Seth Vargo
21ecbda1f4
Update titles
2017-03-17 14:37:01 -04:00
Seth Vargo
d4390d103e
/docs/http -> /api
2017-03-17 14:06:03 -04:00
Seth Vargo
0f845ef67d
Use relative links
2017-03-16 12:04:36 -07:00
Seth Vargo
3fd0bd36cc
Break out API documentation for secret backends
2017-03-16 09:47:06 -07:00
Mike Okner
95df7beed9
Adding allow_user_key_ids field to SSH role config ( #2494 )
...
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name. Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
2017-03-16 08:45:11 -04:00
Jeff Mitchell
12e5132779
Allow roles to specify whether CSR SANs should be used instead of ( #2489 )
...
request values. Fix up some documentation.
Fixes #2451
Fixes #2488
2017-03-15 14:38:18 -04:00
Stanislav Grozev
4bc3abd152
Remove superfluous argument from SSH CA docs
2017-03-14 10:21:48 -04:00
Stanislav Grozev
7d59d7d3ac
Reads on ssh/config/ca return the public keys
...
If configured/generated.
2017-03-14 10:21:48 -04:00
Stanislav Grozev
830de2dbbd
If generating an SSH CA signing key - return the public part
...
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
2017-03-14 10:21:48 -04:00
Vishal Nayak
220beb2cde
doc: ssh allowed_users update ( #2462 )
...
* doc: ssh allowed_users update
* added some more context in default_user field
2017-03-09 10:34:55 -05:00
vishalnayak
431070f828
doc: ssh markdown alignments
2017-03-08 21:58:12 -05:00
Jeff Mitchell
76bec343f4
Some minor ssh docs updating
2017-03-02 16:47:21 -05:00
Will May
70bfdb5ae9
Changes from code review
2017-03-02 14:36:13 -05:00
Will May
36b3d89604
Allow internal generation of the signing SSH key pair
2017-03-02 14:36:13 -05:00
Vishal Nayak
3795d2ea64
Rework ssh ca ( #2419 )
...
* docs: input format for default_critical_options and default_extensions
* s/sshca/ssh
* Added default_critical_options and default_extensions to the read endpoint of role
* Change default time return value to 0
2017-03-01 15:50:23 -05:00
Will May
ff1ff02bd7
Changes from code review
...
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
2017-03-01 15:19:18 -05:00
Will May
099d561b20
Add ability to create SSH certificates
2017-03-01 15:19:18 -05:00
Vishal Nayak
c6f138bb9a
PKI: Role switch to control lease generation ( #2403 )
...
* pki: Make generation of leases optional
* pki: add tests for upgrading generate_lease
* pki: add tests for leased and non-leased certs
* docs++ pki generate_lease
* Generate lease is applicable for both issuing and signing
* pki: fix tests
* Address review feedback
* Address review feedback
2017-02-24 12:12:40 -05:00
Jeff Mitchell
817bec0955
Add Organization support to PKI backend. ( #2380 )
...
Fixes #2369
2017-02-16 01:04:29 -05:00
Tommy Murphy
65b274299f
docs: transit parameter is actually deletion_allowed ( #2356 )
2017-02-09 15:10:28 -05:00
Brian Vans
29b3cc6b00
Fixing a few typos in the docs ( #2344 )
2017-02-07 11:55:29 -05:00
Vishal Nayak
7f2717b74a
transit: change batch input format ( #2331 )
...
* transit: change batch input format
* transit: no json-in-json for batch response
* docs: transit: update batch input format
* transit: fix tests after changing response format
2017-02-06 14:56:16 -05:00
Vishal Nayak
5fb28f53cb
Transit: Support batch encryption and decryption ( #2143 )
...
* Transit: Support batch encryption
* Address review feedback
* Make the normal flow go through as a batch request
* Transit: Error out if encryption fails during batch processing
* Transit: Infer the 'derived' parameter based on 'context' being set
* Transit: Batch encryption doc updates
* Transit: Return a JSON string instead of []byte
* Transit: Add batch encryption tests
* Remove plaintext empty check
* Added tests for batch encryption, more coming..
* Added more batch encryption tests
* Check for base64 decoding of plaintext before encrypting
* Transit: Support batch decryption
* Transit: Added tests for batch decryption
* Transit: Doc update for batch decryption
* Transit: Sync the path-help and website docs for decrypt endpoint
* Add batch processing for rewrap
* transit: input validation for context
* transit: add rewrap batch option to docs
* Remove unnecessary variables from test
* transit: Added tests for rewrap use cases
* Address review feedback
* Address review feedback
* Address review feedback
* transit: move input checking out of critical path
* transit: allow empty plaintexts for batch encryption
* transit: use common structs for batch processing
* transit: avoid duplicate creation of structs; add omitempty to response structs
* transit: address review feedback
* transit: fix tests
* address review feedback
* transit: fix tests
* transit: rewrap encrypt user error should not error out
* transit: error out for internal errors
2017-02-02 14:24:20 -05:00
Chris Hoffman
03d05b448a
Minor transit docs fixes
2017-01-23 22:26:38 -05:00
joe miller
98df700495
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
Chris Hoffman
7568a212b1
Adding support for exportable transit keys ( #2133 )
2017-01-23 11:04:43 -05:00
Erwin de Keijzer
d71bdf893a
Fixed rabbitmq documentation
...
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
2017-01-13 08:54:04 +01:00
Matthew Irish
cb8bbc4fbd
Transit key actions ( #2254 )
...
* add supports_* for transit key reads
* update transit docs with new supports_* fields
2017-01-11 10:05:06 -06:00
Elan Ruusamäe
ca1f0115b6
add unix socket example as well ( #2193 )
2016-12-16 05:13:35 -05:00
Elan Ruusamäe
9a9edfb515
Update index.html.md ( #2191 )
...
add DSN as link to go-sql-driver/mysql to know the syntax
2016-12-16 03:37:54 -05:00
Dan Gorst
e1d3650b7f
Minor documentation tweak ( #2127 )
...
Should be arn, not policy - latter will error as that assume an inline policy json document
2016-11-24 07:36:46 -08:00
Jeff Mitchell
a94962e004
Update docs to fix #2102
2016-11-22 12:19:22 -05:00
Joel Thompson
0357d73dad
Add information on HMAC verification to transit docs ( #2062 )
2016-11-07 13:44:14 -05:00
vishalnayak
e0fb8c17ce
Added revocation_sql to the website docs
2016-10-27 12:15:08 -04:00
Chris Hoffman
4b6e82afcb
Add ability to list keys in transit backend ( #1987 )
2016-10-18 10:13:01 -04:00
Vishal Nayak
efa76a02ad
Merge pull request #2010 from rajanadar/patch-5
...
doc: add doc for the GET lease settings api
2016-10-18 09:39:23 -04:00
Raja Nadar
d43e7395c7
fix indentation
2016-10-15 22:58:25 -07:00
Raja Nadar
f743ac97c2
doc: add doc for the GET lease settings api
...
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
2016-10-15 22:43:50 -07:00
Raja Nadar
f31d99e51d
doc: add consistency field in get-role response
2016-10-15 01:15:58 -07:00
Jeff Mitchell
7f9a88d8db
Postgres revocation sql, beta mode ( #1972 )
2016-10-05 13:52:59 -04:00
Vishal Nayak
4141b632fa
Merge pull request #1957 from hashicorp/website-list-userpass
...
Added user listing endpoint to userpass docs
2016-10-04 14:10:49 -04:00
vishalnayak
2ad698ec0b
Added user listing endpoint to userpass docs
2016-09-30 15:47:33 -04:00
Jeff Mitchell
4a505bfa3e
Update text around cubbyhole/response
2016-09-29 17:44:15 -04:00
Chris Stevens
7a8fcfcf55
Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection"
...
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.
The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
2016-09-29 14:05:47 -05:00
Jeff Mitchell
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
Chris Hoffman
8c755bfe92
Small consul doc fix
2016-09-28 15:11:39 -04:00
Laura Bennett
010293ccc3
Merge pull request #1931 from hashicorp/cass-consistency
...
Adding consistency into cassandra
2016-09-27 21:12:02 -04:00
Chris Hoffman
d235acf809
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
Laura Bennett
883b5db420
typo correction
2016-09-27 16:38:27 -04:00
Laura Bennett
648a71fa11
updates to the documents
2016-09-27 16:36:20 -04:00
Jeff Mitchell
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
Chris Hoffman
5c241d31e7
Renaming ttl_max -> max_ttl in mssql backend ( #1905 )
2016-09-20 12:39:02 -04:00
Raja Nadar
d8b1ab05dd
doc: change invalid otp response code to 400 ( #1863 )
...
invalid otp response code is 400 bad request.
2016-09-08 11:13:13 -04:00
Raja Nadar
b06167c748
doc: fixing field name to security_token ( #1850 )
...
response field is security_token, not secret_token.
2016-09-03 22:40:57 -04:00
Andrew Backhouse
2f35789e71
Update index.html.md ( #1819 )
...
Corrected a minor spelling error.
2016-08-31 10:02:43 -04:00
Jeff Mitchell
93b5b2a2c0
Update website with POST STS path
2016-08-30 10:37:55 -04:00
Jeff Mitchell
d9c46aadc2
update docs
2016-08-26 17:52:42 -04:00
Jeff Mitchell
2f5876dfe9
Use key derivation for convergent nonce. ( #1794 )
...
Use key derivation for convergent nonce.
Fixes #1792
2016-08-26 14:11:03 -04:00
Jeff Mitchell
606ba64e23
Remove context-as-nonce, add docs, and properly support datakey
2016-08-07 15:53:40 -04:00
Jeff Mitchell
21e39bfea6
Remove erroneous information about some endpoints being root-protected
2016-08-04 16:08:54 -04:00
Cameron Stokes
0b60375952
~secret/aws: env variable and IAM role usage
2016-08-04 13:02:07 -07:00
Jeff Mitchell
1b0c9afc43
Update DB docs with new SQL specification options
2016-08-03 15:45:56 -04:00
Chris Hoffman
c1c35880da
Missing prefix on roles list
2016-07-29 11:31:26 -04:00
Laura Bennett
559b0a5006
Merge pull request #1635 from hashicorp/mysql-idle-conns
...
Added maximum idle connections to mysql to close hashicorp/vault#1616
2016-07-20 15:31:37 -04:00
Laura Bennett
422dcc8f25
minor formatting edits
2016-07-20 14:42:52 -04:00
Jeff Mitchell
f2b6569b0b
Merge pull request #1604 from memory/mysql-displayname-2
...
concat role name and token displayname to form mysql username
2016-07-20 14:02:17 -04:00
Nathan J. Mehl
ea294f1d27
use both role name and token display name to form mysql username
2016-07-20 10:17:00 -07:00
Laura Bennett
dba466f50e
update documentation for idle connections
2016-07-20 12:50:07 -04:00
Nathan J. Mehl
0483457ad2
respond to feedback from @vishalnayak
...
- split out usernameLength and displaynameLength truncation values,
as they are different things
- fetch username and displayname lengths from the role, not from
the request parameters
- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Matt Hurne
11a3cb67d0
mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease
2016-07-19 12:46:54 -04:00
Nathan J. Mehl
314a5ecec0
allow overriding the default truncation length for mysql usernames
...
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
Matt Hurne
8d5a7992c1
mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages
2016-07-07 23:09:45 -04:00
Matt Hurne
a5f5b26e4b
Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required
2016-07-07 22:34:00 -04:00
Matt Hurne
b1dd5bf449
mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON
2016-07-07 22:31:35 -04:00
Matt Hurne
cf17deb33b
mongodb secret backend: Update documentation
2016-07-05 09:50:23 -04:00
Matt Hurne
292c2fad69
Merge branch 'master' into mongodb-secret-backend
2016-07-01 20:39:13 -04:00
Mark Paluch
ab63c938c4
Address review feedback.
...
Switch ConnectTimeout to framework.TypeDurationSecond with a default of 5. Remove own parsing code.
2016-07-01 22:26:08 +02:00
Mark Paluch
3859f7938a
Support connect_timeout for Cassandra and align timeout.
...
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration. Also align the timeout to 5 seconds which is the default for the Python and Java drivers.
Fixes #1538
2016-07-01 21:22:37 +02:00
Matt Hurne
350b69670c
Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl'
2016-06-30 09:57:43 -04:00
Matt Hurne
5e8c912048
Add mongodb secret backend
2016-06-29 08:33:06 -04:00
Jeff Mitchell
07f53eebc2
Update PKI docs with key_usge info
2016-06-23 11:07:17 -04:00
vishalnayak
8b490e44a1
Added list functionality to logical aws backend's roles
2016-06-20 19:51:04 -04:00
Jeff Mitchell
2e7704ea7e
Add convergent encryption option to transit.
...
Fixes #1537
2016-06-20 13:17:48 -04:00
Mark Paluch
ea4c58f17b
Fix RabbitMQ documentation
...
Change parameter `uri` to `connection_uri` in code example.
2016-06-19 17:45:30 +02:00
vishalnayak
4a078f8726
RabbitMQ docs++
2016-06-14 10:22:30 -04:00
Jeff Mitchell
04a03bcb54
Add updated wrapping information
2016-06-14 05:59:50 +00:00
Jeff Mitchell
351f536913
Don't check parsability of a ttl
key on write.
...
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.
The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.
Fixes #1505
2016-06-08 20:14:36 -04:00
Laura Bennett
fc8c73584b
url fix
2016-06-08 14:53:33 -04:00
Laura Bennett
08cd10d541
Updates for pki/certs list functionality
2016-06-08 14:37:57 -04:00
Vishal Nayak
ab543414f6
Merge pull request #788 from doubledutch/master
...
RabbitMQ Secret Backend
2016-06-08 10:02:24 -04:00
vishalnayak
315f9c868c
Provide option to disable host key checking
2016-06-01 11:08:24 -04:00
vishalnayak
30fa7f304b
Allow * to be set for allowed_users
2016-05-30 03:12:43 -04:00
vishalnayak
971b2cb7b7
Do not allow any username to login if allowed_users is not set
2016-05-30 03:01:47 -04:00
Kevin Pike
111ef09a18
Update rabbitmq lease docs
2016-05-20 23:28:41 -07:00
Jeff Mitchell
caf77109ba
Add cubbyhole wrapping documentation
2016-05-19 13:33:51 -04:00
Jeff Mitchell
a13807e759
Merge pull request #1318 from steve-jansen/aws-logical-assume-role
...
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Jeff Mitchell
d899f9d411
Don't revoke CA certificates with leases.
2016-05-09 19:53:28 -04:00
Steve Jansen
597d59962c
Adds sts:AssumeRole support to the AWS secret backend
...
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens. For example, STS federated tokens cannot
invoke IAM APIs, such as Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Sean Chittenden
f6bec6e017
Wordsmith the docs around the list
command.
...
Prompted by: feedback from conference attendees at PGConf '16
2016-04-20 18:13:58 -04:00
Kevin Pike
0bea2498a8
Remove example parameters
2016-04-08 09:49:10 -07:00
Kevin Pike
a86e5e3cd9
Support verify_connection flag
2016-04-08 09:44:15 -07:00
Kevin Pike
fc61a7695b
Fix RabbitMQ documentation
...
PostgreSQL -> RabbitMQ
2016-04-08 09:30:20 -07:00
Kevin Pike
23492e9572
Fix RabbitMQ URLs
2016-04-08 09:29:00 -07:00
Kevin Pike
e3db8c999e
Merge branch 'master' of github.com:doubledutch/vault
2016-04-08 09:25:28 -07:00
Jeff Mitchell
ebfc8c3fb1
Merge pull request #1293 from gliptak/patch-2
...
Correct typo in base64 parameters
2016-04-05 09:38:00 -04:00
Gábor Lipták
ce2dd5d869
Correct typo in base64 parameters
2016-04-05 09:20:43 -04:00
Gábor Lipták
a8edba907f
Update transit read key output
2016-04-05 09:16:47 -04:00
Jeff Mitchell
d72e462686
Merge pull request #1290 from steve-jansen/patch-2
...
Adds note on GH-1102 fix to secret/aws doc
2016-04-05 08:37:39 -04:00
Steve Jansen
d2b3d924ca
Adds note on GH-1102 fix to secret/aws doc
...
Add note related to #1102 , which leads to a non-obvious AWS error message on 0.5.0 or earlier.
2016-04-04 21:30:41 -04:00
Steve Jansen
89c7f312e4
Fix typo in iam permission for STS
2016-04-04 21:20:26 -04:00
Vishal Nayak
05b4c7102f
Revert "Change mysql connection to match new"
2016-03-23 15:18:09 -04:00
Chris Mague
e27bcaf9a4
Change mysql connection to match new
...
Documentation update to reflect mysql config connection from the old to the newer format
2016-03-23 12:09:06 -07:00
Cem Ezberci
7ad97279d5
Fix a typo
2016-03-19 21:24:17 -07:00
Jeff Mitchell
b4a4f211da
Some generic docs updates
2016-03-18 09:57:21 -04:00
Jeff Mitchell
4211ed2845
Add exclude_cn_from_sans to PKI docs
2016-03-17 16:58:06 -04:00
Matt Hurne
4ee6b04405
AWS permissions documentation fixes: add missing permissions needed to attach and detach managed policies to IAM users, add missing comma, remove extraneous comma
2016-03-14 09:39:32 -04:00
Vishal Nayak
343e6f1671
Merge pull request #998 from chrishoffman/mssql
...
Sql Server (mssql) secret backend
2016-03-10 22:30:24 -05:00
Chris Hoffman
8c3539df35
Docs updates
2016-03-10 21:15:25 -05:00
Chris Hoffman
5af33afd90
Adding verify_connection to config, docs updates, misc cleanup
2016-03-09 23:08:05 -05:00
AndrewBrown-JustEat
c3a2238037
Minor documentation change
2016-03-09 14:50:23 +00:00
Jeff Mitchell
123d7b71d4
Add a necessary IAM permission to the example
2016-03-08 21:29:34 -05:00
Jeff Mitchell
5c55c34d6b
Update cubbyhole text to be more explicit.
...
Fixes #1165
2016-03-03 10:58:58 -05:00
Chris Hoffman
0b4a8f5b94
Adding mssql secret backend
2016-03-03 09:19:17 -05:00
vishalnayak
fd585ecf8a
removed datatype and corrected a sentense
2016-03-01 11:21:29 -05:00
vishalnayak
724823b8f7
zeroaddress documentation fix
2016-03-01 10:57:00 -05:00
Jeff Mitchell
8ca847c9b3
Be more explicit about buffer type
2016-02-24 22:05:39 -05:00
Jeff Mitchell
151eaf9ec0
Add documentation for pki/tidy
2016-02-24 21:31:29 -05:00
Matt Hurne
f4d8852259
Add note that STS credentials can only be generated for user inline policies in AWS secret backend documentation
2016-02-23 09:06:52 -05:00
vishalnayak
c9899a5300
postgres: connection_url fix
2016-02-22 11:22:49 -05:00
Kevin Pike
264c9cc40e
Merge branch 'master' into rabbitmq
2016-02-21 14:55:06 -08:00
Kevin Pike
c755065415
Add RabbitMQ secret backend
2016-02-21 14:52:57 -08:00
vishalnayak
a43bd9131b
changelog++
2016-02-19 16:52:19 -05:00
vishalnayak
38b55bd8b1
Don't deprecate value field yet
2016-02-19 16:07:06 -05:00
vishalnayak
380b662c3d
mysql: provide allow_verification option to disable connection_url check
2016-02-19 16:07:05 -05:00
Jeff Mitchell
7fc4ee1ed7
Disallow 1024-bit RSA keys.
...
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
2016-02-19 14:33:02 -05:00
Jeff Mitchell
9f4273589f
Remove root-protected references from transit docs
2016-02-18 12:45:18 -05:00
Jeff Mitchell
695a822545
Merge pull request #1075 from rajanadar/patch-14
...
adding full response for intermediate/generate
2016-02-18 10:16:53 -05:00
Jeff Mitchell
c431c2204d
Merge pull request #1074 from rajanadar/patch-13
...
added missing fields to read role
2016-02-18 10:16:14 -05:00
Raja Nadar
e7d20c0ef3
adding full response for intermediate/generate
...
1. adding superset of fields in response, so that folks can see all possible response fields.
2. also added the less important "warnings" field
2016-02-14 14:42:37 -08:00
Raja Nadar
2d918196ca
added missing fields to read role
...
added the lease and token type field to the read role response.
2016-02-14 13:00:42 -08:00
Raja Nadar
b0d05ebcb3
fixing response fields of /pki/issue
...
1. added the private_key_type field
2. changed "serial" to "serial_number"
3. added the warnings field
2016-02-14 12:41:43 -08:00
techraf
812736b475
Fixes typo
2016-02-12 22:34:07 +09:00
Jeff Mitchell
159754acf2
Use capabilities to determine upsert-ability in transit.
2016-02-02 10:03:14 -05:00
Jeff Mitchell
5ef8839e48
Revert "Re-add upsert into transit. Defaults to off and a new endpoint /config"
...
This reverts commit dc27d012c0357f93bfd5bd8d480f3e229166307a.
2016-02-02 09:26:25 -05:00
Jeff Mitchell
1d385b4de3
Re-add upsert into transit. Defaults to off and a new endpoint /config
...
can be used to turn it on for a given mount.
2016-02-01 20:13:57 -05:00
Jeff Mitchell
ca5e4dd955
Merge pull request #980 from rajanadar/patch-8
...
fixing the return type of verify otp
2016-02-01 14:10:14 -05:00
Jeff Mitchell
fc6d23a54e
Allow the format to be specified as pem_bundle, which creates a
...
concatenated PEM file.
Fixes #992
2016-02-01 13:19:41 -05:00
Jeff Mitchell
af73d965a4
Cassandra:
...
* Add ability to change protocol version
* Remove config as a root path, use normal ACLs
* Update docs
2016-02-01 10:27:26 -05:00
Jeff Mitchell
5f178e1927
Update transit docs to no longer claim upsert functionality
2016-01-29 14:43:52 -05:00
Jeff Mitchell
2015118958
Add listing of roles to PKI
2016-01-28 15:18:07 -05:00
Jeff Mitchell
63c6172c17
Add list documentationf for mysql
2016-01-28 15:06:52 -05:00
Jeff Mitchell
62e3ac83f8
Add list support for postgres roles
2016-01-28 14:41:50 -05:00
Jeff Mitchell
904e2b36b6
Update SSH documentation with list
2016-01-28 14:41:43 -05:00
Raja Nadar
e4438d9705
fixed the return type of /ssh/lookup api
2016-01-28 01:04:35 -08:00
Raja Nadar
b8fa5c6fd4
fix return type of post /ssh/creds
...
added sample json for both otp and dynamic credentials
2016-01-28 00:56:59 -08:00
Raja Nadar
7aabad7808
better description
2016-01-27 21:58:54 -08:00
Raja Nadar
67da86eeab
fixing the return type of verify otp
...
it seems to be 200 on valid OTP and 204 on invalid OTP. (i think it should be an error.. 400 or 404)
but for the moment, fixing the docs to match the existing behavior.
2016-01-27 20:04:11 -08:00
Jeff Mitchell
1107a068b7
Merge pull request #972 from rajanadar/patch-7
...
added the delete api details to generic backend
2016-01-26 09:49:06 -05:00
Jeff Mitchell
bc04e4eec2
Merge pull request #971 from rajanadar/patch-6
...
added the delete api details to cubbyhole
2016-01-26 09:48:47 -05:00
Raja Nadar
741c23cb4a
added the delete api details to generic backend
...
documentation was missing this api description
2016-01-25 23:56:33 -08:00
Raja Nadar
64c9eb969d
added the delete api details to cubbyhole
...
cubbyhole delete api details were missing. added them.
2016-01-25 23:47:33 -08:00
Raja Nadar
f02aa2c2c0
fixing an incorrect json response field name
...
changed a read-role api response field from 'revocation_cql' to 'rollback_cql'
didn't verify it using a real cassandra server test, but looked at the source code json schema definition here:
https://github.com/hashicorp/vault/blob/master/builtin/logical/cassandra/path_roles.go
func pathRoles(b *backend) *framework.Path
please feel free to discard the PR, if i am looking at the wrong source location or something.
2016-01-25 23:42:20 -08:00
Nicki Watt
c57072d39a
AWS secret backend - docs when using existing policy
2016-01-26 01:43:14 +00:00
Nicki Watt
35a0d28620
Docs for AWS backend when using an existing policy
2016-01-26 01:39:24 +00:00
Jeff Mitchell
05e337727f
Document changes
2016-01-25 14:47:16 -05:00
Jeff Mitchell
7d1d003ba0
Update documentation and use ParseBool for list query param checking
2016-01-22 10:07:32 -05:00
Jeff Mitchell
be1b4c8a46
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-22 10:07:32 -05:00
Jeff Mitchell
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
Dmitriy Gromov
4abca91d66
Renamed sts duration to ttl and added STS permissions note.
2016-01-21 14:28:34 -05:00
Dmitriy Gromov
0b5e35c8cd
documenting the new aws/sts endpoint
2016-01-21 14:05:10 -05:00
Seth Vargo
e40c77ff27
Use HTTPS + www where appropriate
2016-01-14 13:42:47 -05:00
Jeff Mitchell
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
kenjones-cisco
496e9962d0
Fixes mis-placed html tag
2015-12-31 10:37:01 -05:00
kenjones
c02013f631
add missing html tag
2015-12-20 14:20:30 -05:00
Jeff Mitchell
8bba9497ac
Some copyediting/simplifying of the Consul page
2015-12-18 10:07:40 -05:00
kenjones
0d74de9da4
Update secret backend Consul documentation
...
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
2015-12-18 09:44:31 -05:00
Jeff Mitchell
7dca03eb3f
Update documentation with Consul backend token_type
parameter.
...
Fixes #854
2015-12-14 20:54:13 -05:00
Jeff Mitchell
448efd56fa
Merge branch 'master' into pki-csrs
2015-12-08 10:57:53 -05:00
Jeff Mitchell
902b7b0589
Add a warning about consistency of IAM credentials as a stop-gap.
...
Ping #687
2015-12-08 10:56:34 -05:00
Jeff Mitchell
4eec9d69e8
Change allowed_base_domain to allowed_domains and allow_base_domain to
...
allow_bare_domains, for comma-separated multi-domain support.
2015-11-30 23:49:11 -05:00
Jeff Mitchell
b6c49ddf01
Remove token display names from input options as there isn't a viable
...
use-case for it at the moment
2015-11-30 18:07:42 -05:00
Jeff Mitchell
d461929c1d
Documentation update
2015-11-20 13:13:57 -05:00
Jeff Mitchell
25e359084c
Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up
2015-11-19 17:14:22 -05:00
Jeff Mitchell
af3d6ced8e
Update validator function for URIs. Change example of entering a CA to a
...
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
2015-11-19 11:35:17 -05:00
Jeff Mitchell
71f9ea8561
Make it clear that generating/setting a CA cert will overwrite what's
...
there.
2015-11-19 09:51:18 -05:00
Jeff Mitchell
a95228e4ee
Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint.
2015-11-19 09:51:18 -05:00
Jeff Mitchell
c461652b40
Address some feedback from review
2015-11-19 09:51:18 -05:00
Jeff Mitchell
ed62afec14
Large documentation updates, remove the pathlength path in favor of
...
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
2015-11-19 09:51:18 -05:00
Jeff Mitchell
ea676ad4cc
Add tests for intermediate signing and CRL, and fix a couple things
...
Completes extra functionality.
2015-11-19 09:51:17 -05:00
Jeff Mitchell
e2d4a5fe0f
Documentation update around path/key name encryption.
...
Make it clear that path/key names in generic are not encrypted.
Fixes #697
2015-10-29 11:21:40 -04:00
Seth Vargo
50f720bc06
Remove tabs from terminal output
...
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
2015-10-12 12:10:22 -04:00
vishalnayak
644a655920
mysql: made max_open_connections configurable
2015-10-01 21:15:56 -04:00
vishalnayak
2051101c43
postgresql: Configurable max open connections to the database
2015-10-01 20:11:24 -04:00
Colin Rymer
e2b157aa79
Remove redundant wording for SSH OTP introduction.
2015-09-30 10:58:44 -04:00
Jeff Mitchell
af27a99bb7
Remove JWT for the 0.3 release; it needs a lot of rework.
2015-09-24 16:23:44 -04:00
Dominic Luechinger
89511e6977
Fixes docs for new JWT secret backend
2015-09-24 16:47:17 +02:00
Spencer Herzberg
54c62fe5aa
docs: pg username not prefixed with vault-
...
due to
05fa4a4a48
,
vault no longer prefixes the username with `vault-`
2015-09-22 10:14:47 -05:00
Jeff Mitchell
a5f52f43b1
Minor doc update to SSH
2015-09-21 16:26:07 -04:00
Jeff Mitchell
29c722dbb6
Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values
2015-09-21 16:14:30 -04:00