Commit graph

2783 commits

Author SHA1 Message Date
Jeff Mitchell 2a8e510a27 Document disable_performance_standby 2018-08-28 12:09:13 -04:00
Chris Hoffman c81efa0fa2
fixing link 2018-08-28 07:19:35 -04:00
Dan Brown 9954bddcf0 Add Deployment Guide, links and reformat Ref Arch (#5041)
* Add Deployment Guide, links and reformat Ref Arch

* Improve systemd service file and links
2018-08-28 04:53:36 -06:00
Jeff Mitchell efadc93c4a Update version numbers 2018-08-28 02:41:24 -04:00
Jim Kalafut abe86a48f4 Fix Azure Secrets API example 2018-08-27 20:44:00 -06:00
Austin Workman e8991e8fe9 Adding documentation clarifying oracle plugin setup and requirements (#5183) 2018-08-25 12:27:13 -07:00
Becca Petrin 55b3dfbcc0
use ldaps in docs (#5180) 2018-08-24 10:36:20 -07:00
Laura Gjerman-Uva 70bf87c25b Update ad/creds/:rolename endpoint to include the table with method/path for consistency/clarity. Also, remove payload.json from example, since this endpoint doesn't take a payload. (#5172) 2018-08-24 09:19:51 -07:00
Chris Hoffman e6abba9558
Revert "Add Configuration Builder and Better Download page" (#5171) 2018-08-23 19:34:50 -04:00
Jim Kalafut 7eb0403ad2
Fix Azure Secrets docs error 2018-08-23 14:27:47 -07:00
Joshua Ogle 6819af20b5
Merge branch 'master' into oss-download-config-path 2018-08-23 14:01:39 -06:00
Jeff Mitchell ba0d029247
Restricts ACL templating to paths but allows failures (#5167)
When a templating failure happens, we now simply ignore that path,
rather than fail all access to all policies
2018-08-23 12:15:02 -04:00
Chris Hoffman d736324b50 Docs: ACL Templating (#5159) 2018-08-23 10:05:44 -04:00
Jim Kalafut 18b21275d9 Fix docs typos (#5158) 2018-08-22 18:26:48 -04:00
Greg Oledzki d5a3010498 Update delete.html.md (#5155)
Minor typo in `delete` command docs
2018-08-22 11:26:21 -07:00
Becca Petrin fb6a06a3fe
Alibaba auth docs (#5132) 2018-08-22 10:23:33 -07:00
Chris Hoffman 52af323257
fixing feature name 2018-08-22 11:41:28 -04:00
Chris Hoffman b1c5e1f91c
fixing feature name 2018-08-22 11:40:48 -04:00
Hugo Wood 203269a5d4 JWT/OIDC documentation fixes (#5157)
* Fix argument name in JWT/OIDC login CLI example

* Fix groups_claim documented as required when creating roles for JWT/OIDC
2018-08-22 10:44:08 -04:00
Stenio Ferreira 8dfedb2693 Fixed a typo in the Namespaces guide (#5151) 2018-08-21 13:33:40 -07:00
Jeff Mitchell e58a8a63a7
Add the ability to specify token CIDR restrictions on secret IDs. (#5136)
Fixes #5034
2018-08-21 11:54:04 -04:00
Jeff Mitchell 051bb9fc13
Two PKI improvements: (#5134)
* Disallow adding CA's serial to revocation list
* Allow disabling revocation list generation. This returns an empty (but
signed) list, but does not affect tracking of revocations so turning it
back on will populate the list properly.
2018-08-21 11:20:57 -04:00
Gerardo Rodriguez 43c733b460 Edit, missing "to" (#5147) 2018-08-21 11:09:41 -04:00
Chris Hoffman 4d574c1d6c
adding namespace docs (#5133) 2018-08-17 12:17:11 -04:00
Chris Hoffman d25b7fa477
Add additional clarification 2018-08-17 08:55:49 -04:00
Raja Nadar 797141f8ae vaultsharp - multi platform capabilities (#5127) 2018-08-17 08:47:16 -04:00
Yoko 56636735bc [Guide] Multi-Tenant Pattern with ACL Namespaces (0.11) (#5103)
* WIP - ACL Namespace

* WIP - ACL Namepaces

* WIP

* WIP

* WIP

* WIP

* WIP

* Added UI screenshots

* Added summary at the end

* Added the Web UI steps in Step 5

* Update multi-tenant.html.md

Updated text to ensure that we use the final "ship" name of namespaces (namespaces vs. ACL Namespaces) and introduced some industry-specific terminology (highlighting this is about Secure Multi-Tenancy)
2018-08-16 16:51:53 -07:00
Andy Manoske 50edc43df0
Merge pull request #5112 from hashicorp/namespaces-docs
Merge for Beta Launch
2018-08-16 15:36:43 -07:00
Chris Hoffman b18d9cc830
doc updates 2018-08-16 17:59:39 -04:00
Brian Kassouf bf77a69f4d
Update upgrade-to-0.11.0.html.md 2018-08-16 14:29:18 -07:00
Brian Kassouf 95800f76b0
Add upgrade notes (#5125) 2018-08-16 14:22:27 -07:00
Andy Manoske 8ef8da0886
Update docs.erb 2018-08-16 13:44:13 -07:00
Andy Manoske de52752e86
Update index.html.md
Updated to include Yoko's guide URL
2018-08-16 13:38:24 -07:00
Clint 96d8bd4bf7 [WIP] Support custom max Nomad token name length [supersedes https://github.com/hashicorp/vault/pull/4361] (#5117)
* Nomad: updating max token length to 256

* Initial support for supporting custom max token name length for Nomad

* simplify/correct tests

* document nomad max_token_name_length

* removed support for max token length env var. Rename field for clarity

* cleanups after removing env var support

* move RandomWithPrefix to testhelpers

* fix spelling

* Remove default 256 value. Use zero as a sentinel value and ignore it

* update docs
2018-08-16 15:48:23 -04:00
Jim Kalafut 4ced3b0f77
Initial Azure Secrets docs (#5121) 2018-08-16 12:10:56 -07:00
brianvans f79385346f Add ha_enabled for mysql backend (#5122)
* Slight cleanup around mysql ha lock implementation

* Removes some duplication around lock table naming
* Escapes lock table name with backticks to handle weird characters
* Lock table defaults to regular table name + "_lock"
* Drop lock table after tests run

* Add `ha_enabled` option for mysql storage

It defaults to false, and we gate a few things like creating the lock
table and preparing lock related statements on it
2018-08-16 11:03:16 -07:00
Yamamoto, Hirotaka 6673e579a0 [etcd] fix the deafult prefix in website (#5116)
etcd storage stores all Vault data under a prefix.
The default prefix is "/vault/" according to source codes.

However, the default prefix shown in the website is "vault/".
If the access to etcd is restricted to this wrong prefix, vault
cannot use etcd.
2018-08-16 10:38:11 -04:00
Joel Thompson 0941c7a24a Make AWS credential types more explicit (#4360)
* Make AWS credential types more explicit

The AWS secret engine had a lot of confusing overloading with role
paramemters and how they mapped to each of the three credential types
supported. This now adds parameters to remove the overloading while
maintaining backwards compatibility.

With the change, it also becomes easier to add other feature requests.
Attaching multiple managed policies to IAM users and adding a policy
document to STS AssumedRole credentials is now also supported.

Fixes #4229
Fixes #3751
Fixes #2817

* Add missing write action to STS endpoint

* Allow unsetting policy_document with empty string

This allows unsetting the policy_document by passing in an empty string.
Previously, it would fail because the empty string isn't a valid JSON
document.

* Respond to some PR feedback

* Refactor and simplify role reading/upgrading

This gets rid of the duplicated role upgrade code between both role
reading and role writing by handling the upgrade all in the role
reading.

* Eliminate duplicated AWS secret test code

The testAccStepReadUser and testAccStepReadSTS were virtually identical,
so they are consolidated into a single method with the path passed in.

* Switch to use AWS ARN parser
2018-08-16 06:38:13 -04:00
Andy Manoske bd4c047713
Update index.html.md 2018-08-15 17:44:36 -07:00
Andy Manoske 9d41d4c407
Update index.html.md 2018-08-15 17:44:00 -07:00
Clint 48e5c71b33 Update apis.html.md (#5071)
We disable TLS for example purposes, not exemplary purposes 😄
2018-08-15 19:41:29 -04:00
Christoph Ludwig 24a368c1ba Add support for "sovereign" Azure cloud environments (#4997)
* Add support for "sovereign" Azure cloud environments

* Shorten variable names
2018-08-15 19:40:36 -04:00
Andy Manoske 0a71ea9a58
Create index.html.md 2018-08-15 15:27:11 -07:00
RichardWLaub 8d7a983bba Update usage section for kv-v1 docs (#5105)
While following along with the usage section in the kv-v1 docs I noticed this error.
Running the given command gives:

```text
$ vault kv list kv/my-secret
No value found at kv/my-secret/
```

Running `vault kv list kv/` gives the desired output. 

Also, I removed some trailing whitespace.
2018-08-15 10:57:36 -07:00
Seth Vargo 324c8fab24 Fix docs typo (service-account => service_account) (#5102)
Fixes hashicorp/vault-plugin-auth-gcp#47
2018-08-14 15:46:41 -07:00
Gerald 9192bd6b07 Add ttl params into csr signing docs (#5094) 2018-08-13 23:38:03 -04:00
Yoko 1395d6ea1a
[Guide] Control Groups (#5072)
* Control Group guide

* Fixed user policy list

* Fixed a typo

* Replaced the wrong screenshot

* Added missing period
2018-08-13 14:51:32 -07:00
Frank Allenby ddc77d62f0 Added a link to the "previous section" mentioned (#5018)
This is for clarity since I had to check back to remember where it was mentioned.
2018-08-13 17:13:42 -04:00
Jim Kalafut 3822e2997b
Clarify "Commands" docs (#5092)
Fixes #4890
2018-08-13 14:09:48 -07:00
Nándor István Krácser b9fab6375b Alibaba Object Storage support (#4783) 2018-08-13 17:03:24 -04:00
Michael Schuett 63e7ac034f MySQL HA Backend Support (#4686) 2018-08-13 17:02:31 -04:00
Jim Kalafut 92f0e1a39e Revert "Add ttl parameter to pki api docs (#5063)"
This reverts commit 7824826ca72c503677559cf9e5c1a7193433b34a.
2018-08-13 09:34:05 -07:00
Yoko 140e3d5402
[Guide] Vault Cluster Monitoring Guide (#5084)
* Vault cluster monitoring guide

* Updated the download link

* Fixed broken link
2018-08-10 13:52:02 -07:00
Jim Kalafut aa8dac9bd2
Add RDS notes to MSSQL docs (#5062) 2018-08-10 08:52:21 -07:00
Jeff Mitchell 65d2cc768c Website typo fix 2018-08-08 15:53:40 -04:00
Jim Kalafut 7b7f1cc7ff
Add ttl parameter to pki api docs (#5063) 2018-08-08 09:12:14 -07:00
Conor Mongey 5454c15a7e Fix typo: Consult Template -> Consul Template (#5066) 2018-08-08 09:01:45 -07:00
Ian Grayson 931c289b95 Update policies.html.md (#5007)
Allow admins to run CLI: `vault secrets list`
2018-08-07 10:35:23 -07:00
Jeff Escalante 2a21e85580 html syntax corrections (#5009) 2018-08-07 10:34:35 -07:00
Rob ca3aa1f36b Update dev-server.html.md (#5035)
The instructions were in backwards order. #3591
2018-08-07 10:33:30 -07:00
Yoko 3ae63b06d7
Typo fix (#5052) 2018-08-06 15:50:39 -07:00
Yoko ef6579fed5
[Guide] Sentinel Policies (#5049)
* Sentinel policies guide

* Typo fix
2018-08-06 15:39:32 -07:00
Yoko 06491fa6a6
[Guide] SSH Secrets Engine (#5022)
* OTP SSH guide

* Fixed the required policy

* Added the step to restart the SSH server

* Update ssh-otp.html.md

Just a few edits to highlight its cloud context. Looks great otherwise!
2018-08-06 15:04:24 -07:00
Yoko fee3c2072d
[Guide] Build Your Own CA Guide (#4995)
* WIP

* WIP

* WIP - Jake's PKI demo

* WIP

* PKI secret engine guide

* Added little more description about role

* Added tidy step

* Fixed a broken link
2018-08-06 14:42:46 -07:00
Joshua Ogle 3975a2cddc Better OS highlighting 2018-08-06 12:30:31 -06:00
Joshua Ogle f0f4097470 Javascript refactor for configuration builder 2018-08-06 11:55:36 -06:00
Joshua Ogle c7bd0145c0 Better JavaScript line wrapping in configuration 2018-08-03 23:37:58 -06:00
Joshua Ogle c4ef5fdece JS Feedback fixes, make UI default on click 2018-08-03 22:57:17 -06:00
Joshua Ogle e7bd3efc04
Merge branch 'master' into oss-download-config-path 2018-08-03 16:53:45 -06:00
Chris Hoffman 59a0099f89 Add Configuration Builder and Better Download page
- Make Download Link more prominent on home page
- Add UI Demo link to home page
- Download page now suggests download based on your current system
- Added links for next steps
- Added configuration builder form, including downloading your custom config
2018-08-03 16:31:22 -06:00
Olivier Lemasle fcb82c2444 Fix two errors in docs (#5042)
Two small errors in documentation
2018-08-03 14:26:46 -07:00
Jim Kalafut 8e91555807 Fix docs sidebar layout 2018-08-03 09:15:45 -07:00
Jason Martin df3e3ba43d Fix typo in the AWS STS AssumeRole docs. (#5032) 2018-08-02 22:57:24 -07:00
Gerald 43183af2c8 Fix gcp auth method link (#5030) 2018-08-02 22:55:59 -07:00
Jiang Yong 4841309cdf correct Jenkins policy and mysql secret path when kv put in authentication guide (#5023)
* correct Jenkins policy and mysql secret path when kv put

* add a note for kv-v2 secret
2018-08-02 08:38:51 -07:00
Jeff Mitchell 62bcbd3dfe Fix website typo 2018-08-01 16:52:11 -04:00
Yoko 9c6a14ba6b
[Guide] Identity: Entities & Groups (#4968)
* Entities & Groups tutorial

* Re-wordig the persona section

* Incorporated the feedback

* Updated the policy requirements

* Incorporate the feedback

* Fixed grammar

* Made the final small adjustments
2018-08-01 11:07:09 -07:00
Raja Nadar 56fcd2e7b3 .net 2.0 standard leap (#5019)
2.0 is more conducive for consumers
2018-08-01 08:57:49 -04:00
Yoko aadfccaa6b
[Guide] Direct App Integration guide (#4948)
* Direct App Integration guide

* Added a tag for step3
2018-07-31 09:19:23 -07:00
Sean Malloy 7e9ec5afb4 Fix GCP auth docs typo (#5017)
The bound_bound_service_accounts parameter does not exist. The correct
spelling is bound_service_accounts.
2018-07-31 10:57:34 -04:00
Jeff Mitchell a6d0ae5890
Add exit-after-auth functionality to agent (#5013)
This allows it to authenticate once, then exit once all sinks have
reported success. Useful for things like an init container vs. a
sidecard container.

Also adds command-level testing of it.
2018-07-30 10:37:04 -04:00
Pat Downey 0ad44a7ac5 Expand TOFU acronym in AWS auto-auth docs (#5011) 2018-07-29 18:05:49 -07:00
Yoko 3d8bf1441b
[Guide] Transit Secrets Engine beginner guide (#4943)
* Intro to Transit Secrets Engine guide

* Added the Katacoda scenario link in the Reference Materials section

* Referencig this guide in the existing encryption guides
2018-07-27 16:08:52 -07:00
Michael Herman 05f944c580 Update index.html.md (#5005) 2018-07-27 15:30:59 -04:00
Chris Hoffman 083157cb24
adding environment to azure auth docs (#5004) 2018-07-27 08:33:20 -04:00
Chris Hoffman d02284657e
adding missing properties (#5003) 2018-07-27 08:19:12 -04:00
Chris Hoffman c13ef667d3
adding upgrade guide for 0.10.4 (#4992) 2018-07-25 12:54:48 -04:00
Jeff Mitchell 6e1e326199 Prep for 0.10.4 2018-07-25 09:52:09 -04:00
Jeff Mitchell e72890e83f
VSI (#4985) 2018-07-24 22:02:27 -04:00
Chris Hoffman b37c05cf64
updating azure auth plugin and docs (#4975) 2018-07-23 10:00:44 -04:00
Jim Kalafut a16300e593
Add FoundationDB link to sidebar 2018-07-20 20:10:52 -07:00
Yoko 3cd55dc26d
Git repo folder name changed (#4969) 2018-07-20 11:46:12 -07:00
Olivier Lemasle 4604c00018 State in docs that FoundationDB backend is community supported (#4964) 2018-07-20 09:59:13 -04:00
Peter Vandenabeele db2970623d Fix small typo in Vault website documentation (#4962) 2018-07-20 09:57:16 -04:00
Brian Shumate e2dd0864c4 Add missing telemetry metrics (#4785)
* Add missing telemetry metrics

- Add merkle related telemetry
- Add WAL related telemetry

* additional wal metrics

* Use correct metrics naming
2018-07-19 18:36:55 -04:00
Chris Hoffman 712652c318
Fixing formatting 2018-07-19 10:36:09 -04:00
Chris Hoffman 6a169ab00d
Adding information on required azure permissions (#4956) 2018-07-19 10:24:55 -04:00
John Naulty Jr 498a8d9456 fix Issue #4952 static-secrets small typo (#4953) 2018-07-18 22:36:47 -07:00
Tomohisa Oda 9ff2081e8b add sequelize-vault to third-party tools (#4945) 2018-07-17 21:45:37 -07:00
Yoko b41a1c6134
Updated - Secure Introduction to Vault Clients guide (#4944)
* Incorporated Armon's feedback

* Added a diagram
2018-07-17 15:54:48 -07:00
Yoko 67b349a107
Secure Introduction to Vault Clients Guide (#4871)
* WIP

* WIP - Secure Intro Guide

* WIP secure intro guide

* WIP Secure Intro Guide

* WIP Secure Intro Guide

* WIP Secure Intro Guide
2018-07-16 15:17:52 -07:00
Julien Blache c8fb9ed6a8 FoundationDB physical backend (#4900) 2018-07-16 10:18:09 -04:00
Ram Nadella 493752334a Fix environment mismatch in MySQL cert step (#4835) 2018-07-16 10:13:44 -04:00
Seth Vargo 1259ee6743 Add plugin CLI for interacting with the plugin catalog (#4911)
* Add 'plugin list' command

* Add 'plugin register' command

* Add 'plugin deregister' command

* Use a shared plugin helper

* Add 'plugin read' command

* Rename to plugin info

* Add base plugin for help text

* Fix arg ordering

* Add docs

* Rearrange to alphabetize

* Fix arg ordering in example

* Don't use "sudo" in command description
2018-07-13 10:35:08 -07:00
dmicanzerofox a3d067c00b PKI Tidy Revocation List optionally Tidy Revoked Certs that are Unexpired (#4916) 2018-07-13 09:32:32 -04:00
Seth Vargo a379989da4 Update GCP docs (#4898)
* Consistently use "Google Cloud" where appropriate

* Update GCP docs

This updates the GCP docs to use the new updated fields that will be
present in the next release of the plugin as well as fixes up some
inconsistencies between the GCP docs and other auth method
documentation.
2018-07-11 15:52:22 -04:00
Jeff Mitchell 2322eabc68
Add jwt auth docs (#4891) 2018-07-11 15:08:49 -04:00
Jeff Mitchell 935c045cfa
Fix permitted dns domain handling (#4905)
It should not require a period to indicate subdomains being allowed

Fixes #4863
2018-07-11 12:44:49 -04:00
Md. Nure Alam Nahid 7b9bedf94d Add additional config keys for swift (#4901)
* Add additional config keys for swift

* Add additional swift config keys in the doc page
2018-07-11 08:29:29 -07:00
Seth Vargo 408fc1eac0 Properly capitalize H in GitHub (#4889)
It's really bothering me, sorry.
2018-07-10 08:11:03 -07:00
Jeff Mitchell bfb7ba3843 Remove vault.rocks from some that were missed 2018-07-10 10:47:30 -04:00
Jeff Mitchell 4a3fe87a39
Allow max request size to be user-specified (#4824)
* Allow max request size to be user-specified

This turned out to be way more impactful than I'd expected because I
felt like the right granularity was per-listener, since an org may want
to treat external clients differently from internal clients. It's pretty
straightforward though.

This also introduces actually using request contexts for values, which
so far we have not done (using our own logical.Request struct instead),
but this allows non-logical methods to still get this benefit.

* Switch to ioutil.ReadAll()
2018-07-06 15:44:56 -04:00
Kawsar Kamal 66f035edc4 Fixed example file extensions from .hcl to .json (#4810) 2018-07-06 08:59:09 -04:00
Chris Bednarski 514ffac5e2 Added documentation to consul and listener pages explaining how to control Consul's DNS resolution with multiple listeners (#4862) 2018-07-06 08:51:51 -04:00
Calvin Leung Huang 04332f5b3f
Add missing replication props, prettify tables (#4816)
* Add missing request.replication props, prettify tables

* Fix location of replication prop
2018-07-05 16:11:21 -04:00
Chris Hoffman 32c94b2638
Update docs 2018-07-03 08:28:43 -04:00
Brian Shumate 7b106683f0 Clarify policies note (#4832)
- Make it even clearer that "*" is the glob character referred to
2018-07-03 08:27:12 -04:00
Jeff Mitchell 8f45bc69ba Fix tuning visibility in CLI (#4827)
The API elides the value if it's empty, but empty has meaning. This adds
"hidden" as an option which is fundamentally identical to the default.
2018-07-02 12:13:25 -04:00
Yoko dcb229d36d
Updates made by Michael Lucas (#4855)
Since this PR was created on behalf of EA and I approve all the changes, I'm merging this.
2018-07-02 08:56:15 -07:00
Chris Hoffman 6b7d215e7e
Clarify performance replication token handling 2018-06-29 09:32:35 -04:00
Chris Hoffman 6f5b8c0e6f
adding sample request to key status api docs (#4853) 2018-06-29 09:17:51 -04:00
Matthew Irish 873c131b71
update lockfile (#4839) 2018-06-26 11:29:14 -05:00
Logan Rakai 619dd3c6ed Typo fix (#4822) 2018-06-23 16:34:25 -07:00
Logan Rakai 59b87fae53 Small grammar fix (#4821) 2018-06-22 21:59:39 -07:00
Jeff Mitchell 2410a11156 Add a warning to syslog
Ping #3617
2018-06-22 09:00:07 -04:00
Kevin Hicks cda793f5b3 Fix typos (#4813) 2018-06-21 12:29:18 -07:00
Yoko 01d50cd3eb
Fixed a typo (#4812) 2018-06-21 11:11:30 -07:00
Steven Farage fadb3eb6fd Make documentation match API example (#4809)
Quick and easy change to make the passwords match.
2018-06-21 10:50:02 -07:00
Yoko c3b7d1fbb6
Vault DR Replication Setup Guide (#4790)
* WIP DR setup guide

* Fix typos

* Added the steps to demote & disable primary

* Clarified some of the explanation
2018-06-21 08:42:35 -07:00
Jeff Mitchell bf33d5d849 Prep for release 2018-06-20 09:27:04 -04:00
Becca Petrin 73cbbe2a9f Add bound cidrs to tokens in AppRole (#4680) 2018-06-19 22:57:11 -04:00
Becca Petrin d9ac83569b
clarify aws role tag doc (#4797) 2018-06-19 15:59:57 -07:00
Becca Petrin 71977637d4
Update Active Directory secret engine docs (#4788)
* active directory rotate root docs

* update doc
2018-06-19 09:11:46 -07:00
Calvin Leung Huang 418513bbd9 Be explicit about trailing slash on paths for list capability (#4793) 2018-06-19 12:10:39 -04:00
Jeff Mitchell cffb1183a8
Database updates (#4787)
* Database updates

* Add create/update distinction for connection config
* Add create/update distinction for role config
* Add db name and revocation statements to leases to give revocation a
shot at working if the role has been deleted

Fixes #3544
Fixes #4782

* Add create/update info to docs
2018-06-19 11:24:28 -04:00
Ryan Loomba c558fc5f3d fix typo in Vault Encryption as a Service Guide (#4789) 2018-06-18 17:32:43 -07:00
Laura Uva 4cae4abbab Add example of min_wrapping_ttl and max_wrapping_ttl (#4753) 2018-06-18 19:59:21 -04:00
Mike Fortuno dc568f1376 Update policies.html.md (#4780)
Policy file name was incorrect, causing instructions to be unclear.
2018-06-15 15:49:09 -07:00
Mr Talbot 5551a63221 pki: add ext_key_usage to mirror key_usage and add to sign-verbatim (#4777)
* pki: add ext_key_usage parameter to role

* pki: add key_usage and ext_key_usage parameter to sign-verbatim

* pki: cleanup code as per comments
2018-06-15 18:20:43 -04:00
Jeff Mitchell 762f08eac2 Mention delegating change password privs in ad docs 2018-06-15 17:01:47 -04:00
Jeff Mitchell 164c7225f1 Remove msa info from AD page 2018-06-15 16:55:28 -04:00
Jeff Mitchell 91ca3d4b7f
Add URI SANs (#4767) 2018-06-15 15:32:25 -04:00
Nándor István Krácser d4303bc53e docs: kv 2 is used by default in the dev server only (#4773) 2018-06-15 09:09:27 -04:00
Jeff Mitchell 43d9ae5c0a
Update index.html.md
Fixes #4763
2018-06-14 10:19:38 -04:00
Laura Uva 44e874e06f Update kv v2 documentation to better warn and elaborate on changes needed when upgrading a mount from version 1 to version 2 (customer request) (#4754) 2018-06-13 16:44:15 -07:00
Brian Kassouf 1b77db5138
Update replication status (#4761)
* Update replication-performance.html.md

* Update replication-dr.html.md

* Update replication.html.md

* Update replication-dr.html.md

* Update replication-dr.html.md

* Update replication-performance.html.md

* Update replication.html.md
2018-06-13 16:43:39 -07:00
Becca Petrin aa390e0e7e
add link to api docs (#4757) 2018-06-13 09:35:37 -07:00
Yoko 7df8b15451
Vault guides example update (#4756)
* Typos in the sample payload JSON

* AWS support files were added

* yet another typo
2018-06-13 09:34:07 -07:00
Pavlos Ratis 49834a3a83 Use shell highlighting in the command snippets (#4736) 2018-06-11 08:46:35 -04:00
Tom Schlenkhoff dc7631b994 Fix typo (#4738) 2018-06-11 05:38:21 -07:00
Chris Hoffman ab6547383c
reorder sidebar 2018-06-08 17:22:27 -04:00
Chris Hoffman 611244d337
Update gcpckms.html.md 2018-06-08 17:07:59 -04:00
Chris Hoffman 3a690656ee
fix typo 2018-06-08 17:05:17 -04:00
Chris Hoffman 5d07ff7c7a
Adding Azure Key Vault seal docs (#4728) 2018-06-08 17:04:14 -04:00
Jeff Mitchell 165a622d15 Add missing sidebar links for AD 2018-06-07 10:21:22 -04:00
Brian Shumate d2519da5ad Tiny formalized edit (#4715) 2018-06-07 06:44:57 -07:00
Kevin Hicks ed7992e8ae update docs and help text to include 'operator' (#4712) 2018-06-06 21:11:21 -07:00
Jeff Mitchell cfd3672cf3 Update 0.10.2 upgrade guide 2018-06-06 10:45:15 -04:00
Jeff Mitchell ad27dc1c89 Prep for release 2018-06-05 23:54:54 -04:00
Jeff Mitchell 4b7d2bed01 Transit convergent v3 2018-06-05 18:53:39 -04:00
LeSuisse 809079cac2 Update usage of deprecated commands rekey and rotate in the documentation (#4703) 2018-06-05 12:37:26 -04:00
Eli Oxman 68ce3bed34 Add async python client to docs (#4698) 2018-06-05 10:23:56 -04:00
Nándor István Krácser a36f91101a Fix VAULT_LOG_LEVEL in docs (#4696) 2018-06-05 10:23:32 -04:00
Becca Petrin 6cafb12ff4 be more explicit about names (#4695) 2018-06-04 21:34:17 -04:00
amcbarnett 55eb4a997d Update mount-filter.html.md (#4656) 2018-05-30 08:28:51 -04:00
emily 192c228931 Add GCP auth helper (#4654)
* update auth plugin vendoring

* add GCP auth helper and docs
2018-05-29 20:36:24 -04:00
Becca Petrin 9228659c5c
add formatter to ad docs (#4653) 2018-05-29 16:47:46 -07:00
Eduardo Criado Mascaray f5c18d58ef Fix typo in group parameter in Vault systemd file (#4642) 2018-05-29 15:04:43 -04:00
Viacheslav Vasilyev d8d6be423b Make test-case output a little bit consistent (#4645)
As well as in some places `-d` were incorrectly replaced with `--data`, sample commands with `accessor` were added
2018-05-29 15:03:33 -04:00
Jeff Mitchell bde0bda710
Merge pull request #4600 from hashicorp/rekey-verification
Rekey verification, allowing new key shares to be confirmed before committing the new key.
2018-05-29 15:00:07 -04:00
Becca Petrin 606889f005
Docs for the upcoming Active Directory secrets engine (#4612) 2018-05-29 08:49:09 -07:00
Jeff Mitchell bd0ac25eb9
Merge branch 'master' into rekey-verification 2018-05-29 10:19:57 -04:00
Chris Hoffman 43c5030eca
pkcs11 docs updates 2018-05-25 15:39:07 -04:00
Becca Petrin 12976bf60e add userpass note on bound cidrs (#4610) 2018-05-25 14:35:09 -04:00
Jeff Mitchell 52cb8234a6 Changelogify and fix some minor website bits 2018-05-25 10:39:23 -04:00
Nicholas Jackson 17460461a0 Breakout parameters for x.509 certificate login (#4463) 2018-05-25 10:34:46 -04:00
Yoko 6a2d0e71b6
Vault Interactive Tutorial updates (#4623)
* Added more tutorial steps

* Updated the step texts
2018-05-24 11:39:02 -07:00
nelson 196d054f70 Update kv-v2.html.md (#4614)
correct the payload format for "Configure the KV Engine" and "Update Metadata"
2018-05-24 12:44:44 -04:00
Jeff Mitchell 8a9cd42fe9 Interactive server now uses kvv2 so update text 2018-05-23 09:59:52 -04:00
Chris Hoffman d066c4a2a8
remove incorrect parameter 2018-05-23 08:58:27 -04:00
Jeff Mitchell 635fd18bf6 Minor website doc updates 2018-05-22 15:12:12 -04:00
Yoko 11646db916
Seal Wrap / FIPS 140-2 Compliance guide (#4558)
* WIP - Seal Wrap guide

* WIP: Seal Wrap guide

* Added a brief description about the Seal Wrap guide

* Incorporated feedbacks

* Updated FIPS language

Technically everything looks great. I've updated some of the language here as "compliance" could be interpreted to mean that golang's crypto and xcrypto libraries have been certified compliant with FIPS. Unfortunately they have not, and Leidos' cert is only about how Vault can operate in tandem with FIPS-certified modules.

It's a very specific update, but it's an important one for some VE customers.

Looks great - thanks!

* Removed 'Compliance' from title

* typo fix
2018-05-22 11:23:11 -07:00
Jeff Mitchell d60360ddbe Add instructions for both kvv1 and kvv2 to getting started policies info 2018-05-22 14:07:12 -04:00
Yoko d88e4d5019
Mount Filters guide (#4536)
* WIP: Mount filter guide

* WIP

* Mount filter guide for CLI, API, and UI

* updated the next step

* Updated the verification steps

* Added a note about the unseal key on secondaries

* Added more details

* Added a reference to mount filter guide

* Added a note about generating a new root token

* Added a note about local secret engine
2018-05-22 08:57:36 -07:00
Chris Hoffman 3db5a6adaa
updating link 2018-05-22 10:00:20 -04:00
Chris Hoffman ae43f2c25e
adding options information to mount endpoint (#4606) 2018-05-21 16:39:43 -04:00
Jeff Mitchell 3e0dbc5ea7 Remove dupe website text 2018-05-21 16:30:45 -04:00
Jeff Mitchell 8ad0bbbc44 Address feedback 2018-05-21 16:13:38 -04:00
Jeff Mitchell 27ab8d1a20 Add verification documentation 2018-05-21 12:00:36 -04:00
Jeff Mitchell c737778c8d Make description of prehashed a bit more friendly 2018-05-21 09:08:22 -04:00
Jeff Mitchell 3a568b6175 Update key_type parameter description 2018-05-19 12:20:37 -04:00
Kevin Paulisse 6d93ea4d77 Docs: Clarify that revoking token revokes dynamic secrets (#4592) 2018-05-18 23:27:53 -07:00
Jeff Mitchell 5a35dac726 Add missing drsecondarycode to health API docs 2018-05-18 12:39:13 -04:00
Jeff Mitchell 30dc66221c Flip documented resolve_aws_unique_id value
Fixes #4583
2018-05-18 12:05:52 -04:00
Reid Wiggins 9813794bc2 Add documentation for MySQL 5.6 root rotation (#4584)
The default root rotation statement for MySQL is only valid for 5.7 and
up. This commit adds example documentation for 5.6.

Fixes #4567
2018-05-18 08:56:11 -07:00
Romain Vrignaud 9050bc809b Rename Google Container Engine to Google Kubernetes Engine (#4586) 2018-05-18 08:19:56 -07:00
Jeff Mitchell 124271c1ec
Merge pull request #4580 from tavislikedavis/patch-1
Update policies.html.md
2018-05-17 09:14:35 -07:00
Jeff Mitchell 38f5f5f783
Updated for new syntax 2018-05-17 09:14:12 -07:00
Jeff Mitchell 4ab7275c95
Merge pull request #4575 from avoidik/patch-2
Add more essential notes into production hardening guide
2018-05-17 09:05:34 -07:00
Jeff Mitchell 63963a73a6
Update production.html.md 2018-05-17 09:05:08 -07:00
Jim Kalafut 5dcfc63ee6
Fix GCP API parameter docs 2018-05-17 08:54:25 -07:00
Seth Vargo 21e79035e0 Move UI docs from enterprise to OSS (#4565) 2018-05-17 08:48:10 -07:00
Andrew Slattery 3bd38517eb Update KV response code (#4568)
Creating/Updating a secret in KV-V2 produces a status code `200` with a response body of `application/json`, whereas the previous documentation notated a `204 (empty body)` expected response code.
2018-05-17 08:46:19 -07:00
Tavis Wilson 50e05056d3
Update policies.html.md 2018-05-16 14:35:30 -05:00
Jeff Mitchell ec876c21b3 Update website ldap url text 2018-05-16 11:58:10 -04:00
Viacheslav Vasilyev cc99d82e8f
Update production.html.md 2018-05-16 11:16:04 +03:00
Jacob Friedman 095baa8263 fixed spelling error in step 1 (#4572) 2018-05-15 17:43:35 -07:00
Jeff Mitchell aa98f33f63 Mention that you can actually rekey when using an HSM 2018-05-13 16:49:42 -04:00
Jeff Mitchell 821d347375 Update HSM documentation and fix GCP docs build 2018-05-13 16:39:22 -04:00
Robbie McKinstry 9765779622 Client side rate limiting (#4421) 2018-05-11 10:42:06 -04:00
Seth Vargo a4fa046730 Update GCP secrets to be example-driven (#4539)
👍
2018-05-10 16:58:22 -04:00
Tyler Marshall 407550bd89 Fix minor spelling mistake (#4548) 2018-05-10 13:42:01 -07:00
Becca Petrin 76c717b081
Restrict cert auth by CIDR (#4478) 2018-05-09 15:39:55 -07:00
Jeff Kohrman ec4b839741 Add link to updated privacy policy in layout.erb (#4533)
Added link to updated privacy policy in footer of `layout.erb` for the OSS website.
2018-05-09 16:11:57 -04:00
Yoko fc97fc09ce
[Guide] DB Root Credential Rotation (#4508)
* DB root credential rotation guide

* Fixed typos

* Added a note about creating a dedicated superuser

* Incorporated Chris's feedback

* Added a reference to DB root credential rotation

* Rephrase some of the languages

* Minor re-wording of a sentence
2018-05-09 11:01:58 -07:00
Jeff VanSickle a69e8d81b0 Update jq path for "excited" in JSON output example (#4531) 2018-05-09 08:41:41 -07:00
Shelby Moore f8e1f82225 Updated proxy protocol config validation (#4528) 2018-05-09 10:53:44 -04:00
Jeff Mitchell 274732733e Clarify that rotate requires sudo 2018-05-09 10:19:35 -04:00
tdsacilowski c19e8d0dbc Clarify HA params, fixed typos (#4527)
* Clarify HA params, fixed typos

* Additional clarifications to listener parameters

* Updated cluster_address values
2018-05-08 13:36:42 -07:00
Jacob Friedman 64bb0bd58a Updated link for k8s-tokenreview (#4523)
Link for k8s-tokenreview was broken when they released a new version so I went ahead and fixed it.
2018-05-08 13:36:12 -07:00
Jacob Friedman 67b8d3dc40 Changed DR docs page to fix generating secondary DR token (#4521)
The docs for how to create secondary DR tokens were incorrect, which caused issues at a customer. I fixed the documentation with the proper syntax and formatting, which I copied from the perf replication docs (after changing endpoints). Can someone take a quick look for me?
2018-05-08 13:35:48 -07:00
vishalnayak f95a913bd5 docs: s/entity/group-alias 2018-05-08 16:32:35 -04:00
Chris Hoffman 7c0e590f54
docs update 2018-05-07 16:34:39 -04:00
Chris Hoffman e7bbe6fbed
docs updates 2018-05-07 16:33:38 -04:00
Chris Hoffman 049df3da3e
updating pkcs11 docs (#4520) 2018-05-07 13:50:45 -04:00
Anthony Dong 9b06c0fb56 Fix typo in AppRole guide (#4509) 2018-05-04 10:10:21 -04:00
Jeff 9b9be9622a Typo (#4505) 2018-05-03 13:37:44 -07:00
Jerome Cheng d180e45cf5 Fix incorrect file path in Token Helper doc (#4499)
Vault stores the token in `~/.vault-token` and not `~/.vault_token`.
2018-05-02 21:56:38 -07:00
Laura Uva cef1b3b75c Payload key should be dr_operation_token (#4498) 2018-05-02 18:35:51 -07:00
Nathan Valentine 608f013bf2 s/aws_region/region/ (#4497)
The correct key name is 'region' as opposed to 'aws_region'.
2018-05-02 14:25:03 -07:00
Fabrizio Cucci cef52dae90 Fix role of example in Kubernetes Auth Method (#4483)
It was `test` but it should be `demo` to be aligned with the example.
2018-05-01 15:04:53 -07:00
Matthew Irish 6bd95c596c
add script defer to the demo app tag as well (#4489) 2018-04-29 22:14:54 -05:00
Jeff Escalante f8c18b11d8 fix fout issue (#4477) 2018-04-27 14:34:20 -07:00
Yoko 5bcb5992c9
Spring Cloud Vault Java demo (#4397)
* WIP - Spring Cloud Vault Java demo

* Added 'Reloading the Static Secrets' step

* Fixed a typo

* Minor wording change

Remove redundant "a".

* Typos and grammar

Fixed a few misspellings ("spring") and the odd "a", "the", or "an".
2018-04-27 09:18:50 -07:00
Pavlos Ratis cd344bdbb8 [website] fix Markdown formatting on GCP page (#4471) 2018-04-27 09:13:07 -07:00
Jim Kalafut 7f69ff0546 Minor updates to Azure auth docs 2018-04-27 08:47:06 -07:00
Jeff Escalante 8deb32fc80 adjust analytics and other js for turbolinks (#4400) 2018-04-26 16:02:25 -05:00
emily 8a309e6406 fix docs (#4466) 2018-04-26 16:54:19 -04:00
Nathan Dataguake Basanese 1b4406fef5 Make a minor grammar edit for docs (#4467)
Previous version used `read` in stead of `get` for everything but the code block examples.

It's a minor oversight, and most of us are going to skim to the code blocks anyway. But maybe it'll help.
2018-04-26 16:41:23 -04:00
Jeff Mitchell 0f806d0950 Remove out of date text on HSM rekeying 2018-04-26 10:10:30 -04:00
Jim Kalafut 063c225f97
Fix typo in aws auth docs 2018-04-25 22:57:39 -07:00
Andrew Speed 418be4cb54 Fix authentication example mentioning vault auth but using vault login (#4458) 2018-04-25 14:59:38 -07:00
Krish f8156a4e68 Update authentication.html.md
Thanks!
2018-04-25 14:37:59 -07:00
Jeff Mitchell a6644bff6f Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2018-04-25 10:43:10 -04:00
Chris Hoffman fba759ab97
fix document formatting 2018-04-25 10:16:41 -04:00
Jeff Mitchell 00a577620f Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2018-04-25 10:08:41 -04:00
Chris Hoffman 2d05034dd3
Seal Rotation Docs (#4449)
* wip docs

* adding docs

* removing vendor supported mechanism
2018-04-25 09:59:06 -04:00
Jeff Mitchell e656420ba6 Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2018-04-25 09:48:23 -04:00
Nándor István Krácser 9cf56fe0df Fix mapping read paths (#4448) 2018-04-25 09:22:30 -04:00
Jeff Mitchell e426caf505 Prep for 0.10.1 2018-04-25 00:42:14 -04:00
Chris Kent e2512d6d30 Website download page update (#4444)
* Update download page to include community resources

+ Added “downloads powered by” text to Fastly icon
+ changed to horizontal grid for download list (vs vertical list)
+ added community resources below page

* Reverting changes from earlier

* Added community links to downloads page

+ added community and getting-started links to sidebar as well
2018-04-24 20:29:36 -05:00
vishalnayak 94f28e3c24 Merge branch 'master-oss' into approle-local-secretid 2018-04-24 16:17:56 -04:00
Becca Petrin 639dc005ee
uppercase Vault in plugin doc (#4442) 2018-04-24 10:41:37 -07:00
Brian Shumate c35fe4e6f0 Update curl commands / replace invalid '--payload' flag (#4440) 2018-04-24 11:20:29 -04:00
vishalnayak 7039f6dccd Merge branch 'master-oss' into approle-local-secretid 2018-04-24 11:03:39 -04:00
Yoko 48994aee39
Updated the link to the sample app folder which was moved (#4437)
* Updated the link to the sample app folder which was moved

* Folder name changed from vault-transit-rewrap-example to vault-transit-rewrap
2018-04-23 16:45:10 -07:00
vishalnayak 6b7a042003 error on enable_local_secret_ids update after role creation 2018-04-23 17:05:53 -04:00
vishalnayak 97d146ca69 update docs 2018-04-23 16:54:23 -04:00
Jeff Mitchell 0882e5afb6 Update audit text to make it clear that audit logs are for authenticated interactions 2018-04-23 10:49:32 -04:00
Malhar Vora 45fe086107 Corrects description for mode option in ssh command (#4420)
Fixes #4375
2018-04-22 13:42:46 -04:00
Malhar Vora 739362b081 Correct typo in Kubernetes auth backend docs
Resolve small typo in Configuring Kubernetes section in Kubernetes Auth Backend
documentation.

Fixes #4417
2018-04-21 19:37:59 -07:00
Jeff Mitchell 6d95b4d266
Add the ability to restrict token usage by IP. Add to token roles. (#4412)
Fixes #815
2018-04-21 10:49:16 -04:00
Chris Kent b6b521d4db Mrktfix (#4411)
* Updated hero with current logo

* Updated logos in these artifact images as well

* Added Branded Logo

with HashiCorp

* Updated logo with branded logo

(HashiCorp in the name)

* typo

* Wrong spot

* Updated logo
2018-04-20 14:43:11 -05:00
Chris Kent 4881a53eb0 Updated hero with current logo (#4410) 2018-04-20 12:50:00 -05:00
Alvin Huang 84ffdbb7b5 remove redundant 'Vault' in approle docs (#4405) 2018-04-20 09:55:15 -04:00
skiggety 77d59c527f remove lingering mention of "vault write" command. (#4388) 2018-04-18 16:32:37 -04:00
Vishal Nayak 5fa9e4ca5c
phys/consul: Allow tuning of session ttl and lock wait time (#4352)
* phys/consul: allow tuning of session ttl and lock wait time

* use parseutil

* udpate docs
2018-04-18 13:09:55 -04:00
Jeff Mitchell 805b5e5160
X-Forwarded-For (#4380) 2018-04-17 18:52:09 -04:00
Yoko 43cb70c7bf
Versioned KV secret engine (kv-v2) tutorial (#4367)
* Added versioned kv secret engine tutorial

* Added check-and-set feature

* Fixed archived -> deleted

* Incorporated all suggested changes
2018-04-17 14:42:14 -07:00
Laura Uva 2ae6d614b8 Add mode to the examples under automation steps (#4374) 2018-04-17 13:47:41 -04:00
vishalnayak da1d68969c docs: update accessor lookup response 2018-04-17 11:52:58 -04:00
vishalnayak 6e827d2b27 docs: update token lookup response 2018-04-17 11:40:00 -04:00
Sohex efd0023d89 Update index.html.md (#4372)
Remove duplicate of max_ttl description from end of period description under create role parameters.
2018-04-17 11:05:50 -04:00
George Hartzell 444faec8e6 Touch up getting started doc (#4373)
The example uses `vault kv put` but the the commentary references `vault write`.  Make them consistent (this commit) or explain the equivalence.
2018-04-16 13:57:12 -04:00
Calvin Leung Huang 7ba953b969
Add docs for internal UI mounts endpoint (#4369)
* Add docs for internal UI mounts endpoint

* Update description section
2018-04-16 12:13:58 -04:00
Jeff Mitchell 530121c655
Add ability to disable an entity (#4353) 2018-04-13 21:49:40 -04:00
Jeff Mitchell 99cf5c6054 Fix token store role documentation around explicit max ttl 2018-04-13 09:59:12 -04:00
Jerome Cheng a82a612e2c Fix indentation of code block in Consul Secrets Engine docs (#4350)
The indentation of the code block in the Consul Secrets Engine doc was
removed in #4224, but the closing backticks remained indented one level,
resulting in the block swallowing all text after it. Removing the
indentation from the closing backticks fixes this.
2018-04-13 09:55:35 -04:00
Jeff Escalante 8d9d64c7cf switch from GA to segment tracking (#4109) 2018-04-12 21:35:38 -05:00
Peter Souter 28f6d65032 Remove Enterprise Only flag (#4337) 2018-04-11 14:27:58 -04:00
James Mannion efea4fb6a7 Fixes a reference to deprecated init command (#4338)
Replace "vault init" with "vault operator init" in initialising the vault section.
2018-04-11 14:26:53 -04:00
Jeff Mitchell d4db624671 Remove beta tag from Google Cloud 2018-04-10 13:58:16 -04:00
Jim Kalafut 0f823cfb09 Update news.yml 2018-04-10 09:41:11 -07:00
Matthew Irish 2f43a20ebe
fix broken link (#4329) 2018-04-10 11:11:38 -05:00
Jeff Mitchell c56abb0dd8 Add more info to upgrade guide and changelog 2018-04-10 12:09:54 -04:00
Jeff Mitchell 4de07e436e Prep for 0.10 2018-04-10 02:34:01 -04:00
Chris Hoffman 30792caa9f
adding 0.10 upgrade guide (#4321) 2018-04-09 17:32:15 -04:00
Yoko 966e2b63af
Removed extra '( )' in the link (#4316) 2018-04-09 09:57:22 -07:00
Brian Kassouf a8b8ca136e
KV: Update 'versioned' naming to 'v2' (#4293)
* Update 'versioned' naming to 'v2'

* Make sure options are set

* Fix description of auth flag

* Review feedback
2018-04-09 09:39:32 -07:00
Yoko 2982199c1f
Fixed a missing 's' (#4314) 2018-04-09 09:22:11 -07:00
Chris Hoffman f6a3a76f25
Docs for configuration UI headers (#4313)
* adding /sys/config/ui headers

* adding /sys/config/ui headers
2018-04-09 12:21:02 -04:00
Chris Hoffman 19f9f6ee89
Root Credential Rotation Docs (#4312)
* updating root credential docs

* more docs updates

* more docs updates
2018-04-09 12:20:29 -04:00
Yoko c30133d415
AppRole with Terraform & Chef (#4200)
* WIP - Teddy's webinar

* WIP

* Added more details with diagram

* Fixed a typo

* Added a note about terraform bug with 0.11.4 & 0.11.5

* Minor adjustment

* Fixed typos

* Added matching CLI commands

* Added extra speace for readability
2018-04-09 08:50:50 -07:00
Matthew Irish cff34e983f
UI - pki updates (#4291)
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
2018-04-08 21:09:29 -05:00
Chris Hoffman cbcf31c570
remove token from curl request for login paths (#4303) 2018-04-06 18:10:59 -04:00
Yoko f039404a8a
Added in-region DR scenario diagram (#4292)
This is a replica of the PR 4243 which has already been approved.
2018-04-05 16:08:55 -07:00
Andy Manoske 9c1db25639
Update index.html.md 2018-04-05 15:16:28 -07:00
Yoko 3dd3247006
Auto Unseal with AWS KMS guide (#4277)
* WIP

* Added auto unseal

* Converting to a guide

* Added little more explanations

* Minor fixes

* Fixed a typo

* Fixed a typo

* Changed auto unseal to auto-unseal

* Found more typo... fixed
2018-04-05 13:28:39 -07:00
Geoffrey Grosenbach 22c1766fc1 Correct the page title to read re-wrapping (#4274)
The title in the metadata used `re-rapping` instead of `re-wrapping`. This one line change fixes the spelling.
2018-04-04 16:55:46 -04:00
Quinn Stearns d8dab90113 Rename Example Key from "value" to "foo" (#4270)
It is slightly confusing to have the first example include a key named "Value". This can create a slight hump to grokking what's happening in this early step of the README. Here we rename the key to "foo" to help indicate it's dynamic nature.
2018-04-04 16:22:27 -04:00
Yoko 7ef337ad86
Vault HA with Consul guide (#4187)
* Vault HA guide draft

* Fixed node_id to say node_name based on Brian's input

* Fixed the unwanted hyperlink

* Vault HA guide

* Updated the description of the Vault HA guide

* Typo fixes

* Added a reference to Vault HA with Consule guide

* Incorporated Teddy's feedback

* Fixed an env var name

* Vault configuration has been updated: 'api_addr'
2018-04-04 08:25:06 -07:00
Seth Vargo a90467289a Rename Google things to say "Google", update telemetry (#4267) 2018-04-04 10:37:44 -04:00
Brian Kassouf 62ce5ec91d
Versioned K/V docs (#4259)
* Work on kv docs

* Add more kv docs

* Update kv docs

* More docs updates

* address some review coments
2018-04-03 23:22:41 -07:00
Roy Sindre Norangshol a9c717b44e project is now project_id (#4251)
Verified both via vault CLI and direct curl'ing towards API endpoints.
2018-04-03 17:11:47 -04:00
Jeff Mitchell f5ba4796f5
Case insensitive behavior for LDAP (#4238) 2018-04-03 09:52:43 -04:00
Lowe Schmidt f2c302f920 Grammatical error (#4246)
As per Franklin Davis suggestion on the mailing list.
2018-04-03 07:53:38 -04:00
Vishal Nayak 96fc0c2509
Update group alias by ID (#4237)
* update group alias by id

* update docs
2018-04-02 10:42:01 -04:00
Vishal Nayak 032ca979dc
move identity docs from ent docs to oss (#4235) 2018-04-01 13:59:43 -04:00
Vishal Nayak ab3579aeb6
add entity merge API to docs (#4234) 2018-04-01 12:59:57 -04:00
LeSuisse cdd7cc1635 Update usage of the deprecated generated-root command in the documentation (#4232) 2018-03-31 11:17:08 -04:00
Seth Vargo b48a9878e7 Add HA support to the Google Cloud Storage backend (#4226) 2018-03-30 12:36:37 -04:00
Brian Shumate bf1b8709a6 Update Consuls Secrets quick start (#4224)
- Fix typo in role name
- Drop ordered list formatting on get credential example
2018-03-30 10:46:05 -04:00
Jon Benson d1b0d6efb3 Update mfa-totp.html.md (#4220) 2018-03-29 16:51:13 -04:00
Jeff Mitchell 2f90e0c2e1 Merge branch 'master-oss' into 0.10-beta 2018-03-27 12:40:30 -04:00
Yoko d03056eed3
Update Github auth method API reference (#4202)
* Update Github auth method API reference

* Replaced vault.rocks in API
2018-03-26 16:56:14 -07:00
vishalnayak 37153482be docs: update aws ec2 auth step 2018-03-26 17:26:48 -04:00
Jeff Mitchell e8fc0a11ce Remove a few more vault.rocks usages 2018-03-26 15:02:22 -04:00
Wilhelmina Drengwitz a10f02ef7b Add general recommendation for the api_addr config value (#4198)
We ran into some confusion about what we should be setting the api_addr config value to. I feel this general recommendation should nudge any others into a better understanding of what this value should point to.
2018-03-26 13:46:54 -04:00
Jeff Mitchell 65d8eb0914 Add more docs around list paths in policies.
CC #4199
2018-03-26 11:30:58 -04:00
Brian Shumate 0c30145325 Docs: add note about enterprise replication installations section to upgrade guide (#3631) 2018-03-26 10:25:09 -04:00
Seth Vargo 0b827774ae Drop vault.rocks (#4186) 2018-03-23 11:41:51 -04:00
Chris Hoffman b7ef4a3a6f
adding Azure docs (#4185)
Adding Azure Auth Method docs
2018-03-22 18:28:42 -04:00
Jeff Mitchell f45a57af7a Bump versions for beta release 2018-03-22 09:44:03 -04:00
Jim Kalafut 7842557e62 Fix minor docs and help text issues (#4184) 2018-03-22 09:29:59 -04:00
Brian Kassouf ad383e911f Update kv backend and add some docs (#4182)
* Add kv backend

* Move kv in apha order

* Update kv backend and add some docs
2018-03-21 23:10:05 -04:00
Brian Kassouf 3324d6dd12 Add kv backend (#4181) 2018-03-21 22:56:52 -04:00
Calvin Leung Huang 25792df5a9
Passthrough request headers (#4172)
* Add passthrough request headers for secret/auth mounts

* Update comments

* Fix SyncCache deletion of passthrough_request_headers

* Remove debug line

* Case-insensitive header comparison

* Remove unnecessary allocation

* Short-circuit filteredPassthroughHeaders if there's nothing to filter

* Add whitelistedHeaders list

* Update router logic after merge

* Add whitelist test

* Add lowercase x-vault-kv-client to whitelist

* Add back const

* Refactor whitelist logic
2018-03-21 19:56:47 -04:00
emily f9b6f4b1c5 Docs for Vault GCP secrets plugin (#4159) 2018-03-21 15:02:38 -04:00
Brian Shumate 1fcf0c6a38 Docs: update formatting / heading (#4175)
- Correct Generate Disaster Recovery Operation Token heading level
- Tighten up formatting/trailing spaces
2018-03-21 10:14:52 -04:00
Jeff Mitchell c25c60117a Fix file location for 0.9.6 upgrade guide 2018-03-20 22:34:41 -04:00
Jeff Mitchell f1aff69d92 Add 0.9.6 upgrade guide 2018-03-20 22:27:01 -04:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell 396ccd8699 Push up changes to prep for release 2018-03-20 14:10:53 -04:00
Jason Martin b3e5ec865d README Spelling error (#4165) 2018-03-20 11:45:56 -04:00
Jeff Mitchell 9e46f0f84a Explicitly call out that we use aes-256 gcm-96 for the barrier.
Fixes #2913
2018-03-19 19:53:12 -04:00
Jeff Mitchell 9d030aaf37 Note that you can set a CA chain when using set-signed.
Fixes #2246
2018-03-19 19:44:07 -04:00
Yoko 4a25c18134
Transit rewrap (#4091)
* Adding new guides

* Replaced backend with engine

* Grammar for the encryption guide

* Grammar and Markdown style for the Transite Rewrap guide

See
https://github.com/hashicorp/engineering-docs/blob/master/writing/markdown.md
for notes on numbered Markdown lists.

* grammar and wording updates for ref arch guide

* Updating replication diagram

* Removing multi-tenant pattern guide

* Added a note 'Enterprise Only'

* Removing multi-tenant pattern guide

* Modified the topic order

* Grammar and Markdown formatting

* Grammar, Markdown syntax, and phrasing

* Grammar and Markdown syntax

* Replaced 'backend' with appropriate terms

* Added a note clarifying that replication is an enterprise-only feature

* Updated the diagram & added additional resource links

* update some grammar and ordering

* Removed the inaccurate text in index for EaaS
2018-03-19 14:56:45 -07:00
Jacob Crowther 35ccbe504c Add Cryptr to related tools (#4126) 2018-03-19 14:46:54 -04:00
Jeff Mitchell 3a5e1792c0 Update path-help to make clear you shouldn't put things in the URL.
Remove from website docs as those have been long deprecated.
2018-03-19 11:50:16 -04:00
vishalnayak fe0a077e17 s/Methods/Method 2018-03-18 15:46:57 -04:00
Joel Thompson 3e2006eb13 Allow non-prefix-matched IAM role and instance profile ARNs in AWS auth backend (#4071)
* Update aws auth docs with new semantics

Moving away from implicitly globbed bound_iam_role_arn and
bound_iam_instance_profile_arn variables to make them explicit

* Refactor tests to reduce duplication

auth/aws EC2 login tests had the same flow duplicated a few times, so
refactoring to reduce duplication

* Add tests for aws auth explicit wildcard constraints

* Remove implicit prefix matching from AWS auth backend

In the aws auth backend, bound_iam_role_arn and
bound_iam_instance_profile_arn were ALWAYS prefix matched, and there was
no way to opt out of this implicit prefix matching. This now makes the
implicit prefix matching an explicit opt-in feature by requiring users
to specify a * at the end of an ARN if they want the prefix matching.
2018-03-17 21:24:49 -04:00
Roger Berlind 753f8a8545 Fixed broken k8s TokenReview API link (#4144) 2018-03-17 21:23:41 -04:00
Jeff Mitchell 3d44060b5f Update interactive tutorial commands 2018-03-16 15:03:51 -04:00
immutability 04d1202426 Plugins need setcap too for syscall mlock (#4138) 2018-03-16 06:05:01 -07:00
Yoko 2752855faa Fixed the hyperlink (#4140) 2018-03-15 19:24:26 -07:00
Yoko fb8d1566e6
updating the AppRole diagram (#4139)
Fixing the build error
2018-03-15 18:23:25 -07:00
Yoko 3a72bcc4ae
Approle diagram (#4132)
* Updates requested by the SE team

* Added links to AppRole blog and webinar

* Updated diagram

* Updated diagram
2018-03-15 17:16:59 -07:00
Joel Thompson 39dc981301 auth/aws: Allow binding by EC2 instance IDs (#3816)
* auth/aws: Allow binding by EC2 instance IDs

This allows specifying a list of EC2 instance IDs that are allowed to
bind to the role. To keep style formatting with the other bindings, this
is still called bound_ec2_instance_id rather than bound_ec2_instance_ids
as I intend to convert the other bindings to accept lists as well (where
it makes sense) and keeping them with singular names would be the
easiest for backwards compatibility.

Partially fixes #3797
2018-03-15 09:19:28 -07:00
Brian Nuszkowski 76be90f384 Add PKCS1v15 as a RSA signature and verification option on the Transit secret engine (#4018)
Option to specify the RSA signature type, in specific add support for PKCS1v15
2018-03-15 09:17:02 -07:00
Jeff Mitchell 59b3e28151 Make the API docs around ed25519 more clear about what derivation means for this key type 2018-03-15 11:59:50 -04:00
Jim Kalafut 3f1ed4eb0d Fix description of parameter value globbing (#4131) 2018-03-14 17:03:00 -04:00
Edward Z. Yang ac98730578 Vault user needed to use STS Federation Tokens (#4108)
If you try to use role authorization to get an STS token, you'll get this error:

* Error generating STS keys: AccessDenied: Cannot call GetFederationToken with session credentials
2018-03-14 10:24:29 -04:00
Malte a0776eb703 Fix typo in recommended vault auth iam policy (#4128)
The resource arn for the `sts:AssumeRole` action is missing a `:` for the region and therefore invalid.
2018-03-14 03:45:21 -04:00
Joel Thompson 5c788e8642 docs: Alphabetize CLI commands (#4127)
status was appearing after token when it should be before
2018-03-14 01:44:41 -04:00
Brian Shumate bbd4d7ab4c Docs: grammatical clarification around community supported note (#4122) 2018-03-13 10:32:28 -04:00
Marien Fressinaud 5f5faec977 [doc] Change auth token in getting-started (#4118)
In the authentication section of the getting started doc, the token used
to login doesn't match with the one displayed as the command result.

This commit makes sure that both tokens correspond to avoid distracting
newcomers.
2018-03-13 10:28:09 -04:00
Calvin Leung Huang 3108860d4b
Audit HMAC values on AuthConfig (#4077)
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs

* docs: Add ttl params to auth enable endpoint

* Rewording of go string to simply string

* Add audit hmac keys as CLI flags on auth/secrets enable

* Fix copypasta mistake

* Add audit hmac keys to auth and secrets list

* Only set config values if they exist

* Fix http sys/auth tests

* More auth plugin_name test fixes

* Pass API values into MountEntry's config when creating auth/secrets mount

* Update usage wording
2018-03-09 14:32:28 -05:00
Alvin Huang ce7d62e125 bump middleman-hashicorp container to 0.3.32 (#4117) 2018-03-09 13:06:58 -05:00
Vishal Nayak 527eb418fe
approle: Use TypeCommaStringSlice for BoundCIDRList (#4078)
* Use TypeCommaStringSlice for Approle bound_cidr_list

* update docs

* Add comments in the test
2018-03-08 17:49:08 -05:00
Jeff Mitchell 9d2a0dc31f Update text around default policy to make it clear that it is user-modifiable 2018-03-08 15:48:11 -05:00
Jim Kalafut 079de043e3 Fix instruction in installation docs (#4097) 2018-03-08 11:02:04 -05:00
Viacheslav Vasilyev b06c25b552 Fix autoreplacing issue (#4103) 2018-03-08 11:01:46 -05:00
Jeff Escalante 706bb4df4c Some small website fixes (#4087)
* prepend first instance of 'Vault' with 'HashiCorp'

* update dependencies + middleman-hashicorp
2018-03-08 10:58:43 -05:00
Aleksandar a8304e5d4d Add the chunk_size optional parameter to gcs storage (#4060) 2018-03-05 08:32:48 -05:00
Mike eb1c2b0732 Correct endpoint's path in Doc (#4074)
Fix typo in endpoint's path
2018-03-05 07:41:53 -05:00
Jim Kalafut ef4537e5d4 Change "mount" to "secrets enable" in docs 2018-03-02 12:54:28 -08:00
Calvin Leung Huang e2fb199ce5
Non-HMAC audit values (#4033)
* Add non-hmac request keys

* Update comment

* Initial audit request keys implementation

* Add audit_non_hmac_response_keys

* Move where req.NonHMACKeys gets set

* Minor refactor

* Add params to auth tune endpoints

* Sync cache on loadCredentials

* Explicitly unset req.NonHMACKeys

* Do not error if entry is nil

* Add tests

* docs: Add params to api sections

* Refactor audit.Backend and Formatter interfaces, update audit broker methods

* Add audit_broker.go

* Fix method call params in audit backends

* Remove fields from logical.Request and logical.Response, pass keys via LogInput

* Use data.GetOk to allow unsetting existing values

* Remove debug lines

* Add test for unsetting values

* Address review feedback

* Initialize values in FormatRequest and FormatResponse using input values

* Update docs

* Use strutil.StrListContains

* Use strutil.StrListContains
2018-03-02 12:18:39 -05:00
Jeff Mitchell 49068a42be Document primary_email in Okta mfa path 2018-03-02 11:54:21 -05:00
Jeff Mitchell 8fe24dec0a Actually add PingID to the index of API pages 2018-03-02 11:49:48 -05:00
Joel Thompson e4949d644b auth/aws: Allow lists in binds (#3907)
* auth/aws: Allow lists in binds

In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
2018-03-02 11:09:14 -05:00
Vishal Nayak 2646ed5e2a
update sys/capabilities docs (#4059) 2018-03-01 11:42:39 -05:00
Jeff Mitchell 5034ae2dcb Add the ability to use multiple paths for capability checking (#3663)
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).

Fixes #3336

* Added tests

* added 'paths' field

* Update docs

* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
Andy Manoske 942aa9bbdc
Update index.html.md
Updated for Unbound
2018-02-28 16:20:54 -08:00
Jeff Mitchell 20157fd56a Fix broken link on Consul docs 2018-02-26 13:28:15 -05:00
Jeff Mitchell abeb0fd45c Bump versions in preparation for release 2018-02-26 12:20:19 -05:00
vishalnayak 4b0f27923f ssh: clarify optional behavior of cidr_list 2018-02-24 06:55:55 -05:00
chris trott 78df6a630e Configurable Consul Service Address (#3971)
* Consul service address is blank

Setting an explicit service address eliminates the ability for Consul
to dynamically decide what it should be based on its translate_wan_addrs
setting.

translate_wan_addrs configures Consul to return its lan address to nodes
in its same datacenter but return its wan address to nodes in foreign
datacenters.

* service_address parameter for Consul storage backend

This parameter allows users to override the use of what Vault knows to
be its HA redirect address.

This option is particularly commpelling because if set to a blank
string, Consul will leverage the node configuration where the service is
registered which includes the `translate_wan_addrs` option. This option
conditionally associates nodes' lan or wan address based on where
requests originate.

* Add TestConsul_ServiceAddress

Ensures that the service_address configuration parameter is setting the
serviceAddress field of ConsulBackend instances properly.

If the "service_address" parameter is not set, the ConsulBackend
serviceAddress field must instantiate as nil to indicate that it can be
ignored.
2018-02-23 11:15:29 -05:00
Yoko 099d89ff9d
Fixed a broken link (#4032) 2018-02-22 19:43:27 -08:00
Yoko 5389550cdc
Changed the layout category menu (#4007)
* Changed the layout category menu

* Fixed typos

* Fixed a typo, and removed the duplicated generate-root guide

* Fixed the redirect.txt
2018-02-22 16:24:01 -08:00
Chris Hoffman a2e816321e
adding LIST for connections in database backend (#4027) 2018-02-22 15:27:33 -05:00
Jeff Mitchell 9c2ad5c4ec Fix formatting on sys/health docs 2018-02-22 10:52:12 -05:00
Jeff Mitchell 2dda3f6363 Make docs around regenerate_key more specific 2018-02-22 09:09:20 -05:00
Calvin Leung Huang a06243bf8d
Add description param on tune endpoints (#4017) 2018-02-21 17:18:05 -05:00
Jeff Mitchell c2ae25d588 Update PKCS11 seal information 2018-02-21 09:05:36 -05:00
Jeff Mitchell 227ebcc188 Bump files for new version 2018-02-20 14:51:20 -05:00
Vishal Nayak 45bb1f0adc
Verify DNS SANs if PermittedDNSDomains is set (#3982)
* Verify DNS SANs if PermittedDNSDomains is set

* Use DNSNames check and not PermittedDNSDomains on leaf certificate

* Document the check

* Add RFC link

* Test for success case

* fix the parameter name

* rename the test

* remove unneeded commented code
2018-02-16 17:42:29 -05:00
Jeff Mitchell f29bde0052
Support other names in SANs (#3889) 2018-02-16 17:19:34 -05:00
Jeff Mitchell 6f6b4521fa Update website for AWS client max_retries 2018-02-16 11:13:55 -05:00
Jeff Mitchell 857cdaeb2b Add some info about cert reloading behavior on SIGHUP
CC #3990
2018-02-15 17:11:48 -05:00
Seth Vargo cd930b1173 Add support for Google Cloud Spanner (#3977) 2018-02-14 20:31:20 -05:00
Jeff Mitchell 35906aaa6c
Add ChaCha20-Poly1305 support to transit (#3975) 2018-02-14 11:59:46 -05:00
Nick 11f197dfa5 Update lease.html.md (#3759) 2018-02-14 09:44:34 -05:00
Brian Shumate e6bf69b96b DOCS: update Telemetry with more coverage (#3968)
- Add initial secrets engines metrics
- Update metrics types/values
- Update language for auth methods, secrets engines, audit devices
- Add more linking to relevant documentation
2018-02-14 09:39:51 -05:00
Seth Vargo 602a7c27f8 Fix code in header font size (#3970)
* Fix code in header font size

This fixes the tiny code font in header names.

* Update _global.scss
2018-02-13 22:17:51 -05:00
Brian Shumate bbc196a6e5 Clarify with example of file-backend specific metrics (#3913) 2018-02-13 11:04:11 -05:00
George Perez 6e0ff44bfc Update generate-root.html.md (#3894)
Fix typo: "providers" to "provides"
2018-02-13 11:03:35 -05:00
Brian Shumate 492b3e2277 DOCS: update Telemetry (#3964)
- Correct time to millis
- Correct storage backend summaries from # ops to duration of ops
2018-02-13 10:15:19 -05:00
Paul Stack 3c683dba92 Adding Manta Storage Backend (#3720)
This PR adds a new Storage Backend for Triton's Object Storage - Manta

```
make testacc TEST=./physical/manta
==> Checking that code complies with gofmt requirements...
==> Checking that build is using go version >= 1.9.1...
go generate
VAULT_ACC=1 go test -tags='vault' ./physical/manta -v  -timeout 45m
=== RUN   TestMantaBackend
--- PASS: TestMantaBackend (61.18s)
PASS
ok  	github.com/hashicorp/vault/physical/manta	61.210s
```

Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store

Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value

The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta
will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value`

The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
2018-02-12 18:22:41 -05:00
Calvin Leung Huang 60732577f5
CLI Enhancements (#3897)
* Use Colored UI if stdout is a tty

* Add format options to operator unseal

* Add format test on operator unseal

* Add -no-color output flag, and use BasicUi if no-color flag is provided

* Move seal status formatting logic to OutputSealStatus

* Apply no-color to warnings from DeprecatedCommands as well

* Add OutputWithFormat to support arbitrary data, add format option to auth list

* Add ability to output arbitrary list data on TableFormatter

* Clear up switch logic on format

* Add format option for list-related commands

* Add format option to rest of commands that returns a client API response

* Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead

* Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead

* Remove -no-color flag, use env var exclusively to toggle colored output

* Fix compile

* Remove -no-color flag in main.go

* Add missing FlagSetOutputFormat

* Fix generate-root/decode test

* Migrate init functions to main.go

* Add no-color flag back as hidden

* Handle non-supported data types for TableFormatter.OutputList

* Pull formatting much further up to remove the need to use c.flagFormat (#3950)

* Pull formatting much further up to remove the need to use c.flagFormat

Also remove OutputWithFormat as the logic can cause issues.

* Use const for env var

* Minor updates

* Remove unnecessary check

* Fix SSH output and some tests

* Fix tests

* Make race detector not run on generate root since it kills Travis these days

* Update docs

* Update docs

* Address review feedback

* Handle --format as well as -format
2018-02-12 18:12:16 -05:00
Joel Thompson c61ac21e6c auth/aws: Improve role tag docs as suggested on mailing list (#3915)
Fixes the ambiguity called out in
https://groups.google.com/forum/#!msg/vault-tool/X3s7YY0An_w/yH0KFQxlBgAJ
2018-02-12 17:39:17 -05:00
Jeff Mitchell 4969505c7e
Add transaction-like behavior for Transit persists. (#3959) 2018-02-12 17:27:28 -05:00
Jeff Mitchell db8772f15e Minor website wording updates 2018-02-12 15:28:06 -05:00
Jeff Mitchell 5a047fba68 Document the disable_sealwrap parameter 2018-02-12 15:20:07 -05:00
Jeff Mitchell 6f025fe2ab
Adds the ability to bypass Okta MFA checks. (#3944)
* Adds the ability to bypass Okta MFA checks.

Unlike before, the administrator opts-in to this behavior, and is
suitably warned.

Fixes #3872
2018-02-09 17:03:49 -05:00
Vishal Nayak 80ffd07b8b added a flag to make common name optional if desired (#3940)
* added a flag to make common name optional if desired

* Cover one more case where cn can be empty

* remove skipping when empty; instead check for emptiness before calling validateNames

* Add verification before adding to DNS names to also fix #3918
2018-02-09 13:42:19 -05:00
alexandrumd 56f0ff4293 Change 'rules' parameter for Policies requests (#3947)
With Vault Version: 0.9.1, the following is returned when using "rules" for policies operation:
```The following warnings were returned from the Vault server:
* 'rules' is deprecated, please use 'policy' instead```
2018-02-09 07:43:18 -05:00
Roger Berlind 07f587dd05 Updated replication table (#3929) 2018-02-08 18:11:00 -05:00
Jeff Mitchell 4fbeae77ee
Update relatedtools.html.md 2018-02-08 11:15:47 -05:00
Robert Kreuzer a25986391b Add vaultenv to the list of related tools (#3945) 2018-02-08 10:30:45 -05:00
Chris Hoffman d723479b32
Fixing docs links and adding redirects for new guides (#3939)
* updating links

* updating links

* updating links

* updating links

* updating links

* adding redirects
2018-02-07 19:29:07 -05:00
Jed da955a8f1b Lil typo fixes (#3925)
Read through the initial docs and noticed a few typos
2018-02-07 09:38:11 -05:00
emily e086429964 fix IAM diagram for GCP auth method docs (#3927) 2018-02-07 09:37:11 -05:00
Andy Manoske 4d33d5fa34
Merge branch 'master' into new-guides 2018-02-06 13:09:22 -08:00
cikenerd e7973773ac Update etcd storage doc (#3753) 2018-02-06 11:00:00 -05:00
Yoko Hyakuna 1b12d74188 Missing * in the command 2018-02-05 16:17:18 -08:00
Jeff Mitchell 4174019efb Add a space before the MFA super 2018-02-05 12:32:25 -05:00
Jeff Mitchell 855d8cb769 Move MFA to deprecated section, mark with a super 2018-02-05 12:32:21 -05:00
Jeff Mitchell 193278f9a4 Minor grammatical update to MFA doc 2018-02-05 12:26:16 -05:00
Jeff Mitchell 8145b0ce0b Mark old MFA as legacy/unsupported in sidebar 2018-02-05 11:47:59 -05:00
Jeff Mitchell 0255d4ca10 Make the MFA support status more clear for the legacy system 2018-02-04 19:25:27 -05:00
Yoko Hyakuna 6883dc32f4 Merge branch 'master' of github.com:hashicorp/vault into new-guides 2018-02-02 09:03:12 -08:00
George Christou c35af6dd01 website: Include fish as a supported shell (#3895) 2018-02-02 10:34:48 -05:00
Yoko 9c93d2761e
Merge branch 'master' into new-guides 2018-02-01 11:55:18 -08:00
Yoko Hyakuna 2d30bef2af Fixed a typo 'on-demand' 2018-02-01 10:00:18 -08:00
Yoko Hyakuna 7a1a19b6d6 Incorporated review comments 2018-02-01 09:50:59 -08:00
Vishal Nayak 01b1b9ff6d
docs/telemetry: remove merge conflict remnant (#3882)
* remove merge conflict remnant

* s/auth/authentication
2018-02-01 12:09:58 -05:00
Andy Manoske 505e65d0fe
Merge branch 'master' into new-guides 2018-01-31 17:17:00 -08:00
Brian Shumate a7049247d9 Correct cofiguration option in example (#3879) 2018-01-31 13:41:31 -05:00
Yoko Hyakuna cef6f8a758 Replaced deprecated command 2018-01-31 09:27:14 -08:00
Yoko Hyakuna 9fc56991f0 Replaced the deprecated commands with new ones 2018-01-30 10:46:27 -08:00
Jack Pearkes a2f0f0a8e5 website: add note about the 0.9.2+ CLI changes to reduce confusion (#3868)
* website: add note about the 0.9.2+ CLI changes to reduce confusion

* website: fix frontmatter for 0.9.3 guide, add to guides index

* website: add overview title to 0.9.3 guide for spacing
2018-01-30 13:30:47 -05:00
Yoko Hyakuna dded969da6 Merge master 2018-01-30 09:57:30 -08:00
Yoko Hyakuna 470e913af7 resolved the file name conflict 2018-01-29 16:41:44 -08:00
Jeff Mitchell a5816dd2ae Prep for 0.9.3 2018-01-28 15:33:29 -05:00
Yoko Hyakuna 1a532cb993 Re-categorized the guides on the navigation 2018-01-26 15:13:15 -08:00
Jeff Mitchell 8f24bdee1f Typo fixes on upgrading page 2018-01-26 16:11:25 -05:00
Jeff Mitchell c6d8222236 Add 0.9.2 upgrade guide 2018-01-26 16:07:41 -05:00
Jeff Mitchell f3d1e8170b Prep for 0.9.2 2018-01-26 13:59:01 -05:00
Chris Bartlett c7580b2961 #3850 Fixed documentation for aws/sts ttl (#3851) 2018-01-25 22:20:30 -05:00
Yoko Hyakuna d5262f7896 Fixed typos in the command 2018-01-25 15:07:35 -08:00
Yoko Hyakuna 8a9dc208fb Fixed the sample admin policies 2018-01-24 22:15:40 -08:00
Yoko Hyakuna d8de750f97 Fixed the sample admin policies 2018-01-24 21:21:23 -08:00
Yoko Hyakuna 3e043170a0 Fixed the sample admin policies 2018-01-24 18:10:56 -08:00
Yoko Hyakuna 3fc84bff3a Added policy requirements & scenario diagrams 2018-01-24 16:01:44 -08:00
Andy Manoske 909f0d34fc
Policy Feedback from PM 2018-01-24 11:47:31 -08:00
Yoko Hyakuna d45a247bec Cleaned up the diagram 2018-01-23 16:22:17 -08:00
Yoko Hyakuna 9df839e446 More detailed descriptions were added 2018-01-23 15:43:07 -08:00
Vishal Nayak b9a5a35895 docs: Fix the expected type of metadata (#3835) 2018-01-23 16:30:15 -05:00
Jeff Mitchell 8e8675053b Sync some bits over 2018-01-22 21:44:49 -05:00
Yoko Hyakuna 358f95553c WIP - new guides 2018-01-22 18:14:23 -08:00
Brian Shumate dec64ecfd7 Update API endpoint references for revoke-prefix (#3828) 2018-01-22 18:04:43 -05:00
Yoko Hyakuna df16089491 WIP - Added personas 2018-01-18 17:40:35 -08:00
Yoko Hyakuna ac4bd212fc WIP - new guides 2018-01-17 17:39:21 -08:00
Yoko Hyakuna fd77a55dc1 WIP - new guides 2018-01-16 17:16:20 -08:00
Josh Giles 9c46431b80 Support JSON lists for Okta user groups+policies. (#3801)
* Support JSON lists for Okta user groups+policies.

Migrate the manually-parsed comma-separated string field types for user
groups and user policies to TypeCommaStringSlice. This means user
endpoints now accept proper lists as input for these fields in addition
to comma-separated string values. The value for reads remains a list.

Update the Okta API documentation for users and groups to reflect that
both user group and user/group policy fields are list-valued.

Update the Okta acceptance tests to cover passing a list value for the
user policy field, and require the OKTA_API_TOKEN env var to be set
(required for the "everyone" policy tests to pass).

* Fix typo, add comma-separated docs.
2018-01-16 18:20:19 -05:00
Jake Scaltreto 3ad372d65d Fix minor typo in word "certificate" (#3783) 2018-01-15 15:52:41 -05:00
Paweł Słomka b994e83c65 Cleanup of deprecated commands in tests, docs (#3788) 2018-01-15 15:19:28 -05:00
Harrison Brown 6b7f57caab Suggested website copy changes (#3791)
* Adds comma

* Adds comma

* Suggested copy change
2018-01-15 14:33:41 -05:00
Vishal Nayak 8ef51c0065
Delete group alias upon group deletion (#3773) 2018-01-11 10:58:05 -05:00
Yoko Hyakuna 588e3bcd2d WIP - New Vault guides 2018-01-10 17:28:00 -08:00
Yoko Hyakuna 6f7ed3016d WIP - New Vault guides 2018-01-10 11:14:59 -08:00
Jeff Mitchell d8009bced1 Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-10 11:15:49 -05:00
Yoko Hyakuna 5e0ac2aee0 WIP - New Vault guides 2018-01-09 15:12:08 -08:00
Yoko Hyakuna f61f32f0c6 WIP - New Vault guides 2018-01-09 15:06:00 -08:00
Justin Campbell e59763372e Bump middleman-hashicorp version 2018-01-09 13:06:59 -05:00
Justin Campbell 748a0d0e4b Bump middleman-hashicorp Docker image 2018-01-09 12:27:13 -05:00
Justin Campbell f16977b01a Revert gem updates, leave Nokogiri updated 2018-01-09 12:04:34 -05:00
Jeff Mitchell 728088a74f Bump middleman-hashicorp version 2018-01-09 11:54:42 -05:00
Jeff Mitchell b8b495ee2a Update gems 2018-01-09 11:26:32 -05:00
Laura Uva b242800958 Fixed the link to the section on generating DR operation token for promoting secondary. (#3766) 2018-01-09 10:02:09 -06:00
Brian Shumate fd424c74ba Docs: add DR secondary/active HTTP 472 code (#3748) 2018-01-03 15:07:36 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jon Davies 66e2593ef9 s3.go: Added options to use paths with S3 and the ability to disable SSL (#3730) 2018-01-03 12:11:00 -05:00
Brian Nuszkowski 9c3e96b591 Update '/auth/token/revoke-self' endpoint documentation to reflect the proper response code (#3735) 2018-01-03 12:09:43 -05:00
Didi Kohen 089a0793bd Clarify that keybase is supported only in the CLI (#3744) 2018-01-03 11:18:38 -05:00
dmwilcox 39dd122663 Update docs to reflect ability to load cold CA certs to output full chains. (#3740) 2018-01-03 10:59:18 -05:00
Alexandre Nicastro 19b4062801 docs: fix typo (change 'a' to 'an' - indefinite article) (#3741) 2018-01-03 10:47:15 -05:00
markpaine c50c597b62 Spelling correction. "specifig" -> "specific" (#3739) 2018-01-03 10:38:55 -05:00
markpaine 3c483b3e87 Spelling correction "datatabse" -> "database" (#3738) 2018-01-03 10:38:16 -05:00
Brian Shumate 4a9333b076 Docs: Updated Telemetry documentation (#3722) 2017-12-26 13:51:15 -05:00
Brian Shumate bbf1c67d80 Update backend config docs - addresses #3718 (#3724) 2017-12-26 13:48:45 -05:00
Jeff Mitchell 1a2eba5f87 Port website changes from ent side 2017-12-21 09:00:35 -05:00
Jeff Mitchell 121d5bfeaa Bump vars for 0.9.1 2017-12-21 08:39:41 -05:00
Jeff Mitchell e6d60ee551 Clarify control group APIs are enterprise only.
Fixes #3702
2017-12-19 11:00:02 -05:00
Calvin Leung Huang c4e951efb8 Add period and max_ttl to cert role creation (#3642) 2017-12-18 15:29:45 -05:00
Roger Berlind 27cdb42258 Added example for Azure SQL Database (#3700) 2017-12-18 13:55:56 -05:00
Travis Cosgrave cf3e284396 Use Custom Cert Extensions as Cert Auth Constraint (#3634) 2017-12-18 12:53:44 -05:00
Jeff Mitchell 77a7c52392
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
Ernest W. Durbin III 98e04c42d3 Correct documentation for Kubernetes Auth Plugin (#3708) 2017-12-18 12:12:08 -05:00
James Nugent e320d0580a physical/dynamodb: Clarify ha_enabled type (#3703)
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.

While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
2017-12-18 09:30:29 -05:00
James Nugent 618b52d72d docs: Add correct method for mlock on systemd (#3704)
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
2017-12-18 09:29:37 -05:00
Raja Nadar 446b87ee0e added the missing nonce and type fields (#3694) 2017-12-17 16:26:07 -05:00
Chris Hoffman f6bed8b925 fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Chris Hoffman ef56322369 Merge remote-tracking branch 'oss/master' into f-nomad
* oss/master:
  Add support for encrypted TLS key files (#3685)
2017-12-15 19:51:28 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Chris Hoffman c71f596fbd address some feedback 2017-12-15 17:06:56 -05:00
Jeff Mitchell b478ba8bac
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Vishal Nayak 15b3d8738e Transit: backup/restore (#3637) 2017-12-14 12:51:50 -05:00
Brian Shumate d5d265956d Docs: fix typo in libtool ltdl name and link to avoid confusion and note about arch (#3644) 2017-12-11 13:42:19 -05:00
Brian Shumate a8932fbcbd Docs: Update PKI URL config examples to FQDN — addresses #3606 (#3647) 2017-12-11 13:25:59 -05:00
Chris Hoffman 3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Paulo Ribeiro 0ee55dde52 Remove duplicate link in ToC (#3671) 2017-12-11 12:52:58 -05:00
Brian Shumate 07a0d25aeb Docs: Update PKI output examples - addresses #3606 (#3628) 2017-12-11 11:57:07 -05:00
Jeff Mitchell b5d21ebdae
Cross reference pki/cert in a few places. 2017-12-11 11:10:28 -05:00
Brad Sickles 295e11d40d Adding mfa support to okta auth backend. (#3653) 2017-12-07 14:17:42 -05:00
Brian Shumate a0d1092420 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Mohsen 2aa576149c Small typo relating to no_store in pki secret backend (#3662)
* Removed typo :)

* Corrected typo in the website related to no_store
2017-12-07 10:40:21 -05:00
Brian Kassouf 34f5d1e637 Remove the note about GKE from the Kubernetes docs (#3658) 2017-12-06 13:38:00 -05:00
Calvin Leung Huang 41f03b466a
Support MongoDB session-wide write concern (#3646)
* Initial work on write concern support, set for the lifetime of the session

* Add base64 encoded value support, include docs and tests

* Handle error from json.Unmarshal, fix test and docs

* Remove writeConcern struct, move JSON unmarshal to Initialize

* Return error on empty mapping of write_concern into mgo.Safe struct
2017-12-05 15:31:01 -05:00
Calvin Leung Huang 8f87854b86
Clarify api_addr related errors on VaultPluginTLSProvider (#3620)
* Mention api_addr on VaultPluginTLSProvider logs, update docs

* Clarify message and mention automatic api_address detection

* Change error message to use api_addr

* Change error messages to use api_addr
2017-12-05 12:01:35 -05:00
Laura Uva 892a0cb5e0 Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key (#3632) 2017-12-04 12:12:58 -05:00
Brian Shumate 5a9d8c60ac Docs: Update /sys/policies/ re: beta refs to address #3624 (#3629) 2017-12-04 12:10:26 -05:00
Jeff Mitchell e301ebe91b
Update secrets page
Fixes #3623
2017-12-04 12:05:34 -05:00
Jeff Mitchell f762d0615e
Remove beta notice 2017-12-04 08:25:16 -08:00
Chris Hoffman b17fb19b52 Expanding on the quick start guide with how to set up an intermediate authority (#3622) 2017-12-04 11:23:58 -05:00
Brian Shumate ac69680d7b Docs: mlock() notes, fixes #3605 (#3614) 2017-12-04 10:56:16 -05:00
crdotson fd2464c410 Fix spelling (#3609)
changed "aomma" to "comma"
2017-12-04 10:53:58 -05:00
csawyerYumaed 605efa37e9 update relatedtools, add Goldfish UI. (#3597)
Add link to Goldfish a  web UI for Vault.
2017-12-04 10:51:16 -05:00
Paul Pieralde ff2c8d4865 Fix docs for Transit API (#3588) 2017-12-04 10:34:05 -05:00
Jeff Mitchell d81a39ab99 Update cassandra docs with consistency value.
Fixes #3361
2017-12-02 14:18:23 -05:00
Marc Sensenich 92f937c021 Remove Trailing White space in Kubernetes Doc (#3360)
Removed a trailing white space from which caused `Error loading data: Invalid key/value pair ' ': format must be key=value` if copying the example

```
vault write auth/kubernetes/role/demo \
    bound_service_account_names=vault-auth \
    bound_service_account_namespaces=default \
    policies=default \
    ttl=1h
```
2017-12-02 14:12:39 -05:00
immutability 74bd27bdb5 Missing command for vault PUT operation (#3355) 2017-12-02 13:43:37 -05:00
Jeff Mitchell f79a15ddcd Update some rekey docs
Fixes #3306
2017-12-02 13:34:52 -05:00
Nicolas Corrarello 7b14f41872
Fix docs up to current standards
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 16:53:42 +00:00
Nicolas Corrarello b3799697a2
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello a6d3119e3e
Pull master into f-nomad
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:56:37 +00:00
Laura Uva 3b5cbe54fd Added clarification to KV documentation about default CLI behavior and how to preserve non-string type values (#3596) 2017-11-27 11:43:49 -05:00
Brian Shumate fa4af18b73 Docs: policy update for multiple policies, fixes #3611 (#3613) 2017-11-27 09:54:38 -05:00
mariachugunova 89a0919250 Fix typo in s3 storage backend docs (#3603) 2017-11-23 13:28:33 -08:00
Vishal Nayak 5f02a64206
docs: encryption/decryption now supports asymmetric keys (#3599) 2017-11-21 12:25:28 -05:00
Jeff Mitchell 422c1898c8 Update upgrade guide with HSM info 2017-11-16 11:04:46 -05:00
Vishal Nayak 00dfc1c4de
Docs: Remove 'none' as algorithm options (#3587) 2017-11-15 09:09:45 -05:00
Jeff Mitchell 141548fb33 Add now-necessary mfa import to sentinel MFA example 2017-11-14 21:42:43 -05:00
Brian Kassouf 85a5a75835
Add token_reviewer_jwt to the kubernetes docs (#3586) 2017-11-14 13:27:09 -08:00
Chris Hoffman b3a7d8ecf3
adding licensing docs (#3585) 2017-11-14 16:15:09 -05:00
Paul Pieralde 8fedef3d99 Docs change for Policy API (#3584)
vault 0.9.0 deprecated the term `rules` in favor of the
term `policy` in several of the /sys/policy APIs.

The expected return state of 200 SUCCESS_NO_DATA only happens
if the `policy` term is used. A response including the
deprecation notice and a 204 SUCCESS_WITH_DATA status code
is returned when `rules` is applied.
2017-11-14 14:26:26 -05:00
Vishal Nayak 2b481defe4
Upgrade to 0.9 (#3583)
* Upgrade to 0.9

* Add link to sidebar

* Remove items that were already in 0.8 upgrade guide
2017-11-14 13:32:09 -05:00
Vishal Nayak 3c7f194797
Doc: Add groups to identity concepts (#3581)
* Add groups to the concepts page

* s/pulled-in and pulled-out/synced against

* Remove double spaces
2017-11-14 13:27:49 -05:00
Seth Vargo 68052f18d0
Flip seal pages upside down to put examples first 2017-11-14 13:12:35 -05:00
Seth Vargo 4efcfe03d1
Add an auto-unseal page to the docs
This helps with SEO and also is where I'd expect auto unsealing to be referenced.
2017-11-14 13:12:20 -05:00
Seth Vargo b09d042173
Use super to show enterprise 2017-11-14 13:11:55 -05:00
Jeff Mitchell 8ba71a67e5 Minor website wording updates 2017-11-14 12:34:28 -05:00
Jeff Mitchell 40e3883788 Fix some broken links 2017-11-14 12:32:03 -05:00
Jeff Mitchell 7ac167f8a4 Sync docs 2017-11-14 06:13:11 -05:00
Jeff Mitchell 77442f8640 Prep for 0.9.0 2017-11-14 06:08:56 -05:00
Vishal Nayak 5d976794d4
API refactoring and doc updates (#3577)
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
2017-11-13 20:59:42 -05:00
Laura Uva 96e80e38e8 Updated the Replication guide to make it clear that it is focused on Performance Replication. Added a link to our general info page for information on DR Replication. Removed some statements about DR not being available yet. (#3502) 2017-11-13 11:55:04 -05:00
Brian Shumate 697a506b7b DOCS: Update telemetry docs - fixes #3557 (#3571) 2017-11-13 09:58:04 -05:00
Calvin Leung Huang 87feab4492
Docs update related to new top-level config values (#3556)
* Add new top level config value docs, add VAULT_API_ADDR, purge old references

* Fix indentation

* Update wording on ha.html

* Add section on split data/HA mode

* Fix grammar
2017-11-10 20:06:07 -05:00
Vishal Nayak 645c068011
transit doc update (#3564) 2017-11-09 16:17:54 -05:00
James Soubry f2a98cc662 Fix curl commands (#3558)
Curl commands require HCL within JSON to work.
2017-11-09 10:16:09 -05:00
Calvin Leung Huang b7deec2bec Add docs for /sys/rekey-recovery-key (#3520) 2017-11-08 14:22:30 -05:00
Paul Pieralde 01ff6293e0 Doc fix for Create/Update Token API (#3548)
`orphan` is intended to be default to False. Docs indicate this
is default to True. Simple change to update the docs only.
2017-11-07 18:06:44 -05:00
Joel Thompson 2c8cd19e14 auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Chris Hoffman de8c0dce99 minor cleanup 2017-11-06 16:34:20 -05:00
Jonathan Freedman 4109473134 More Mount Conflict Detection (#2919) 2017-11-06 15:29:09 -05:00
Gregory Reshetniak 57c9afa357 added AWS enpoint handling (#3416) 2017-11-06 13:31:38 -05:00
Calvin Leung Huang d7305a4681
Add note on support for using rec keys on /sys/rekey (#3517) 2017-11-06 12:18:15 -05:00
Jason Antman af649c60d0 Add third party tools list to website (#3488) 2017-11-06 12:11:02 -05:00
Jeff Mitchell 17310654a1
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Nicolas Corrarello 5a317a1a32
Updated documentation 2017-11-06 15:13:50 +00:00
Calvin Leung Huang 93917743df
Update SSH list roles docs (#3536) 2017-11-03 18:00:46 -04:00
Vishal Nayak e4e4a7ba67
Capabilities responds considering policies on entities and groups (#3522)
* Capabilities endpoint will now return considering policies on entities and groups

* refactor the policy derivation into a separate function

* Docs: Update docs to reflect the change in capabilities endpoint
2017-11-03 11:20:10 -04:00
Vishal Nayak 06923430cc
docs: s/persona/alias (#3529) 2017-11-03 11:17:59 -04:00
Vishal Nayak 52df62d4ff
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend (#3489)
* encrypt/decrypt/sign/verify RSA

* update path-help and doc

* Fix the bug which was breaking convergent encryption

* support both 2048 and 4096

* update doc to contain both 2048 and 4096

* Add test for encrypt, decrypt and rotate on RSA keys

* Support exporting RSA keys

* Add sign and verify test steps

* Remove 'RSA' from PEM header

* use the default salt length

* Add 'RSA' to PEM header since openssl is expecting that

* export rsa keys as signing-key as well

* Comment the reasoning behind the PEM headers

* remove comment

* update comment

* Parameterize hashing for RSA signing and verification

* Added test steps to check hash algo choice for RSA sign/verify

* fix test by using 'prehashed'
2017-11-03 10:45:53 -04:00
Vishal Nayak a7acc23034
docs: Add config/ca delete operation (#3525) 2017-11-03 06:19:21 -04:00
Chris Hoffman 3d8d887676
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Nicolas Corrarello d540985926 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Nicolas Corrarello 0fc65cabc7 Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00
Nathan Valentine 0345dca20f Should these names not reference Vault? (#3506)
Since we are in the Vault docs, should these names not reference Vault instead of Nomad?
2017-10-30 11:04:38 -05:00
Jeff Mitchell 963f516ac9 Fix C&P in docs.
Fixes #3454
2017-10-27 16:43:26 -04:00
Vishal Nayak b16084fdaf aws-ec2: Avoid audit logging of custom nonces (#3381) 2017-10-27 11:23:15 -04:00
smeach c575435040 Updated cli arg to reflect text description (#3487) 2017-10-27 09:44:56 -05:00
AJ Bourg a71add2973 Add a doc for the token helper (#3411)
* Add token helper docs.

* Update it so the new token helpers page appears in the navigation.
2017-10-27 09:42:33 -05:00
Christophe Tafani-Dereeper 5ff1485a3e Correct typos in the sys/raw documentation (#3484) 2017-10-24 10:33:57 -04:00
Seth Vargo 83b1eb900a
More naming cleanup 2017-10-24 09:35:03 -04:00
Seth Vargo a07c7d7368
Update guides to use new CLI commands 2017-10-24 09:34:30 -04:00
Seth Vargo 53f26e6bd7
Update getting started walkthrough 2017-10-24 09:34:30 -04:00
Seth Vargo 7463ba73a5
Oops typo 2017-10-24 09:34:30 -04:00
Seth Vargo 6c1411447c
Remove more references to auth backend 2017-10-24 09:34:12 -04:00
Seth Vargo 926ca5c125
Update k8s documentation 2017-10-24 09:34:12 -04:00
Seth Vargo 51a27b758b
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo 2982fdf7ca
Remove ?list examples
They are documented in the overall API section, but people should get used to seeing LIST as a verb
2017-10-24 09:32:15 -04:00
Seth Vargo a85d3c6270
Remove smaller font on embedded code snippets 2017-10-24 09:32:15 -04:00
Seth Vargo c5665920f6
Standardize on "auth method"
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
2017-10-24 09:32:15 -04:00
Seth Vargo 3bbeace911
Audit backend -> device 2017-10-24 09:30:52 -04:00
Seth Vargo f7310eac04
Add new commands to the sidebar 2017-10-24 09:30:52 -04:00
Seth Vargo aa34fb17c7
Absorb help and read-write into index 2017-10-24 09:30:52 -04:00
Seth Vargo 162c525159
Add "write" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 6fa133852e
Add "unwrap" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4d80ccbb4c
Add "token" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 51e185b9a2
Add "status" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4634949b9b
Add "ssh" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo a106350950
Add "server" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 28fa271c4e
Add "secrets" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo bcf6657e9c
Add "read" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo c743167f4c
Add "policy" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 54f8e0adb2
Update "path-help" documentation 2017-10-24 09:30:51 -04:00
Seth Vargo f48bc06d93
Add "operator" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo a81ff9a97c
Add "login" command documentation 2017-10-24 09:30:51 -04:00