Commit graph

4263 commits

Author SHA1 Message Date
Loann Le 80c56225dc
new vault docs (#14546) 2022-03-16 16:29:56 -07:00
Benjamin Chrobot 267e202624
docs: add missing k8s verb (#12374) 2022-03-16 14:24:19 -05:00
Hridoy Roy 0dfabe7ade
Server Side Consistency Docs (#14392)
* partial docs

* remove unnecessary docs link

* move SSCT upgrade notes to 1.10 instead of 0.10

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/consistency.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* docs updates

* Update website/content/docs/configuration/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-16 10:20:12 -07:00
mickael-hc ada3d31dd1
update security model (#14482)
compromised clients are not part of vault's threat model
2022-03-15 16:27:41 -04:00
Alexander Scheel ff62a34487
Update more PKI documentation (#14490)
* Update description of certificate fetch API

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify /config/crl and /config/url PKI are empty

GET-ing these URLs will return 404 until such time as a config is posted
to them, even though (in the case of CRL), default values will be used.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify usage of /pki/crl/rotate

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update documentation around PKI key_bits

This unifies the description of key_bits to match the API description
(which is consistent across all usages).

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix indented field descriptions in PKI paths

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify documentation around serial_number

Note that this field has no impact on the actual Serial Number field and
only an attribute in the requested certificate's Subject.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix spelling of localdomain

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-03-15 14:37:26 -04:00
Pratyoy Mukhopadhyay d222981cec
Fixes from mount move testing (#14492)
* Add validation, fix docs

* add changelog

* fmt fix

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Update vault/logical_system_test.go

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
2022-03-15 11:11:23 -07:00
Jason O'Donnell dd4a3b339e
auth/ldap: add username_as_alias config flag (#14324) 2022-03-15 10:21:40 -04:00
Victor Rodriguez e78cca413d
Document the managed key PKCS#11 parameter key_id. (#14476) 2022-03-14 12:08:14 -04:00
swayne275 ec4d013047
add tip for how to force a secrets engine disable (#14363)
* add tip for how to force a secrets engine disable

* add warning to force disable secrets instructions

* clean up wording

* add force secrets engine disable info to api doc

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/mounts.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/commands/secrets/disable.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* feedback updates

* impl taoism feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-11 11:43:59 -07:00
Peter Sonnek c3dea33e92
added add_basic_constraints parameter to PKI API docs (#14457)
* added add_basic_constraints parameter to PKI API docs

Added add_basic_constraints parameter to PKI API docs for Generate Intermediate. 

Copied description from ba533d006f/builtin/logical/pki/path_intermediate.go (L34-L37)
2022-03-11 10:52:26 -05:00
Guillaume 6178f4e060
Added Enigma Vault secret plugin. Designed to be simple but complete, a good starting point for plugin developers (#14389) 2022-03-11 08:33:48 -05:00
Nick Cabatoff 57c6064863
Update error codes that are retried. (#14447) 2022-03-10 15:09:45 -05:00
Peter-Gess 5497f5e8d2
Fixing typo from "fo" to "of" (#14445) 2022-03-10 11:56:28 -08:00
Nick Cabatoff 6fc5a5d165
Add a place for us to link to external plugin examples/guides. (#14414) 2022-03-10 14:29:29 -05:00
naseemkullah 0667cb8b76
Update index.mdx (#14161) 2022-03-09 14:15:05 -08:00
hghaf099 b358bd6ffa
remove mount accessor from MFA config (#14406)
* remove mount accessor from MFA config

* Update login_mfa_duo_test.go

* DUO test with entity templating

* using identitytpl.PopulateString to perform templating

* minor refactoring

* fixing fmt failures in CI

* change username format to username template

* fixing username_template example
2022-03-09 09:14:30 -08:00
Jan Klaas Kollhof 756d0f0750
fix spelling of identity (#14318) 2022-03-08 15:59:15 -08:00
hghaf099 0bf9a38b36
Login MFA docs (#14317)
* MFA config docs

* correcting some issues

* feedback

* add a note about deleting methods

* Login MFA docs

* rename and mdx

* adding missing docs nav data

* some fixes

* interactive login request

* Apply suggestions from code review

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* feedback

* feedback

* Apply suggestions from code review

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* feedback on mount accessor

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update login-mfa.mdx

Co-authored-by: Josh Black <raskchanky@gmail.com>
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-07 16:26:00 -05:00
Rachel Culpepper 8aa18a20a2
Vault-4964: Update Managed Key documentation for AWS KMS (#14378)
* Add documentation for Managed Keys

 - Add concept, sys/api and pki updates related to managed keys

* Review feedback

 - Reworked quite a bit of the existing documentation based on feedback
   and a re-reading
 - Moved the managed keys out of the concepts section and into the
   enterprise section

* Address broken links and a few grammar tweaks

* add documentation for AWS KMS managed keys

* a couple small fixes

* # Conflicts:
#	website/content/api-docs/secret/pki.mdx
#	website/content/api-docs/system/managed-keys.mdx
#	website/content/docs/enterprise/managed-keys.mdx

* docs updates

* # Conflicts:
#	sdk/version/version_base.go
#	vault/seal_autoseal_test.go
#	website/content/api-docs/system/managed-keys.mdx
#	website/content/docs/enterprise/managed-keys.mdx

* remove endpoint env var

* Document Azure Key Vault parameters for managed keys.

* docs changes for aws kms managed keys

Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
Co-authored-by: Victor Rodriguez <vrizo@hashicorp.com>
2022-03-07 14:22:42 -06:00
Josh Black cbfd2353c6
MFA docs for config endpoints (#14302) 2022-03-07 11:44:15 -08:00
Pratyoy Mukhopadhyay a85d4fe128
[VAULT-5268] Add mount move docs (#14314)
* add mount move docs

* add missed word

* Update website/content/api-docs/system/remount.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* one clarification

* docs changes from feedback

* couple things i missed

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-04 14:38:15 -08:00
Scott Miller 423f1b949b
Clarify certificate storage in Vault clustering (#14055)
* Clarify certificate storage in Vault clustering

* no_store clarification

* Update docs again, with new understanding of LocalStorage
2022-03-04 14:50:53 -06:00
Meggie e62cb69279
Updating website for 1.9.4 (#14373) 2022-03-04 11:19:03 -05:00
Jason O'Donnell 1199a7a9f5
docs: fix typo in CF auth ca maintenance (#14366) 2022-03-03 18:25:57 -05:00
Jamie Finnigan 003d8fb1fe
update vault login docs to cover stdin default (#14336) 2022-03-03 12:45:41 -05:00
Chris Capurso 617fbc4caf
specify LIST method in version-history API doc example (#14346) 2022-03-02 16:58:04 -05:00
Sean Ellefson 98d00d5c9d
Correcting API documentation to show status endpoints are unauthenticated (#13943) 2022-03-01 14:41:47 -08:00
Loann Le c7a0dd41ea
fixed broken link (#14305) 2022-02-28 11:49:25 -08:00
tomthetommy 0b31c4a404
English Grammar. (#14247)
* English Grammar.

Simply missing a "to".

* English Grammar
2022-02-28 10:05:32 -05:00
Robert 2ea8be0567
docs: consul secret engine improvements, database secrets engine disable_escaping parameter (#14260)
* Update consul secrets engine docs and api-docs
* Update databases secrets engine docs and api-docs
2022-02-25 17:43:18 -06:00
Alexander Scheel 6d18c3adaa
Sync PKI API and FrameworkField descriptions (#14286)
As pointed out internally, a lot of the API docs and FrameworkField
descriptions of parameters were out of date. This syncs a number of
them, updating their descriptions where relevant.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-25 14:06:41 -05:00
Jim Kalafut 8347d94114
Fix missing quote in docs (#14277) 2022-02-25 09:02:08 -08:00
Jim Kalafut 75caf59093
Replace docs references to PUT with POST (#14270)
The operations are handled identically, but ~85% of the references were
POST, and having a mix of PUT and POST was a source of questions.

A subsequent commit will update the internal use of "PUT" such as by
the API client and -output-curl-string.
2022-02-25 06:52:24 -08:00
Tom Proctor 3668275903
Quit agent endpoint with config (#14223)
* Add agent/v1/quit endpoint
  * Closes https://github.com/hashicorp/vault/issues/11089
* Agent quit API behind config setting
* Normalise test config whitespace
* Document config option

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2022-02-25 10:29:05 +00:00
Zachary Shilton 932c5e9c65
chore: bump to latest docs-page (#14240) 2022-02-24 15:54:26 -05:00
Alexander Scheel 616940ed9d
Clarify documentation around certificate issuance (#14236)
We note that:

 - allow_bare_domains, allow_glob_domains, and allow_subdomains are all
   independent,
 - enforce_hostnames and allow_wildcard_certificates take precedence over
   allow_any_name,
 - We limit to RFC 6125 wildcards.
 - Clarify that both allow_bare_domains and allow_glob_domains will permit
   wildcard issuance in certain scenarios.

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Co-authored-by: Kit Haines <kit.haines@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Co-authored-by: Kit Haines <kit.haines@hashicorp.com>
2022-02-24 08:42:11 -05:00
Austin Gebauer 4d94ba8e14
agent/azure: adds ability to use specific user-assigned managed identities for auto auth (#14214)
* agent/azure: adds ability to use specific user assigned managed identity for auto auth

* add changelog

* change wording in error and docs

* Update website/content/docs/agent/autoauth/methods/azure.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/agent/autoauth/methods/azure.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* docs formatting

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-02-23 11:43:36 -08:00
Robert 5f3b67675b
Clarify service_registration stanza version (#14213)
* Clarify when service_registraion was introduced

Resolves https://github.com/hashicorp/vault/issues/8768
Language is modeled after the nomad acl version limits

> ~> Version information ACLs are only available on Nomad 0.7.0 and above.

1e720054e5/website/pages/docs/secrets/nomad/index.mdx

* Update phrasing to clarify vault isn't rquired

* rephrase

* Rewording statements

Co-authored-by: Spencer Owen <owenspencer@gmail.com>
2022-02-23 10:18:52 -05:00
Steven Clark 69bb38450a
Add documentation for managed key test sign API (#14180)
* Add documentation for managed key test sign API

 - Add the documentation for the new managed key api that allows
   operators to test the managed key configuration by going through
   a sign/verify workflow with some randomly generated data.

* PR feedback
2022-02-23 09:14:59 -05:00
Theron Voran eea7fb947a
docs/vault-k8s: path for agent-inject-token (#14212)
State the path where the token can be found when injected with the
agent-inject-token annotation.
2022-02-22 22:03:05 -08:00
Romain Aviolat 7845567ee6
fix(doc): mention that leases can be revoked from the UI (#14205) 2022-02-22 18:04:37 -08:00
Nick Cabatoff 5fe1c16201
Remove support for etcd v2 storage backend. (#14193) 2022-02-22 16:48:04 -05:00
Pratyoy Mukhopadhyay 345857fa1b
[VAULT-1011] Update autoauth docs (#13883)
* Update autoauth docs

* Update website/content/docs/agent/autoauth/index.mdx

Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>

Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2022-02-22 10:04:23 -08:00
Wazery cd9ddc3d10
Fix a simple typo (#14181) 2022-02-21 21:31:33 -08:00
Theron Voran a14f19802d
Fix link to Kubernetes 1.21 section (#13960) 2022-02-18 16:43:18 -08:00
Alexander Scheel d72fb08884
Allow OpenSSH-style key type identifiers (#14143)
* Allow OpenSSH-style key type identifiers

To bring better parity with the changes of #14008, wherein we allowed
OpenSSH-style key identifiers during generation. When specifying a list
of allowed keys, validate against both OpenSSH-style key identifiers
and the usual simplified names as well ("rsa" or "ecdsa"). Notably, the
PKI secrets engine prefers "ec" over "ecdsa", so we permit both as well.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix missing quote in docs
2022-02-18 17:48:16 -05:00
Alexander Scheel f0dc3a553f
Switch to secure signing algorithm for SSH secrets engine (#14006)
* Explicitly call out SSH algorithm_signer default

Related: #11608

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use rsa-sha2-256 as the default SSH CA hash algo

As mentioned in the OpenSSH 8.2 release notes, OpenSSH will no longer be
accepting ssh-rsa signatures by default as these use the insecure SHA-1
algorithm.

For roles in which an explicit signature type wasn't specified, we
should change the default from SHA-1 to SHA-256 for security and
compatibility with modern OpenSSH releases.

See also: https://www.openssh.com/txt/release-8.2

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update docs mentioning new algorithm change

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix missing parenthesis, clarify new default value

* Add to side bar

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-18 10:44:01 -05:00
Calvin Leung Huang c839fc78d8
auth/ldap: add resp warning if userfilter doesn't consider userattr (#14095)
* auth/ldap: add resp warning if userfilter doesn't consider userattr

* add changelog entry
2022-02-17 17:19:44 -08:00
Rémi Lapeyre 98b18ee08e
Add telemetry to Vault agent (#13675)
This patch adds a new /agent/v1/metrics that will return metrics on the
running Vault agent. Configuration is done using the same telemetry
stanza as the Vault server. For now default runtime metrics are
returned with a few additional ones specific to the agent:
  - `vault.agent.auth.failure` and `vault.agent.auth.success` to monitor
  the correct behavior of the auto auth mechanism
  - `vault.agent.proxy.success`, `vault.agent.proxy.client_error` and
  `vault.agent.proxy.error` to check the connection with the Vault server
  - `vault.agent.cache.hit` and `vault.agent.cache.miss` to monitor the
  cache

Closes https://github.com/hashicorp/vault/issues/8649

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-02-17 17:10:26 -08:00
Alexander Scheel 45c028a2fb
Allow specifying multiple allowed SSH key lengths (#13991)
* Allow specifying multiple allowed SSH key lengths

In the ssh secrets engine, only a single allowed key length was allowed
for each algorithm type. However, many algorithms have multiple safe
values (such as RSA and ECDSA); allowing a single role to have multiple
values for a single algorithm is thus helpful.

On creation or update, roles can now specify multiple types using a list
or comma separated string of allowed values:

    allowed_user_key_lengths: map[string][]int{"rsa": []int{2048, 4096}}

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Break out ssh upgrade logic into separate function

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update parseutil for optional lists of integers

    go get -u github.com/hashicorp/go-secure-stdlib/parseutil
    go mod tidy

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Simplify parse logic using new parseutil

The newly introduced parseutil.ParseIntSlice handles the more
complicated optional int-like slice logic for us.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-17 15:36:56 -05:00
Jordan Reimer b936db8332
Revert "MFA (#14049)" (#14135)
This reverts commit 5f17953b5980e6438215d5cb62c8575d16c63193.
2022-02-17 13:17:59 -07:00
Austin Gebauer e4aab1b0cc
secrets/azure: update plugin to v0.11.4 (#14130) 2022-02-17 12:09:36 -08:00
Alexander Scheel 1996336481
Update repository links to point to main (#14112)
* Update repository links to point to main

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix broken link in relatedtools.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-02-17 14:30:56 -05:00
Chris Capurso 797f11b0e5
update G Suite to Google Workspace in docs (#14126)
* update G Suite to Google Workplace in docs

* fix Google Workplace to Workspace typo
2022-02-17 13:01:45 -05:00
Jordan Reimer 36ccfaa3aa
MFA (#14049)
* adds development workflow to mirage config

* adds mirage handler and factory for mfa workflow

* adds mfa handling to auth service and cluster adapter

* moves auth success logic from form to controller

* adds mfa form component

* shows delayed auth message for all methods

* adds new code delay to mfa form

* adds error views

* fixes merge conflict

* adds integration tests for mfa-form component

* fixes auth tests

* updates mfa response handling to align with backend

* updates mfa-form to handle multiple methods and constraints

* adds noDefault arg to Select component

* updates mirage mfa handler to align with backend and adds generator for various mfa scenarios

* adds tests

* flaky test fix attempt

* reverts test fix attempt

* adds changelog entry

* updates comments for todo items

* removes faker from mfa mirage factory and handler

* adds number to word helper

* fixes tests

* Revert "Merge branch 'main' into ui/mfa"

This reverts commit 8ee6a6aaa1b6c9ec16b985c10d91c3806819ec40, reversing
changes made to 2428dd6cca07bb41cda3f453619646ca3a88bfd0.

* format-ttl helper fix from main
2022-02-17 09:10:56 -07:00
Alexander Scheel 7278479856
Document vault write JSON request parameters (#14087)
As mentioned by Steve Clark. :-)

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-17 10:07:41 -05:00
Robert 91f5069c03
secret/consul: Add Consul ACL roles support (#14014)
Co-authored-by: Brandon Ingalls <brandon@ingalls.io>
2022-02-16 19:31:08 -06:00
Loann Le 8e504f59e8
Vault documentation: created new developer quick start guide (#14038)
* new developer quick start

* fixed typo

* fixed placement of guide

* modified descr

* Add Ruby quickstart code

* incorporated feedback

* spelling error

* changed word to caps

* Some format edits (#14065)

* Split install instructions into tabs (#14092)

Co-authored-by: Valerie Conklin <val@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-02-16 15:25:36 -08:00
Matt Schultz c379e41c4c
Rename transit's auto_rotate_interval to auto_rotate_period for consistency and to achieve formatting benefits in CLI output. Update UI handling of the renamed field to account for recent data type change from time string to integral seconds. (#14103) 2022-02-16 14:33:13 -06:00
Alexander Scheel dab1ac4650
Update plugin-portal.mdx (#13229) (#14108)
Add a Vault plugin to allow authentication via SSH certificates and public keys

Co-authored-by: Wim <wim@42.be>
2022-02-16 12:32:43 -08:00
Bryce Kalow 9efddf0092
upgrades docs-page to latest with code tabs sync (#14089) 2022-02-15 17:36:07 -05:00
Alex Cahn 42bdcf0657
Vault Integration Program Update (#14031)
* Updating badges

* Updates to the VIP page

Updates to the VIP page to add Enterprise Badges

* Updated Eco Diagram

* Update Eco Image

* Fixing the images

* Fixing Badge Placement

* centering the badges

* Centering the badges - again

* Update website/content/docs/partnerships.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/partnerships.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update partnerships.mdx

* trigger ci

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2022-02-15 11:19:51 -08:00
Alexander Scheel 3da261518b
Allow generation of other types of SSH CA keys (#14008)
* Add generation support for other SSH CA key types

This adds two new arguments to config/ca, mirroring the values of PKI
secrets engine but tailored towards SSH mounts. Key types are specified
as x/crypto/ssh KeyAlgo identifiers (e.g., ssh-rsa or ssh-ed25519)
and respect current defaults (ssh-rsa/4096). Key bits defaults to 0,
which for ssh-rsa then takes a value of 4096.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on key_type, key_bits for ssh/config/ca

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-15 14:14:05 -05:00
VAL 772cfcab91
Typo and clarity fixes (#14081) 2022-02-15 10:43:49 -08:00
Victor Rodriguez 5ad48fc1c2
Restore tidy-status documentation. (#14075)
Restore tidy-status documentation.

Fixes VAULT-5113.
2022-02-15 11:04:21 -05:00
Victor Rodriguez 88e02feab0
Remove documentation for upcoming /pki/tidy-status endpoint. (#14044)
The documentation will be released along with the feature.
2022-02-14 15:41:50 -05:00
Chris Capurso 1b70677eba
add API docs for KVv2 subkeys endpoint (#13893)
* add API docs for KVv2 subkeys endpoint

* add changelog entry
2022-02-14 15:28:14 -05:00
Chris Capurso f9e9b4d327
Add sys/version-history endpoint and associated command (#13766)
* store version history as utc; add self-heal logic

* add sys/version-history endpoint

* change version history from GET to LIST, require auth

* add "vault version-history" CLI command

* add vault-version CLI error message for version string parsing

* adding version-history API and CLI docs

* add changelog entry

* some version-history command fixes

* remove extraneous cmd args

* fix version-history command help text

* specify in docs that endpoint was added in 1.10.0

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* enforce UTC within storeVersionTimestamp directly

* fix improper use of %w in logger.Warn

* remove extra err check and erroneous return from loadVersionTimestamps

* add >= 1.10.0 warning to version-history cmd

* move sys/version-history tests

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2022-02-14 15:26:57 -05:00
Jim Kalafut 0712ef13fc
Allow auto-detection of AWS region when using the vault CLI (#14051) 2022-02-14 12:01:27 -08:00
Ashlee M Boyer c0fe9bf14d
Adding empty lines around codeblock in Tab (#14030)
Only docs changes so I'm admin merging it.
2022-02-14 13:21:23 -05:00
Loann Le f78d82ebe1
Vault documentation: added new warning to listener stanza parameters (#14036)
* added a new warning

* Update website/content/docs/configuration/listener/tcp.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* fixed word tense

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-02-14 08:54:43 -08:00
Loann Le 296fee0193
changed to upper-case for integrated storage (#14037) 2022-02-14 08:38:06 -08:00
Jason O'Donnell b686d727a9
docs/azure: add note about identities (#14020) 2022-02-11 17:09:35 -05:00
Yoko Hyakuna 4ac997561f
Add 'Integrated Storage vs. Consul' comparison (#13999)
* Add IS vs. external storage section

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Add a cross-referencing link

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/concepts/storage.mdx

Co-authored-by: David Adams <daveadams@gmail.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Update website/content/docs/configuration/storage/index.mdx

Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>

* Incorporate review feedback

* Incorporate review feedback

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Lauren Dunnevant <84867887+hashildy@users.noreply.github.com>
Co-authored-by: David Adams <daveadams@gmail.com>
2022-02-11 08:07:35 -08:00
Shohei Maeda 4073f6663b
KV v2 doc - fix format and update examples (#14003) 2022-02-10 13:20:36 -08:00
Loann Le c360d5ad45
fixed steps (#13993) 2022-02-09 17:25:33 -08:00
Loann Le bfd49bc16d
added link to hcpv docs (#13992) 2022-02-09 16:15:17 -08:00
EsbenDalgaard 2489c958f5
Update approle.mdx (#13967) 2022-02-09 18:22:10 -05:00
Ray Ryjewski 571804390e
Update gcp.mdx (#13438)
Updated the example for oauth.  In my testing I had to use the project-id for both the project attribute as well as within the bindings attribute.
2022-02-09 12:09:01 -08:00
Niklas Wagner 8199437a4b
Fix Environment Variables in Kubernetes config (#13969)
The Environment Variables seems wrong as you can see:
$ echo "https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT"
https://172.20.0.1:tcp://172.20.0.1:443
2022-02-09 11:16:33 -08:00
Loann Le 622c24f60f
Vault documentation: Updated Licensing FAQ page (#13959)
* updated license faq doc

* fixed typo

* Update website/content/docs/enterprise/license/faq.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/enterprise/license/faq.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* fixed spelling error

* removed a step and added a new one

* fixed note

* added a new link to TDE

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-02-09 11:14:36 -08:00
Samori Gorse 0f588bc159
Formatting touch ups on storage/dynamodb.mdx (#13948)
Following my previous fix, those are some small formatting touch ups.
2022-02-09 10:36:09 -08:00
Alexander Scheel 386ef0eb6b
Add clarification around vague "this" references (#13968)
* Clarify subject of this w.r.t. TLS configuration

Thanks to @aphorise for pointing this out internally.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in secrets/gcp docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in secrets/aws docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in secrets/database/oracle.mdx

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in seal/pkcs11 docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify vague this in agent/autoauth docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-09 13:02:44 -05:00
Rudy Gevaert d11bc6d316
Use secret_id_bound_cidrs instead of bound_cidr_list in approle docs (#12658)
bound_cidr_list has been deprecated since 1.2.0
2022-02-09 09:34:13 -08:00
Loann Le 2b66cca52d
Vault documentation: added a warning message to vault ui browser support doc (#13961)
* added a warning about using ie browswer

* added Vault UI at the end
2022-02-09 09:10:24 -08:00
Andy Assareh c292dbaf4d
mysql is also supported for transform external storage (#13104)
per https://www.vaultproject.io/api/secret/transform#driver and https://www.vaultproject.io/docs/secrets/transform/tokenization#external-sql-stores
2022-02-08 16:40:58 -08:00
Steven Clark 12b0e2a56b
Add documentation for Managed Keys (#13856)
* Add documentation for Managed Keys

 - Add concept, sys/api and pki updates related to managed keys

* Review feedback

 - Reworked quite a bit of the existing documentation based on feedback
   and a re-reading
 - Moved the managed keys out of the concepts section and into the
   enterprise section

* Address broken links and a few grammar tweaks
2022-02-08 14:01:19 -05:00
Austin Gebauer 5804da7490
auth/okta: documentation improvements (#13944) 2022-02-08 09:21:19 -08:00
Scott Miller f226d0103f
Add duration/count metrics to PKI issue and revoke flows (#13889)
* Add duration/count metrics to PKI issue and revoke flows

* docs, changelog

* tidy

* last tidy

* remove err

* Update callsites

* Simple returns

* Handle the fact that test cases don't have namespaces

* Add mount point to the request

* fmt

* Handle empty mount point, and add it to unit tests

* improvement

* Turns out sign-verbatim is tricky, it can take a role but doesn't have to

* Get around the field schema problem
2022-02-08 10:37:40 -06:00
cr48 1a4dc03bf7
Typo: Corrected same typo in 2 locations (on-premise to on-premises) (#13402)
* Fixed 2 typos on-premise to on-premises.

* Added changelog file.

* Removed 13402.txt file from changelog.

* Update website/content/docs/secrets/terraform.mdx

Co-authored-by: hghaf099 <83242695+hghaf099@users.noreply.github.com>
2022-02-07 18:59:46 -05:00
Alexander Scheel 33a9218115
Add full CA Chain to /pki/cert/ca_chain response (#13935)
* Include full chain in /cert/ca_chain response

This allows callers to get the full chain (including issuing
certificates) from a call to /cert/ca_chain. Previously, most endpoints
(including during issuance) do not include the root authority, requiring
an explicit call to /cert/ca to fetch. This allows full chains to be
constructed without without needing multiple calls to the API.

Resolves: #13489

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test case for full CA issuance

We test three main scenarios:

 1. A root-only CA's `/cert/ca_chain`'s `.data.ca_chain` field should
    contain only the root,
 2. An intermediate CA (with root provide) should contain both the root
    and the intermediate.
 3. An external (e.g., `/config/ca`-provided) CA with both root and
    intermediate should contain both certs.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation for new ca_chain field

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about where to find the entire chain

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-02-07 14:37:01 -05:00
Loann Le f85945d3aa
Vault documentation: updated What is a Client section (#13816)
* updated client doc

* fixed heading
2022-02-07 09:05:10 -08:00
Jason O'Donnell 7145fe49ff
docs/oracle: add wallet permissions example (#13924)
* docs/oracle: add wallet permissions example

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
2022-02-07 11:17:33 -05:00
Andrew Briening ed457aeae7
Adds "raw(/pem)" format to individual cert routes (#10947) (#10948)
Similar to "/pki/ca(/pem)" routes to retrieve
certificates in raw or pem formats, this adds
"pki/cert/{serial}/raw(/pem)" routes for any
certificate.
2022-02-07 09:47:13 -05:00
Samori Gorse b2e3745837
typo: Updated terraform example (#13401)
The terraform example had a couple of issues:

- Tags was missing a `=`
- Attribute list is not supported
2022-02-04 13:08:16 -08:00
Chris Jones b97a1b3157
Add iam:GetUser permission to the example. (#13316)
Without `iam:GetUser` permission, I wasn't able to get Vault to rotate its own credentials.
2022-02-04 13:07:26 -08:00
AnPucel 329342a1fa
Adding dotnet example app to docs (#13782) 2022-02-04 12:28:43 -08:00
mairandomness bc74650b98
Update delete.mdx (#13148)
Adding a note on the parameter necessary for deletion on a key deletion example seems like a good idea.
From my limited research I found other people that had trouble finding the relevant part of the documentation.
Though I'm not sure this is the best wording or formatting for it.
2022-02-04 10:13:24 -08:00
Stefan Kalscheuer f0a8199b19
Fix documentation of "replication_performance_mode" in health API (#13529)
The field "replication_per_mode" was renamed before this feature was
released, but the docs have never been updated. Update the documentation
to present the correct name.
2022-02-04 10:05:44 -08:00
Rémi Lapeyre 2b3661b863
Document the use of inline SSL certificates for PostgreSQL (#11985)
Authored by @remilapeyre.
2022-02-04 11:48:19 -05:00
Maha Sharabinth c30fa154ff
Add a Rekey Example When Auto Unseal is Used (#13139)
Added an example to explicitly show how to perform a Rekey operation when the Vault cluster is using Auto Unseal.  This is placed as the second example. 
The existing example code combines with the PGP keys so added a simple example without the PGP keys.
2022-02-04 10:43:33 -05:00
Theron Voran c01b9915b1
docs/helm: fix duplicate ingress tls section (#13790)
Combined the two Ingress sections into one, hopefully in the right
spot this time.
2022-02-03 22:48:23 -08:00
Mark Lewis 919c197fe9
Update index.mdx (#12936)
Tidy a couple of bullets.
2022-02-03 17:49:46 -08:00
Tom Proctor fce9c92c5b
Update k8s auth long-lived token instructions (#13852) 2022-01-31 23:16:01 +00:00
Anoop Vijayan Maniankara f5b9aefd1e
Update mssql.mdx with typo error (#13527)
user sa -> vaultuser
2022-01-31 14:56:37 -05:00
Noel Quiles 29ae450a09
chore: Add Demandbase tag to consent manager (#13796) 2022-01-28 14:15:07 -05:00
Sebastien Rosset fd209183d1
Update upgrade-to-1.3.10.mdx (#12341)
The upgrade guide indicates the upgrade path between two identical versions (1.3.10). Presumably you meant compared to 1.3.9?
2022-01-28 09:27:23 -08:00
Joshua Gilman de51e14f66
Add vaultrs Rust crate to community libraries (#12402)
This change proposes adding [vaultrs](https://crates.io/crates/vaultrs) to the list of community-supported libraries. This crate has a mature base and is expected to expand to accommodate most of the API.
2022-01-28 09:02:31 -08:00
Austin Gebauer 17b2e0d259
auth/oidc: Documentation updates for Azure AD applications (#13819) 2022-01-28 08:34:36 -08:00
Steven Clark 69ac11a564
Documentation updates for new keys for PKCS#11 unsealing (#13814)
* Document new force_rw_session parameter within pkcs11 seals

* documentation for key_id and hmac_key_id fields

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/seal/pkcs11.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: rculpepper <rculpepper@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-01-28 11:25:02 -05:00
mickael-hc 45875e2e9d
docs: add cluster-to-cluster communications to external threat overview (#13805) 2022-01-28 10:15:22 -05:00
Scott Miller 86175b2e82
Add notes on the PKI cert generation forwarding regression (#13815)
* Add notes on the PKI cert generation forwarding regression

* content

* typo

* iterate

* extra space
2022-01-27 16:36:50 -06:00
Scott Miller 743b0e1905
Clarify that backend authors can specify that all or no values are sealwrapped (#13813)
* Clarify that backend authors can specify that all or no values are sealwrapped rather than the vague statement that all values _may_ be seal wrapped

* typo
2022-01-27 15:30:55 -06:00
Meggie d0efb80c23
Updating website for 1.9.3 (#13808) 2022-01-27 13:56:27 -05:00
Noel Quiles 9e08637e3a
Add tag to consent manager (#13768) 2022-01-26 16:17:26 -05:00
Rosemary Wang e1165737dc
Update CSI provider installation on OpenShift (#13763)
Include recommendation to use Vault agent injector on OpenShift
instead of CSI due to production security constraints.
Additional instructions included for testing and development
clusters.
2022-01-26 07:44:15 -08:00
Rémi Lapeyre 961ff4a363
Return num_uses during authentication (#12791)
* Return num_uses during authentication

https://github.com/hashicorp/vault/issues/10664

* Add changelog entry
2022-01-25 18:59:53 -08:00
mickael-hc 3a1a8c4cbf
Fix limits docs to reflect listener variable name (#13776) 2022-01-25 16:45:56 -05:00
Rémi Lapeyre 978311fee2
Add read support to sys/auth/:path (#12793)
* Add read support to sys/auth/:path

Closes https://github.com/hashicorp/vault/issues/7411

* Add changelog entry
2022-01-25 11:56:40 -08:00
Loann Le 02074f40e7
added missing title (#13775) 2022-01-25 10:19:10 -08:00
Caleb Lemoine f03a176ac3
docs: add vault-plugin-secrets-jenkins to plugin portal page (#13531)
Signed-off-by: circa10a <caleblemoine@gmail.com>
2022-01-24 19:36:42 -08:00
Theron Voran a0ccdfcdb1
docs/k8s: Updates for vault-k8s 0.14.2 and vault-helm 0.19.0 (#13748)
Updated vault and chart versions, and some formatting from the
pre-commit hook. Also updated chart values.
2022-01-24 15:25:52 -08:00
James Bayer 2d3db5ce78
Updated spelling (#13751) 2022-01-24 14:38:13 -08:00
Rémi Lapeyre d6a4a3b53c
Add LIST support to sys/policies/password (#12787)
* Add read support to sys/policies/password

Closes https://github.com/hashicorp/vault/issues/12562

* Add changelog

* Empty commit to trigger CI

* Add optional /

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* Use a ListOperation

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-01-24 13:42:14 -08:00
Loann Le 5bc0c1b3c0
fixed typo (#13740) 2022-01-21 11:12:01 -08:00
Matt Schultz fc7deabfd7
Time-based transit key autorotation (#13691)
* Add auto_rotate_interval field to transit key creation path.

* Add auto_rotate_interval field to transit key config update path.

* Implement transit automatic key rotation on an hourly interval.

* Fixes transit key autorotation key listing typo.

* Add unit tests for transit key autorotation.

* Add unit tests for transit key creation with autorotation interval.

* Add unit tests for transit key config update with autorotation interval.

* Document new auto_rotate_interval fields in key creation and key config update endpoints.

* Add changelog for transit key autorotation.

* Wrap individual transit key autorotation in a policy lock.

* Add a safeguard to transit key autorotation to ensure only one execution happens simultaneously.
2022-01-20 09:10:15 -06:00
Sung Hon Wu 194c9e32d3
Enhance sys/raw to read and write values that cannot be encoded in json (#13537) 2022-01-20 07:52:53 -05:00
Mike Green 364d7a9be1
Add algo signer to support openssl as of recent (#12438)
"algorithm_signer": "rsa-sha2-256"
to prevent /var/log/auth.log `userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]` due to vault defaulting to ssh-rsa which is insecure
2022-01-19 15:37:00 -08:00
Calvin Leung Huang bd25ed1294
docs: add known issues section to 1.9.x upgrade guide (#13662)
* docs: add known issues section to 1.9.x upgrade guide

* minor rephrasing on oidc known issue

* use relative references for URLs

* Update website/content/docs/upgrading/upgrade-to-1.9.x.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* update known issues section for id token

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-01-19 11:21:10 -08:00
Jason O'Donnell 17ca494be3
docs/oracle: fix typo in connection_url example (#13708) 2022-01-19 11:59:30 -05:00
Tony Pulickal 908a1c1178
Update http requests API link to versioned docs (#13692) 2022-01-18 14:16:02 -05:00
James Bayer daefbd0a54
Remove extra commas (#13684)
The payload json example is invalid syntax.
2022-01-18 12:15:52 -05:00
Tero Saarni e2b17ca96b
auth/kubernetes: support for dynamically reloading short-lived tokens (#13595)
* auth/kubernetes: support for short-lived tokens

* Uplift new version of Kubernetes auth plugin that does not store the
  service account token persistently to Vault storage.

* Update the documentation to recommend local token again when running
  Vault inside cluster.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* Added changelog entry

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* clarification to changelog entry, executed go mod tidy

* clarifications and added targeted release version
2022-01-14 19:55:15 -08:00
Jason O'Donnell 33b9db2d26
docs: update oracle tls examples (#13659)
* docs: update oracle tls examples

* Add warnings

* Add notes

* Add missing note
2022-01-14 10:03:58 -05:00
Austin Gebauer 691e440fac
auth/azure: Documents config env vars and fixes resource used in examples (#13641) 2022-01-13 10:41:40 -08:00
Austin Gebauer e5dd039c4f
secrets/keymgmt: Adds documentation for using Azure Private Link (#13640) 2022-01-13 10:41:05 -08:00
akshya96 df53f43ee0
updating response for partial month client count (#13634)
* updating custom response for partial month count

* Update website/content/api-docs/system/internal-counters.mdx

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* removing new line

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>
2022-01-13 10:40:42 -08:00
Loann Le 492eb0a2d6
Vault documentation: updated client count FAQ (#13633)
* include nomad vault question

* added link
2022-01-13 08:56:58 -08:00
Chris Capurso d52d69e4bb
Add HTTP PATCH support for KV key metadata (#13215)
* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* add kv metadata patch command

* add changelog entry

* success tests for kv metadata patch flags

* add more kv metadata patch flags tests

* add kv metadata patch cas warning test

* add kv-v2 key metadata patch API docs

* add kv metadata patch to docs

* prevent unintentional field overwriting in kv metadata put cmd

* like create/update ops, prevent patch to paths ending in /

* fix kv metadata patch cmd in docs

* fix flag defaults for kv metadata put

* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* fix TestKvMetadataPatchCommand_Flags test

* doc fixes

* go get vault-plugin-secrets-kv@master; go mod tidy
2022-01-12 12:05:27 -05:00
Nick Cabatoff 150b1ac67a
Clarify the distinction between token and identity policies. (#13614) 2022-01-11 09:01:43 -05:00
Nick Cabatoff 3828d4bf9d
Note that api_addr and cluster_addr can use go-sockaddr templates. (#13592) 2022-01-10 09:06:30 -05:00
Saru Thuraiman e3426c238f
Add missing word "database" in docs (#13571)
* Update README.md

Add missing word database

* Update what-is-vault.mdx

Add missing "database" keyword.

* Update README.md

* Update what-is-vault.mdx

* Update website/content/docs/what-is-vault.mdx

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-01-07 09:21:37 -08:00
Jason O'Donnell 1cc5e8d44d
docs: fix typo in azure auth debug log mode (#13593) 2022-01-07 11:33:53 -05:00
Loann Le 6eff0ae079
included permissions table (#13567) 2022-01-06 12:32:52 -08:00
mickael-hc 82e6f2bbd2
docs: update GitHub auth method docs and security model (#13572)
Provide changes based on recent audit feedback: describe risks of third party authentication systems and plugins.
2022-01-05 09:23:55 -08:00
Dave D'Amico 1b538e584b
corrected name and added link (#13562) 2022-01-04 14:29:59 -08:00
raakatz 86ac6c2996
Fix a sentence in architecture.mdx (#13539)
The words "can be" were missing
2022-01-03 16:38:39 -08:00
Loann Le e5999bba62
Vault documentation: fixed broken links (#13553)
* fixed broken links

* Update ha.mdx

removed extra slash
2022-01-03 13:53:10 -08:00
Tim Peoples 26c46f0b45
Update docs to reflect new plugin behavior. (#13543)
* Update docs to reflect that TLS connection state is now available to plugins

* Fix typo (D'oh!)
2022-01-03 11:54:12 -08:00
Pascal Reeb 48dbe28b24
fix(docs-k8s-helm): changed server's podAntiAffinity labelSelector example to match helm default values (#13140) 2022-01-03 11:13:54 -08:00
Jeff Escalante af82bdb67e
add enterprise downloads page (#13524) 2021-12-25 14:42:55 -05:00
Noel Quiles d8930f5439
website: Upgrade <Subnav /> & <ProductDownloadsPage /> (#13470)
* Update <Subnav />

* Upgrade to latest/upgrade product downloads
2021-12-22 15:51:14 -05:00
VAL ee5f26e18f
Update example code links, remove unneeded comments (#13491) 2021-12-22 09:33:12 -08:00
Jose Diaz-Gonzalez b56f708ef3
docs: add a note regarding the backend => storage config key aliasing (#13451)
* docs: add a note regarding the backend => storage config key aliasing

This was missing from upgrade docs and implemented in #2456.

* Update website/content/docs/upgrading/upgrade-to-0.7.0.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-22 09:24:55 -08:00
Meggie 78b0284f78
Adding upgrade note about 1.7.8 go version (#13475)
* Adding upgrade note about 1.7.8 go version

* Adding version bump while I'm at it
2021-12-21 17:49:41 -05:00
firingLi 0446e14d02
add tencentCloud Secrets&Auth Plugins (#13415)
* add tencentCloud plugin

* add tencentCloud plugin

* add tencentCloud plugin
2021-12-20 17:00:27 -08:00
Jonathan Ballet ed86fca503
Improve databases documentation (#12344)
* Improve databases documentation

Fixed a bunch of formatting issues and broken JSON outputs.

* Remove changelog entry

* Apply suggestions from code review
2021-12-20 15:07:59 -05:00
Jack Halford 3b6053f951
Update entity-alias.mdx (#11629)
* Update entity-alias.mdx

it was not clear for approle what the name should be the approle name or the role_id.

* Update website/content/api-docs/secret/identity/entity-alias.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-12-20 15:05:34 -05:00
Vasilii Angapov f94d0dd44f
Fix typo in policies.mdx (#13345)
Fix typo in Kubernetes policy example which prevents example from working.
2021-12-20 11:25:50 -08:00
Meggie 834ad52d68
Upgrade guidance updates from VLT-172 (#13327)
* Upgrade guidance updates from VLT-172

Trying to clarify some upgrade questions. Learn update to follow in
separate PR.

* Apply suggestions from code review

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-12-20 13:46:57 -05:00
Tom b2c473edbd
adjustemnt of options order (#12804)
Co-authored-by: tograla <tograla@gmail.com>
2021-12-17 16:22:52 -08:00
Carlos Cisneros, Jr fbd0cf82d9
Update index.mdx (#10873)
* Update index.mdx

Fixed typo in Setup section of the Secrets Engine documentation.

* Update index.mdx

Remove line 112.
2021-12-17 16:09:38 -08:00
Kaue Doretto Grecchi 2cc4ec2487
add entity-alias parameter description (#13339)
This page is missing the `entity-alias` parameter description, available in the `vault token create --help` command
2021-12-17 15:23:47 -08:00
Kevin Wang 044a83400a
feat(website): versioned-docs (#13123)
* chore: `react-docs-page`

* feat: data loader

* chore: bump `next-mdx-remote`

* chore: `showVersionSelect`

* chore: bump react docs page

* chore: bump react docs page
2021-12-17 12:58:05 -05:00
Noel Quiles 72385597b6
chore: Disable alert banner (#13458) 2021-12-16 13:10:59 -05:00
Noel Quiles 9a9608a11d
website: Update text (#13441) 2021-12-16 12:35:55 -05:00
John-Michael Faircloth a6c217a917
auth/github: document organization id param (#13449) 2021-12-16 09:41:20 -06:00
Pratyoy Mukhopadhyay a9301012fc
Update docs with new images (#13454)
* Update docs with new images

* Update website/content/docs/concepts/identity.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Remove extraneous Github mention

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-15 20:10:05 -08:00
Jason Peng 0bd6f5392c
Update openshift.mdx (#13372)
Consul Openshift is supported since Consul 1.9 as per https://www.hashicorp.com/blog/introducing-openshift-support-for-consul-on-kubernetes. Please verify.
2021-12-15 13:07:30 -08:00
Alex Carpenter 927f46d5d7
Homepage redesign (#13159)
* homepage setup

* [Homepage] `<IoHomeHero />` component (#13160)

* init <Hero /> component

* adds loading animation

* updates variable naming

* makes index optional

* Update hero-pattern.svg

* prefix with IoHome

* updates usage

* [Homepage] `<IoHomePreFooter />` component (#13182)

* adds <IoHomePreFooter />

* adds interfaces

* [Homepage] `<IoHomeHero />` component (#13160)

* init <Hero /> component

* adds loading animation

* updates variable naming

* makes index optional

* Update hero-pattern.svg

* prefix with IoHome

* updates usage

* adds <IoHomePreFooter />

* adds interfaces

* adds key

* [Homepage] `<IoHomeCallToAction />` component (#13164)

* adding brand to cta

* cleanup homepage

* [Homepage] `<IoHomeVideo />` component (#13161)

* init <Video /> component

* adjusts sizing and border radius

* responsive styling

* fix hover svg gitter

* adjust play icon sizing

* include temp thumbnail

* dialog implementation

* conditionally display person and show helpers

* rename component

* updates dialog naming

* add homepage styling

* simplify background color

* page level styling

* [Homepage] `<IoHomeCaseStudies />` (#13190)

* adds <IoHomeCaseStudies />

* adds interface

* animate gradient

* update min-heights

* Homepage `<IoHomeCard />` component (#13151)

* init <Card /> component

* fixes heading color

* adds product logos and hover styles

* update naming

* simplifies inset spacing

* use ternary and add key

* removes repo link

* removes need for camelCase package

* adds keys

* adds in practice cards

* adds in practice background

* use case cards

* update min col sizing

* adds feature component (#13203)

* fixes card hover bug

* [Homepage] connect homepage to dato content (#13227)

* connect homepage to dato

* Check for internal link

* fix return types

* adds youtube video

* hook up meta tags and chunk cards

* removes chunking

* fix ts return

* fix prop naming

* fix return type

* mobile sizing adjustments

* [Homepage] Usecase pages (#13240)

* init usecase page

* updates use case call to action

* card container component

* themeing

* convert to using strictly props

* responsive spacing

* reworking sections component

* adds callout and hero patterns

* adds priority

* makes feature link optional

* [Homepage] connect use case template to dato (#13295)

* Start connecting to dato

* Fix spacing when no video is present

* Remove log

* adds images

* hook up cards

* pass eyebrow and products

* Delete index.tsx

* Use card container on homepage

* use react video player

* [Homepage] fix mobile video (#13309)

* Removing attributes

* update url

* spacing adjustments

* Allow previewing draft content (#13312)

* fix heading width

* fix feature max width

* adjust in practice padding

* increase icon sizing

* adjust icon alignment

* update eyebrow

* update hero pattern

* update usecase hero pattern

* add hover scale

* [Homepage] populate use case dropdown from use case pages (#13325)

* create standard layout

* removes unused subnav data

* removes static use case pages

* removes use cases style

* bump subnav and use hashicorp vault logo

* fixes use cases paths

* removes hashistack menu

* removes subnav top border

* conditionally render video callout avatar

* hook up data and conditionals

* update components to work with other products

* extract in practice section for reuse

* use Products type

* fix type error

* rework cta logic

* removes type

* updates accent method

* fix button prop

* refactor customer case study

* refactor case studies component

* cleanup margin

* refactor data props

* Spacing updates and introduce intro component

* adds intro interface

* Delete style.css

* fix intro description color

* add revalidate code to homepage

* bump subnav

* make stats optional

* adjust border radius based on customer story

* cleanup temp files

* redirect /home to homepage

* reorder resources

* fix: move heading and description

* fix: logo alignment

* fix: section background color

* feat: optional tutorial and docs links

* fix: removes case studies background

* formatting

* feat: sort use cases in nav

* fix: card overflow (#13429)

* fix: adjust overflow method

* fix: padding on desktop

* fix: scroll padding-right on mobile

* remove debugger

* increase last item width

* card container overflow method (#13434)

* use flex

* formatting

* add comment
2021-12-15 10:32:45 -05:00
Pete Bohman ccc1098ea3
Add allowed_uri_sans_template (#10249)
* Add allowed_uri_sans_template

Enables identity templating for the allowed_uri_sans field in PKI cert roles.

Implemented as suggested in #8509

* changelog++

* Update docs with URI SAN templating
2021-12-15 09:18:28 -06:00
Yoko Hyakuna cbdea53dd7
Add paths filter doc (#13435)
* Add paths filter doc

* Add a description about the screenshot

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Remove extra sentense

* Update the diagram

* Update the diagram

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-14 17:19:31 -08:00
Sai Hemanth Bheemreddy 73160cd074
Add vault-api module (#13048) 2021-12-14 13:32:26 -05:00
Mark Lewis 7ee982cb31
Update raftautosnapshots.mdx (#13412) 2021-12-14 08:29:03 -05:00
Pratyoy Mukhopadhyay c6bb8f2767
Add docs about path param restrictions (#13413)
* Add docs about path param restrictions

* Update website/content/api-docs/auth/userpass.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update with review suggestion

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-13 17:02:39 -08:00
Jason O'Donnell 9674a75a4d
auth/azure: add note about debug env (#13405)
* auth/azure: add note about debug env

* Update azure.mdx

* Update azure.mdx
2021-12-13 14:16:45 -05:00
Ben Ash fc51516ee0
Docs: fix invalid link in the kubernetes auth api doc. (#13399)
* Clean up whitespace
2021-12-13 12:02:52 -05:00
divyapola5 3488948ccd
CLI changes for new mount tune config parameter allowed_managed_keys (#13255)
* CLI changes for new mount tune config parameter allowed_managed_keys

* Correct allowed_managed_keys description in auth and secrets

* Documentation update for secrets and removed changes for auth

* Add changelog and remove documentation changes for auth

* removed changelog

* Correct the field description
2021-12-10 11:08:28 -06:00
Meggie 61f1536f3b
Updating website for 1.9.1 (#13378) 2021-12-09 14:51:32 -08:00
Brandon Romano 0726d9445e
Update alert banner (#13375) 2021-12-09 12:09:17 -05:00
hghaf099 65845c7531
VAULT-1564 report in-flight requests (#13024)
* VAULT-1564 report in-flight requests

* adding a changelog

* Changing some variable names and fixing comments

* minor style change

* adding unauthenticated support for in-flight-req

* adding documentation for the listener.profiling stanza

* adding an atomic counter for the inflight requests
addressing comments

* addressing comments

* logging completed requests

* fixing a test

* providing log_requests_info as a config option to determine at which level requests should be logged

* removing a member and a method from the StatusHeaderResponseWriter struct

* adding api docks

* revert changes in NewHTTPResponseWriter

* Fix logging invalid log_requests_info value

* Addressing comments

* Fixing a test

* use an tomic value for logRequestsInfo, and moving the CreateClientID function to Core

* fixing go.sum

* minor refactoring

* protecting InFlightRequests from data race

* another try on fixing a data race

* another try to fix a data race

* addressing comments

* fixing couple of tests

* changing log_requests_info to log_requests_level

* minor style change

* fixing a test

* removing the lock in InFlightRequests

* use single-argument form for interface assertion

* adding doc for the new configuration paramter

* adding the new doc to the nav data file

* minor fix
2021-12-08 17:34:42 -05:00
Pratyoy Mukhopadhyay c97c8687f4
[VAULT-3252] Add entity-alias behavior change to docs (#13370)
* Add entity-alias behavior change to docs

* Add upgrade note about entity-alias mapping change

* Rename 1.7-9 upgrade pages, shuffle upgrade note position

* Update website/content/partials/entity-alias-mapping.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Add incorrect policy issue to the docs

* Add example about entity-alias restriction

Co-authored-by: Meggie <meggie@hashicorp.com>
2021-12-08 13:52:51 -08:00
Matt Schultz 85f5cfc356
Adds support for SHA-3 to transit (#13367)
* Adding support for SHA3 in the transit backend.

* Adds SHA-3 tests for transit sign/verify path. Adds SHA-3 tests for logical system tools path hash functionality. Updates documentation to include SHA-3 algorithms in system tools path hashing.

* Adds changelog entry.

Co-authored-by: robison jacka <robison@packetized.io>
2021-12-08 12:29:33 -06:00
Tom Proctor be07a202d9
Docs to clarify k8s auth options with short-lived tokens (#13275)
* Rework 1.21 content into one heading and add note at top
* Add notes about extended k8s token duration
* Add example of ClusterRoleBinding for using client JWTs
2021-12-08 18:20:24 +00:00
Noel Quiles 19cbda7f90
Update @hashicorp/react-hashi-stack-menu (#13354) 2021-12-07 15:51:10 -05:00
Mike Green 05da506dea
clarify more sink options (#12586) 2021-12-07 12:16:14 -08:00
Calvin Leung Huang 0c5662770d
docs: update custom database sample code (#13211) 2021-12-07 11:10:02 -08:00
mickael-hc 36207b5668
docs: winsvc update recommendations (#13280) 2021-12-07 10:35:13 -08:00
Loann Le 8f7dd0c291
modifed note (#13351) 2021-12-07 08:46:46 -08:00
Steven Clark 94e6a688ff
Add kms_library configuration stanza (#13352)
- Add the kms_library configuration stanza to Vault's command/server
 - Provide validation of keys and general configuration.
 - Add initial kms_library configuration documentation
 - Attempt at startup to verify we can read the configured HSM Library
 - Hook in KmsLibrary config into the Validate to detect typo/unused keys
2021-12-07 09:58:23 -05:00
Harsimran Singh Maan 7178e2c4be
Fix typo (#13355) 2021-12-06 17:23:03 -08:00
Heather Simon 04d634d9d2 Merge branch 'main' of https://github.com/hashicorp/vault 2021-12-06 10:09:49 -08:00
Noel Prince b4d86a13c1
improve "x_forwarded_for_hop_skips" example (#12463)
Currently the example given results in 2.3.4.5 if it is indexed from other side. This new example prevents confusion because it is now clear which side x_forwarded_for_hop_skips is indexing from
2021-12-06 10:56:51 -05:00
Heather Simon f44dbce609 Typo fix in 1.9 Release Notes
Fixes a typo in "Vault Agent improvements"
2021-12-03 14:02:16 -08:00
Zachary Shilton c562977522
website: fix print styles by bumping deps (#12894)
* website: fix print styles by bumping deps

* website: remove old highlight js prints style code

* fix: hashi-stack-menu selector
2021-12-03 11:51:49 -05:00
Loann Le 21b01b71a6
Vault documentation: updated client count FAQ document (#13330)
* modified based on feedback

* Update faq.mdx

fixed text
2021-12-02 11:21:56 -08:00
Jim Kalafut 9ed05c3ff5
Fix doc build (#13329)
path-help.mdx is now the reference for help.
2021-12-02 08:31:56 -08:00
Jim Kalafut f0f4c2886a
Unhide or remove docs sidebar elements (#13198)
A few sidebar elements are hidden for unknown reasons. If we have a
reason to keep them hidden (vs deleting the element and associated docs),
maybe we could add `"_comment":"Hidden because ..."` to them.

A few other elements were definitely obsolete so I've removed them.
2021-12-01 16:58:28 -08:00
Rowan Smith a78721dbfe
update custom headers to mention 1.9 is required (#13155)
* update custom headers to mention 1.9 is required

Per https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#190-rc1 the custom response headers are a new feature introduced in 1.9, meaning we should explicitly call out this version requirement in documentation, otherwise users of earlier versions of Vault will unable to use the functionality and may consider it a bug.

* Update website/content/docs/configuration/listener/tcp.mdx

reads better, agreed

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-01 10:48:06 -08:00
Nick Cabatoff a47a2c9fc4
Add "operator members" command to list nodes in the cluster. (#13292) 2021-11-30 14:49:58 -05:00