142cb563a6
Improve documentation of token renewal
2015-09-11 21:08:32 -04:00
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
971e4144ec
Fix typo
2015-09-10 15:09:54 -04:00
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
696d0c7b1d
Plumb per-mount config options through API
2015-09-10 15:09:53 -04:00
5063a0608b
Vault SSH: Default CIDR for roles
2015-08-27 13:04:15 -04:00
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
8669a87fdd
When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes.
2015-08-26 07:59:50 -07:00
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
f57e7892e7
Don't store the given public keys in the seal config
2015-08-25 14:52:13 -07:00
a7316f2e24
Handle people specifying PGP key files with @ in front
2015-08-25 14:52:13 -07:00
2f3e245b0b
Add support for "pgp-tokens" parameters to init.
...
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
a8ef0e8a80
Remove cookie authentication.
2015-08-21 19:46:23 -07:00
1f5062a6e1
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-19 12:16:37 -07:00
fe8c1c514d
Add -no-verify option to CLI auth command, to avoid decrementing the token use count during auth.
2015-08-18 19:22:17 -07:00
251cd997ad
Vault SSH: TLS client creation test
2015-08-18 19:00:27 -07:00
9324db7979
Vault SSH: verify echo test
2015-08-18 16:48:50 -07:00
1f402fb42e
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-17 18:22:13 -07:00
b91ebbc6e2
Vault SSH: Documentation update and minor refactoring changes.
2015-08-17 18:22:03 -07:00
7c12aaa24b
command: Fixing setup of client certificates
2015-08-17 12:18:14 -07:00
9db318fc55
Vault SSH: Website page for SSH backend
2015-08-14 12:41:26 -07:00
7f9babed2a
Vault SSH: CLI embellishments
2015-08-13 16:55:47 -07:00
e782717ba8
Vault SSH: Renamed path with mountPoint
2015-08-12 10:30:50 -07:00
33d7ef71b9
Vault SSH: Fixed constructor of SSH api
2015-08-12 09:56:17 -07:00
93dfa67039
Merging changes from master
2015-08-12 09:28:16 -07:00
2b4c6ab0e2
command/meta.go: document environment variables
...
Document the environment variables which, if set, can provide default
values for configuration options.
Fixes #476
2015-08-07 15:13:30 -07:00
9f363913e9
Allow the `vault token-create` command to specify the token's id
2015-08-07 08:45:34 +00:00
e5080a7f32
Merging with master
2015-08-06 18:44:40 -04:00
32502977f6
Vault SSH: Automate OTP typing if sshpass is installed
2015-08-06 17:00:50 -04:00
0af97b8291
Vault SSH: uninstall dynamic keys using script
2015-08-06 15:50:12 -04:00
c7ef0b95c2
Vault SSH: CRUD test case for OTP Role
2015-07-31 13:24:23 -04:00
4bad987e58
PR review updates
2015-07-30 13:21:41 -04:00
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
61c9f884a4
Vault SSH: Review Rework
2015-07-29 14:21:36 -04:00
4b4df4271d
Vault SSH: Refactoring
2015-07-27 16:42:03 -04:00
e9f507caf0
Vault SSH: Refactoring
2015-07-27 13:02:31 -04:00
b532ee0bf4
Vault SSH: Dynamic Key test case fix
2015-07-24 12:13:26 -04:00
e998face87
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-07-23 17:20:34 -04:00
791a250732
Vault SSH: Support OTP key type from CLI
2015-07-23 17:20:28 -04:00
ae28087f67
server: import sha512. Fixes #448
2015-07-23 13:51:45 -07:00
1096f5a53e
Avoid unnecessary abbreviation
2015-07-22 23:28:46 -04:00
2e81d9047d
Allow specifying a TLS minimum version
2015-07-22 23:19:41 -04:00
dec99f2bf6
Git ignore getting in the way
2015-07-14 15:57:06 -07:00
5804c4a872
Fix travis build
2015-07-14 15:50:29 -07:00
0ec0b41aa3
Telemetry object in config
2015-07-14 15:36:28 -07:00
d2c048d870
Disable hostname prefix for runtime telemetry
2015-07-13 13:17:57 -07:00
ed258f80c6
Vault SSH: Refactoring and fixes
2015-07-10 18:44:31 -06:00
ef11dd99f7
Vault SSH: Added comments to ssh_test
2015-07-10 16:59:32 -06:00
89a0e37a89
Vault SSH: Backend and CLI testing
2015-07-10 16:18:02 -06:00
3c7dd8611c
Vault SSH: Test case skeleton
2015-07-10 09:56:14 -06:00
73414154f8
Vault SSH: Made port number configurable
2015-07-06 16:56:45 -04:00
170dae7f91
Vault SSH: Revoking key after SSH session from CLI
2015-07-06 11:05:02 -04:00
425b69be32
Vault SSH: PR review rework: Formatting/Refactoring
2015-07-02 19:52:47 -04:00
a1e2705173
Vault SSH: PR review rework
2015-07-02 17:23:09 -04:00
bb16052141
Vault SSH: replaced concatenated strings by fmt.Sprintf
2015-07-01 20:35:11 -04:00
d691a95531
Vault SSH: PR review rework - 1
2015-07-01 11:58:49 -04:00
8627f3c360
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-06-30 18:33:37 -04:00
5e5e6788be
Input validations, help strings, default_user support
2015-06-30 18:33:17 -04:00
e025c33ab9
command: source general options docs from common source
2015-06-30 12:01:23 -07:00
c12734b27c
CLI docs
2015-06-30 09:04:57 -04:00
0062d923cc
Better error messages.
2015-06-30 08:59:38 -04:00
91ed2dcdc2
Refactoring changes
2015-06-29 22:00:08 -04:00
24d0af39b4
Initial sketch for client TLS auth
2015-06-29 15:33:16 -04:00
29696d4b6b
Creating SSH keys and removal of files in pure 'go'
2015-06-26 15:43:27 -04:00
8c15e2313b
ssh/lookup implementation and refactoring
2015-06-25 21:47:32 -04:00
b237a3bcc2
POC: Rework. Doing away with policy file.
2015-06-24 18:13:12 -04:00
f8d164f477
SSHs to multiple users by registering the respective host keys
2015-06-19 12:59:36 -04:00
90605c6079
merging with master
2015-06-18 20:51:11 -04:00
8d98968a54
Roles, key renewal handled. End-to-end basic flow working.
2015-06-18 20:48:41 -04:00
9772a72772
command/read: Ensure only a single argument. Fixes #304
2015-06-18 16:00:41 -07:00
c54868120a
command/path-help: rename command, better error if sealed. Fixes #234
2015-06-18 15:56:42 -07:00
3533d87746
command/write: adding force flag for when no data fields are necessary. Fixes #357
2015-06-18 13:51:06 -07:00
7394c7bd8d
command/server: fixing output weirdness
2015-06-18 13:48:18 -07:00
7bd1e7d826
command/auth: warn earlier about VAULT_TOKEN
2015-06-18 13:48:04 -07:00
28f18119e0
command/auth: warn about the VAULT_TOKEN env var. Fixes #195
2015-06-17 19:19:02 -07:00
2aed5f8798
Implementation for storing and deleting the host information in Vault
2015-06-17 22:10:47 -04:00
3a2adcb3b8
cmomand/read: strip path prefix if necessary. Fixes #343
2015-06-17 18:33:15 -07:00
6bc2b06de4
server: graceful shutdown for fast failover. Fixes #308
2015-06-17 18:24:56 -07:00
cfef144dc2
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-06-17 20:34:56 -04:00
303a7cef9a
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH.
2015-06-17 20:33:03 -04:00
1f963ec1bb
command/token-create: provide more useful output. Fixes #337
2015-06-17 16:59:50 -07:00
3ed73d98c2
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect
2015-06-17 12:39:49 -04:00
0ecf05c043
command/auth, github: improve cli docs
...
/cc @sethvargo
2015-06-16 10:05:11 -07:00
3a0e19cb4e
Merge pull request #270 from sheldonh/no_export_vault_token
...
Don't recommend exporting VAULT_TOKEN
2015-06-01 11:52:40 -04:00
d605a437b6
Merge pull request #278 from Zhann/feature/add_dev_to_server_options_help
...
Add help info for -dev flag
2015-06-01 13:08:50 +02:00
607fc295e5
command/rekey: use same language in rekey as init
2015-06-01 13:08:20 +02:00
fbc51109cc
Merge pull request #273 from hashicorp/unseal-keys-notice
...
Change phrasing for unseal key notification
2015-06-01 13:06:52 +02:00
8155b3927e
Add help info for -dev flag
2015-05-31 18:05:15 +02:00
4e79210934
Updated phrasing to note restarts, stop, and other sealing scenarios
2015-05-28 17:07:38 -07:00
528d0c6e28
Changed phrasing for unseal key notification
2015-05-28 17:02:09 -07:00
7f26f5a4cb
command/rekey: adding tests
2015-05-28 15:22:42 -07:00
9a162191cd
command/rekey: first pass at rekey
2015-05-28 15:08:09 -07:00
42b91fe411
command/rotate: Adding new rotate command
2015-05-28 10:16:33 -07:00
6cda28f9e7
Don't recommend exporting VAULT_TOKEN
...
It's not needed by the dev server (which writes ~/.vault-token),
and breaks the Getting Started guide (e.g. #267 ).
2015-05-28 14:39:35 +02:00
388022bac1
command/key-status: Adding new key-status command
2015-05-27 18:17:02 -07:00
11b6abe886
Merge pull request #251 from DavidWittman/auth-prompt-without-args
...
Prompt for auth token when no args provided
2015-05-27 11:24:33 -07:00
5df1d725aa
Add test for stdin input
...
Shamelessly borrowed this pattern from write_test.go
2015-05-23 13:23:38 -05:00
1411749222
Read from stdin with auth command
2015-05-23 13:23:37 -05:00
48778c5260
Add ability to read raw field from secret
2015-05-22 11:28:23 -07:00
3713ef9fb7
command/renew: typo fix. Fixes #240
2015-05-21 11:03:25 -07:00
fb898ecc1b
Prompt for auth token when no args provided
...
This makes `vault auth` work as documented:
> If no -method is specified, then the token is expected. If it is not
> given on the command-line, it will be asked via user input. If the
> token is "-", it will be read from stdin.
2015-05-20 22:10:02 -05:00
a3ddd9ddb2
server: Minor copy change
2015-05-20 17:49:16 -07:00
7e08d68e48
Merge pull request #222 from DavidWittman/config-backend-check
...
Fail gracefully if a physical backend is not supplied
2015-05-20 17:47:45 -07:00
268db24819
command/listener: Request TLS client cert. Fixes #214
2015-05-20 16:01:40 -07:00
faa07cc165
Improve unseal CLI message
2015-05-19 00:34:18 -07:00
b04332f8fc
Fail gracefully if a phys backend is not supplied
2015-05-18 22:55:12 -05:00
88d5d6a4c8
Use strconv.ParseBool
2015-05-15 16:41:30 -04:00
a2831b0144
Explicitly check if tls_disable == 1
2015-05-15 16:39:30 -04:00
f40dba1c48
command/token: add Env to Helper
...
Specify environment variables on the Helper rather than on
the command line.
Fixes command/token test failures on Windows.
2015-05-12 07:22:38 +02:00
ce5786d133
Rename skip verify env
2015-05-11 11:27:54 -07:00
7c180fb6fd
Merge pull request #181 from jefferai/fix-ca-path-walk
...
Fix CA path walking, and add TLS-related env vars.
2015-05-11 11:26:47 -07:00
66c8d2dd2a
command: fix tests
2015-05-11 11:25:45 -07:00
073820a6cc
command/token: Use cmd on windows instead of sh
2015-05-11 11:08:08 -07:00
7bff682e8e
command/*: -tls-skip-verify [GH-130]
2015-05-11 11:01:52 -07:00
4f8c9e8fe2
This adds one bugfix and one feature enhancement.
...
Bugfix: When walking a given CA path, the walk gives both files and
directories to the function. However, both were being passed in to be
read as certificates, with the result that "." (the given directory for
the CA path) would cause an error. This fixes that problem by simply
checking whether the given path in the walk is a directory or a file.
Feature enhancement: VAULT_CACERT, VAULT_CAPATH, and VAULT_INSECURE now
perform as expected.
2015-05-11 17:58:56 +00:00
a3afed6811
command/meta: don't read token file if token is already set [GH-162]
2015-05-11 10:31:14 -07:00
bbddaff5c9
Make the VAULT_TOKEN and VAULT_ADDR copy-pastable in dev mode
...
This allows someone to quickly start a dev mode server and hit the ground
running without the need to copy-paste twice.
2015-05-07 18:32:40 -04:00
b71afe54e5
Merge pull request #139 from fubar-coder/master
...
Escape backslash to allow usage of dev server on Windows using MinGW
2015-05-06 11:05:06 -07:00
a4b92ebb3a
Merge pull request #133 from hashicorp/f-advertise
...
Attempt advertise address detection
2015-05-04 12:13:45 -07:00
47d2cc8349
Escape backslash to allow usage of dev server on Windows using MinGW (partially fixes issue #95 )
2015-05-04 09:20:40 +02:00
53d5a801e5
Fix lease_renewable output
2015-05-02 19:58:48 -07:00
c76b59812e
command/server: Attempt advertise address detection
2015-05-02 15:57:40 -07:00
c7ff8f8458
Merge pull request #82 from DavidWittman/75-auth-revoked-token
...
Check for invalid token when authing via cli
2015-05-02 13:20:57 -07:00
842a8ec818
command/format: add `lease_renewable` to output
2015-05-02 13:11:40 -07:00
2fff913263
Check for invalid token when authing via cli
...
If a token does not exist, the Read request returns without an
error, but the secret returned is `nil`, so we need to check for
that.
Closes #75
2015-04-28 21:50:51 -05:00
3d3274a66b
command/server: fix one race condition
2015-04-28 19:11:46 -07:00
d29ada47eb
command/server: disable mlock in dev mode
2015-04-28 15:11:39 -07:00
006d4fccfd
command/server: allow disabling mlock
2015-04-28 15:09:30 -07:00
6898c60292
command/server: warning if no mlock
2015-04-28 15:04:40 -07:00
c53dc04d92
command/token: use executable path to find token helper [GH-60]
2015-04-28 14:52:55 -07:00
1346040c86
Update server.go
...
Did you mean "talking?" Or something else?
2015-04-28 14:01:45 -06:00
3998804347
command: support custom CAs
2015-04-28 09:36:03 -07:00
244a0c56bc
command/*: lets try to remove this before 0.1.0
2015-04-28 09:20:42 -07:00
1b0d75719d
command/*: more TODO removal
2015-04-28 09:15:38 -07:00
fc6569ad59
command/*: fix spacing
2015-04-28 09:15:21 -07:00
0e112bf026
command/* fill in the addr
2015-04-28 09:13:32 -07:00
ff352c32fe
command/server: Catch error from core initialization. Fixes #42
2015-04-27 21:29:40 -07:00
3b0c993909
command/write: test output
2015-04-27 15:08:03 -07:00
4ff3acfbe3
command/write: handle writes with output
2015-04-27 14:55:43 -07:00
06a4c6b08f
command: refactor to share output formating code
2015-04-27 14:55:29 -07:00
b2a689bfc9
command/init: minor output text fix
2015-04-22 11:48:07 -07:00
3f9711fa63
command/status: no weird indentintg
2015-04-21 20:11:15 +02:00
d56a0ce2ef
command/status: refactor to improve output
2015-04-20 13:37:32 -07:00
2609977683
command/status: improve output when sealed
2015-04-20 12:21:35 -07:00
52f8b2d8ef
command/status: improve output when sealed
2015-04-20 12:19:25 -07:00
f76e5b2fc5
command: Rename seal-status to status
2015-04-20 12:11:21 -07:00
f1c97ab2cf
command: Adding HA status
2015-04-20 12:08:54 -07:00
vishalnayak