Commit graph

399 commits

Author SHA1 Message Date
Jeff Mitchell 801e531364 Enhance transit backend:
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
2015-09-18 14:41:05 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint.
Fixes #620.
2015-09-17 13:22:30 -04:00
Jonathan Klein dff6e468f9 Grammar fix 2015-09-15 15:53:27 -04:00
Jeff Mitchell 538852d6d6 Add documentation for cubbyhole 2015-09-15 13:50:37 -04:00
vishalnayak 142cb563a6 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Jeff Mitchell ace611d56d Address items from feedback. Make MountConfig use values rather than
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
Jeff Mitchell 488d33c70a Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell 4239f9d243 Add DynamicSystemView. This uses a pointer to a pointer to always have
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell f4239556d2 Merge pull request #508 from mfischer-zd/webdoc_environment
docs: Document environment variables
2015-09-09 11:29:10 -04:00
Jeff Mitchell 1a8bcfe18d Merge pull request #592 from blalor/patch-1
Remove unused param to 'vault write aws/roles/deploy'
2015-09-09 11:28:15 -04:00
Michael S. Fischer 24a5127fab docs: Document environment variables 2015-09-08 11:59:58 -07:00
Neo 4e3e9c38a2 Typo fix 2015-09-08 02:43:01 +02:00
Brian Lalor 2ae48fa586 Remove unused param to 'vault write aws/roles/deploy'
The name is taken from the path, not the request body.  Having the duplicate key is confusing.
2015-09-06 06:57:39 -04:00
Armon Dadgar 4eaacaf546 Merge pull request #590 from MarkVLK/patch-1
Update mysql docs markdown to fix grammar error
2015-09-04 19:13:50 -07:00
MarkVLK fae51d605f Update transit docs markdown to add missing word
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
2015-09-04 17:11:34 -07:00
MarkVLK cd292d5372 Update mysql docs markdown to fix grammar error
Changed "... used to **generated** those credentials" to "... used to **generate** those credentials."
2015-09-04 17:05:45 -07:00
Seth Vargo 6f248425a6 Update documentation around cookies 2015-09-03 10:36:59 -04:00
Vishal Nayak d4609dea28 Merge pull request #578 from hashicorp/exclude-cidr-list
Vault SSH: Added exclude_cidr_list option to role
2015-08-28 07:59:46 -04:00
vishalnayak b12a2f0013 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
Jeff Mitchell a4fc4a8e90 Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470. 2015-08-27 12:24:37 -07:00
vishalnayak fbff20d9ab Vault SSH: Docs for default CIDR value 2015-08-27 13:10:15 -04:00
vishalnayak 702a869010 Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
Jeff Mitchell 8669a87fdd When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes. 2015-08-26 07:59:50 -07:00
Jeff Mitchell b940d214bd Merge pull request #568 from ctennis/add_some_s3_info
Make it clear for physical S3 backend we support instance profiles as well.
2015-08-26 09:03:38 -04:00
Jeff Mitchell cc232e6f79 Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell 0b580d0521 Update website documentation for init and rekey with secret_pgp_keys API option 2015-08-25 14:52:13 -07:00
Caleb Tennis 6c30f9a0f9 Make it clear we support instance profiles as well, the existing docs seem to indicate static credentials are required 2015-08-25 06:47:07 -07:00
Armon Dadgar 88a7b57491 Merge pull request #558 from captainill/master
make sure header is below clickable area that hides sidebar
2015-08-21 10:21:40 -07:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 0fa783f850 Update help text for TTL values in generic backend 2015-08-20 17:59:30 -07:00
captainill ad9e00b166 make sure header is below clickable area that hides sidebar 2015-08-20 17:22:48 -07:00
Jeff Mitchell b57ce8e5c2 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
Fixes #528.
2015-08-20 16:41:25 -07:00
Vishal Nayak beca9f1596 Merge pull request #385 from hashicorp/vishal/vault
SSH Secret Backend for Vault
2015-08-20 10:03:15 -07:00
Bernhard K. Weisshuhn 86cde438a5 avoid dashes in generated usernames for cassandra to avoid quoting issues 2015-08-20 11:15:28 +02:00
vishalnayak 76ed3bec74 Vault SSH: 1024 is default key size and removed 4096 2015-08-19 12:51:33 -07:00
vishalnayak 1f5062a6e1 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-19 12:16:37 -07:00
David Winterbottom 9fd6837d7b Fix typo in ACL doc 2015-08-19 07:36:16 +01:00
Armon Dadgar f351cd5ee0 Merge pull request #531 from mfischer-zd/fix_doc_tls
Clarify availability of tls_min_version
2015-08-18 19:01:28 -07:00
vishalnayak b5cda4942b Vault SSH: doc update 2015-08-18 11:50:32 -07:00
vishalnayak b91ebbc6e2 Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak 9db318fc55 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
Michael S. Fischer 0e0cdeed75 Clarify availability of tls_min_version
`tls_min_version` doesn't work in the current Vault release;
make that clear.
2015-08-13 08:35:09 -07:00
vishalnayak 93dfa67039 Merging changes from master 2015-08-12 09:28:16 -07:00
vishalnayak 0abf07cb91 Vault SSH: Website doc v1. Removed path_echo 2015-08-12 09:25:28 -07:00
Erik Kristensen 2233f993ae initial pass at JWT secret backend 2015-08-06 17:49:44 -06:00
Armon Dadgar f58f46c243 Merge pull request #439 from geckoboard/feature-tls-mysql
Using SSL to encrypt connections to MYSQL
2015-08-05 14:52:43 -07:00
Armon Dadgar 4d08cfdf6f Merge pull request #469 from kgutwin/f-config-defaultlease
Add configuration options for default lease duration and max lease duration
2015-08-04 10:06:41 -07:00
Vivien Schilis 9db7426002 Add documentation for the tls_ca_file option 2015-08-04 05:10:33 +00:00
Rusty Ross 719ac6e714 update doc for app-id
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
2015-08-03 09:44:26 -07:00
Armon Dadgar 473668a1a0 Merge pull request #482 from chiefy/master
Adding vaulted nodejs library to libraries section in docs.
2015-07-31 15:13:44 -07:00