Commit graph

427 commits

Author SHA1 Message Date
MarkVLK fae51d605f Update transit docs markdown to add missing word
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
2015-09-04 17:11:34 -07:00
MarkVLK cd292d5372 Update mysql docs markdown to fix grammar error
Changed "... used to **generated** those credentials" to "... used to **generate** those credentials."
2015-09-04 17:05:45 -07:00
Vishal Nayak d4609dea28 Merge pull request #578 from hashicorp/exclude-cidr-list
Vault SSH: Added exclude_cidr_list option to role
2015-08-28 07:59:46 -04:00
vishalnayak b12a2f0013 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
Jeff Mitchell a4fc4a8e90 Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470. 2015-08-27 12:24:37 -07:00
vishalnayak fbff20d9ab Vault SSH: Docs for default CIDR value 2015-08-27 13:10:15 -04:00
vishalnayak 702a869010 Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 0fa783f850 Update help text for TTL values in generic backend 2015-08-20 17:59:30 -07:00
Jeff Mitchell b57ce8e5c2 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
Fixes #528.
2015-08-20 16:41:25 -07:00
Vishal Nayak beca9f1596 Merge pull request #385 from hashicorp/vishal/vault
SSH Secret Backend for Vault
2015-08-20 10:03:15 -07:00
Bernhard K. Weisshuhn 86cde438a5 avoid dashes in generated usernames for cassandra to avoid quoting issues 2015-08-20 11:15:28 +02:00
vishalnayak 76ed3bec74 Vault SSH: 1024 is default key size and removed 4096 2015-08-19 12:51:33 -07:00
vishalnayak b5cda4942b Vault SSH: doc update 2015-08-18 11:50:32 -07:00
vishalnayak b91ebbc6e2 Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak 9db318fc55 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
vishalnayak 93dfa67039 Merging changes from master 2015-08-12 09:28:16 -07:00
vishalnayak 0abf07cb91 Vault SSH: Website doc v1. Removed path_echo 2015-08-12 09:25:28 -07:00
Erik Kristensen 2233f993ae initial pass at JWT secret backend 2015-08-06 17:49:44 -06:00
Fabian Ruff 41106d9b69 fix doc for pki/revoke API 2015-07-29 14:28:12 +02:00
Justin LaRose 361f10f79e Cassandra secret backend doc update for connection config - "hosts" instead of "host" 2015-07-23 03:07:29 -04:00
Armon Dadgar 3042452def website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar 0be3d419c8 secret/transit: address PR feedback 2015-07-05 19:58:31 -06:00
Armon Dadgar f4d555a2ba website: document derived keys in secret/transit 2015-07-05 14:47:16 -07:00
Jeff Mitchell 42b90fa9b9 Address some issues from code review.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:27:23 -04:00
Jeff Mitchell fccbc587c6 A Cassandra secrets backend.
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:04:01 -04:00
Jeff Mitchell e086879fa3 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell a6fc48b854 A few things:
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00
Jeff Mitchell 34f495a354 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 15:22:58 -04:00
Armon Dadgar 7e6f44e39e website: document transit upsert behavior 2015-06-17 18:51:58 -07:00
Armon Dadgar 93ee9f6b76 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Jeff Mitchell 49f1fdbdcc Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Ryan Currah c232fee6b3 Do not output the trailing newline in encoding.
Added -n to echo command to prevent newlines from showing up in encoding.
2015-06-13 12:03:57 -04:00
Jeff Mitchell e17ced0d51 Fix a docs-out-of-date bug.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-12 16:33:00 -04:00
Jeff Mitchell db5354823f Fix some out-of-date examples.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:17:05 -04:00
Jeff Mitchell 1513e2baa4 Add acceptance tests
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Jeff Mitchell 0d832de65d Initial PKI backend implementation.
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Armon Dadgar 66ab2bbf54 Merge pull request #263 from sheldonh/iam-policy
List IAM permissions required by root credentials
2015-06-01 13:16:51 +02:00
Armon Dadgar 98cca9cb18 Merge pull request #261 from jsok/consul-lease
Add ability to configure consul lease durations
2015-06-01 13:04:28 +02:00
Chad Whitacre b83f3f2d02 Provide missing verb 2015-05-31 17:19:34 -04:00
certifiedloud ac4763027b replaced confusing term 'physical' with 'storage'. 2015-05-27 14:44:17 -06:00
Sheldon Hearn 89e7bb2569 Missed a few IAM permissions 2015-05-27 16:42:12 +02:00
Sheldon Hearn 3d2005ea56 List IAM permissions required by root credentials 2015-05-27 16:28:24 +02:00
Jonathan Sokolowski 2b1926f262 website: Update /consul/roles/ parameters 2015-05-27 09:54:15 +10:00
Armon Dadgar 96e3bac87a website: Document overwrite behavior. Fixes #182 2015-05-11 10:58:29 -07:00
Mitchell Hashimoto f3fd061ed0 Merge pull request #54 from pborreli/typos
website: fixed typos
2015-04-28 11:37:49 -07:00
Emil Hessman 04d09c34d2 website: merge 2015-04-28 20:36:27 +02:00
Pascal Borreli 0ec229a9c9 Fixed typos 2015-04-28 19:36:16 +01:00
Emil Hessman 3d5f3d1d70 website: address minor doc typos 2015-04-28 20:32:04 +02:00
Andrew Williams b68244b252 website: fix small typo 2015-04-28 13:21:44 -05:00
Mat Elder a7c0d26dea msyql to consul on consul backend docs 2015-04-28 14:11:42 -04:00
Armon Dadgar 43083225d0 website: remove TODO from transit quickstart 2015-04-27 14:58:53 -07:00
Armon Dadgar 434305a6c2 secret/aws: Using roles instead of policy 2015-04-27 14:20:28 -07:00
Armon Dadgar 5edf8cf3a8 Do not root protect role configurations 2015-04-27 14:07:20 -07:00
Armon Dadgar 12e8c0f8cf secret/postgres: secret/mysql: roles endpoints root protected 2015-04-27 14:04:10 -07:00
Armon Dadgar 816d981d1a secret/consul: replace policy with roles, and prefix the token path 2015-04-27 13:59:56 -07:00
Armon Dadgar 6a38090822 secret/transit: rename policy to keys 2015-04-27 13:52:47 -07:00
Armon Dadgar 190b7f30e1 website: API consistency 2015-04-27 12:30:46 -07:00
Armon Dadgar 04421a5635 website: aws API 2015-04-27 12:26:23 -07:00
Armon Dadgar b52f52ace6 website: make PG quickstart like MySQL 2015-04-27 12:16:07 -07:00
Armon Dadgar 4404dd2a8f website: adding postgresql API docs 2015-04-27 11:17:13 -07:00
Armon Dadgar 61783663e4 website: document Consul APIs 2015-04-27 11:08:47 -07:00
Seth Vargo a4b55bfc3e Add Quick Start for Postgresql 2015-04-27 09:30:21 -04:00
Seth Vargo 0ffbd1f8ea Add Quick Start for AWS 2015-04-27 09:29:16 -04:00
Armon Dadgar 6ac2c848d7 website: start consul api 2015-04-26 22:03:38 -07:00
Armon Dadgar ea29b313e9 website: consul quickstart 2015-04-26 22:03:38 -07:00
Armon Dadgar 0e12fa9b68 website: adding mysql quickstart and API 2015-04-26 22:03:38 -07:00
Armon Dadgar 0d0aec7abd website: quickstart + API for transit 2015-04-26 22:03:38 -07:00
Armon Dadgar e58676128b website: quickstart for generic 2015-04-26 22:03:38 -07:00
Armon Dadgar d801e2e555 website: adding mysql docs skeleton 2015-04-25 12:10:53 -07:00
Mitchell Hashimoto 690a932deb website: postgresql backend 2015-04-18 22:47:23 -07:00
Mitchell Hashimoto 208dd1e8be logical/aws: move root creds config to config/root 2015-04-18 22:21:31 -07:00
Mitchell Hashimoto 68e26ca2a0 website: transit backend 2015-04-17 12:56:31 -07:00
Mitchell Hashimoto 744440021f website: add a couple more secret backend sections 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto 3c9b4182cb website: consul secret backend 2015-04-10 20:26:01 -07:00
Mitchell Hashimoto 3266f9513f website: aws secret backend 2015-04-10 20:24:45 -07:00
Mitchell Hashimoto a906f720b1 website: secrets index 2015-04-09 23:31:26 -07:00