1f5062a6e1
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-19 12:16:37 -07:00
9fd6837d7b
Fix typo in ACL doc
2015-08-19 07:36:16 +01:00
f351cd5ee0
Merge pull request #531 from mfischer-zd/fix_doc_tls
...
Clarify availability of tls_min_version
2015-08-18 19:01:28 -07:00
b5cda4942b
Vault SSH: doc update
2015-08-18 11:50:32 -07:00
b91ebbc6e2
Vault SSH: Documentation update and minor refactoring changes.
2015-08-17 18:22:03 -07:00
9db318fc55
Vault SSH: Website page for SSH backend
2015-08-14 12:41:26 -07:00
0e0cdeed75
Clarify availability of tls_min_version
...
`tls_min_version` doesn't work in the current Vault release;
make that clear.
2015-08-13 08:35:09 -07:00
93dfa67039
Merging changes from master
2015-08-12 09:28:16 -07:00
0abf07cb91
Vault SSH: Website doc v1. Removed path_echo
2015-08-12 09:25:28 -07:00
2233f993ae
initial pass at JWT secret backend
2015-08-06 17:49:44 -06:00
f58f46c243
Merge pull request #439 from geckoboard/feature-tls-mysql
...
Using SSL to encrypt connections to MYSQL
2015-08-05 14:52:43 -07:00
4d08cfdf6f
Merge pull request #469 from kgutwin/f-config-defaultlease
...
Add configuration options for default lease duration and max lease duration
2015-08-04 10:06:41 -07:00
9db7426002
Add documentation for the tls_ca_file option
2015-08-04 05:10:33 +00:00
719ac6e714
update doc for app-id
...
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
2015-08-03 09:44:26 -07:00
473668a1a0
Merge pull request #482 from chiefy/master
...
Adding vaulted nodejs library to libraries section in docs.
2015-07-31 15:13:44 -07:00
e666b5c624
added golang client
2015-07-31 17:10:38 -04:00
c5c7926af6
Adding vaulted nodejs library to libraries section in docs.
2015-07-31 14:31:26 -04:00
03728af495
Merge pull request #464 from bgirardeau/master
...
Add Multi-factor authentication with Duo
2015-07-30 17:51:31 -07:00
aa55d36f03
Clean up naming and add documentation
2015-07-30 17:36:40 -07:00
4bad987e58
PR review updates
2015-07-30 13:21:41 -04:00
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
1535a21198
Merge pull request #384 from dkaffee92/feature/storage-backend-consul-configuration
...
allow specifying certificates used to talk to consul for storage backend
2015-07-29 14:41:53 -07:00
41106d9b69
fix doc for pki/revoke API
2015-07-29 14:28:12 +02:00
9fe25414aa
update analytics
2015-07-28 16:05:27 -07:00
112f98d86f
mfa: cleanup website documentation
2015-07-28 12:25:01 -07:00
6c24a000a3
mfa: add website documentation
2015-07-28 11:00:57 -07:00
a6f828ba0a
made documentation a bit more clear
2015-07-28 15:50:43 +03:00
4146be770c
refactor code
2015-07-28 14:55:33 +03:00
83729a3bd9
website: fixing details about HA backends
2015-07-24 12:11:45 -07:00
80e59089ba
Merge pull request #449 from JustinLaRose/master
...
Cassandra secret backend doc update for connection config
2015-07-23 13:42:59 -07:00
eeb623bca0
Merge pull request #447 from kgutwin/f-tlsvers
...
Specify Vault listener minimum TLS version
2015-07-23 13:42:42 -07:00
9ec3cefea9
Merge pull request #433 from infame-io/feature/s3_sts
...
Granting S3 backend temporary access
2015-07-23 13:33:58 -07:00
3a5e036727
Document warning for using lower TLS versions
2015-07-23 11:54:45 -04:00
436dfd464d
S3 backend session token documentation updated
2015-07-23 22:53:20 +10:00
361f10f79e
Cassandra secret backend doc update for connection config - "hosts" instead of "host"
2015-07-23 03:07:29 -04:00
1096f5a53e
Avoid unnecessary abbreviation
2015-07-22 23:28:46 -04:00
9c963a0632
TLS minimum version documentation
2015-07-22 23:21:18 -04:00
63fcb61145
Merge pull request #419 from nbrownus/telemetry_names
...
Disable hostname prefix for runtime telemetry
2015-07-22 15:38:23 -07:00
01147622ce
Merge pull request #420 from bgirardeau/master
...
LDAP Auth - Add per-user policies and option to login with userPrincipalName
2015-07-22 14:35:21 -07:00
e8d26d244b
ldap: change setting user policies to setting user groups
2015-07-20 11:33:39 -07:00
564f6d3743
Small tutorial fixes and tweaks
2015-07-19 16:52:11 -04:00
30920dc751
Finished draft of api tutorial and worked it into the flow.
2015-07-19 12:29:06 -07:00
89e0ed22db
More work on apis doc.
2015-07-16 06:29:52 -07:00
3f45692500
Added start of page in intro that explains / demos the REST apis
2015-07-15 06:28:04 -07:00
1e1d4ba66d
ldap: add documentation for setting policies based on user
2015-07-14 16:13:40 -07:00
65dc78ba35
Docs for the telemetry object
2015-07-14 15:45:45 -07:00
0e2edc2378
ldap: add ability to login with a userPrincipalName (user@upndomain)
2015-07-14 15:37:46 -07:00
d86a608db8
Use Rack::Protection
2015-07-13 13:07:24 -04:00
2ddeb831e4
Update middleman-hashicorp
2015-07-13 13:07:18 -04:00
3042452def
website: fixing lots of references to vault help
2015-07-13 20:12:09 +10:00
7be012b8b6
website: help command is now path-help
2015-07-13 20:03:29 +10:00
26937498f6
physical/zk: Fixing node representation. Fixes #416
2015-07-13 19:33:23 +10:00
8dd9478e14
website: fixing documentation errors. Fixes #412
2015-07-13 19:10:44 +10:00
2da54da6ed
website: update HA status, discourage ZK
2015-07-13 19:01:32 +10:00
76bc988e50
Remove documentation that was copied from the terraform project
2015-07-12 16:52:24 +00:00
872593d1e1
fixed secrets backend url
...
minor doc fix
2015-07-06 11:11:58 -07:00
f782e7382e
pointed authentication backend to proper location
...
pointed authentication backend to proper location
2015-07-06 10:42:14 -07:00
70cd3d1206
Merge pull request #400 from hashicorp/f-glob
...
Change ACL semantics, use explicit glob and deny has highest precedence
2015-07-06 11:15:49 -06:00
768a6e33b0
website: clarify changes in addition to feedback
2015-07-06 11:10:09 -06:00
0be3d419c8
secret/transit: address PR feedback
2015-07-05 19:58:31 -06:00
37b68d6dce
website: clarify getting started ACL docs
2015-07-05 18:40:05 -06:00
01b0257c5f
website: update for glob matching
2015-07-05 17:43:13 -06:00
f4d555a2ba
website: document derived keys in secret/transit
2015-07-05 14:47:16 -07:00
0521c6df6c
http: support ?standbyok for 200 status on standby. Fixes #389
2015-07-02 17:49:35 -07:00
42050fe77b
ldap: add starttls support and option to specificy ca certificate
2015-07-02 15:49:51 -07:00
3c58773598
Merge pull request #380 from kgutwin/cert-cli
...
Enable TLS client cert authentication via the CLI
2015-06-30 11:44:28 -07:00
b8f2e8d498
website: document insecure_tls for LDAP backend
2015-06-30 09:42:18 -07:00
42b90fa9b9
Address some issues from code review.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:27:23 -04:00
70fc49be84
Website docs.
2015-06-30 09:18:39 -04:00
fccbc587c6
A Cassandra secrets backend.
...
Supports creation and deletion of users in Cassandra using flexible CQL queries.
TLS, including client authentication, is supported.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:04:01 -04:00
3902626163
Merge pull request #310 from jefferai/f-pki
...
Initial PKI backend implementation
2015-06-21 11:12:22 +01:00
3e58e8fff2
Fix typo in link to Atlas URL.
...
Missing a colon after https!
2015-06-21 02:41:26 -07:00
e086879fa3
Merge remote-tracking branch 'upstream/master' into f-pki
2015-06-19 13:01:26 -04:00
a6fc48b854
A few things:
...
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00
28ddff305c
physical/mysql: cleanup and documentation
2015-06-18 14:31:00 -07:00
34f495a354
Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 15:22:58 -04:00
7e6f44e39e
website: document transit upsert behavior
2015-06-17 18:51:58 -07:00
93ee9f6b76
website: update the transit documentation
2015-06-17 18:45:29 -07:00
49f1fdbdcc
Merge branch 'master' into f-pki
2015-06-16 13:43:25 -04:00
07df5c251d
Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix
...
Do not output the trailing newline in encoding.
2015-06-15 17:36:01 -07:00
db178571eb
Document longest-prefix match
...
Fixes https://github.com/hashicorp/vault/issues/331
2015-06-15 14:29:20 -04:00
90dfbe2883
Update gems
2015-06-15 13:54:36 -04:00
c232fee6b3
Do not output the trailing newline in encoding.
...
Added -n to echo command to prevent newlines from showing up in encoding.
2015-06-13 12:03:57 -04:00
e17ced0d51
Fix a docs-out-of-date bug.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-12 16:33:00 -04:00
db5354823f
Fix some out-of-date examples.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:17:05 -04:00
1513e2baa4
Add acceptance tests
...
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling
Also, fix a bug when trying to get code signing certificates.
Not tested:
* Revocation (I believe this is impossible with the current testing framework)
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
0d832de65d
Initial PKI backend implementation.
...
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint
Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
2a1eac837c
docs: Fix examples of auth via JSON
...
For both userpass and LDAP
2015-06-04 10:38:11 -04:00
d634a92d2a
Remove .DS_Store
...
Already gitignored
2015-06-04 10:17:00 -04:00
66ab2bbf54
Merge pull request #263 from sheldonh/iam-policy
...
List IAM permissions required by root credentials
2015-06-01 13:16:51 +02:00
98cca9cb18
Merge pull request #261 from jsok/consul-lease
...
Add ability to configure consul lease durations
2015-06-01 13:04:28 +02:00
82caf31532
Merge pull request #277 from hashicorp/f-rotate
...
Add support for key rotation
2015-06-01 12:52:32 +02:00
507f5b0114
Cleanup style on http index docs
2015-05-31 21:23:44 -07:00
4a41d05870
Merge pull request #271 from boncheff/f-doc-update-read-write-example
...
Update index.html.md
2015-05-31 21:20:34 -07:00
090de2c6d3
Merge pull request #279 from whit537/patch-1
...
Capitalize the first word of a sentence
2015-05-31 15:53:34 -07:00
7fd3d50f3e
Merge pull request #280 from whit537/patch-2
...
Put me in charge of dev mode :)
2015-05-31 15:53:24 -07:00
d90b63a520
Merge pull request #282 from whit537/patch-3
...
Add a missing word
2015-05-31 15:52:21 -07:00
68c9b9dd83
Merge pull request #283 from whit537/patch-4
...
revisions to Getting Started > Dynamic Secrets
2015-05-31 15:52:08 -07:00
dba3fde064
Merge pull request #284 from whit537/patch-5
...
revisions to Getting Started > Built-in Help
2015-05-31 15:51:51 -07:00
83ad07bb72
Merge pull request #285 from whit537/patch-6
...
revisions to Getting Started > Authentication
2015-05-31 15:51:39 -07:00
1514dd5a14
Merge pull request #286 from whit537/patch-7
...
revisions to Getting Started > Access Control Policies
2015-05-31 15:51:08 -07:00
105def7354
Merge pull request #287 from whit537/patch-8
...
revisions to Getting Started > Deploy Vault
2015-05-31 15:50:58 -07:00
b83f3f2d02
Provide missing verb
2015-05-31 17:19:34 -04:00
e7cc5649dd
Fix punctuation
...
We want an apostrophe (for the contraction, not the possessive), but we don't want an extra period.
2015-05-31 17:00:44 -04:00
2df20f0c8c
Remove an errant article
2015-05-31 16:47:15 -04:00
1629f9ac93
Fix number of a noun
2015-05-31 16:42:29 -04:00
b1b2a4be7c
Fix another broken passive
2015-05-31 16:34:34 -04:00
fcc7cbaee5
Fix a broken verb voice
2015-05-31 16:31:10 -04:00
4a4d944bcc
Charges don't incur themselves
2015-05-31 16:24:03 -04:00
2ee0e9c51b
REMOVE A SINGLE WHITESPACE CHARACTER
2015-05-31 16:21:39 -04:00
bd4dce28b5
Remove quotes to match styling elsewhere
...
Cf. http://vaultproject.io/intro/getting-started/dynamic-secrets.html
2015-05-31 16:20:56 -04:00
11cd9eb6f5
Add a missing word
2015-05-31 16:19:38 -04:00
2e00c9dd27
fix line wrapping
...
Sorry!
2015-05-31 16:07:50 -04:00
4aee92f5e4
Direct new users over to the getting started guide
...
I found myself on the dev server reference, when really I was more interested in the getting started guide. This link is intended to help others get back on the right track.
2015-05-31 16:06:58 -04:00
ee4b84928e
Put me in charge of dev mode :)
...
- "You" as subject instead of "Vault"
- give the actual command
- minor formatting changes
2015-05-31 15:54:32 -04:00
2e8967ce22
Capitalize the first word of a sentence
2015-05-31 14:22:57 -04:00
b71226dfd7
website: document key rotation internals
2015-05-29 15:34:29 -07:00
0563ac643e
website: document new system APIs
2015-05-29 15:05:05 -07:00
69e501a2e5
Fix typo
2015-05-29 10:24:29 +02:00
a1e5330f78
Update index.html.md
...
Updated the docs to show an example of how to read/write a secret using the HTTP API
2015-05-28 22:28:25 +01:00
e72ed2fa87
Merge pull request #269 from sheldonh/getting_started_deploy_consul
...
Use local Consul instance in deploy walkthrough
2015-05-28 10:06:36 -07:00
9126cf576f
Use local Consul instance in deploy walkthrough
...
As per hashicorp/vault#217 , demo.consul.io prevents sessions from being
created, which means you can't use it as a backend for Vault.
2015-05-28 14:11:34 +02:00
85fbdae5f5
Mention `disable_mlock` in deploy walkthrough
2015-05-28 13:24:28 +02:00
71c462b3b2
Clarify the disable_mlock option
2015-05-28 12:40:56 +02:00
ac4763027b
replaced confusing term 'physical' with 'storage'.
2015-05-27 14:44:17 -06:00
89e7bb2569
Missed a few IAM permissions
2015-05-27 16:42:12 +02:00
3d2005ea56
List IAM permissions required by root credentials
2015-05-27 16:28:24 +02:00
2b1926f262
website: Update /consul/roles/ parameters
2015-05-27 09:54:15 +10:00
5b587b979d
Merge pull request #259 from buth/etcd
...
etcd non-HA storage backend
2015-05-26 15:07:06 -07:00
e4e4253d65
added etcd as a non-HA storage backend, updated documentation
2015-05-26 13:38:25 -04:00
2a6dd3225c
Add libraries section to HTTP docs
2015-05-22 14:32:14 -07:00
bb9f7c47ff
Add read field flag to documentation
2015-05-22 11:33:28 -07:00
e2ff72795e
website: doc cleanup
2015-05-20 17:42:29 -07:00
8c75cc83e3
Merge pull request #242 from jstremick/f-physical-s3-backend
...
Physical S3 backend implementation
2015-05-20 17:00:44 -07:00
fd57ca0e39
fix doc example to submit valid json in POST body
...
I don't know if there is some version of curl that auto-generates json but the example didn't work for me on curl 7.32.0. Submitting the data as JSON works though.
2015-05-20 13:11:54 -07:00
53979d6f30
Physical S3 backend implementation
2015-05-20 10:59:03 -04:00
ed9b44bb44
Fix typo in app-id docs
2015-05-20 09:36:54 -05:00
05e59edb02
Merge pull request #239 from ijin/patch-1
...
Document that Vault Server needs to be running for vault help path
2015-05-20 12:28:31 +02:00
e2a923a887
Document that Vault Server needs to be running for vault help path
...
Confused initial, I tried running `vault help secret` by itself and found out that the server needs to be running to execute this command.
Furthermore, the client needs `VAULT_ADDR` configured (`http://127.0.0.1:8200 ` in dev mode, since it uses https by default) to interact with the server.
2015-05-20 17:06:59 +09:00
c7bf89cf60
Add missing word to storage backend threat model.
2015-05-19 12:11:48 -07:00
af1aabe397
Fix "the a lease ID" typo.
2015-05-19 12:07:07 -07:00
dc5e1a714a
Fix "all everything" typo in Secrets description.
2015-05-19 11:59:20 -07:00
c0409b69ae
Remove non-existent unseal API argument
2015-05-18 19:59:18 -07:00
9c916386de
Update github.html.md
...
Fixing incorrect documentation about case sensitivity
2015-05-18 09:37:31 -07:00
3f3133b066
Merge pull request #204 from nrocine/master
...
Added implementation details to the GitHub Auth Docs on the Vault Website
2015-05-18 09:36:35 -07:00
7c6033c728
Use new middleman-hashicorp
2015-05-15 16:15:58 -04:00
3b1df5a8ca
website: clarify the app-id parameters
2015-05-15 11:39:05 -07:00
dd6de90a3f
update info on keywhiz
2015-05-15 00:34:25 -07:00
6481c13bcc
Added details in the github auth docs for the website. These details clarify end-to-end use of the github auth backend. Specifically: noting how to create a usable GitHub PAT and an example of how to auth with the PAT.
2015-05-14 13:20:58 -07:00
7ce3718191
Fix minor typo.
2015-05-13 18:08:11 -07:00
vishalnayak