17:19:44 -08:00
Rémi Lapeyre 98b18ee08e
Add telemetry to Vault agent (#13675)
This patch adds a new /agent/v1/metrics that will return metrics on the
running Vault agent. Configuration is done using the same telemetry
stanza as the Vault server. For now default runtime metrics are
returned with a few additional ones specific to the agent:
  - `vault.agent.auth.failure` and `vault.agent.auth.success` to monitor
  the correct behavior of the auto auth mechanism
  - `vault.agent.proxy.success`, `vault.agent.proxy.client_error` and
  `vault.agent.proxy.error` to check the connection with the Vault server
  - `vault.agent.cache.hit` and `vault.agent.cache.miss` to monitor the
  cache

Closes https://github.com/hashicorp/vault/issues/8649

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-02-17 17:10:26 -08:00
Jordan Reimer b936db8332
Revert "MFA (#14049)" (#14135)
This reverts commit 5f17953b5980e6438215d5cb62c8575d16c63193.
2022-02-17 13:17:59 -07:00
Alexander Scheel 1996336481
Update repository links to point to main (#14112)
* Update repository links to point to main

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix broken link in relatedtools.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-02-17 14:30:56 -05:00
Chris Capurso 797f11b0e5
update G Suite to Google Workspace in docs (#14126)
* update G Suite to Google Workplace in docs

* fix Google Workplace to Workspace typo
2022-02-17 13:01:45 -05:00
Jordan Reimer 36ccfaa3aa
MFA (#14049)
* adds development workflow to mirage config

* adds mirage handler and factory for mfa workflow

* adds mfa handling to auth service and cluster adapter

* moves auth success logic from form to controller

* adds mfa form component

* shows delayed auth message for all methods

* adds new code delay to mfa form

* adds error views

* fixes merge conflict

* adds integration tests for mfa-form component

* fixes auth tests

* updates mfa response handling to align with backend

* updates mfa-form to handle multiple methods and constraints

* adds noDefault arg to Select component

* updates mirage mfa handler to align with backend and adds generator for various mfa scenarios

* adds tests

* flaky test fix attempt

* reverts test fix attempt

* adds changelog entry

* updates comments for todo items

* removes faker from mfa mirage factory and handler

* adds number to word helper

* fixes tests

* Revert "Merge branch 'main' into ui/mfa"

This reverts commit 8ee6a6aaa1b6c9ec16b985c10d91c3806819ec40, reversing
changes made to 2428dd6cca07bb41cda3f453619646ca3a88bfd0.

* format-ttl helper fix from main
2022-02-17 09:10:56 -07:00
Alexander Scheel 7278479856
Document vault write JSON request parameters (#14087)
As mentioned by Steve Clark. :-)

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-17 10:07:41 -05:00
Robert 91f5069c03
secret/consul: Add Consul ACL roles support (#14014)
Co-authored-by: Brandon Ingalls <brandon@ingalls.io>
2022-02-16 19:31:08 -06:00
Loann Le 8e504f59e8
Vault documentation: created new developer quick start guide (#14038)
* new developer quick start

* fixed typo

* fixed placement of guide

* modified descr

* Add Ruby quickstart code

* incorporated feedback

* spelling error

* changed word to caps

* Some format edits (#14065)

* Split install instructions into tabs (#14092)

Co-authored-by: Valerie Conklin <val@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-02-16 15:25:36 -08:00
Alexander Scheel dab1ac4650
Update plugin-portal.mdx (#13229) (#14108)
Add a Vault plugin to allow authentication via SSH certificates and public keys

Co-authored-by: Wim <wim@42.be>
2022-02-16 12:32:43 -08:00
Alex Cahn 42bdcf0657
Vault Integration Program Update (#14031)
* Updating badges

* Updates to the VIP page

Updates to the VIP page to add Enterprise Badges

* Updated Eco Diagram

* Update Eco Image

* Fixing the images

* Fixing Badge Placement

* centering the badges

* Centering the badges - again

* Update website/content/docs/partnerships.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/partnerships.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update partnerships.mdx

* trigger ci

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2022-02-15 11:19:51 -08:00
VAL 772cfcab91
Typo and clarity fixes (#14081) 2022-02-15 10:43:49 -08:00
Victor Rodriguez 5ad48fc1c2
Restore tidy-status documentation. (#14075)
Restore tidy-status documentation.

Fixes VAULT-5113.
2022-02-15 11:04:21 -05:00
Victor Rodriguez 88e02feab0
Remove documentation for upcoming /pki/tidy-status endpoint. (#14044)
The documentation will be released along with the feature.
2022-02-14 15:41:50 -05:00
Chris Capurso f9e9b4d327
Add sys/version-history endpoint and associated command (#13766)
* store version history as utc; add self-heal logic

* add sys/version-history endpoint

* change version history from GET to LIST, require auth

* add "vault version-history" CLI command

* add vault-version CLI error message for version string parsing

* adding version-history API and CLI docs

* add changelog entry

* some version-history command fixes

* remove extraneous cmd args

* fix version-history command help text

* specify in docs that endpoint was added in 1.10.0

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* enforce UTC within storeVersionTimestamp directly

* fix improper use of %w in logger.Warn

* remove extra err check and erroneous return from loadVersionTimestamps

* add >= 1.10.0 warning to version-history cmd

* move sys/version-history tests

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-02-14 15:26:57 -05:00
Jim Kalafut 0712ef13fc
Allow auto-detection of AWS region when using the vault CLI (#14051) 2022-02-14 12:01:27 -08:00
Loann Le f78d82ebe1
Vault documentation: added new warning to listener stanza parameters (#14036)
* added a new warning

* Update website/content/docs/configuration/listener/tcp.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* fixed word tense

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-02-14 08:54:43 -08:00
Loann Le 296fee0193
changed to upper-case for integrated storage (#14037) 2022-02-14 08:38:06 -08:00
Jason O'Donnell b686d727a9
docs/azure: add note about identities (#14020) 2022-02-11 17:09:35 -05:00
Yoko Hyakuna 4ac997561f
Add 'Integrated Storage vs. Consul' comparison (#13999)
* Add IS vs. external storage section

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Add a cross-referencing link

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/concepts/storage.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Incorporate review feedback

* Incorporate review feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>
Co-authored-by: David Adams <daveadams@gmail.com>
2022-02-11 08:07:35 -08:00
Shohei Maeda 4073f6663b
KV v2 doc - fix format and update examples (#14003) 2022-02-10 13:20:36 -08:00
Loann Le c360d5ad45
fixed steps (#13993) 2022-02-09 17:25:33 -08:00
Loann Le bfd49bc16d
added link to hcpv docs (#13992) 2022-02-09 16:15:17 -08:00
EsbenDalgaard 2489c958f5
Update approle.mdx (#13967) 2022-02-09 18:22:10 -05:00
Ray Ryjewski 571804390e
Update gcp.mdx (#13438)
Updated the example for oauth.  In my testing I had to use the project-id for both the project attribute as well as within the bindings attribute.
2022-02-09 12:09:01 -08:00
Niklas Wagner 8199437a4b
Fix Environment Variables in Kubernetes config (#13969)
The Environment Variables seems wrong as you can see:
$ echo "https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT"
https://172.20.0.1:tcp://172.20.0.1:443
2022-02-09 11:16:33 -08:00
Loann Le 622c24f60f
Vault documentation: Updated Licensing FAQ page (#13959)
* updated license faq doc

* fixed typo

* Update website/content/docs/enterprise/license/faq.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faq.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* fixed spelling error

* removed a step and added a new one

* fixed note

* added a new link to TDE

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-02-09 11:14:36 -08:00
Samori Gorse 0f588bc159
Formatting touch ups on storage/dynamodb.mdx (#13948)
Following my previous fix, those are some small formatting touch ups.
2022-02-09 10:36:09 -08:00
Alexander Scheel 386ef0eb6b
Add clarification around vague "this" references (#13968)
* Clarify subject of this w.r.t. TLS configuration

Thanks to @aphorise for pointing this out internally.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in secrets/gcp docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in secrets/aws docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in secrets/database/oracle.mdx

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in seal/pkcs11 docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in agent/autoauth docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-09 13:02:44 -05:00
Loann Le 2b66cca52d
Vault documentation: added a warning message to vault ui browser support doc (#13961)
* added a warning about using ie browswer

* added Vault UI at the end
2022-02-09 09:10:24 -08:00
Andy Assareh c292dbaf4d
mysql is also supported for transform external storage (#13104)
per https://www.vaultproject.io/api/secret/transform#driver and https://www.vaultproject.io/docs/secrets/transform/tokenization#external-sql-stores
2022-02-08 16:40:58 -08:00
Steven Clark 12b0e2a56b
Add documentation for Managed Keys (#13856)
* Add documentation for Managed Keys

 - Add concept, sys/api and pki updates related to managed keys

* Review feedback

 - Reworked quite a bit of the existing documentation based on feedback
   and a re-reading
 - Moved the managed keys out of the concepts section and into the
   enterprise section

* Address broken links and a few grammar tweaks
2022-02-08 14:01:19 -05:00
Austin Gebauer 5804da7490
auth/okta: documentation improvements (#13944) 2022-02-08 09:21:19 -08:00
Scott Miller f226d0103f
Add duration/count metrics to PKI issue and revoke flows (#13889)
* Add duration/count metrics to PKI issue and revoke flows

* docs, changelog

* tidy

* last tidy

* remove err

* Update callsites

* Simple returns

* Handle the fact that test cases don't have namespaces

* Add mount point to the request

* fmt

* Handle empty mount point, and add it to unit tests

* improvement

* Turns out sign-verbatim is tricky, it can take a role but doesn't have to

* Get around the field schema problem
2022-02-08 10:37:40 -06:00
cr48 1a4dc03bf7
Typo: Corrected same typo in 2 locations (on-premise to on-premises) (#13402)
* Fixed 2 typos on-premise to on-premises.

* Added changelog file.

* Removed 13402.txt file from changelog.

* Update website/content/docs/secrets/terraform.mdx

Co-authored-by: hghaf099 <83242695+hghaf099@users.noreply.github.com>
2022-02-07 18:59:46 -05:00
Loann Le f85945d3aa
Vault documentation: updated What is a Client section (#13816)
* updated client doc

* fixed heading
2022-02-07 09:05:10 -08:00
Jason O'Donnell 7145fe49ff
docs/oracle: add wallet permissions example (#13924)
* docs/oracle: add wallet permissions example

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2022-02-07 11:17:33 -05:00
Samori Gorse b2e3745837
typo: Updated terraform example (#13401)
The terraform example had a couple of issues:

- Tags was missing a `=`
- Attribute list is not supported
2022-02-04 13:08:16 -08:00
Chris Jones b97a1b3157
Add iam:GetUser permission to the example. (#13316)
Without `iam:GetUser` permission, I wasn't able to get Vault to rotate its own credentials.
2022-02-04 13:07:26 -08:00
mairandomness bc74650b98
Update delete.mdx (#13148)
Adding a note on the parameter necessary for deletion on a key deletion example seems like a good idea.
From my limited research I found other people that had trouble finding the relevant part of the documentation.
Though I'm not sure this is the best wording or formatting for it.
2022-02-04 10:13:24 -08:00
Maha Sharabinth c30fa154ff
Add a Rekey Example When Auto Unseal is Used (#13139)
Added an example to explicitly show how to perform a Rekey operation when the Vault cluster is using Auto Unseal.  This is placed as the second example. 
The existing example code combines with the PGP keys so added a simple example without the PGP keys.
2022-02-04 10:43:33 -05:00
Theron Voran c01b9915b1
docs/helm: fix duplicate ingress tls section (#13790)
Combined the two Ingress sections into one, hopefully in the right
spot this time.
2022-02-03 22:48:23 -08:00
Mark Lewis 919c197fe9
Update index.mdx (#12936)
Tidy a couple of bullets.
2022-02-03 17:49:46 -08:00
Tom Proctor fce9c92c5b
Update k8s auth long-lived token instructions (#13852) 2022-01-31 23:16:01 +00:00
Anoop Vijayan Maniankara f5b9aefd1e
Update mssql.mdx with typo error (#13527)
user sa -> vaultuser
2022-01-31 14:56:37 -05:00
Sebastien Rosset fd209183d1
Update upgrade-to-1.3.10.mdx (#12341)
The upgrade guide indicates the upgrade path between two identical versions (1.3.10). Presumably you meant compared to 1.3.9?
2022-01-28 09:27:23 -08:00
Austin Gebauer 17b2e0d259
auth/oidc: Documentation updates for Azure AD applications (#13819) 2022-01-28 08:34:36 -08:00
Steven Clark 69ac11a564
Documentation updates for new keys for PKCS#11 unsealing (#13814)
* Document new force_rw_session parameter within pkcs11 seals

* documentation for key_id and hmac_key_id fields

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/seal/pkcs11.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: rculpepper <rculpepper@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-01-28 11:25:02 -05:00
mickael-hc 45875e2e9d
docs: add cluster-to-cluster communications to external threat overview (#13805) 2022-01-28 10:15:22 -05:00
Scott Miller 86175b2e82
Add notes on the PKI cert generation forwarding regression (#13815)
* Add notes on the PKI cert generation forwarding regression

* content

* typo

* iterate

* extra space
2022-01-27 16:36:50 -06:00
Scott Miller 743b0e1905
Clarify that backend authors can specify that all or no values are sealwrapped (#13813)
* Clarify that backend authors can specify that all or no values are sealwrapped rather than the vague statement that all values _may_ be seal wrapped

* typo
2022-01-27 15:30:55 -06:00
Rosemary Wang e1165737dc
Update CSI provider installation on OpenShift (#13763)
Include recommendation to use Vault agent injector on OpenShift
instead of CSI due to production security constraints.
Additional instructions included for testing and development
clusters.
2022-01-26 07:44:15 -08:00
mickael-hc 3a1a8c4cbf
Fix limits docs to reflect listener variable name (#13776) 2022-01-25 16:45:56 -05:00
Loann Le 02074f40e7
added missing title (#13775) 2022-01-25 10:19:10 -08:00
Caleb Lemoine f03a176ac3
docs: add vault-plugin-secrets-jenkins to plugin portal page (#13531)
Signed-off-by: circa10a <caleblemoine@gmail.com>
2022-01-24 19:36:42 -08:00
Theron Voran a0ccdfcdb1
docs/k8s: Updates for vault-k8s 0.14.2 and vault-helm 0.19.0 (#13748)
Updated vault and chart versions, and some formatting from the
pre-commit hook. Also updated chart values.
2022-01-24 15:25:52 -08:00
James Bayer 2d3db5ce78
Updated spelling (#13751) 2022-01-24 14:38:13 -08:00
Loann Le 5bc0c1b3c0
fixed typo (#13740) 2022-01-21 11:12:01 -08:00
Mike Green 364d7a9be1
Add algo signer to support openssl as of recent (#12438)
"algorithm_signer": "rsa-sha2-256"
to prevent /var/log/auth.log `userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]` due to vault defaulting to ssh-rsa which is insecure
2022-01-19 15:37:00 -08:00
Calvin Leung Huang bd25ed1294
docs: add known issues section to 1.9.x upgrade guide (#13662)
* docs: add known issues section to 1.9.x upgrade guide

* minor rephrasing on oidc known issue

* use relative references for URLs

* Update website/content/docs/upgrading/upgrade-to-1.9.x.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* update known issues section for id token

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-01-19 11:21:10 -08:00
Jason O'Donnell 17ca494be3
docs/oracle: fix typo in connection_url example (#13708) 2022-01-19 11:59:30 -05:00
Tony Pulickal 908a1c1178
Update http requests API link to versioned docs (#13692) 2022-01-18 14:16:02 -05:00
Tero Saarni e2b17ca96b
auth/kubernetes: support for dynamically reloading short-lived tokens (#13595)
* auth/kubernetes: support for short-lived tokens

* Uplift new version of Kubernetes auth plugin that does not store the
  service account token persistently to Vault storage.

* Update the documentation to recommend local token again when running
  Vault inside cluster.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* Added changelog entry

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* clarification to changelog entry, executed go mod tidy

* clarifications and added targeted release version
2022-01-14 19:55:15 -08:00
Jason O'Donnell 33b9db2d26
docs: update oracle tls examples (#13659)
* docs: update oracle tls examples

* Add warnings

* Add notes

* Add missing note
2022-01-14 10:03:58 -05:00
Austin Gebauer 691e440fac
auth/azure: Documents config env vars and fixes resource used in examples (#13641) 2022-01-13 10:41:40 -08:00
Austin Gebauer e5dd039c4f
secrets/keymgmt: Adds documentation for using Azure Private Link (#13640) 2022-01-13 10:41:05 -08:00
Loann Le 492eb0a2d6
Vault documentation: updated client count FAQ (#13633)
* include nomad vault question

* added link
2022-01-13 08:56:58 -08:00
Chris Capurso d52d69e4bb
Add HTTP PATCH support for KV key metadata (#13215)
* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* add kv metadata patch command

* add changelog entry

* success tests for kv metadata patch flags

* add more kv metadata patch flags tests

* add kv metadata patch cas warning test

* add kv-v2 key metadata patch API docs

* add kv metadata patch to docs

* prevent unintentional field overwriting in kv metadata put cmd

* like create/update ops, prevent patch to paths ending in /

* fix kv metadata patch cmd in docs

* fix flag defaults for kv metadata put

* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* fix TestKvMetadataPatchCommand_Flags test

* doc fixes

* go get vault-plugin-secrets-kv@master; go mod tidy
2022-01-12 12:05:27 -05:00
Nick Cabatoff 150b1ac67a
Clarify the distinction between token and identity policies. (#13614) 2022-01-11 09:01:43 -05:00
Nick Cabatoff 3828d4bf9d
Note that api_addr and cluster_addr can use go-sockaddr templates. (#13592) 2022-01-10 09:06:30 -05:00
Saru Thuraiman e3426c238f
Add missing word "database" in docs (#13571)
* Update README.md

Add missing word database

* Update what-is-vault.mdx

Add missing "database" keyword.

* Update README.md

* Update what-is-vault.mdx

* Update website/content/docs/what-is-vault.mdx

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-01-07 09:21:37 -08:00
Jason O'Donnell 1cc5e8d44d
docs: fix typo in azure auth debug log mode (#13593) 2022-01-07 11:33:53 -05:00
mickael-hc 82e6f2bbd2
docs: update GitHub auth method docs and security model (#13572)
Provide changes based on recent audit feedback: describe risks of third party authentication systems and plugins.
2022-01-05 09:23:55 -08:00
Dave D'Amico 1b538e584b
corrected name and added link (#13562) 2022-01-04 14:29:59 -08:00
raakatz 86ac6c2996
Fix a sentence in architecture.mdx (#13539)
The words "can be" were missing
2022-01-03 16:38:39 -08:00