Commit graph

434 commits

Author SHA1 Message Date
Seth Vargo 21ecbda1f4
Update titles 2017-03-17 14:37:01 -04:00
Seth Vargo d4390d103e
/docs/http -> /api 2017-03-17 14:06:03 -04:00
Seth Vargo 0f845ef67d
Use relative links 2017-03-16 12:04:36 -07:00
Seth Vargo 3fd0bd36cc
Break out API documentation for secret backends 2017-03-16 09:47:06 -07:00
Mike Okner 95df7beed9 Adding allow_user_key_ids field to SSH role config (#2494)
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
2017-03-16 08:45:11 -04:00
Jeff Mitchell 12e5132779 Allow roles to specify whether CSR SANs should be used instead of (#2489)
request values. Fix up some documentation.

Fixes #2451
Fixes #2488
2017-03-15 14:38:18 -04:00
Stanislav Grozev 4bc3abd152 Remove superfluous argument from SSH CA docs 2017-03-14 10:21:48 -04:00
Stanislav Grozev 7d59d7d3ac Reads on ssh/config/ca return the public keys
If configured/generated.
2017-03-14 10:21:48 -04:00
Stanislav Grozev 830de2dbbd If generating an SSH CA signing key - return the public part
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
2017-03-14 10:21:48 -04:00
Vishal Nayak 220beb2cde doc: ssh allowed_users update (#2462)
* doc: ssh allowed_users update

* added some more context in default_user field
2017-03-09 10:34:55 -05:00
vishalnayak 431070f828 doc: ssh markdown alignments 2017-03-08 21:58:12 -05:00
Jeff Mitchell 76bec343f4 Some minor ssh docs updating 2017-03-02 16:47:21 -05:00
Will May 70bfdb5ae9 Changes from code review 2017-03-02 14:36:13 -05:00
Will May 36b3d89604 Allow internal generation of the signing SSH key pair 2017-03-02 14:36:13 -05:00
Vishal Nayak 3795d2ea64 Rework ssh ca (#2419)
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
2017-03-01 15:50:23 -05:00
Will May ff1ff02bd7 Changes from code review
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
2017-03-01 15:19:18 -05:00
Will May 099d561b20 Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00
Vishal Nayak c6f138bb9a PKI: Role switch to control lease generation (#2403)
* pki: Make generation of leases optional

* pki: add tests for upgrading generate_lease

* pki: add tests for leased and non-leased certs

* docs++ pki generate_lease

* Generate lease is applicable for both issuing and signing

* pki: fix tests

* Address review feedback

* Address review feedback
2017-02-24 12:12:40 -05:00
Jeff Mitchell 817bec0955 Add Organization support to PKI backend. (#2380)
Fixes #2369
2017-02-16 01:04:29 -05:00
Tommy Murphy 65b274299f docs: transit parameter is actually deletion_allowed (#2356) 2017-02-09 15:10:28 -05:00
Brian Vans 29b3cc6b00 Fixing a few typos in the docs (#2344) 2017-02-07 11:55:29 -05:00
Vishal Nayak 7f2717b74a transit: change batch input format (#2331)
* transit: change batch input format

* transit: no json-in-json for batch response

* docs: transit: update batch input format

* transit: fix tests after changing response format
2017-02-06 14:56:16 -05:00
Vishal Nayak 5fb28f53cb Transit: Support batch encryption and decryption (#2143)
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
2017-02-02 14:24:20 -05:00
Chris Hoffman 03d05b448a Minor transit docs fixes 2017-01-23 22:26:38 -05:00
joe miller 98df700495 allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman 7568a212b1 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
Erwin de Keijzer d71bdf893a Fixed rabbitmq documentation
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
2017-01-13 08:54:04 +01:00
Matthew Irish cb8bbc4fbd Transit key actions (#2254)
* add supports_* for transit key reads

* update transit docs with new supports_* fields
2017-01-11 10:05:06 -06:00
Elan Ruusamäe ca1f0115b6 add unix socket example as well (#2193) 2016-12-16 05:13:35 -05:00
Elan Ruusamäe 9a9edfb515 Update index.html.md (#2191)
add DSN as link to go-sql-driver/mysql to know the syntax
2016-12-16 03:37:54 -05:00
Dan Gorst e1d3650b7f Minor documentation tweak (#2127)
Should be arn, not policy - latter will error as that assume an inline policy json document
2016-11-24 07:36:46 -08:00
Jeff Mitchell a94962e004 Update docs to fix #2102 2016-11-22 12:19:22 -05:00
Joel Thompson 0357d73dad Add information on HMAC verification to transit docs (#2062) 2016-11-07 13:44:14 -05:00
vishalnayak e0fb8c17ce Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
Chris Hoffman 4b6e82afcb Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
Vishal Nayak efa76a02ad Merge pull request #2010 from rajanadar/patch-5
doc: add doc for the GET lease settings api
2016-10-18 09:39:23 -04:00
Raja Nadar d43e7395c7 fix indentation 2016-10-15 22:58:25 -07:00
Raja Nadar f743ac97c2 doc: add doc for the GET lease settings api
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
2016-10-15 22:43:50 -07:00
Raja Nadar f31d99e51d doc: add consistency field in get-role response 2016-10-15 01:15:58 -07:00
Jeff Mitchell 7f9a88d8db Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
Vishal Nayak 4141b632fa Merge pull request #1957 from hashicorp/website-list-userpass
Added user listing endpoint to userpass docs
2016-10-04 14:10:49 -04:00
vishalnayak 2ad698ec0b Added user listing endpoint to userpass docs 2016-09-30 15:47:33 -04:00
Jeff Mitchell 4a505bfa3e Update text around cubbyhole/response 2016-09-29 17:44:15 -04:00
Chris Stevens 7a8fcfcf55 Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection"
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.

The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
2016-09-29 14:05:47 -05:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Chris Hoffman 8c755bfe92 Small consul doc fix 2016-09-28 15:11:39 -04:00
Laura Bennett 010293ccc3 Merge pull request #1931 from hashicorp/cass-consistency
Adding consistency into cassandra
2016-09-27 21:12:02 -04:00
Chris Hoffman d235acf809 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett 883b5db420 typo correction 2016-09-27 16:38:27 -04:00
Laura Bennett 648a71fa11 updates to the documents 2016-09-27 16:36:20 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Chris Hoffman 5c241d31e7 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Raja Nadar d8b1ab05dd doc: change invalid otp response code to 400 (#1863)
invalid otp response code is 400 bad request.
2016-09-08 11:13:13 -04:00
Raja Nadar b06167c748 doc: fixing field name to security_token (#1850)
response field is security_token, not secret_token.
2016-09-03 22:40:57 -04:00
Andrew Backhouse 2f35789e71 Update index.html.md (#1819)
Corrected a minor spelling error.
2016-08-31 10:02:43 -04:00
Jeff Mitchell 93b5b2a2c0 Update website with POST STS path 2016-08-30 10:37:55 -04:00
Jeff Mitchell d9c46aadc2 update docs 2016-08-26 17:52:42 -04:00
Jeff Mitchell 2f5876dfe9 Use key derivation for convergent nonce. (#1794)
Use key derivation for convergent nonce.

Fixes #1792
2016-08-26 14:11:03 -04:00
Jeff Mitchell 606ba64e23 Remove context-as-nonce, add docs, and properly support datakey 2016-08-07 15:53:40 -04:00
Jeff Mitchell 21e39bfea6 Remove erroneous information about some endpoints being root-protected 2016-08-04 16:08:54 -04:00
Cameron Stokes 0b60375952 ~secret/aws: env variable and IAM role usage 2016-08-04 13:02:07 -07:00
Jeff Mitchell 1b0c9afc43 Update DB docs with new SQL specification options 2016-08-03 15:45:56 -04:00
Chris Hoffman c1c35880da Missing prefix on roles list 2016-07-29 11:31:26 -04:00
Laura Bennett 559b0a5006 Merge pull request #1635 from hashicorp/mysql-idle-conns
Added maximum idle connections to mysql to close hashicorp/vault#1616
2016-07-20 15:31:37 -04:00
Laura Bennett 422dcc8f25 minor formatting edits 2016-07-20 14:42:52 -04:00
Jeff Mitchell f2b6569b0b Merge pull request #1604 from memory/mysql-displayname-2
concat role name and token displayname to form mysql username
2016-07-20 14:02:17 -04:00
Nathan J. Mehl ea294f1d27 use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Laura Bennett dba466f50e update documentation for idle connections 2016-07-20 12:50:07 -04:00
Nathan J. Mehl 0483457ad2 respond to feedback from @vishalnayak
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Matt Hurne 11a3cb67d0 mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease 2016-07-19 12:46:54 -04:00
Nathan J. Mehl 314a5ecec0 allow overriding the default truncation length for mysql usernames
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
Matt Hurne 8d5a7992c1 mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages 2016-07-07 23:09:45 -04:00
Matt Hurne a5f5b26e4b Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required 2016-07-07 22:34:00 -04:00
Matt Hurne b1dd5bf449 mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON 2016-07-07 22:31:35 -04:00
Matt Hurne cf17deb33b mongodb secret backend: Update documentation 2016-07-05 09:50:23 -04:00
Matt Hurne 292c2fad69 Merge branch 'master' into mongodb-secret-backend 2016-07-01 20:39:13 -04:00
Mark Paluch ab63c938c4 Address review feedback.
Switch ConnectTimeout to framework.TypeDurationSecond  with a default of 5. Remove own parsing code.
2016-07-01 22:26:08 +02:00
Mark Paluch 3859f7938a Support connect_timeout for Cassandra and align timeout.
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration.  Also align the timeout to 5 seconds which is the default for the Python and Java drivers.

Fixes #1538
2016-07-01 21:22:37 +02:00
Matt Hurne 350b69670c Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl' 2016-06-30 09:57:43 -04:00
Matt Hurne 5e8c912048 Add mongodb secret backend 2016-06-29 08:33:06 -04:00
Jeff Mitchell 07f53eebc2 Update PKI docs with key_usge info 2016-06-23 11:07:17 -04:00
vishalnayak 8b490e44a1 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
Jeff Mitchell 2e7704ea7e Add convergent encryption option to transit.
Fixes #1537
2016-06-20 13:17:48 -04:00
Mark Paluch ea4c58f17b Fix RabbitMQ documentation
Change parameter `uri` to `connection_uri` in code example.
2016-06-19 17:45:30 +02:00
vishalnayak 4a078f8726 RabbitMQ docs++ 2016-06-14 10:22:30 -04:00
Jeff Mitchell 04a03bcb54 Add updated wrapping information 2016-06-14 05:59:50 +00:00
Jeff Mitchell 351f536913 Don't check parsability of a ttl key on write.
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.

The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.

Fixes #1505
2016-06-08 20:14:36 -04:00
Laura Bennett fc8c73584b url fix 2016-06-08 14:53:33 -04:00
Laura Bennett 08cd10d541 Updates for pki/certs list functionality 2016-06-08 14:37:57 -04:00
Vishal Nayak ab543414f6 Merge pull request #788 from doubledutch/master
RabbitMQ Secret Backend
2016-06-08 10:02:24 -04:00
vishalnayak 315f9c868c Provide option to disable host key checking 2016-06-01 11:08:24 -04:00
vishalnayak 30fa7f304b Allow * to be set for allowed_users 2016-05-30 03:12:43 -04:00
vishalnayak 971b2cb7b7 Do not allow any username to login if allowed_users is not set 2016-05-30 03:01:47 -04:00
Kevin Pike 111ef09a18 Update rabbitmq lease docs 2016-05-20 23:28:41 -07:00
Jeff Mitchell caf77109ba Add cubbyhole wrapping documentation 2016-05-19 13:33:51 -04:00
Jeff Mitchell a13807e759 Merge pull request #1318 from steve-jansen/aws-logical-assume-role
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Jeff Mitchell d899f9d411 Don't revoke CA certificates with leases. 2016-05-09 19:53:28 -04:00
Steve Jansen 597d59962c Adds sts:AssumeRole support to the AWS secret backend
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Sean Chittenden f6bec6e017 Wordsmith the docs around the list command.
Prompted by: feedback from conference attendees at PGConf '16
2016-04-20 18:13:58 -04:00
Kevin Pike 0bea2498a8 Remove example parameters 2016-04-08 09:49:10 -07:00
Kevin Pike a86e5e3cd9 Support verify_connection flag 2016-04-08 09:44:15 -07:00
Kevin Pike fc61a7695b Fix RabbitMQ documentation
PostgreSQL -> RabbitMQ
2016-04-08 09:30:20 -07:00
Kevin Pike 23492e9572 Fix RabbitMQ URLs 2016-04-08 09:29:00 -07:00
Kevin Pike e3db8c999e Merge branch 'master' of github.com:doubledutch/vault 2016-04-08 09:25:28 -07:00
Jeff Mitchell ebfc8c3fb1 Merge pull request #1293 from gliptak/patch-2
Correct typo in base64 parameters
2016-04-05 09:38:00 -04:00
Gábor Lipták ce2dd5d869 Correct typo in base64 parameters 2016-04-05 09:20:43 -04:00
Gábor Lipták a8edba907f Update transit read key output 2016-04-05 09:16:47 -04:00
Jeff Mitchell d72e462686 Merge pull request #1290 from steve-jansen/patch-2
Adds note on GH-1102 fix to secret/aws doc
2016-04-05 08:37:39 -04:00
Steve Jansen d2b3d924ca Adds note on GH-1102 fix to secret/aws doc
Add note related to #1102, which leads to a non-obvious AWS error message on 0.5.0 or earlier.
2016-04-04 21:30:41 -04:00
Steve Jansen 89c7f312e4 Fix typo in iam permission for STS 2016-04-04 21:20:26 -04:00
Vishal Nayak 05b4c7102f Revert "Change mysql connection to match new" 2016-03-23 15:18:09 -04:00
Chris Mague e27bcaf9a4 Change mysql connection to match new
Documentation update to reflect mysql config connection from the old to the newer format
2016-03-23 12:09:06 -07:00
Cem Ezberci 7ad97279d5 Fix a typo 2016-03-19 21:24:17 -07:00
Jeff Mitchell b4a4f211da Some generic docs updates 2016-03-18 09:57:21 -04:00
Jeff Mitchell 4211ed2845 Add exclude_cn_from_sans to PKI docs 2016-03-17 16:58:06 -04:00
Matt Hurne 4ee6b04405 AWS permissions documentation fixes: add missing permissions needed to attach and detach managed policies to IAM users, add missing comma, remove extraneous comma 2016-03-14 09:39:32 -04:00
Vishal Nayak 343e6f1671 Merge pull request #998 from chrishoffman/mssql
Sql Server (mssql) secret backend
2016-03-10 22:30:24 -05:00
Chris Hoffman 8c3539df35 Docs updates 2016-03-10 21:15:25 -05:00
Chris Hoffman 5af33afd90 Adding verify_connection to config, docs updates, misc cleanup 2016-03-09 23:08:05 -05:00
AndrewBrown-JustEat c3a2238037 Minor documentation change 2016-03-09 14:50:23 +00:00
Jeff Mitchell 123d7b71d4 Add a necessary IAM permission to the example 2016-03-08 21:29:34 -05:00
Jeff Mitchell 5c55c34d6b Update cubbyhole text to be more explicit.
Fixes #1165
2016-03-03 10:58:58 -05:00
Chris Hoffman 0b4a8f5b94 Adding mssql secret backend 2016-03-03 09:19:17 -05:00
vishalnayak fd585ecf8a removed datatype and corrected a sentense 2016-03-01 11:21:29 -05:00
vishalnayak 724823b8f7 zeroaddress documentation fix 2016-03-01 10:57:00 -05:00
Jeff Mitchell 8ca847c9b3 Be more explicit about buffer type 2016-02-24 22:05:39 -05:00
Jeff Mitchell 151eaf9ec0 Add documentation for pki/tidy 2016-02-24 21:31:29 -05:00
Matt Hurne f4d8852259 Add note that STS credentials can only be generated for user inline policies in AWS secret backend documentation 2016-02-23 09:06:52 -05:00
vishalnayak c9899a5300 postgres: connection_url fix 2016-02-22 11:22:49 -05:00
Kevin Pike 264c9cc40e Merge branch 'master' into rabbitmq 2016-02-21 14:55:06 -08:00
Kevin Pike c755065415 Add RabbitMQ secret backend 2016-02-21 14:52:57 -08:00
vishalnayak a43bd9131b changelog++ 2016-02-19 16:52:19 -05:00
vishalnayak 38b55bd8b1 Don't deprecate value field yet 2016-02-19 16:07:06 -05:00
vishalnayak 380b662c3d mysql: provide allow_verification option to disable connection_url check 2016-02-19 16:07:05 -05:00
Jeff Mitchell 7fc4ee1ed7 Disallow 1024-bit RSA keys.
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
2016-02-19 14:33:02 -05:00
Jeff Mitchell 9f4273589f Remove root-protected references from transit docs 2016-02-18 12:45:18 -05:00
Jeff Mitchell 695a822545 Merge pull request #1075 from rajanadar/patch-14
adding full response for intermediate/generate
2016-02-18 10:16:53 -05:00
Jeff Mitchell c431c2204d Merge pull request #1074 from rajanadar/patch-13
added missing fields to read role
2016-02-18 10:16:14 -05:00
Raja Nadar e7d20c0ef3 adding full response for intermediate/generate
1. adding superset of fields in response, so that folks can see all possible response fields.
2. also added the less important "warnings" field
2016-02-14 14:42:37 -08:00
Raja Nadar 2d918196ca added missing fields to read role
added the lease and token type field to the read role response.
2016-02-14 13:00:42 -08:00
Raja Nadar b0d05ebcb3 fixing response fields of /pki/issue
1. added the private_key_type field
2. changed "serial" to "serial_number"
3. added the warnings field
2016-02-14 12:41:43 -08:00
techraf 812736b475 Fixes typo 2016-02-12 22:34:07 +09:00
Jeff Mitchell 159754acf2 Use capabilities to determine upsert-ability in transit. 2016-02-02 10:03:14 -05:00
Jeff Mitchell 5ef8839e48 Revert "Re-add upsert into transit. Defaults to off and a new endpoint /config"
This reverts commit dc27d012c0357f93bfd5bd8d480f3e229166307a.
2016-02-02 09:26:25 -05:00
Jeff Mitchell 1d385b4de3 Re-add upsert into transit. Defaults to off and a new endpoint /config
can be used to turn it on for a given mount.
2016-02-01 20:13:57 -05:00
Jeff Mitchell ca5e4dd955 Merge pull request #980 from rajanadar/patch-8
fixing the return type of verify otp
2016-02-01 14:10:14 -05:00
Jeff Mitchell fc6d23a54e Allow the format to be specified as pem_bundle, which creates a
concatenated PEM file.

Fixes #992
2016-02-01 13:19:41 -05:00
Jeff Mitchell af73d965a4 Cassandra:
* Add ability to change protocol version
* Remove config as a root path, use normal ACLs
* Update docs
2016-02-01 10:27:26 -05:00
Jeff Mitchell 5f178e1927 Update transit docs to no longer claim upsert functionality 2016-01-29 14:43:52 -05:00
Jeff Mitchell 2015118958 Add listing of roles to PKI 2016-01-28 15:18:07 -05:00
Jeff Mitchell 63c6172c17 Add list documentationf for mysql 2016-01-28 15:06:52 -05:00
Jeff Mitchell 62e3ac83f8 Add list support for postgres roles 2016-01-28 14:41:50 -05:00
Jeff Mitchell 904e2b36b6 Update SSH documentation with list 2016-01-28 14:41:43 -05:00
Raja Nadar e4438d9705 fixed the return type of /ssh/lookup api 2016-01-28 01:04:35 -08:00
Raja Nadar b8fa5c6fd4 fix return type of post /ssh/creds
added sample json for both otp and dynamic credentials
2016-01-28 00:56:59 -08:00
Raja Nadar 7aabad7808 better description 2016-01-27 21:58:54 -08:00
Raja Nadar 67da86eeab fixing the return type of verify otp
it seems to be 200 on valid OTP and 204 on invalid OTP. (i think it should be an error.. 400 or 404)
but for the moment, fixing the docs to match the existing behavior.
2016-01-27 20:04:11 -08:00
Jeff Mitchell 1107a068b7 Merge pull request #972 from rajanadar/patch-7
added the delete api details to generic backend
2016-01-26 09:49:06 -05:00
Jeff Mitchell bc04e4eec2 Merge pull request #971 from rajanadar/patch-6
added the delete api details to cubbyhole
2016-01-26 09:48:47 -05:00
Raja Nadar 741c23cb4a added the delete api details to generic backend
documentation was missing this api description
2016-01-25 23:56:33 -08:00
Raja Nadar 64c9eb969d added the delete api details to cubbyhole
cubbyhole delete api details were missing. added them.
2016-01-25 23:47:33 -08:00
Raja Nadar f02aa2c2c0 fixing an incorrect json response field name
changed a read-role api response field from 'revocation_cql' to 'rollback_cql'
didn't verify it using a real cassandra server test, but looked at the source code json schema definition here: 

https://github.com/hashicorp/vault/blob/master/builtin/logical/cassandra/path_roles.go
func pathRoles(b *backend) *framework.Path 

please feel free to discard the PR, if i am looking at the wrong source location or something.
2016-01-25 23:42:20 -08:00
Nicki Watt c57072d39a AWS secret backend - docs when using existing policy 2016-01-26 01:43:14 +00:00
Nicki Watt 35a0d28620 Docs for AWS backend when using an existing policy 2016-01-26 01:39:24 +00:00
Jeff Mitchell 05e337727f Document changes 2016-01-25 14:47:16 -05:00
Jeff Mitchell 7d1d003ba0 Update documentation and use ParseBool for list query param checking 2016-01-22 10:07:32 -05:00
Jeff Mitchell be1b4c8a46 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell 5341cb69cc Updates and documentation 2016-01-22 10:07:32 -05:00
Dmitriy Gromov 4abca91d66 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov 0b5e35c8cd documenting the new aws/sts endpoint 2016-01-21 14:05:10 -05:00
Seth Vargo e40c77ff27 Use HTTPS + www where appropriate 2016-01-14 13:42:47 -05:00
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities.
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
kenjones-cisco 496e9962d0 Fixes mis-placed html tag 2015-12-31 10:37:01 -05:00
kenjones c02013f631 add missing html tag 2015-12-20 14:20:30 -05:00
Jeff Mitchell 8bba9497ac Some copyediting/simplifying of the Consul page 2015-12-18 10:07:40 -05:00
kenjones 0d74de9da4 Update secret backend Consul documentation
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
2015-12-18 09:44:31 -05:00
Jeff Mitchell 7dca03eb3f Update documentation with Consul backend token_type parameter.
Fixes #854
2015-12-14 20:54:13 -05:00
Jeff Mitchell 448efd56fa Merge branch 'master' into pki-csrs 2015-12-08 10:57:53 -05:00
Jeff Mitchell 902b7b0589 Add a warning about consistency of IAM credentials as a stop-gap.
Ping #687
2015-12-08 10:56:34 -05:00
Jeff Mitchell 4eec9d69e8 Change allowed_base_domain to allowed_domains and allow_base_domain to
allow_bare_domains, for comma-separated multi-domain support.
2015-11-30 23:49:11 -05:00
Jeff Mitchell b6c49ddf01 Remove token display names from input options as there isn't a viable
use-case for it at the moment
2015-11-30 18:07:42 -05:00
Jeff Mitchell d461929c1d Documentation update 2015-11-20 13:13:57 -05:00
Jeff Mitchell 25e359084c Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up 2015-11-19 17:14:22 -05:00
Jeff Mitchell af3d6ced8e Update validator function for URIs. Change example of entering a CA to a
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
2015-11-19 11:35:17 -05:00
Jeff Mitchell 71f9ea8561 Make it clear that generating/setting a CA cert will overwrite what's
there.
2015-11-19 09:51:18 -05:00
Jeff Mitchell a95228e4ee Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00
Jeff Mitchell c461652b40 Address some feedback from review 2015-11-19 09:51:18 -05:00
Jeff Mitchell ed62afec14 Large documentation updates, remove the pathlength path in favor of
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
2015-11-19 09:51:18 -05:00
Jeff Mitchell ea676ad4cc Add tests for intermediate signing and CRL, and fix a couple things
Completes extra functionality.
2015-11-19 09:51:17 -05:00
Jeff Mitchell e2d4a5fe0f Documentation update around path/key name encryption.
Make it clear that path/key names in generic are not encrypted.

Fixes #697
2015-10-29 11:21:40 -04:00
Seth Vargo 50f720bc06 Remove tabs from terminal output
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
2015-10-12 12:10:22 -04:00
vishalnayak 644a655920 mysql: made max_open_connections configurable 2015-10-01 21:15:56 -04:00
vishalnayak 2051101c43 postgresql: Configurable max open connections to the database 2015-10-01 20:11:24 -04:00
Colin Rymer e2b157aa79 Remove redundant wording for SSH OTP introduction. 2015-09-30 10:58:44 -04:00
Jeff Mitchell af27a99bb7 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Dominic Luechinger 89511e6977 Fixes docs for new JWT secret backend 2015-09-24 16:47:17 +02:00
Spencer Herzberg 54c62fe5aa docs: pg username not prefixed with vault-
due to
05fa4a4a48,
vault no longer prefixes the username with `vault-`
2015-09-22 10:14:47 -05:00
Jeff Mitchell a5f52f43b1 Minor doc update to SSH 2015-09-21 16:26:07 -04:00
Jeff Mitchell 29c722dbb6 Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00