Jeff Mitchell
5f5542cb91
Return status for rekey/root generation at init time. This mitigates a
...
(very unlikely) potential timing attack between init-ing and fetching
status.
Fixes #1054
2016-02-12 14:24:36 -05:00
Jeff Mitchell
ba71ff7b0c
Update documentation for status command to reflect new return codes
2016-02-08 11:36:08 -05:00
Jeff Mitchell
da2360c7f4
On the CLI, ensure listing ends with /.
2016-02-03 21:08:46 -05:00
Jeff Mitchell
38c51f9412
Fix build tag
2016-02-03 08:41:31 -05:00
Jeff Mitchell
7e0d4bef3e
Add test for HA availability to command/server
2016-02-02 17:47:02 -05:00
Jeff Mitchell
a2bb51e7de
remove unneeded assignment
2016-02-02 15:11:35 -05:00
Jeff Mitchell
a5bf677bb3
Ensure that we fall back to Backend if HABackend is not specified.
2016-02-02 15:09:58 -05:00
Jeff Mitchell
cb046c4ce2
Fix command status test with new return value
2016-01-29 19:31:01 -05:00
Jeff Mitchell
2712a10750
Return 2 for sealed instead of 1 to match the new init -check behavior
2016-01-29 10:55:31 -05:00
Jeff Mitchell
7cf93c0e37
Don't return 1 when flags don't parse for status command, as all other errors return 2; 1 is for when the vault is sealed
2016-01-29 10:53:56 -05:00
James Tancock
5d7537ff85
Docs typo in server command
2016-01-28 08:26:49 +00:00
Jeff Mitchell
3b7a533b5a
Fix test on 1.6 by comparing to nil instead of a nil-defined map
2016-01-22 21:26:06 -05:00
Jeff Mitchell
d95adc731a
Add -check flag to init.
...
Fixes #949
2016-01-22 13:06:40 -05:00
Jeff Mitchell
be1b4c8a46
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-22 10:07:32 -05:00
Jeff Mitchell
e412ac8461
Remove bare option, prevent writes ending in slash, and return an exact file match as "."
2016-01-22 10:07:32 -05:00
Jeff Mitchell
455931873a
Address some review feedback
2016-01-22 10:07:32 -05:00
Jeff Mitchell
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
Jeff Mitchell
10c307763e
Add list capability, which will work with the generic and cubbyhole
...
backends for the moment. This is pretty simple; it just adds the actual
capability to make a list call into both the CLI and the HTTP handler.
The real meat was already in those backends.
2016-01-22 10:07:32 -05:00
Jeff Mitchell
9adfdfd6e7
Add -decode flag verification
2016-01-21 12:18:57 -05:00
Jeff Mitchell
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
Jeff Mitchell
3b100c5965
Address most of the review feedback
2016-01-19 18:28:10 -05:00
Jeff Mitchell
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
Jeff Mitchell
630b2d83a7
Allow ASCII-armored PGP pub keys to be passed into -pgp-keys.
...
Fixes #940
2016-01-18 17:01:52 -05:00
Jeff Mitchell
8cb23835d7
Fix read panic when an empty argument is given.
...
Fixes #923
2016-01-12 08:46:49 -05:00
Jeff Mitchell
a2bd31d493
Fix up PGP tests from earlier code fixes
2016-01-08 22:21:41 -05:00
Jeff Mitchell
676008b2c5
Lotsa warnings if you choose not to be safe
2016-01-08 17:35:07 -05:00
Jeff Mitchell
26e1837a82
Some minor rekey backup fixes
2016-01-08 14:09:40 -05:00
Jeff Mitchell
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
Jeff Mitchell
80866d036d
update init/rekey documentation around keybase entries
2016-01-04 14:17:51 -05:00
Jeff Mitchell
5ef7efffe3
Disable cmd/server tests for now so we can get Travis back on track
2015-12-31 08:48:53 -05:00
Jeff Mitchell
c642feebe2
Remove some outdated comments
2015-12-30 21:00:27 -05:00
Jeff Mitchell
0509ad9c29
Use RenewSelf instead of Renew if the token we're renewing is the same as the client
2015-12-30 14:41:50 -05:00
Nicki Watt
442d538deb
Make token-lookup functionality available via Vault CLI
2015-12-29 20:18:59 +00:00
Jeff Mitchell
fefa696a33
Merge pull request #886 from ooesili/ssh-error-fetching-username
...
Stop panic when vault ssh username fetching fails
2015-12-29 12:17:51 -06:00
Jeff Mitchell
fa1676882f
Merge pull request #853 from hashicorp/issue-850
...
Make TokenHelper an interface and split exisiting functionality
2015-12-29 12:01:49 -06:00
Jeff Mitchell
6cdb8aeb4f
Merge branch 'master' into f-disable-tls
2015-12-29 12:59:02 -05:00
Nicki Watt
eb4aaad082
Using LookupSelf() API method instead of raw HTTP call for auth command
2015-12-28 01:38:00 +00:00
Wesley Merkel
5a368fa9de
Stop panic when vault ssh username fetching fails
2015-12-26 15:09:07 -07:00
Wim
e8e492f574
Fix ipv6 address advertisement
2015-12-22 21:40:36 +01:00
Jeff Mitchell
1a324cf347
Make TokenHelper an interface and split exisiting functionality
...
Functionality is split into ExternalTokenHelper, which is used if a path
is given in a configuration file, and InternalTokenHelper which is used
otherwise. The internal helper no longer shells out to the same Vault
binary, instead performing the same actions with internal code. This
avoids problems using dev mode when there are spaces in paths or when
the binary is built in a container without a shell.
Fixes #850 among others
2015-12-22 10:23:30 -05:00
Jeff Mitchell
5017907785
Move telemetry metrics up to fix one possible race, but deeper problems in go-metrics can't be solved with this
2015-12-17 16:38:17 -05:00
Jeff Mitchell
db7a2083bf
Allow setting the advertise address via an environment variable.
...
Fixes #581
2015-12-14 21:22:55 -05:00
Jeff Mitchell
1e653442cd
Ensure advertise address detection runs without a specified HA backend
...
Ping #840
2015-12-14 21:13:27 -05:00
Jeff Mitchell
521ea42f6b
Merge pull request #840 from hashicorp/issue-395
...
Allow separate HA physical backend.
2015-12-14 20:56:47 -05:00
Jeff Mitchell
7ce8aff906
Address review feedback
2015-12-14 17:58:30 -05:00
Mathias Lafeldt
b00b476c7a
Show error if output format is invalid
...
Rather than silently using table as a fallback.
2015-12-14 17:14:22 +01:00
Jeff Mitchell
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
Jeff Mitchell
e941f699d3
Merge pull request #832 from mlafeldt/yaml-ouput
...
Allow to output secrets in YAML format
2015-12-11 12:04:41 -05:00
Mathias Lafeldt
61d4ef70f4
Allow to output secrets in YAML format
...
This can be done with https://github.com/ghodss/yaml , which reuses
existing JSON struct tags for YAML.
2015-12-10 11:32:31 +01:00
Mathias Lafeldt
607d12174d
Output secrets sorted by key
...
Instead of printing them in random order each time `vault read` is invoked.
2015-12-10 10:08:23 +01:00
Armon Dadgar
985717b428
server: sanity check value for 'tls_disable'
2015-11-25 11:37:57 -08:00
Jeff Mitchell
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell
5d5d58ffe4
Fix unmount help output
2015-11-09 15:23:49 -05:00
Jeff Mitchell
75f1c1e40c
Print version on startup.
...
Fixes #765
2015-11-09 13:52:55 -05:00
Jeff Mitchell
32e23bea71
Move environment variable reading logic to API.
...
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.
Fixes #618
2015-11-04 10:28:00 -05:00
Jeff Mitchell
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
Jeff Mitchell
7b25204a19
Fix cache disabling
2015-10-28 13:05:56 -04:00
voutasaurus
1da78942e8
Modifies documentation in output of vault server -dev
...
Environment variable setting is different in windows
2015-10-22 00:48:46 -07:00
Jeff Mitchell
cba4e82682
Don't use http.DefaultClient
...
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.
Fixes #700 , I believe.
2015-10-15 17:54:00 -04:00
Jeff Mitchell
9f0b1547bb
Allow disabling the physical storage cache with 'disable_cache'.
...
Fixes #674 .
2015-10-12 13:00:32 -04:00
Jeff Mitchell
b8455be005
Support and use TTL instead of lease for token creation
2015-10-09 19:52:13 -04:00
Jeff Mitchell
ee92124357
Fix output of token-create help to use ttl instead of lease
2015-10-09 19:40:30 -04:00
Jeff Mitchell
aa3055f816
Fix mount-tune CLI output
2015-10-09 16:03:31 -04:00
Jeff Mitchell
d39580b38c
Update CLI help text for init/rekey regarding base64-encoded keys
2015-10-08 11:09:30 -04:00
Jeff Mitchell
4e0a6c5e5f
Adjust warnings message to make it clear they are from the server
2015-10-07 16:18:39 -04:00
Jeff Mitchell
d740fd4a6a
Add the ability for warnings to be added to responses. These are
...
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.
Fixes #676
2015-10-07 16:18:39 -04:00
vishalnayak
145aee229e
Merge branch 'master' of https://github.com/hashicorp/vault
2015-10-03 00:07:34 -04:00
Jeff Mitchell
645932a0df
Remove use of os/user as it cannot be run with CGO disabled
2015-10-02 18:43:38 -07:00
vishalnayak
c7fd639b2e
Remove format parameter
2015-10-02 14:10:24 -04:00
vishalnayak
3dd84446ab
Github backend: enable auth renewals
2015-10-02 13:33:19 -04:00
Jeff Mitchell
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
Jeff Mitchell
81e535dc2d
Minor updates to passthrough and additional tests
2015-09-21 16:57:41 -04:00
Jeff Mitchell
e7dfb4f943
Use 'ttl_seconds' in CLI output so as not to shadow actual 'ttl' parameter
2015-09-21 16:37:37 -04:00
Jeff Mitchell
425e286f90
If there's no lease, output ttl instead of lease_duration
2015-09-21 16:37:37 -04:00
Jeff Mitchell
15e1a2281d
If lease_duration is not zero, output it even if there is no lease.
2015-09-21 16:37:37 -04:00
Jeff Mitchell
9c5dcac90c
Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527
2015-09-18 14:01:28 -04:00
vishalnayak
fdf05e8ead
Adding type checking to ensure only BasicUi is affected
2015-09-17 11:37:21 -04:00
vishalnayak
e885dff580
CLI: Avoiding CR when printing specific fields
2015-09-17 10:05:56 -04:00
hendrenj
0532682816
improve documentation for available log levels
2015-09-16 11:01:33 -06:00
vishalnayak
c5a3b0c681
Typo fix
2015-09-11 21:36:20 -04:00
vishalnayak
142cb563a6
Improve documentation of token renewal
2015-09-11 21:08:32 -04:00
Jeff Mitchell
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
971e4144ec
Fix typo
2015-09-10 15:09:54 -04:00
Jeff Mitchell
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
Jeff Mitchell
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
696d0c7b1d
Plumb per-mount config options through API
2015-09-10 15:09:53 -04:00
vishalnayak
5063a0608b
Vault SSH: Default CIDR for roles
2015-08-27 13:04:15 -04:00
Jeff Mitchell
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
Jeff Mitchell
8669a87fdd
When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes.
2015-08-26 07:59:50 -07:00
Jeff Mitchell
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
Jeff Mitchell
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
Jeff Mitchell
f57e7892e7
Don't store the given public keys in the seal config
2015-08-25 14:52:13 -07:00
Jeff Mitchell
a7316f2e24
Handle people specifying PGP key files with @ in front
2015-08-25 14:52:13 -07:00
Jeff Mitchell
2f3e245b0b
Add support for "pgp-tokens" parameters to init.
...
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
Jeff Mitchell
a8ef0e8a80
Remove cookie authentication.
2015-08-21 19:46:23 -07:00
vishalnayak
1f5062a6e1
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-19 12:16:37 -07:00
Jeff Mitchell
fe8c1c514d
Add -no-verify option to CLI auth command, to avoid decrementing the token use count during auth.
2015-08-18 19:22:17 -07:00
vishalnayak
251cd997ad
Vault SSH: TLS client creation test
2015-08-18 19:00:27 -07:00
vishalnayak
9324db7979
Vault SSH: verify echo test
2015-08-18 16:48:50 -07:00
vishalnayak
1f402fb42e
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-17 18:22:13 -07:00
vishalnayak
b91ebbc6e2
Vault SSH: Documentation update and minor refactoring changes.
2015-08-17 18:22:03 -07:00
Armon Dadgar
7c12aaa24b
command: Fixing setup of client certificates
2015-08-17 12:18:14 -07:00
vishalnayak
9db318fc55
Vault SSH: Website page for SSH backend
2015-08-14 12:41:26 -07:00
vishalnayak
7f9babed2a
Vault SSH: CLI embellishments
2015-08-13 16:55:47 -07:00
vishalnayak
e782717ba8
Vault SSH: Renamed path with mountPoint
2015-08-12 10:30:50 -07:00
vishalnayak
33d7ef71b9
Vault SSH: Fixed constructor of SSH api
2015-08-12 09:56:17 -07:00
vishalnayak
93dfa67039
Merging changes from master
2015-08-12 09:28:16 -07:00
Michael S. Fischer
2b4c6ab0e2
command/meta.go: document environment variables
...
Document the environment variables which, if set, can provide default
values for configuration options.
Fixes #476
2015-08-07 15:13:30 -07:00
Matt Button
9f363913e9
Allow the vault token-create
command to specify the token's id
2015-08-07 08:45:34 +00:00
vishalnayak
e5080a7f32
Merging with master
2015-08-06 18:44:40 -04:00
vishalnayak
32502977f6
Vault SSH: Automate OTP typing if sshpass is installed
2015-08-06 17:00:50 -04:00
vishalnayak
0af97b8291
Vault SSH: uninstall dynamic keys using script
2015-08-06 15:50:12 -04:00
vishalnayak
c7ef0b95c2
Vault SSH: CRUD test case for OTP Role
2015-07-31 13:24:23 -04:00
Karl Gutwin
4bad987e58
PR review updates
2015-07-30 13:21:41 -04:00
Karl Gutwin
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
vishalnayak
61c9f884a4
Vault SSH: Review Rework
2015-07-29 14:21:36 -04:00
Vishal Nayak
4b4df4271d
Vault SSH: Refactoring
2015-07-27 16:42:03 -04:00
Vishal Nayak
e9f507caf0
Vault SSH: Refactoring
2015-07-27 13:02:31 -04:00
Vishal Nayak
b532ee0bf4
Vault SSH: Dynamic Key test case fix
2015-07-24 12:13:26 -04:00
Vishal Nayak
e998face87
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-07-23 17:20:34 -04:00
Vishal Nayak
791a250732
Vault SSH: Support OTP key type from CLI
2015-07-23 17:20:28 -04:00
Armon Dadgar
ae28087f67
server: import sha512. Fixes #448
2015-07-23 13:51:45 -07:00
Karl Gutwin
1096f5a53e
Avoid unnecessary abbreviation
2015-07-22 23:28:46 -04:00
Karl Gutwin
2e81d9047d
Allow specifying a TLS minimum version
2015-07-22 23:19:41 -04:00
Nate Brown
dec99f2bf6
Git ignore getting in the way
2015-07-14 15:57:06 -07:00
Nate Brown
5804c4a872
Fix travis build
2015-07-14 15:50:29 -07:00
Nate Brown
0ec0b41aa3
Telemetry object in config
2015-07-14 15:36:28 -07:00
Nate Brown
d2c048d870
Disable hostname prefix for runtime telemetry
2015-07-13 13:17:57 -07:00
Vishal Nayak
ed258f80c6
Vault SSH: Refactoring and fixes
2015-07-10 18:44:31 -06:00
Vishal Nayak
ef11dd99f7
Vault SSH: Added comments to ssh_test
2015-07-10 16:59:32 -06:00
Vishal Nayak
89a0e37a89
Vault SSH: Backend and CLI testing
2015-07-10 16:18:02 -06:00
Vishal Nayak
3c7dd8611c
Vault SSH: Test case skeleton
2015-07-10 09:56:14 -06:00
Vishal Nayak
73414154f8
Vault SSH: Made port number configurable
2015-07-06 16:56:45 -04:00
Vishal Nayak
170dae7f91
Vault SSH: Revoking key after SSH session from CLI
2015-07-06 11:05:02 -04:00
Vishal Nayak
425b69be32
Vault SSH: PR review rework: Formatting/Refactoring
2015-07-02 19:52:47 -04:00
Vishal Nayak
a1e2705173
Vault SSH: PR review rework
2015-07-02 17:23:09 -04:00
Vishal Nayak
bb16052141
Vault SSH: replaced concatenated strings by fmt.Sprintf
2015-07-01 20:35:11 -04:00
Vishal Nayak
d691a95531
Vault SSH: PR review rework - 1
2015-07-01 11:58:49 -04:00
Vishal Nayak
8627f3c360
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-06-30 18:33:37 -04:00
Vishal Nayak
5e5e6788be
Input validations, help strings, default_user support
2015-06-30 18:33:17 -04:00
Armon Dadgar
e025c33ab9
command: source general options docs from common source
2015-06-30 12:01:23 -07:00
Karl Gutwin
c12734b27c
CLI docs
2015-06-30 09:04:57 -04:00
Karl Gutwin
0062d923cc
Better error messages.
2015-06-30 08:59:38 -04:00
Vishal Nayak
91ed2dcdc2
Refactoring changes
2015-06-29 22:00:08 -04:00
Karl Gutwin
24d0af39b4
Initial sketch for client TLS auth
2015-06-29 15:33:16 -04:00
Vishal Nayak
29696d4b6b
Creating SSH keys and removal of files in pure 'go'
2015-06-26 15:43:27 -04:00
Vishal Nayak
8c15e2313b
ssh/lookup implementation and refactoring
2015-06-25 21:47:32 -04:00
Vishal Nayak
b237a3bcc2
POC: Rework. Doing away with policy file.
2015-06-24 18:13:12 -04:00
Vishal Nayak
f8d164f477
SSHs to multiple users by registering the respective host keys
2015-06-19 12:59:36 -04:00
Vishal Nayak
90605c6079
merging with master
2015-06-18 20:51:11 -04:00
Vishal Nayak
8d98968a54
Roles, key renewal handled. End-to-end basic flow working.
2015-06-18 20:48:41 -04:00
Armon Dadgar
9772a72772
command/read: Ensure only a single argument. Fixes #304
2015-06-18 16:00:41 -07:00
Armon Dadgar
c54868120a
command/path-help: rename command, better error if sealed. Fixes #234
2015-06-18 15:56:42 -07:00
Armon Dadgar
3533d87746
command/write: adding force flag for when no data fields are necessary. Fixes #357
2015-06-18 13:51:06 -07:00
Armon Dadgar
7394c7bd8d
command/server: fixing output weirdness
2015-06-18 13:48:18 -07:00
Armon Dadgar
7bd1e7d826
command/auth: warn earlier about VAULT_TOKEN
2015-06-18 13:48:04 -07:00
Armon Dadgar
28f18119e0
command/auth: warn about the VAULT_TOKEN env var. Fixes #195
2015-06-17 19:19:02 -07:00
Vishal Nayak
2aed5f8798
Implementation for storing and deleting the host information in Vault
2015-06-17 22:10:47 -04:00
Armon Dadgar
3a2adcb3b8
cmomand/read: strip path prefix if necessary. Fixes #343
2015-06-17 18:33:15 -07:00
Armon Dadgar
6bc2b06de4
server: graceful shutdown for fast failover. Fixes #308
2015-06-17 18:24:56 -07:00
Vishal Nayak
cfef144dc2
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-06-17 20:34:56 -04:00
Vishal Nayak
303a7cef9a
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH.
2015-06-17 20:33:03 -04:00
Armon Dadgar
1f963ec1bb
command/token-create: provide more useful output. Fixes #337
2015-06-17 16:59:50 -07:00
Vishal Nayak
3ed73d98c2
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect
2015-06-17 12:39:49 -04:00
Mitchell Hashimoto
0ecf05c043
command/auth, github: improve cli docs
...
/cc @sethvargo
2015-06-16 10:05:11 -07:00
Seth Vargo
3a0e19cb4e
Merge pull request #270 from sheldonh/no_export_vault_token
...
Don't recommend exporting VAULT_TOKEN
2015-06-01 11:52:40 -04:00
Armon Dadgar
d605a437b6
Merge pull request #278 from Zhann/feature/add_dev_to_server_options_help
...
Add help info for -dev flag
2015-06-01 13:08:50 +02:00
Armon Dadgar
607fc295e5
command/rekey: use same language in rekey as init
2015-06-01 13:08:20 +02:00
Armon Dadgar
fbc51109cc
Merge pull request #273 from hashicorp/unseal-keys-notice
...
Change phrasing for unseal key notification
2015-06-01 13:06:52 +02:00
Steven De Coeyer
8155b3927e
Add help info for -dev flag
2015-05-31 18:05:15 +02:00
Chris Bednarski
4e79210934
Updated phrasing to note restarts, stop, and other sealing scenarios
2015-05-28 17:07:38 -07:00
Chris Bednarski
528d0c6e28
Changed phrasing for unseal key notification
2015-05-28 17:02:09 -07:00
Armon Dadgar
7f26f5a4cb
command/rekey: adding tests
2015-05-28 15:22:42 -07:00
Armon Dadgar
9a162191cd
command/rekey: first pass at rekey
2015-05-28 15:08:09 -07:00
Armon Dadgar
42b91fe411
command/rotate: Adding new rotate command
2015-05-28 10:16:33 -07:00
Sheldon Hearn
6cda28f9e7
Don't recommend exporting VAULT_TOKEN
...
It's not needed by the dev server (which writes ~/.vault-token),
and breaks the Getting Started guide (e.g. #267 ).
2015-05-28 14:39:35 +02:00
Armon Dadgar
388022bac1
command/key-status: Adding new key-status command
2015-05-27 18:17:02 -07:00
Armon Dadgar
11b6abe886
Merge pull request #251 from DavidWittman/auth-prompt-without-args
...
Prompt for auth token when no args provided
2015-05-27 11:24:33 -07:00
David Wittman
5df1d725aa
Add test for stdin input
...
Shamelessly borrowed this pattern from write_test.go
2015-05-23 13:23:38 -05:00
David Wittman
1411749222
Read from stdin with auth command
2015-05-23 13:23:37 -05:00
Ian Unruh
48778c5260
Add ability to read raw field from secret
2015-05-22 11:28:23 -07:00
Armon Dadgar
3713ef9fb7
command/renew: typo fix. Fixes #240
2015-05-21 11:03:25 -07:00
David Wittman
fb898ecc1b
Prompt for auth token when no args provided
...
This makes `vault auth` work as documented:
> If no -method is specified, then the token is expected. If it is not
> given on the command-line, it will be asked via user input. If the
> token is "-", it will be read from stdin.
2015-05-20 22:10:02 -05:00
Armon Dadgar
a3ddd9ddb2
server: Minor copy change
2015-05-20 17:49:16 -07:00
Armon Dadgar
7e08d68e48
Merge pull request #222 from DavidWittman/config-backend-check
...
Fail gracefully if a physical backend is not supplied
2015-05-20 17:47:45 -07:00
Armon Dadgar
268db24819
command/listener: Request TLS client cert. Fixes #214
2015-05-20 16:01:40 -07:00
Ian Unruh
faa07cc165
Improve unseal CLI message
2015-05-19 00:34:18 -07:00
David Wittman
b04332f8fc
Fail gracefully if a phys backend is not supplied
2015-05-18 22:55:12 -05:00
Seth Vargo
88d5d6a4c8
Use strconv.ParseBool
2015-05-15 16:41:30 -04:00
Seth Vargo
a2831b0144
Explicitly check if tls_disable == 1
2015-05-15 16:39:30 -04:00
Emil Hessman
f40dba1c48
command/token: add Env to Helper
...
Specify environment variables on the Helper rather than on
the command line.
Fixes command/token test failures on Windows.
2015-05-12 07:22:38 +02:00
Mitchell Hashimoto
ce5786d133
Rename skip verify env
2015-05-11 11:27:54 -07:00
Mitchell Hashimoto
7c180fb6fd
Merge pull request #181 from jefferai/fix-ca-path-walk
...
Fix CA path walking, and add TLS-related env vars.
2015-05-11 11:26:47 -07:00
Mitchell Hashimoto
66c8d2dd2a
command: fix tests
2015-05-11 11:25:45 -07:00
Armon Dadgar
073820a6cc
command/token: Use cmd on windows instead of sh
2015-05-11 11:08:08 -07:00
Mitchell Hashimoto
7bff682e8e
command/*: -tls-skip-verify [GH-130]
2015-05-11 11:01:52 -07:00
Jeff Mitchell
4f8c9e8fe2
This adds one bugfix and one feature enhancement.
...
Bugfix: When walking a given CA path, the walk gives both files and
directories to the function. However, both were being passed in to be
read as certificates, with the result that "." (the given directory for
the CA path) would cause an error. This fixes that problem by simply
checking whether the given path in the walk is a directory or a file.
Feature enhancement: VAULT_CACERT, VAULT_CAPATH, and VAULT_INSECURE now
perform as expected.
2015-05-11 17:58:56 +00:00
Mitchell Hashimoto
a3afed6811
command/meta: don't read token file if token is already set [GH-162]
2015-05-11 10:31:14 -07:00
Seth Vargo
bbddaff5c9
Make the VAULT_TOKEN and VAULT_ADDR copy-pastable in dev mode
...
This allows someone to quickly start a dev mode server and hit the ground
running without the need to copy-paste twice.
2015-05-07 18:32:40 -04:00
Armon Dadgar
b71afe54e5
Merge pull request #139 from fubar-coder/master
...
Escape backslash to allow usage of dev server on Windows using MinGW
2015-05-06 11:05:06 -07:00
Armon Dadgar
a4b92ebb3a
Merge pull request #133 from hashicorp/f-advertise
...
Attempt advertise address detection
2015-05-04 12:13:45 -07:00
Mark Junker
47d2cc8349
Escape backslash to allow usage of dev server on Windows using MinGW (partially fixes issue #95 )
2015-05-04 09:20:40 +02:00
A.I
53d5a801e5
Fix lease_renewable output
2015-05-02 19:58:48 -07:00
Armon Dadgar
c76b59812e
command/server: Attempt advertise address detection
2015-05-02 15:57:40 -07:00
Mitchell Hashimoto
c7ff8f8458
Merge pull request #82 from DavidWittman/75-auth-revoked-token
...
Check for invalid token when authing via cli
2015-05-02 13:20:57 -07:00
Mitchell Hashimoto
842a8ec818
command/format: add lease_renewable
to output
2015-05-02 13:11:40 -07:00
David Wittman
2fff913263
Check for invalid token when authing via cli
...
If a token does not exist, the Read request returns without an
error, but the secret returned is `nil`, so we need to check for
that.
Closes #75
2015-04-28 21:50:51 -05:00
Mitchell Hashimoto
3d3274a66b
command/server: fix one race condition
2015-04-28 19:11:46 -07:00
Mitchell Hashimoto
d29ada47eb
command/server: disable mlock in dev mode
2015-04-28 15:11:39 -07:00
Mitchell Hashimoto
006d4fccfd
command/server: allow disabling mlock
2015-04-28 15:09:30 -07:00
Mitchell Hashimoto
6898c60292
command/server: warning if no mlock
2015-04-28 15:04:40 -07:00
Mitchell Hashimoto
c53dc04d92
command/token: use executable path to find token helper [GH-60]
2015-04-28 14:52:55 -07:00
Matt Haggard
1346040c86
Update server.go
...
Did you mean "talking?" Or something else?
2015-04-28 14:01:45 -06:00
Mitchell Hashimoto
3998804347
command: support custom CAs
2015-04-28 09:36:03 -07:00
Mitchell Hashimoto
244a0c56bc
command/*: lets try to remove this before 0.1.0
2015-04-28 09:20:42 -07:00
Mitchell Hashimoto
1b0d75719d
command/*: more TODO removal
2015-04-28 09:15:38 -07:00
Mitchell Hashimoto
fc6569ad59
command/*: fix spacing
2015-04-28 09:15:21 -07:00
Mitchell Hashimoto
0e112bf026
command/* fill in the addr
2015-04-28 09:13:32 -07:00
Armon Dadgar
ff352c32fe
command/server: Catch error from core initialization. Fixes #42
2015-04-27 21:29:40 -07:00
Armon Dadgar
3b0c993909
command/write: test output
2015-04-27 15:08:03 -07:00
Armon Dadgar
4ff3acfbe3
command/write: handle writes with output
2015-04-27 14:55:43 -07:00
Armon Dadgar
06a4c6b08f
command: refactor to share output formating code
2015-04-27 14:55:29 -07:00
Jack Pearkes
b2a689bfc9
command/init: minor output text fix
2015-04-22 11:48:07 -07:00
Mitchell Hashimoto
3f9711fa63
command/status: no weird indentintg
2015-04-21 20:11:15 +02:00
Armon Dadgar
d56a0ce2ef
command/status: refactor to improve output
2015-04-20 13:37:32 -07:00
Armon Dadgar
2609977683
command/status: improve output when sealed
2015-04-20 12:21:35 -07:00
Armon Dadgar
52f8b2d8ef
command/status: improve output when sealed
2015-04-20 12:19:25 -07:00
Armon Dadgar
f76e5b2fc5
command: Rename seal-status to status
2015-04-20 12:11:21 -07:00
Armon Dadgar
f1c97ab2cf
command: Adding HA status
2015-04-20 12:08:54 -07:00
Mitchell Hashimoto
fb3645214c
command/token-create: add display name and one time use
2015-04-19 18:08:08 -07:00
Mitchell Hashimoto
58d476edd0
command/token-renew
2015-04-19 18:04:01 -07:00
Mitchell Hashimoto
0ebf2508e0
command/policy-delete
2015-04-19 16:36:11 -07:00
Mitchell Hashimoto
6c497a8708
command/read: handle 404s
2015-04-18 22:05:08 -07:00
Mitchell Hashimoto
ee254a332e
command/server: can set advertise addr
2015-04-17 12:56:31 -07:00
Mitchell Hashimoto
415e7cef22
command/server: config for setting stats addresses
2015-04-17 12:56:31 -07:00
Mitchell Hashimoto
44b634c0d5
command/server: not HA possibilities when starting
2015-04-17 12:56:31 -07:00
Armon Dadgar
f04d33b170
command/server: Enable telemetry. cc: @mitchellh
2015-04-14 18:44:09 -07:00
Mitchell Hashimoto
d251876363
command/read: output the duration
2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
0cc0fb066b
command/renew
2015-04-13 20:42:07 -07:00
Armon Dadgar
770116b8e9
command: Set minimum TLS version to 1.2
2015-04-13 19:09:44 -07:00
Mitchell Hashimoto
cc21b80a64
command/unseal: update error message
2015-04-12 18:41:42 -07:00
Mitchell Hashimoto
1f084139d5
command/unseal: can accept key from command-line
2015-04-12 18:39:41 -07:00
Mitchell Hashimoto
e8fec8b658
command/meta: can force config
2015-04-12 17:51:38 -07:00
Mitchell Hashimoto
4fd3bd8ab1
command: can force address
2015-04-12 17:30:19 -07:00
Mitchell Hashimoto
8ef487a4f5
command/revoke: rename vars to leaseId
2015-04-10 20:49:10 -07:00
Mitchell Hashimoto
48205d166b
rename vault id to lease id all over
2015-04-10 20:35:14 -07:00
Armon Dadgar
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
9366be4895
command/auth: should let <1 args go through
2015-04-07 23:53:45 -07:00
Mitchell Hashimoto
071b72186e
command/auth: unify
2015-04-07 23:29:49 -07:00