Commit graph

4251 commits

Author SHA1 Message Date
Austin Gebauer 6fe639eb35
auth/okta: documents API token minimal permissions (#15566) 2022-05-23 14:57:14 -07:00
Alexander Scheel 36c981bfe4
Add more PKI usage best practices to documentation (#15562)
* Add note about cross-cluster CRL URIs

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note that short TTLs are relative to quantity

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note to make sure default is configured

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add note about automating certificate renewal

As suggested by Ricardo Oliveira, thanks!

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-23 12:00:24 -04:00
Alexander Scheel 92dbe3b22a
Fix Learn->Tutorial in internal PKI docs (#15531)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-23 11:53:13 -04:00
Chris Capurso 6d62f9a4ed
FAQ doc updates for removal of stored licenses in 1.11 (#15314)
* initial updates for license FAQs for 1.11

* add links, tense fixes

* Update deprecation doc link

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* fix links

* fix a couple missed version-specific links

* change 1 to one

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-05-23 11:42:58 -04:00
Alexander Scheel 464da0ee46
Link FIPS binary sources from the FIPS docs (#15554)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 16:18:51 -05:00
Christopher Swenson 644345b1cc
Add usage documentation for new Kubernetes Secrets Engine (#15527)
Add usage documentation for new Kubernetes Secrets Engine

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-05-20 13:37:15 -07:00
Alexander Scheel 69b870d675
Add role patching test case (#15545)
* Add tests for role patching

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Prevent bad issuer names on update

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on PATCH operations

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 15:30:22 -04:00
Loann Le 76ec17215e
Vault documentation: updated key share/unseal images (#15526)
* updated images

* added new image files
2022-05-20 10:59:30 -07:00
Jason Peng a331575c01
Update oracle.mdx (#15257)
Added Alpine Linux restrictions as https://github.com/hashicorp/vault-plugin-database-oracle pointed out.
2022-05-20 13:40:05 -04:00
Alexander Scheel 59ccb9cc05
Fix typo in allowed_uri_sans_template doctype (#15537)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-20 12:23:50 -04:00
Alexander Scheel 2b337b3be9
Clarify KU/EKU parameters on sign-verbatim (#15535)
* Clarify KU/EKU parameters on sign-verbatim

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify default in empty list
2022-05-20 11:56:31 -04:00
Alejandro Medina f969c05772
Update seal.mdx (#15463) 2022-05-20 08:43:05 -04:00
Andy Assareh c559f6e8b7
typo: adding missing word 'may' (#14503) 2022-05-20 08:41:51 -04:00
Andy Assareh d0fb5bd986
typo: embeds -> embedded (#15520) 2022-05-20 08:33:34 -04:00
claudex 226d7c4c59
Fix typo in documentation (#15530) 2022-05-20 08:22:57 -04:00
Loann Le 201ac71da6
Vault documentation: updated all references from Learn to Tutorial (#15514)
* updated learn to tutorial

* correct spelling
2022-05-19 18:04:46 -07:00
Alexander Scheel faea196991
Rebase #14178 / Add not_before_duration API parameter to Root/Intermediate CA generation (#15511)
* PKI - Add not_before_duration API parameter to:
  - Root CA generation
  - Intermediate CA generation
  - Intermediate CA signing

* Move not_before_duration to addCACommonFields

This gets applied on both root generation and intermediate signing,
which is the correct place to apply this.

Co-authored-by: guysv <sviryguy@gmail.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Resolves: #10631

Co-authored-by: guysv <sviryguy@gmail.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add test case for root/generate, sign-intermediate

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update path role description

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add new not_before_duration to relevant docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: guysv <sviryguy@gmail.com>
2022-05-19 12:35:08 -04:00
Alexander Scheel f3d52108b4
Add more CA usage best practices (#15467)
* Add leaf not after best practice

Also suggest concrete recommendations for lifetimes of various issuers.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add advice to use a proper CA hierarchy

Also mention name constraints and HSM backing.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add section on safer usage of Roles

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial RBAC example for PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-19 11:43:38 -04:00
Alexander Scheel f31149089f
Update FIPS documentation to clarify mlock (#15502)
This clarifies a limitation of the FIPS based container images,
to note that due to OpenShift requirements, we need to suggest
ways of disabling mlock or allowing Vault to set mlock.
2022-05-19 09:31:47 -04:00
Robert c2f49204d9
Fix small typos, update docs terminology (#15504) 2022-05-18 17:23:46 -05:00
Loann Le 561d8d45f8
updated warning (#15459) 2022-05-18 08:26:25 -07:00
Steven Clark 7bc9cd2867
Protect against key and issuer name re-use (#15481)
* Protect against key and issuer name re-use
 - While importing keys and issuers verify that the provided name if any has not been used by another key that we did not match against.
 - Validate an assumption within the key import api, that we were provided a single key
 - Add additional tests on the new key generation and key import handlers.

* Protect key import api end-users from using "default" as a name
 - Do not allow end-users to provide the value of default as a name for key imports
   as that would lead to weird and wonderful behaviors to the end-user.

* Add missing api-docs for PKI key import
2022-05-18 10:31:39 -04:00
Tom Proctor 1bb40eee16
Update documentation for vault-helm v0.20.0 release (#15450) 2022-05-18 09:50:15 +01:00
Jason O'Donnell d450b7899f
docs: add note about requiring 3.6+ helm (#15480) 2022-05-17 17:02:26 -04:00
Hamid Ghaf 66c6de50a7
Username format login mfa (#15363)
* change username_template to username_format for login MFA

* fixing a test

* Update website/content/docs/auth/login-mfa/faq.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2022-05-17 16:31:50 -04:00
Alexander Scheel f6ac1be13a
Start documentation for FIPS variants of Vault Enterprise (#15475)
* Begin restructuring FIPS documentation

This creates a new FIPS category under Enterprise and copies the
FIPS-specific seal wrap documentation into it.

We leave the existing Seal Wrap page at the old path, but document that
the FIPS-specific portions of it have moved.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add initial FIPS 140-2 inside documentation

This documents the new FIPS 140-2 Inside binary and how to use and
validate it. This also documents which algorithms are certified for
use in the BoringCrypto distribution.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about FIPS algorithm restrictions

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-17 16:28:20 -04:00
Alexander Scheel a8c0efb487
Add documentation on rotation primitives (#15466)
* Begin PKI rotation primitive documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Finish importing rotation primitive docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update all titles consistently

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing links in rotation primitives doc

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add sections documenting execution in Vault

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* typo fixes

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-17 11:44:17 -04:00
Jason O'Donnell 9024b94731
docs: add note about upndomain for AD secret engine (#15445) 2022-05-17 11:42:16 -04:00
Austin Gebauer ec6e362d83
auth/oidc: adds documentation for JSON pointer user claim (#15454) 2022-05-16 15:31:02 -07:00
Austin Gebauer d3b167d029
auth/oidc: documents user claim constraint for optional google workspace config (#15456) 2022-05-16 15:29:58 -07:00
Loann Le bbbb0bfc14
Vault documentation: updated unseal information (#15446)
* updated unseal info

* Update architecture.mdx

fixed spelling error

* updated based on feedback

* added new image

* Update website/content/docs/commands/operator/init.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Updates for accuracy

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2022-05-16 14:44:23 -07:00
Gabriel Santos 23e67be230
pki/sign-verbatim uses role not before duration (#15429)
* Use "not_before_duration" fiueld from role if above 0

* 'test' and update docs

* changelog file

* Requested changes - improved test and better description to changelog

* changelog description:

* update to ttl and not_before_duration API docs
2022-05-16 16:15:18 -04:00
AnPucel 390310409e
Add note about concurrency to plugin dev docs (#15357)
* Add note about concurrency

* Adding arrow syntax
2022-05-16 11:42:38 -07:00
Alexander Scheel 9b58e88efc
Update considerations for multiple issuers (#15442)
Also adds auditing section about suggested un-HMAC'd request/response
parameters.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-16 13:13:37 -04:00
Scott Miller b282bc4bd6
Plural typo in the Tokenization API docs for stores (#15424) 2022-05-13 14:00:33 -05:00
Tony Wittinger ba2984fa80
docs: updated monitor doc (#15358) 2022-05-13 11:19:51 -07:00
Alexander Scheel d2bc5b5e3d
Restructure PKI Documentation Section (#15413)
* Rename pki.mdx -> pki/index.mdx

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Split off quick-start document

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Split off considerations document

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Split off intermediate CA setup document

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Split off setup and usage document

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Consistent quick-start doc naming

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add table of contents to index

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-05-13 11:22:07 -04:00
Joe Rua 1e0ad4853a
Updated Docs For Specific Call Out (#14383)
The Parameter `cidr_list` is not support for Key_Type CA, customer was confused on this, so I feel we should specifically call this out to ensure there is no confusion
2022-05-13 10:42:20 -04:00
eoinoreilly30 6b82692f67
Fix typo (#15391) 2022-05-12 11:28:22 -07:00
Theron Voran 558e9a364b
docs: update for vault-k8s 0.16.0 (#15379) 2022-05-12 11:04:36 -07:00
Gabriel Santos 469ad6d09a
not_before_duration added to SSH (#15250)
* add-not-before-duration-to-ssh

* Missing field

* Adding tests

* changelog file

* Backend test

* Requested changes

* Update builtin/logical/ssh/path_roles.go

Co-authored-by: Alexander Scheel <alexander.m.scheel@gmail.com>
2022-05-12 08:50:40 -04:00
Calvin Leung Huang ca44b5a3e0
auth/okta: Add support for Okta number challenge (#15361)
* POC of Okta Auth Number Challenge verification

* switch from callbacks to operations, forward validate to primary

* cleanup and nonce description update

* add changelog

* error on empty nonce, no forwarding, return correct_answer instead

* properly clean up verify goroutine

* add docs on new endpoint and parameters

* change polling frequency when WAITING to 1s

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2022-05-11 17:09:29 -07:00
Christopher Swenson 4e4682247c
docs: fix typo in example custom db plugin (#15339) 2022-05-11 10:30:40 -07:00
Alexander Scheel 435450ea6f
Update API docs for PKI multi-issuer functionality (#15238)
* Update API docs for multiple issuer functionality

This substantially restructures the PKI secret engine's docs for two
purposes:

 1. To provide an explicit grouping of APIs by user usage and roles,
 2. To add all of the new APIs, hopefully with as minimal duplication
    as possible.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add section on vault cli with DER/PEM response formats

 - Add [1] links next to the DER/PEM format entries within various PKI
   response tables. These link to a new section explaining that the vault
   cli does not support DER/PEM response formats
 - Remove repetition of vault cli blurb in various description fields.
 - Fix up some typos

* Restructure API docs and add missing sections

Also addresses minor nits in the content.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify some language in the API docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
2022-05-11 12:50:20 -04:00
Chris Capurso ad4523ea34
add license termination time to API and CLI docs (#15349)
* add license termination time to API and CLI docs

* ensure consistent time format
2022-05-11 10:05:38 -04:00
Calvin Leung Huang 15a9b32a58
docs: update dep table to include okta auth changes (#15354) 2022-05-10 13:45:57 -07:00
Scott Miller ff42cb555d
Link to the Learn guide for PKI with Managed Keys (#15340) 2022-05-10 07:24:59 -05:00
Robert 738753b187
secrets/consul: Add support for generating tokens with service and node identities (#15295)
Co-authored-by: Thomas L. Kula <kula@tproa.net>
2022-05-09 20:07:35 -05:00
Loann Le 0dc6728228
capped perf replication (#15338) 2022-05-09 14:38:35 -07:00
Loann Le 6985a39740
added note about parameters (#15334) 2022-05-09 11:05:39 -07:00