Commit graph

753 commits

Author SHA1 Message Date
amcbarnett 413cc2e4c0
Update fips1402.mdx (#15598)
* Update fips1402.mdx

Added Link to new Compliance letter and details on what makes this different from Seal Wrap

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

* Update website/content/docs/enterprise/fips/fips1402.mdx

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-06-01 11:02:11 -04:00
Pratik Khasnabis af5e65e9bd
Update to fix the concept of root key, which is not sharded as written here. (#15726)
This explanation of root key is incorrect. Root key is not sharded and reconstructed. The root key is encrypted by the unseal key which is sharded and reconstructed back in the unsealing process.
The explanation differed from the correct one at https://www.vaultproject.io/docs/concepts/seal
2022-06-01 09:54:26 -04:00
Loann Le 47fc5311e8
updated learn link (#15717) 2022-05-31 14:55:06 -07:00
Tom Proctor 1c2f3c8ddf
docs: Improve sample commands for querying k8s API (#15686) 2022-05-31 21:20:31 +01:00
Steven Clark 2e215975ff
Add integration tests for aliased PKI paths (root/rotate, root/replace) (#15703)
* Add integration tests for aliased PKI paths (root/rotate, root/replace)

 - Add tests for the two api endpoints
 - Also return the issuer_name field within the generate root api response

* Add key_name to generate root api endpoint response and doc updates

 - Since we are now returning issuer_name, we should also return key_name
 - Update the api-docs for the generate root endpoint responses and add
   missing arguments that we accept.
2022-05-31 15:00:20 -04:00
Austin Gebauer 7a88c86db2
auth/gcp: adds documentation for custom endpoint overrides (#15673) 2022-05-31 10:16:24 -07:00
Jim Kalafut c9a0fdb4ff
Fix K8s secrets docs typo (#15695) 2022-05-31 08:10:15 -07:00
Steven Clark 69296e9edf
Add a little more information about PKI and replicated data sets to the PKI docs. (#15683)
* Add a little more information about PKI and replicated data sets.

 - Add a TOC to the PKI considerations page
 - Merge in the existing certificate storage into a new Replicated DataSets
   section
 - Move the existing Cluster Scalability section from the api-docs into the
   considerations page.
2022-05-31 10:04:51 -04:00
Alexander Scheel 1331c2aa12
Add recommendations on key types and PKI performance (#15580)
* Add recommendations on key types and PKI performance

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/secrets/pki/considerations.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-05-31 09:21:16 -04:00
akshya96 4c45c909ee
adding documentaion changes (#15656) 2022-05-27 15:08:19 -07:00
Christopher Swenson 23c135f2a6
docs/k8s: update for latest helm release 0.20.1 (#15647) 2022-05-26 11:59:54 -07:00
Austin Gebauer 4d9f3431b8
secrets/mongodbatlas: adds missing organization_id to API docs (#15624) 2022-05-26 08:08:29 -07:00
Loann Le 21d9ff0d99
added a reference to a note for deprecated features (#15610) 2022-05-25 15:24:34 -07:00
Theron Voran f38f0ee323
docs/database/elasticsearch: use_old_xpack option (#15601)
Also creating/adding a note to the 1.11 upgrade guide
2022-05-25 12:15:42 -07:00
John-Michael Faircloth fc04699f57
Fix plugin reload mounts (#15579)
* fix plugin reload mounts

* do not require sys/ prefix

* update plugin reload docs with examples

* fix unit test credential read path

* update docs to reflect correct cli usage

* allow sys/auth/foo or auth/foo

* append trailing slash if it doesn't exist in request

* add changelog

* use correct changelog number
2022-05-25 13:37:42 -05:00
Tom Proctor 46b1a119dd
Add API docs for Kubernetes secrets engine (#15564)
* Add API docs for Kubernetes secret engine
* alphabetical ordering for K-items in docs sidebar

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>
2022-05-25 18:25:19 +01:00
Christopher Swenson 5f9386abad
Add deprecation note about X.509/SHA-1 (#15581)
Add deprecation note about X.509/SHA-1

In preparation for moving to Go 1.18 in Vault 1.12.

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-05-25 10:11:17 -07:00
Brian Kassouf df8ae055be
Add an API for exporting activity log data (#15586)
* Add an API for exporting activity log data

* Add changelog entry

* Switch to error logs
2022-05-24 17:00:46 -07:00
Peter Wilson bcb30223bf
Added support for VAULT_PROXY_ADDR + Updated docs (#15377)
Updated documentation to describe the behavior when supplying `VAULT_HTTP_PROXY`. Also added support for `VAULT_PROXY_ADDR` as a 'better name' for `VAULT_HTTP_PROXY`.
2022-05-24 13:38:51 -04:00
davidadeleon 0026788d4b
api/monitor: Adding log format to monitor command and debug (#15536)
* Correct handling of "unspecified" log level

* Setting log-format default on monitor path

* Create changelog file

* Update website/content/api-docs/system/monitor.mdx

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>

Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>
2022-05-24 13:10:53 -04:00
Loann Le 9dd1a4ff93
Vault documentation: reorganized docs by moving recovery key description (#15563)
* reorg docs for recovery keys

* fixed a sentence

* Minor format update & removed duplicated notes

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-05-23 15:42:57 -07:00
Austin Gebauer 6fe639eb35
auth/okta: documents API token minimal permissions (#15566) 2022-05-23 14:57:14 -07:00
Alexander Scheel 36c981bfe4
Add more PKI usage best practices to documentation (#15562)
* Add note about cross-cluster CRL URIs

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note that short TTLs are relative to quantity

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note to make sure default is configured

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about automating certificate renewal

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-23 12:00:24 -04:00
Alexander Scheel 92dbe3b22a
Fix Learn->Tutorial in internal PKI docs (#15531)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-23 11:53:13 -04:00
Chris Capurso 6d62f9a4ed
FAQ doc updates for removal of stored licenses in 1.11 (#15314)
* initial updates for license FAQs for 1.11

* add links, tense fixes

* Update deprecation doc link

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* fix links

* fix a couple missed version-specific links

* change 1 to one

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-05-23 11:42:58 -04:00
Alexander Scheel 464da0ee46
Link FIPS binary sources from the FIPS docs (#15554)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 16:18:51 -05:00
Christopher Swenson 644345b1cc
Add usage documentation for new Kubernetes Secrets Engine (#15527)
Add usage documentation for new Kubernetes Secrets Engine

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-05-20 13:37:15 -07:00
Alexander Scheel 69b870d675
Add role patching test case (#15545)
* Add tests for role patching

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Prevent bad issuer names on update

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on PATCH operations

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 15:30:22 -04:00
Loann Le 76ec17215e
Vault documentation: updated key share/unseal images (#15526)
* updated images

* added new image files
2022-05-20 10:59:30 -07:00
Jason Peng a331575c01
Update oracle.mdx (#15257)
Added Alpine Linux restrictions as https://github.com/hashicorp/vault-plugin-database-oracle pointed out.
2022-05-20 13:40:05 -04:00
Alexander Scheel 59ccb9cc05
Fix typo in allowed_uri_sans_template doctype (#15537)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 12:23:50 -04:00
Alexander Scheel 2b337b3be9
Clarify KU/EKU parameters on sign-verbatim (#15535)
* Clarify KU/EKU parameters on sign-verbatim

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify default in empty list
2022-05-20 11:56:31 -04:00
Alejandro Medina f969c05772
Update seal.mdx (#15463) 2022-05-20 08:43:05 -04:00
Andy Assareh c559f6e8b7
typo: adding missing word 'may' (#14503) 2022-05-20 08:41:51 -04:00
Andy Assareh d0fb5bd986
typo: embeds -> embedded (#15520) 2022-05-20 08:33:34 -04:00
claudex 226d7c4c59
Fix typo in documentation (#15530) 2022-05-20 08:22:57 -04:00
Loann Le 201ac71da6
Vault documentation: updated all references from Learn to Tutorial (#15514)
* updated learn to tutorial

* correct spelling
2022-05-19 18:04:46 -07:00
Alexander Scheel faea196991
Rebase #14178 / Add not_before_duration API parameter to Root/Intermediate CA generation (#15511)
* PKI - Add not_before_duration API parameter to:
  - Root CA generation
  - Intermediate CA generation
  - Intermediate CA signing

* Move not_before_duration to addCACommonFields

This gets applied on both root generation and intermediate signing,
which is the correct place to apply this.

Co-authored-by: guysv <sviryguy@gmail.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Resolves: #10631

Co-authored-by: guysv <sviryguy@gmail.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test case for root/generate, sign-intermediate

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update path role description

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add new not_before_duration to relevant docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: guysv <sviryguy@gmail.com>
2022-05-19 12:35:08 -04:00
Alexander Scheel f3d52108b4
Add more CA usage best practices (#15467)
* Add leaf not after best practice

Also suggest concrete recommendations for lifetimes of various issuers.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add advice to use a proper CA hierarchy

Also mention name constraints and HSM backing.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add section on safer usage of Roles

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial RBAC example for PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-19 11:43:38 -04:00
Alexander Scheel f31149089f
Update FIPS documentation to clarify mlock (#15502)
This clarifies a limitation of the FIPS based container images,
to note that due to OpenShift requirements, we need to suggest
ways of disabling mlock or allowing Vault to set mlock.
2022-05-19 09:31:47 -04:00
Robert c2f49204d9
Fix small typos, update docs terminology (#15504) 2022-05-18 17:23:46 -05:00
Loann Le 561d8d45f8
updated warning (#15459) 2022-05-18 08:26:25 -07:00
Steven Clark 7bc9cd2867
Protect against key and issuer name re-use (#15481)
* Protect against key and issuer name re-use
 - While importing keys and issuers verify that the provided name if any has not been used by another key that we did not match against.
 - Validate an assumption within the key import api, that we were provided a single key
 - Add additional tests on the new key generation and key import handlers.

* Protect key import api end-users from using "default" as a name
 - Do not allow end-users to provide the value of default as a name for key imports
   as that would lead to weird and wonderful behaviors to the end-user.

* Add missing api-docs for PKI key import
2022-05-18 10:31:39 -04:00
Tom Proctor 1bb40eee16
Update documentation for vault-helm v0.20.0 release (#15450) 2022-05-18 09:50:15 +01:00
Jason O'Donnell d450b7899f
docs: add note about requiring 3.6+ helm (#15480) 2022-05-17 17:02:26 -04:00
Hamid Ghaf 66c6de50a7
Username format login mfa (#15363)
* change username_template to username_format for login MFA

* fixing a test

* Update website/content/docs/auth/login-mfa/faq.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-05-17 16:31:50 -04:00
Alexander Scheel f6ac1be13a
Start documentation for FIPS variants of Vault Enterprise (#15475)
* Begin restructuring FIPS documentation

This creates a new FIPS category under Enterprise and copies the
FIPS-specific seal wrap documentation into it.

We leave the existing Seal Wrap page at the old path, but document that
the FIPS-specific portions of it have moved.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial FIPS 140-2 inside documentation

This documents the new FIPS 140-2 Inside binary and how to use and
validate it. This also documents which algorithms are certified for
use in the BoringCrypto distribution.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about FIPS algorithm restrictions

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-17 16:28:20 -04:00
Alexander Scheel a8c0efb487
Add documentation on rotation primitives (#15466)
* Begin PKI rotation primitive documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Finish importing rotation primitive docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update all titles consistently

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing links in rotation primitives doc

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add sections documenting execution in Vault

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* typo fixes

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-17 11:44:17 -04:00
Jason O'Donnell 9024b94731
docs: add note about upndomain for AD secret engine (#15445) 2022-05-17 11:42:16 -04:00
Austin Gebauer ec6e362d83
auth/oidc: adds documentation for JSON pointer user claim (#15454) 2022-05-16 15:31:02 -07:00