Jeff Mitchell
606ba64e23
Remove context-as-nonce, add docs, and properly support datakey
2016-08-07 15:53:40 -04:00
Jeff Mitchell
21e39bfea6
Remove erroneous information about some endpoints being root-protected
2016-08-04 16:08:54 -04:00
Cameron Stokes
0b60375952
~secret/aws: env variable and IAM role usage
2016-08-04 13:02:07 -07:00
Jeff Mitchell
1b0c9afc43
Update DB docs with new SQL specification options
2016-08-03 15:45:56 -04:00
vishalnayak
4f45910dfc
disallowed_policies doc update
2016-08-02 16:33:22 -04:00
Jeff Mitchell
b4386032db
Fix up some wording
2016-08-02 16:25:00 -04:00
vishalnayak
75c51378ce
Updated token auth docs with disallowed_policies
2016-08-02 15:33:03 -04:00
Jeff Mitchell
9902891c81
Alphabetize token store docs
2016-08-01 13:37:12 -04:00
Jeff Mitchell
357f2d972f
Add some extra safety checking in accessor listing and update website
...
docs.
2016-08-01 13:12:06 -04:00
Chris Hoffman
c1c35880da
Missing prefix on roles list
2016-07-29 11:31:26 -04:00
Jan Dudulski
1e46b1cef0
Update revoke-prefix path in doc
...
Minor update to make doc up to date with v0.6
2016-07-29 12:17:24 +02:00
Chris Hoffman
2930f2ca39
Preferred method is AppRole since AppId is now deprecated
2016-07-28 14:32:20 -04:00
Vishal Nayak
358b13d2b4
Merge pull request #1660 from TerryHowe/ansible-module-hashivault
...
Add note about Ansible module in docs
2016-07-27 13:56:41 -04:00
Adam Greene
da8ff50143
documentation cleanup
2016-07-27 10:43:59 -07:00
Terry Howe
da49a7993e
Add note about Ansible module in docs
2016-07-27 10:34:13 -06:00
vishalnayak
cc8a3a0141
Revert version in website
2016-07-27 10:56:11 -04:00
vishalnayak
019f79bbd2
Update version in website
2016-07-27 10:54:36 -04:00
Laura Bennett
4d9c909ae4
Merge pull request #1650 from hashicorp/request-uuid
...
Added unique identifier to each request. Closes hashicorp/vault#1617
2016-07-27 09:40:48 -04:00
Vishal Nayak
c7bcaa5bb6
Merge pull request #1655 from hashicorp/cluster-id
...
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
vishalnayak
669bbdfa48
Address review feedback from @jefferai
2016-07-26 14:05:27 -04:00
Jeff Mitchell
6e63af6ad0
Add deprecation notices for App ID
2016-07-26 10:08:46 -04:00
Jeff Mitchell
cdb0f78960
Add app-id deprecation to upgrade notes
2016-07-26 10:04:08 -04:00
vishalnayak
a6907769b0
AppRole authentication backend
2016-07-26 09:32:41 -04:00
Jeff Mitchell
3002799c26
Add upgrade notes for LDAP
2016-07-25 09:07:52 -04:00
Laura Bennett
483e796177
website update for request uuuid
2016-07-24 21:23:12 -04:00
Oren Shomron
cd6d114e42
LDAP Auth Backend Overhaul
...
--------------------------
Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.
Simplified group membership lookup significantly to support multiple use-cases:
* Enumerating groups via memberOf attribute on user object
* Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
* Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule
There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.
Additional changes:
* Clarify documentation for LDAP auth backend.
* Reworked how default values are set, added tests
* Removed Dial from LDAP config read. Network should not affect configuration.
2016-07-22 21:20:05 -04:00
Vishal Nayak
38d8ff33d5
Merge pull request #1647 from hashicorp/version-in-api
...
Add version information to health status
2016-07-22 18:34:33 -04:00
vishalnayak
a92da37351
Updated sys/health docs
2016-07-22 18:33:29 -04:00
matt maier
6519c224ac
Circonus integration for telemetry metrics
2016-07-22 15:49:23 -04:00
vishalnayak
765d131b47
Added service-tags config option to provide additional tags to registered service
2016-07-22 04:41:48 -04:00
Jeff Mitchell
3e7449164c
Update website text
2016-07-21 14:54:24 -04:00
Jeff Mitchell
6d41045b3b
Update website description
2016-07-21 14:32:23 -04:00
Laura Bennett
559b0a5006
Merge pull request #1635 from hashicorp/mysql-idle-conns
...
Added maximum idle connections to mysql to close hashicorp/vault#1616
2016-07-20 15:31:37 -04:00
Laura Bennett
422dcc8f25
minor formatting edits
2016-07-20 14:42:52 -04:00
Jeff Mitchell
f2b6569b0b
Merge pull request #1604 from memory/mysql-displayname-2
...
concat role name and token displayname to form mysql username
2016-07-20 14:02:17 -04:00
Nathan J. Mehl
ea294f1d27
use both role name and token display name to form mysql username
2016-07-20 10:17:00 -07:00
Laura Bennett
dba466f50e
update documentation for idle connections
2016-07-20 12:50:07 -04:00
Nathan J. Mehl
0483457ad2
respond to feedback from @vishalnayak
...
- split out usernameLength and displaynameLength truncation values,
as they are different things
- fetch username and displayname lengths from the role, not from
the request parameters
- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Jeff Mitchell
49194847da
Add mongodb to sidebar
2016-07-19 14:00:47 -04:00
Matt Hurne
11a3cb67d0
mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease
2016-07-19 12:46:54 -04:00
Matt Hurne
75a5fbd8fe
Merge branch 'master' into mongodb-secret-backend
2016-07-19 10:38:45 -04:00
Jeff Mitchell
04f0471a9f
Update documentation around dynamodb changes
2016-07-18 14:10:55 -04:00
Jeff Mitchell
c47fc73bd1
Use parsebool
2016-07-18 13:49:05 -04:00
Jeff Mitchell
a3ce0dcb0c
Turn off DynamoDB HA by default.
...
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
Jeff Mitchell
4c5ae34ebf
Merge pull request #1613 from skippy/update-aws-ec2-docs
...
[Docs] aws-ec2 -- note IAM action requirement
2016-07-18 10:40:38 -04:00
Jeff Mitchell
73923db995
Merge pull request #1589 from skippy/patch-2
...
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
2016-07-18 10:02:35 -04:00
Adam Greene
8f6b97f4e4
[Docs] aws-ec2 -- note IAM action requirement
2016-07-13 15:52:47 -07:00
Adam Greene
d6f5c5f491
english tweaks
2016-07-13 15:11:01 -07:00
vishalnayak
407722a9b4
Added tls_min_version to consul storage backend
2016-07-12 20:10:54 -04:00
Nathan J. Mehl
314a5ecec0
allow overriding the default truncation length for mysql usernames
...
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
Jeff Mitchell
a6682405a3
Migrate number of retries down by one to have it be max retries, not tries
2016-07-11 21:57:14 +00:00
Jeff Mitchell
57cdb58374
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages
2016-07-11 21:37:46 +00:00
Matt Hurne
8232de5095
Merge branch 'master' into mongodb-secret-backend
2016-07-09 21:14:21 -04:00
Jeff Mitchell
4aa557ffa6
Add documentation of retry env vars
2016-07-08 10:41:11 -04:00
Matt Hurne
253d4e86fc
Merge branch 'master' into mongodb-secret-backend
2016-07-08 08:32:03 -04:00
Jeff Mitchell
cf42b28487
Some policy concept page clarifications
2016-07-08 05:05:46 +00:00
Matt Hurne
8d5a7992c1
mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages
2016-07-07 23:09:45 -04:00
Matt Hurne
a5f5b26e4b
Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required
2016-07-07 22:34:00 -04:00
Matt Hurne
b1dd5bf449
mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON
2016-07-07 22:31:35 -04:00
Matt Hurne
da0bd77dc4
Merge branch 'master' into mongodb-secret-backend
2016-07-07 21:24:40 -04:00
Eric Herot
cbc76c357e
Pretty sure the method to delete a token role is not GET
2016-07-07 13:54:20 -04:00
Jeff Mitchell
4a597c3a7a
Fix upgrade to 0.6 docs
2016-07-06 19:00:23 -04:00
Jeff Mitchell
a6d3210163
Merge pull request #1590 from skippy/patch-3
...
Update aws-ec2.html.md -- clarify pkcs7 cert cleanup before use
2016-07-06 21:31:12 +02:00
Brian Shumate
07dd449e9e
Minor grammar edit
2016-07-06 10:02:52 -04:00
Jeff Mitchell
2c0e677fe5
Fix website upgrade menu for 0.6.0
2016-07-06 09:28:21 -04:00
Stig Lindqvist
71b481ba40
Correcting grammar
2016-07-06 17:57:22 +12:00
Adam Greene
2405b7f078
Update aws-ec2.html.md
...
per #1582 , updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
2016-07-05 13:21:56 -07:00
Adam Greene
5ef359ff6c
Update aws-ec2.html.md
...
clarify, and make more explicit, the language around the default AWS public certificate
2016-07-05 13:14:29 -07:00
Matt Hurne
cf17deb33b
mongodb secret backend: Update documentation
2016-07-05 09:50:23 -04:00
Matt Hurne
292c2fad69
Merge branch 'master' into mongodb-secret-backend
2016-07-01 20:39:13 -04:00
Mark Paluch
ab63c938c4
Address review feedback.
...
Switch ConnectTimeout to framework.TypeDurationSecond with a default of 5. Remove own parsing code.
2016-07-01 22:26:08 +02:00
Mark Paluch
3859f7938a
Support connect_timeout for Cassandra and align timeout.
...
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration. Also align the timeout to 5 seconds which is the default for the Python and Java drivers.
Fixes #1538
2016-07-01 21:22:37 +02:00
Matt Hurne
561e67ade8
Merge branch 'master' into mongodb-secret-backend
2016-06-30 20:23:16 -04:00
Tim Schindler
24c6a605ea
added documentation about ETCD_ADDR env var to etcd backend documentation
2016-06-30 18:46:40 +00:00
Matt Hurne
350b69670c
Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl'
2016-06-30 09:57:43 -04:00
Matt Hurne
5e8c912048
Add mongodb secret backend
2016-06-29 08:33:06 -04:00
Jeff Mitchell
07f53eebc2
Update PKI docs with key_usge info
2016-06-23 11:07:17 -04:00
Cameron Stokes
92f49578e1
Minor typo - that->than.
2016-06-22 11:28:31 -07:00
Jason Antman
d8242d04d2
clarify some aspects of GPG key usage
2016-06-22 10:26:06 -04:00
Brian Shumate
e34146d9d8
Update deploy.html.md
...
Corrected link to Using PGP, GPG, and Keybase
2016-06-21 12:14:58 -04:00
Vishal Nayak
78d4d5c8c3
Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2
...
Added bound_account_id to aws-ec2 auth backend
2016-06-21 10:03:20 -04:00
Vishal Nayak
d4d47ce5e3
Merge pull request #1531 from hashicorp/auth-mount-tune-params
...
Auth tune endpoints and config settings output from CLI
2016-06-20 20:24:47 -04:00
vishalnayak
8b490e44a1
Added list functionality to logical aws backend's roles
2016-06-20 19:51:04 -04:00
Jeff Mitchell
2e7704ea7e
Add convergent encryption option to transit.
...
Fixes #1537
2016-06-20 13:17:48 -04:00
Mark Paluch
ea4c58f17b
Fix RabbitMQ documentation
...
Change parameter `uri` to `connection_uri` in code example.
2016-06-19 17:45:30 +02:00
vishalnayak
d0a142c75a
Merge branch 'master-oss' into bind-account-id-aws-ec2
...
Conflicts:
website/source/docs/auth/aws-ec2.html.md
2016-06-17 12:41:21 -04:00
vishalnayak
848b479a61
Added 'sys/auth/<path>/tune' endpoints.
...
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
Martin Forssen
f8558ca1f2
Fixed a number of spelling errors in aws-ec2.html.md
2016-06-15 13:32:36 +02:00
vishalnayak
8e03c1448b
Merge branch 'master-oss' into bind-account-id-aws-ec2
...
Conflicts:
builtin/credential/aws-ec2/backend_test.go
builtin/credential/aws-ec2/path_login.go
builtin/credential/aws-ec2/path_role.go
2016-06-14 14:46:08 -04:00
Vishal Nayak
bf2cab6cd3
Merge pull request #1522 from ifuyivara/master
...
Adding IAM Role ARN as a constraint for EC2 authentication
2016-06-14 14:20:24 -04:00
Ivan Fuyivara
0ffbef0ccd
added tests, nil validations and doccumentation
2016-06-14 16:58:50 +00:00
Anthony Nguyen
d55d775c76
Move favicon into assets directory
...
Fixes #1507
2016-06-14 12:38:27 -04:00
vishalnayak
26f7fcf6a1
Added bound_account_id to aws-ec2 auth backend
2016-06-14 11:58:19 -04:00
vishalnayak
4a078f8726
RabbitMQ docs++
2016-06-14 10:22:30 -04:00
Jeff Mitchell
8fc2f5ccf1
Bump version and remove --all behavior from dist script
2016-06-14 13:25:44 +00:00
Jeff Mitchell
04a03bcb54
Add updated wrapping information
2016-06-14 05:59:50 +00:00
Jon Benson
7883e98eb8
Update aws-ec2.html.md
2016-06-09 23:08:08 -07:00
vishalnayak
c6a27f2fa8
s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN
2016-06-09 14:00:56 -04:00
vishalnayak
308294db46
Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token
2016-06-09 13:45:56 -04:00
Jeff Mitchell
41decb2e16
update sys-health docs with HEAD info
2016-06-09 12:30:23 -04:00
Jeff Mitchell
351f536913
Don't check parsability of a ttl
key on write.
...
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.
The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.
Fixes #1505
2016-06-08 20:14:36 -04:00
Jeff Mitchell
2b4b6559e3
Merge pull request #1504 from hashicorp/token-store-roles-renewability
...
Add renewable flag to token store roles
2016-06-08 15:56:54 -04:00
Laura Bennett
5ccb4fe907
Merge pull request #1498 from hashicorp/pki-list
...
PKI List Functionality
2016-06-08 15:42:50 -04:00
Jeff Mitchell
cf8f38bd4c
Add renewable flag to token store roles
2016-06-08 15:17:22 -04:00
Laura Bennett
fc8c73584b
url fix
2016-06-08 14:53:33 -04:00
Jeff Mitchell
65d8973864
Add explicit max TTL capability to token creation API
2016-06-08 14:49:48 -04:00
Laura Bennett
08cd10d541
Updates for pki/certs list functionality
2016-06-08 14:37:57 -04:00
Jeff Mitchell
b8c30aea18
Merge pull request #1502 from hashicorp/pr-1425
...
Staging area for me to fix up PR 1425
2016-06-08 12:31:31 -04:00
Jeff Mitchell
29ee2666e7
Update docs
2016-06-08 12:23:04 -04:00
Jeff Mitchell
3cce72b10d
Update docs with max_parallel
2016-06-08 12:22:18 -04:00
Jeff Mitchell
72a25d018c
Add permit pool and cleanhttp support to Swift
2016-06-08 12:20:21 -04:00
Jeff Mitchell
da6371ffc3
Merge remote-tracking branch 'origin/master' into pr-1425
2016-06-08 12:10:29 -04:00
Vishal Nayak
ab543414f6
Merge pull request #788 from doubledutch/master
...
RabbitMQ Secret Backend
2016-06-08 10:02:24 -04:00
Jeff Mitchell
7308031e4d
Add more entries to the 0.6 upgrade notes
2016-06-06 16:04:02 -04:00
Vinay Hiremath
584c2b9c10
Small grammatical error
...
"invaliding" => "invalidating"
2016-06-03 11:07:54 -07:00
Jeff Mitchell
33764e85b1
Merge pull request #1324 from hashicorp/sethvargo/doc_gpg
...
Add a page for step-by-step gpg/keybase
2016-06-03 13:24:57 -04:00
Jeff Mitchell
a147c3346c
Make some updates to PGP documentation
2016-06-03 13:23:20 -04:00
Jeff Mitchell
07193b519d
Add announcment list to community page
2016-06-01 22:06:21 -04:00
vishalnayak
315f9c868c
Provide option to disable host key checking
2016-06-01 11:08:24 -04:00
vishalnayak
dbee3cd81b
Address review feedback
2016-06-01 10:36:58 -04:00
vishalnayak
5c25265fce
rename aws.html.md as aws-ec2.html.md
2016-05-30 14:11:15 -04:00
vishalnayak
a072f2807d
Rename aws as aws-ec2
2016-05-30 14:11:15 -04:00
vishalnayak
30fa7f304b
Allow * to be set for allowed_users
2016-05-30 03:12:43 -04:00
vishalnayak
971b2cb7b7
Do not allow any username to login if allowed_users is not set
2016-05-30 03:01:47 -04:00
Sami Rageb
2dba9b180b
Fixed & clarified grammar around HCL & JSON
...
- Fixed the statement that HCL is JSON compatible, it's vice versa
- Added that HCL is a superset of JSON to eliminate any lingering confusion
2016-05-26 20:14:59 -05:00
Jeff Mitchell
81e14262cd
Remove reference to cookies altogether
...
Fixes #1437
2016-05-26 09:29:41 -04:00
vishalnayak
21605ee9d8
Typo fix: s/Vault/Consul
2016-05-24 18:22:20 -04:00
Seth Vargo
b1959e1f26
Use updated architecture diagram
...
As much as we love @armon's omnigraffle, this new diagram better matches
the Vault branding 😄 .
2016-05-23 20:10:51 -04:00
Kevin Pike
111ef09a18
Update rabbitmq lease docs
2016-05-20 23:28:41 -07:00
Jeff Mitchell
caf77109ba
Add cubbyhole wrapping documentation
2016-05-19 13:33:51 -04:00
Jeff Mitchell
a13807e759
Merge pull request #1318 from steve-jansen/aws-logical-assume-role
...
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
Francis Chuang
ae1d5a8fea
Minor grammar fix.
2016-05-19 17:01:30 +10:00
Stuart Glenn
b75eed61ed
Add documentation on Swift backend configuration
2016-05-16 17:29:40 -05:00
Seth Vargo
888527f9d4
Add note about paid training
2016-05-16 16:45:02 -04:00
Jeff Mitchell
60975bf76e
Revert "Remove a few assumptions regarding bash(1) being located in /bin."
2016-05-15 15:22:21 -04:00
Sean Chittenden
f91114fef5
Remove a few assumptions regarding bash(1) being located in /bin.
...
Use sh(1) where appropriate.
2016-05-15 11:41:14 -07:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Vishal Nayak
53fc941761
Merge pull request #1300 from hashicorp/aws-auth-backend
...
AWS EC2 instances authentication backend
2016-05-14 19:42:03 -04:00
vishalnayak
4122ed860b
Rename 'role_name' to 'role'
2016-05-13 14:31:13 -04:00
Jeff Mitchell
b850f876a7
Merge pull request #1407 from z00m1n/patch-1
...
fix PostgreSQL sample code
2016-05-12 17:07:48 -07:00
cmclaughlin
cdf715b94a
Document configuring listener to use a CA cert
2016-05-12 15:34:47 -07:00
Steven Samuel Cole
e3bb3a4efb
fix PostgreSQL sample code
...
The current sample configuration line fails with `Error initializing backend of type postgresql: failed to check for native upsert: pq: unsupported sslmode "disabled"; only "require" (default), "verify-full", "verify-ca", and "disable" supported`.
2016-05-12 23:22:41 +02:00
vishalnayak
7e8a2d55d0
Update docs and path names to the new patterns
2016-05-12 11:45:10 -04:00
Jeff Mitchell
aecc3ad824
Add explicit maximum TTLs to token store roles.
2016-05-11 16:51:18 -04:00
vishalnayak
ddcaf26396
Merge branch 'master-oss' into aws-auth-backend
2016-05-10 14:50:00 -04:00
Jeff Mitchell
d899f9d411
Don't revoke CA certificates with leases.
2016-05-09 19:53:28 -04:00
Jeff Mitchell
d77563994c
Merge pull request #1346 from hashicorp/disable-all-caches
...
Disable all caches
2016-05-07 16:33:45 -04:00
Steve Jansen
597d59962c
Adds sts:AssumeRole support to the AWS secret backend
...
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens. For example, STS federated tokens cannot
invoke IAM APIs, such as Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Jeff Mitchell
3e71221839
Merge remote-tracking branch 'origin/master' into aws-auth-backend
2016-05-05 10:04:52 -04:00
Chris Jansen
ea21dec7b4
Add scala vault library to list of client libs
2016-05-04 18:04:28 +01:00