Armon Dadgar
deeb611ab2
vault: handle a panic while generating audit output
2015-06-29 15:11:35 -07:00
Nate Brown
a0be7af858
Fixing key-status if audit logging is on
2015-06-24 10:57:05 -07:00
Nate Brown
94e89537a1
Fixing tests
2015-06-19 14:04:32 -07:00
Nate Brown
31ab086063
Doing a little better with http response codes
2015-06-19 14:00:48 -07:00
Nate Brown
91611a32c9
Fixing tests
2015-06-18 20:14:20 -07:00
Nate Brown
b667ef4c71
Collapsing audit response logging to a single point
2015-06-18 19:48:26 -07:00
Nate Brown
4ec685dc1a
Logging authentication errors and bad token usage
2015-06-18 18:30:18 -07:00
Nate Brown
c55f103c58
Adding error and remote_address to audit log lines
2015-06-18 17:17:18 -07:00
Armon Dadgar
e2b0f5dae8
vault: improve lease error message. Fixes #338
2015-06-18 15:37:08 -07:00
Armon Dadgar
dbf6cf6e6d
vault: support core shutdown
2015-06-17 18:23:59 -07:00
Armon Dadgar
ffeb6ea76c
vault: allow increment to be duration string. Fixes #340
2015-06-17 15:58:20 -07:00
Armon Dadgar
5c75a6c5c7
vault: ensure token renew does not double register
2015-06-17 15:22:50 -07:00
Armon Dadgar
ae421f75b7
vault: fixing issues with token renewal
2015-06-17 14:28:13 -07:00
Armon Dadgar
a0cf8f1793
vault: attempt to resolve #303
2015-06-02 22:55:18 +02:00
Armon Dadgar
0f933df76e
vault: fixing a typo
2015-06-02 16:04:05 +02:00
Armon Dadgar
daffef08db
vault: reload master key before keyring
2015-05-29 14:30:03 -07:00
Armon Dadgar
f6729b29f8
vault: adding ability to reload master key
2015-05-29 14:29:55 -07:00
Armon Dadgar
716f8d9979
core: adding tests for HA rekey and rotate
2015-05-29 12:16:34 -07:00
Armon Dadgar
4f5fde039f
vault: all rekey commands should fail as standby
2015-05-29 11:52:37 -07:00
Armon Dadgar
5aaad32af8
vault: ensure upgrades are cleaned up
2015-05-28 16:52:06 -07:00
Armon Dadgar
db0afc9ebe
vault: move upgrade logic out of core
2015-05-28 16:43:44 -07:00
Armon Dadgar
4eb5c63a5d
vault: create upgrade path in HA mode
2015-05-28 16:43:15 -07:00
Armon Dadgar
67ed0a3c16
vault: moving upgrade path into barrier
2015-05-28 16:42:32 -07:00
Armon Dadgar
82ef0b1ac7
vault: handle read of key upgrades
2015-05-28 16:11:31 -07:00
Armon Dadgar
796ae59a89
vault: support keyring reload
2015-05-28 16:09:15 -07:00
Armon Dadgar
2e86fa62d5
vault: adding barrier AddKey
2015-05-28 15:52:26 -07:00
Armon Dadgar
c095861a02
keyring: Add key serialization
2015-05-28 15:49:52 -07:00
Armon Dadgar
c60970e743
vault: prevent rekey on standby
2015-05-28 15:26:35 -07:00
Armon Dadgar
01e890653c
vault: more logging
2015-05-28 14:15:06 -07:00
Armon Dadgar
0877160754
vault: minor rekey cleanups
2015-05-28 12:07:52 -07:00
Armon Dadgar
c5352d14a4
vault: testing rekey
2015-05-28 12:02:30 -07:00
Armon Dadgar
361c722c5c
vault: first pass at rekey
2015-05-28 11:40:01 -07:00
Armon Dadgar
5aed043ea5
vault: ensure master key is copied to avoid memzero issues
2015-05-28 11:38:59 -07:00
Armon Dadgar
4e3f0cddcf
vault: Adding VerifyMaster to Barrier
2015-05-28 11:28:33 -07:00
Armon Dadgar
9f399eb9ff
vault: prevent raw access to protected paths
2015-05-28 10:24:41 -07:00
Armon Dadgar
1a4256c20c
vault: more logging around rotate
2015-05-27 17:56:55 -07:00
Armon Dadgar
d0b93a6164
vault: adding sys/key-status and sys/rotate
2015-05-27 17:53:42 -07:00
Armon Dadgar
26cff2f42f
vault: expose information about keys
2015-05-27 17:25:36 -07:00
Armon Dadgar
3e717907cd
vault: testing barrier rekey
2015-05-27 17:17:03 -07:00
Armon Dadgar
b93feb8a6b
vault: first pass at rekey
2015-05-27 17:13:40 -07:00
Armon Dadgar
9e39fec4a5
vault: testing key rotation
2015-05-27 17:10:08 -07:00
Armon Dadgar
ead96e8c99
vault: first pass at key rotation
2015-05-27 17:05:02 -07:00
Armon Dadgar
3d800fe7be
vault: keyring api changes
2015-05-27 17:04:46 -07:00
Armon Dadgar
490bece0a0
vault: make keyring immutable
2015-05-27 16:58:55 -07:00
Armon Dadgar
28560a612f
vault: test for backwards compatability
2015-05-27 16:42:42 -07:00
Armon Dadgar
e8e9103300
vault: share keyring persistence code
2015-05-27 16:29:59 -07:00
Armon Dadgar
0e9136d14c
vault: first pass at keyring integration
2015-05-27 16:01:25 -07:00
Armon Dadgar
50dc6a471e
vault: adding path for keyring
2015-05-27 15:23:43 -07:00
Armon Dadgar
8c2a767f4f
vault: Adding version to key entry
2015-05-27 15:23:31 -07:00
Armon Dadgar
1903518202
vault: Ensure we always set a key InstallTime
2015-05-27 14:37:40 -07:00
Armon Dadgar
ef2f71e17f
vault: Adding InstallTime to key in keyring
2015-05-27 14:37:40 -07:00
Armon Dadgar
57c763a3fa
vault: Adding keyring
2015-05-27 14:37:40 -07:00
Armon Dadgar
70b3b37ffb
vault: rename key epoch to term for clarity
2015-05-27 14:37:39 -07:00
Armon Dadgar
daa5b9c1b5
vault: physical -> storage for clarity
2015-05-27 14:33:58 -07:00
Armon Dadgar
8ee5aebb3c
vault: testing raw responses
2015-05-27 14:19:12 -07:00
Armon Dadgar
ba7bfed1af
vault: Expose MountPoint to secret backend. Fixes #248
2015-05-27 11:46:42 -07:00
Armon Dadgar
d15eed47ad
vault: reproducing GH-203
2015-05-15 17:48:03 -07:00
Armon Dadgar
3bcd32228d
vault: lease renewal should not create new lease entry
2015-05-15 17:47:39 -07:00
Armon Dadgar
18795a4b26
vault: Adding test based on bug report
2015-05-15 17:19:41 -07:00
Armon Dadgar
0b84e86483
vault: Adding more logging
2015-05-15 17:19:32 -07:00
Armon Dadgar
8f4ddfd904
vault: adding test for e33a904
2015-05-11 11:16:21 -07:00
Armon Dadgar
843d9e6484
vault: verify login endpoint never returns a secret
2015-05-09 11:51:58 -07:00
Armon Dadgar
13ab31f4b5
vault: ensure InternalData is never returned from the core
2015-05-09 11:47:46 -07:00
Armon Dadgar
c849aba53a
vault: Adding InternalData to Auth
2015-05-09 11:39:54 -07:00
Armon Dadgar
c7496772d4
vault: defer barrier initialization until as late as possible
2015-05-08 11:06:39 -07:00
Armon Dadgar
a6eef6bba3
vault: Guard against an invalid seal config
2015-05-08 11:05:31 -07:00
Armon Dadgar
3500535db3
vault: fix detection of missing trailing slash. Fixes #157
2015-05-07 12:18:50 -07:00
Mitchell Hashimoto
727e0e90cd
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 13:28:33 -07:00
Seth Vargo
c3a793ccdf
Lowercase again
2015-04-30 14:27:32 -04:00
Aaron Bedra
57a7a41a42
Add test that ensure keylength check is working
...
Not likely to fail, but if it did would result in complete failure, so
probably good to have a test for it.
2015-04-30 13:12:47 -05:00
Seth Vargo
2de4965598
Use lowercase
2015-04-30 13:37:47 -04:00
Aaron Bedra
ea0c41aa81
Add test to verify unique encrypted values
...
It wasn't immediately clear that the proper random seeding was taking
place. This ensures that the same plaintext encrypted twice does not
result in the same ciphertext. It will also be a good test to keep
around incase of future regressions.
2015-04-30 12:15:41 -05:00
Seth Vargo
f17d65507f
Use UTC in tests
2015-04-28 22:18:00 -04:00
Seth Vargo
95c8001388
Disable mlock in tests
2015-04-28 22:18:00 -04:00
Mitchell Hashimoto
eef1a10e8e
vault: fix more test race conditions
2015-04-28 19:17:45 -07:00
Mitchell Hashimoto
e80111502b
vault: way more verbose error if mlock fails [GH-59]
2015-04-28 18:56:16 -07:00
Mitchell Hashimoto
b5f8f3b05a
vault: add helper/mlock for doing mlock
2015-04-28 14:59:43 -07:00
Mitchell Hashimoto
2e55c3de68
vault: ability to toggle mlock on core
2015-04-27 16:40:14 -07:00
Armon Dadgar
a2bd832519
vault: token create should return various metadata for logging
2015-04-25 20:21:35 -07:00
Armon Dadgar
f1d8730c46
vault: restrict mlockall to just linux for now. Fixes #31
2015-04-23 16:10:50 -07:00
Armon Dadgar
2f0995d650
vault: Swap the HAEnabled check with the sealed check
2015-04-20 12:19:09 -07:00
Armon Dadgar
c5f914cb34
vault: Lock memory when possible
2015-04-19 13:42:47 -07:00
Armon Dadgar
a03268bc32
vault: Adding an epoch prefix to keys to support eventual online key rotation
2015-04-17 16:51:13 -07:00
Armon Dadgar
4473abd6ce
vault: core enforcement of limited use tokens
2015-04-17 11:57:56 -07:00
Armon Dadgar
538c795f9b
vault: Adding method to consume a limited use token
2015-04-17 11:51:04 -07:00
Armon Dadgar
fd3948d476
vault: Tokens can have a use count specified
2015-04-17 11:34:25 -07:00
Armon Dadgar
b65e1b3e22
vault: using a constant to make @mitchellh feel better
2015-04-15 17:19:59 -07:00
Aaron Bedra
95c37c1c4d
Clarify Barrier encryption defaults.
...
Declare the defaults in the comments to be what they are now (256 bit
key and default golang NONCE value). Make the key error message more
precise since. It isn't between 16 and 32, it is 16 OR 32.
2015-04-15 18:24:23 -05:00
Armon Dadgar
818ce0a045
vault: token store allows specifying display_name
2015-04-15 14:24:07 -07:00
Armon Dadgar
76b69b2514
vault: thread the display name through
2015-04-15 14:12:34 -07:00
Armon Dadgar
e6fd2f2ce5
vault: Default key size to 256bit.
2015-04-15 13:33:47 -07:00
Armon Dadgar
3ee434a783
vault: Allow AES key to be up to 256 bits. Fixes #7
2015-04-15 13:33:47 -07:00
Armon Dadgar
9f7143cf44
vault: expose the current leader
2015-04-14 16:53:40 -07:00
Armon Dadgar
445f64eb39
vault: leader should advertise address
2015-04-14 16:44:48 -07:00
Armon Dadgar
ec8a41d2d2
vault: rename internal variable
2015-04-14 16:11:39 -07:00
Armon Dadgar
7579cf76ab
vault: testing standby mode
2015-04-14 16:08:14 -07:00
Armon Dadgar
2820bec479
vault: testing standby mode
2015-04-14 16:06:58 -07:00
Armon Dadgar
a0e1b90b81
vault: reject operation if standby
2015-04-14 14:09:11 -07:00
Armon Dadgar
d7102e2661
vault: first pass at HA standby mode
2015-04-14 14:06:15 -07:00
Armon Dadgar
0be49a97b7
vault: stopExpiration should be idempotent
2015-04-14 13:32:56 -07:00