luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
3241 commits 1 branch 0 tags 214 MiB
Commit graph

701 commits

Author SHA1 Message Date
bashtoni 8248d15a5b Doc grammar fix 2015-12-22 21:27:08 +00:00
Jeff Mitchell dca0e72f10 Clarify stance on physical backend support 2015-12-22 10:50:31 -05:00
Jeff Mitchell 8cfc45e0eb Merge pull request #879 from hashicorp/header 
fixes 'by HashiCorp' in the header
 2015-12-21 12:39:54 -05:00
captainill a8b013a4f3 cleanup footer 2015-12-20 11:56:28 -08:00
kenjones c02013f631 add missing html tag 2015-12-20 14:20:30 -05:00
captainill 2ec7a2f032 capitol C in by hashicorp lockup 2015-12-19 21:21:18 -08:00
Jeff Mitchell 8bba9497ac Some copyediting/simplifying of the Consul page 2015-12-18 10:07:40 -05:00
kenjones 0d74de9da4 Update secret backend Consul documentation 
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
 2015-12-18 09:44:31 -05:00
Jeff Mitchell 1261791e6f Update etcd config docs with new options in 0.4. 
Ping #780
 2015-12-17 10:34:41 -05:00
Terry Corley d6884b85e1 Change API endpoint path for app-id 
The /login path was confusing because its not relative and not consistent with other documentation. Other documentation (e.g., username and password at https://www.vaultproject.io/docs/auth/userpass.html) uses relative path.
 2015-12-15 12:45:04 -06:00
captainill 60c5975f87 flexbox should only have been used on website subpages 2015-12-15 10:14:25 -08:00
Jeff Mitchell db7a2083bf Allow setting the advertise address via an environment variable. 
Fixes #581
 2015-12-14 21:22:55 -05:00
Jeff Mitchell ff9745bb00 Update Changelog and documentation with separate-HA-backend info. 2015-12-14 21:04:58 -05:00
Jeff Mitchell 7dca03eb3f Update documentation with Consul backend token_type parameter. 
Fixes #854
 2015-12-14 20:54:13 -05:00
Johan Haals fce85c12e2 Add vault-java to libraries 
vault-java implements the basic HTTP API, more endpoints are in the
pipeline
 2015-12-14 19:04:05 +01:00
captainill dfbe08fe8f fix bug in js for sticky footer by replacing with flexbox 2015-12-11 17:21:06 -08:00
Dallas Reedy 4f839cce9e Fix typo 
futher => further
 2015-12-11 08:50:06 -08:00
Jeff Mitchell 016e0dd0f3 Bump website version 2015-12-10 12:49:58 -05:00
Jeff Mitchell e25b3ad344 Update documentation to be consistent with return codes 
Fixes #831
 2015-12-10 10:26:40 -05:00
Jeff Mitchell 448efd56fa Merge branch 'master' into pki-csrs 2015-12-08 10:57:53 -05:00
Jeff Mitchell 902b7b0589 Add a warning about consistency of IAM credentials as a stop-gap. 
Ping #687
 2015-12-08 10:56:34 -05:00
Jeff Mitchell eee8386ea9 Add info about cert backend not checking CRL revocation. 2015-12-05 15:12:43 -05:00
Jeff Mitchell bf0909a892 Tab -> space doc fix 2015-12-05 15:04:54 -05:00
Jeff Mitchell 1dbfcc3b45 Merge branch 'master' into pki-csrs 2015-12-03 15:23:08 -05:00
Jeff Mitchell 3bdbd66f7d Remove datacenter from Consul configuration, as it cannot actually do 
anything

Fixes #816
 2015-12-03 15:16:37 -05:00
Jeff Mitchell 4eec9d69e8 Change allowed_base_domain to allowed_domains and allow_base_domain to 
allow_bare_domains, for comma-separated multi-domain support.
 2015-11-30 23:49:11 -05:00
Jeff Mitchell b6c49ddf01 Remove token display names from input options as there isn't a viable 
use-case for it at the moment
 2015-11-30 18:07:42 -05:00
Armon Dadgar 60ad2e0bbd website: updating documentation 2015-11-25 12:23:56 -08:00
Jeff Mitchell d461929c1d Documentation update 2015-11-20 13:13:57 -05:00
Jeff Mitchell 22a6d6fa22 Merge branch 'master' into pki-csrs 2015-11-20 12:48:38 -05:00
Jeff Mitchell 25e359084c Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up 2015-11-19 17:14:22 -05:00
Jeff Mitchell af3d6ced8e Update validator function for URIs. Change example of entering a CA to a 
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
 2015-11-19 11:35:17 -05:00
Jeff Mitchell 71f9ea8561 Make it clear that generating/setting a CA cert will overwrite what's 
there.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell a95228e4ee Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00
Jeff Mitchell c461652b40 Address some feedback from review 2015-11-19 09:51:18 -05:00
Jeff Mitchell ed62afec14 Large documentation updates, remove the pathlength path in favor of 
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell ea676ad4cc Add tests for intermediate signing and CRL, and fix a couple things 
Completes extra functionality.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell 1c7157e632 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell 45e7e61d71 Update audit documentation around what hash is used 2015-11-18 10:42:42 -05:00
captainill 28ae7b2466 edit this page 2015-11-09 21:10:49 -08:00
captainill d931c62d94 sidebar 2015-11-09 21:08:05 -08:00
captainill 2af4092734 redesign header bulk 2015-11-09 20:58:06 -08:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell 10913e2e6b Update cert documentation to note requiring sudo access. 2015-11-06 16:09:42 -05:00
Jeff Mitchell ffa879d6e2 Update S3 docs 2015-11-06 09:26:09 -05:00
Jeff Mitchell 08dbc70c9f Switch etcd default port to 2379, in line with 2.x. 
Fixes #753
 2015-11-05 09:47:50 -05:00
Sander van Harmelen 4ad533a5ba Add a line to the documentation to describe the new feature 2015-11-04 15:36:24 +01:00
Jeff Mitchell a4322afedb Merge pull request #746 from hashicorp/issue-677 
Add a PermitPool to physical and consul/inmem
 2015-11-03 15:26:58 -05:00
Jeff Mitchell 7f44a1b812 Add configuration parameter for max parallel connections to Consul 2015-11-03 15:26:07 -05:00
Jeff Mitchell 73e3aa1d64 Add create-orphan to documentation 2015-11-03 15:15:33 -05:00
Jeff Mitchell d3f7546602 Fix trailing whitespace complaints 2015-11-03 10:52:20 -05:00
Jeff Mitchell f0a25ed581 Clarify that CRLs are not fetched by Vault 2015-11-03 10:52:20 -05:00
Jeff Mitchell 154fc24777 Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell 59cc61cc79 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jeff Mitchell ffa196da0e Note that the dev server does not fork 
Fixes #710.
 2015-10-30 12:47:56 -04:00
Seth Vargo f83eba4666 Force a trailing slash 2015-10-29 16:21:39 -04:00
Jeff Mitchell e2d4a5fe0f Documentation update around path/key name encryption. 
Make it clear that path/key names in generic are not encrypted.

Fixes #697
 2015-10-29 11:21:40 -04:00
Jeff Mitchell c1d8b97342 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Jeff Mitchell 57290b6d92 Minor format fix in environment documentation 2015-10-28 09:56:28 -04:00
Seth Vargo b057645d73 Use vendored fastly logo 2015-10-26 12:13:03 -04:00
Seth Vargo a710a80252 Use releases for releases 2015-10-26 00:06:17 -04:00
Jason Antman c7ff26b650 add documentation for GitHub Auth Backend 'ttl' and 'max_ttl' parameters 2015-10-23 09:30:48 -04:00
Jason Antman b27e80d090 add GitHub Enterprise base_url to docs 
In https://github.com/hashicorp/vault/issues/716 @jefferai confirmed that the GitHub Auth Backend supports GitHub enterprise using an undocumented ``base_url`` parameter. This adds that parameter to the relevant documentation page.
 2015-10-23 09:18:07 -04:00
Jeremiah Johnson d4a8c08feb fix typo in first-secret.html.md 2015-10-22 12:04:22 -06:00
Jeff Mitchell 0168ce491b Update token documentation to better explain token durations 2015-10-22 13:02:37 -04:00
Jeff Mitchell 189b72c3ba Document the renew-self call 2015-10-21 10:53:20 -04:00
Jeff Mitchell bc40e652bf Remove revoke-self from sys API documentation as it's in the token-store instead 2015-10-21 10:46:41 -04:00
mkb 1d29ae940a Minor grammar fix. 2015-10-20 13:42:46 -07:00
Sam Handler df0d335700 bundle update middleman-hashicorp 2015-10-12 14:28:43 -04:00
Jeff Mitchell 9f0b1547bb Allow disabling the physical storage cache with 'disable_cache'. 
Fixes #674.
 2015-10-12 13:00:32 -04:00
Jeff Mitchell 44706da08c Merge pull request #691 from hashicorp/sethvargo/tabs_spaces_oh_my 
Remove tabs from terminal output
 2015-10-12 12:39:44 -04:00
Seth Vargo 50f720bc06 Remove tabs from terminal output 
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
 2015-10-12 12:10:22 -04:00
Jeff Mitchell 55c26a909e Documentation updates to remove lease id and duration from generic 
backend example.
 2015-10-12 10:01:15 -04:00
Seth Vargo 89d40450cd Force a Ruby version 2015-10-08 13:22:20 -04:00
Sam Handler ed9bb36516 bundle update middleman-hashicorp 2015-10-07 17:41:50 -04:00
Sam Handler ad09203343 use github_url to generate edit_this_page link 2015-10-07 17:39:08 -04:00
Sam Handler 703c01c767 Add github_slug and website_root config vars 2015-10-07 17:38:22 -04:00
Vishal Nayak bf464b9a4b Merge pull request #661 from hashicorp/maxopenconns 
Parameterize max open connections in postgresql and mysql backends
 2015-10-03 16:55:20 -04:00
Curtis Allen c9213a809d update acl example 
Without `auth/token/lookup-self` read access you are unable to
authenticate. Update example to work as well as use new command output.
 2015-10-02 09:06:42 -06:00
vishalnayak 644a655920 mysql: made max_open_connections configurable 2015-10-01 21:15:56 -04:00
vishalnayak 2051101c43 postgresql: Configurable max open connections to the database 2015-10-01 20:11:24 -04:00
Colin Rymer e2b157aa79 Remove redundant wording for SSH OTP introduction. 2015-09-30 10:58:44 -04:00
Jeff Mitchell f711393de6 Merge pull request #649 from ipoval/master 
[code-gardening] fix typo in the documentation
 2015-09-29 19:01:58 -07:00
Paul Hinze aa774daf1c website: bundle update 
gets latest middleman-hashicorp w/ bugfix
 2015-09-29 18:56:47 -07:00
vishalnayak c3569bae5e Fixed gravatar hash 2015-09-29 14:12:58 -04:00
Ivan Povalyukhin 0bced67170 [code-gardening] fix typo in the documentation 2015-09-28 19:34:57 -07:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Sam Handler a0290f69df Add 'edit this page' link to footer 2015-09-24 14:10:32 -07:00
Sam Handler d8ab92dcd6 bundle update middleman-hashicorp 2015-09-24 13:53:13 -07:00
Sam Handler f963e0b67d Update README to point to Makefile 2015-09-24 13:52:27 -07:00
Sam Handler b274e94413 Add Makefile 2015-09-24 13:51:25 -07:00
Jeff Mitchell af27a99bb7 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Jeff Mitchell e38c21e0ca Documentation fix for global TTLs 2015-09-24 12:17:26 -04:00
Jeff Mitchell 8fa7d3bd0b Add revoke-self to docs 2015-09-24 12:05:00 -04:00
Dominic Luechinger 89511e6977 Fixes docs for new JWT secret backend 2015-09-24 16:47:17 +02:00
Spencer Herzberg 54c62fe5aa docs: pg username not prefixed with vault- 
due to
05fa4a4a48,
vault no longer prefixes the username with `vault-`
 2015-09-22 10:14:47 -05:00
Jeff Mitchell a5f52f43b1 Minor doc update to SSH 2015-09-21 16:26:07 -04:00
Jeff Mitchell 29c722dbb6 Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell 3eb38d19ba Update transit backend documentation, and also return the min decryption 
value in a read operation on the key.
 2015-09-21 16:13:43 -04:00
Jeff Mitchell ca33cd8423 Add API endpoint documentation to cubbyhole 2015-09-21 16:13:36 -04:00
Jeff Mitchell 273f13fb41 Add API endpoint documentation to generic 2015-09-21 16:13:29 -04:00
Jeff Mitchell 59ba17c601 Add clarity to the lease concepts document. 2015-09-21 08:56:26 -04:00
Jeff Mitchell 801e531364 Enhance transit backend: 
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
 2015-09-18 14:41:05 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint. 
Fixes #620.
 2015-09-17 13:22:30 -04:00
Jonathan Klein dff6e468f9 Grammar fix 2015-09-15 15:53:27 -04:00
Jeff Mitchell 538852d6d6 Add documentation for cubbyhole 2015-09-15 13:50:37 -04:00
vishalnayak 142cb563a6 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Jeff Mitchell ace611d56d Address items from feedback. Make MountConfig use values rather than 
pointers and change how config is read to compensate.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell 488d33c70a Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell 4239f9d243 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell f4239556d2 Merge pull request #508 from mfischer-zd/webdoc_environment 
docs: Document environment variables
 2015-09-09 11:29:10 -04:00
Jeff Mitchell 1a8bcfe18d Merge pull request #592 from blalor/patch-1 
Remove unused param to 'vault write aws/roles/deploy'
 2015-09-09 11:28:15 -04:00
Michael S. Fischer 24a5127fab docs: Document environment variables 2015-09-08 11:59:58 -07:00
Neo 4e3e9c38a2 Typo fix 2015-09-08 02:43:01 +02:00
Brian Lalor 2ae48fa586 Remove unused param to 'vault write aws/roles/deploy' 
The name is taken from the path, not the request body.  Having the duplicate key is confusing.
 2015-09-06 06:57:39 -04:00
Armon Dadgar 4eaacaf546 Merge pull request #590 from MarkVLK/patch-1 
Update mysql docs markdown to fix grammar error
 2015-09-04 19:13:50 -07:00
MarkVLK fae51d605f Update transit docs markdown to add missing word 
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
 2015-09-04 17:11:34 -07:00
MarkVLK cd292d5372 Update mysql docs markdown to fix grammar error 
Changed "... used to **generated** those credentials" to "... used to **generate** those credentials."
 2015-09-04 17:05:45 -07:00
Seth Vargo 6f248425a6 Update documentation around cookies 2015-09-03 10:36:59 -04:00
Vishal Nayak d4609dea28 Merge pull request #578 from hashicorp/exclude-cidr-list 
Vault SSH: Added exclude_cidr_list option to role
 2015-08-28 07:59:46 -04:00
vishalnayak b12a2f0013 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
Jeff Mitchell a4fc4a8e90 Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470. 2015-08-27 12:24:37 -07:00
vishalnayak fbff20d9ab Vault SSH: Docs for default CIDR value 2015-08-27 13:10:15 -04:00
vishalnayak 702a869010 Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
Jeff Mitchell 8669a87fdd When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes. 2015-08-26 07:59:50 -07:00
Jeff Mitchell b940d214bd Merge pull request #568 from ctennis/add_some_s3_info 
Make it clear for physical S3 backend we support instance profiles as well.
 2015-08-26 09:03:38 -04:00
Jeff Mitchell cc232e6f79 Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell 0b580d0521 Update website documentation for init and rekey with secret_pgp_keys API option 2015-08-25 14:52:13 -07:00
Caleb Tennis 6c30f9a0f9 Make it clear we support instance profiles as well, the existing docs seem to indicate static credentials are required 2015-08-25 06:47:07 -07:00
Armon Dadgar 88a7b57491 Merge pull request #558 from captainill/master 
make sure header is below clickable area that hides sidebar
 2015-08-21 10:21:40 -07:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 0fa783f850 Update help text for TTL values in generic backend 2015-08-20 17:59:30 -07:00
captainill ad9e00b166 make sure header is below clickable area that hides sidebar 2015-08-20 17:22:48 -07:00
Jeff Mitchell b57ce8e5c2 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4. 
Fixes #528.
 2015-08-20 16:41:25 -07:00
Vishal Nayak beca9f1596 Merge pull request #385 from hashicorp/vishal/vault 
SSH Secret Backend for Vault
 2015-08-20 10:03:15 -07:00
Bernhard K. Weisshuhn 86cde438a5 avoid dashes in generated usernames for cassandra to avoid quoting issues 2015-08-20 11:15:28 +02:00
vishalnayak 76ed3bec74 Vault SSH: 1024 is default key size and removed 4096 2015-08-19 12:51:33 -07:00
vishalnayak 1f5062a6e1 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-19 12:16:37 -07:00
David Winterbottom 9fd6837d7b Fix typo in ACL doc 2015-08-19 07:36:16 +01:00
Armon Dadgar f351cd5ee0 Merge pull request #531 from mfischer-zd/fix_doc_tls 
Clarify availability of tls_min_version
 2015-08-18 19:01:28 -07:00
vishalnayak b5cda4942b Vault SSH: doc update 2015-08-18 11:50:32 -07:00
vishalnayak b91ebbc6e2 Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak 9db318fc55 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
Michael S. Fischer 0e0cdeed75 Clarify availability of tls_min_version 
`tls_min_version` doesn't work in the current Vault release;
make that clear.
 2015-08-13 08:35:09 -07:00
vishalnayak 93dfa67039 Merging changes from master 2015-08-12 09:28:16 -07:00
vishalnayak 0abf07cb91 Vault SSH: Website doc v1. Removed path_echo 2015-08-12 09:25:28 -07:00
Erik Kristensen 2233f993ae initial pass at JWT secret backend 2015-08-06 17:49:44 -06:00
Armon Dadgar f58f46c243 Merge pull request #439 from geckoboard/feature-tls-mysql 
Using SSL to encrypt connections to MYSQL
 2015-08-05 14:52:43 -07:00
Armon Dadgar 4d08cfdf6f Merge pull request #469 from kgutwin/f-config-defaultlease 
Add configuration options for default lease duration and max lease duration
 2015-08-04 10:06:41 -07:00
Vivien Schilis 9db7426002 Add documentation for the tls_ca_file option 2015-08-04 05:10:33 +00:00
Rusty Ross 719ac6e714 update doc for app-id 
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
 2015-08-03 09:44:26 -07:00
Armon Dadgar 473668a1a0 Merge pull request #482 from chiefy/master 
Adding vaulted nodejs library to libraries section in docs.
 2015-07-31 15:13:44 -07:00
Long Nguyen e666b5c624 added golang client 2015-07-31 17:10:38 -04:00
Christopher Najewicz c5c7926af6 Adding vaulted nodejs library to libraries section in docs. 2015-07-31 14:31:26 -04:00
Armon Dadgar 03728af495 Merge pull request #464 from bgirardeau/master 
Add Multi-factor authentication with Duo
 2015-07-30 17:51:31 -07:00
Bradley Girardeau aa55d36f03 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Karl Gutwin 4bad987e58 PR review updates 2015-07-30 13:21:41 -04:00
Karl Gutwin 151ec72d00 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
Armon Dadgar 1535a21198 Merge pull request #384 from dkaffee92/feature/storage-backend-consul-configuration 
allow specifying certificates used to talk to consul for storage backend
 2015-07-29 14:41:53 -07:00
Fabian Ruff 41106d9b69 fix doc for pki/revoke API 2015-07-29 14:28:12 +02:00
Kevin Fishner 9fe25414aa update analytics 2015-07-28 16:05:27 -07:00
Bradley Girardeau 112f98d86f mfa: cleanup website documentation 2015-07-28 12:25:01 -07:00
Bradley Girardeau 6c24a000a3 mfa: add website documentation 2015-07-28 11:00:57 -07:00
Daniel Kaffee a6f828ba0a made documentation a bit more clear 2015-07-28 15:50:43 +03:00
Daniel Kaffee 4146be770c refactor code 2015-07-28 14:55:33 +03:00
Armon Dadgar 83729a3bd9 website: fixing details about HA backends 2015-07-24 12:11:45 -07:00
Armon Dadgar 80e59089ba Merge pull request #449 from JustinLaRose/master 
Cassandra secret backend doc update for connection config
 2015-07-23 13:42:59 -07:00
Armon Dadgar eeb623bca0 Merge pull request #447 from kgutwin/f-tlsvers 
Specify Vault listener minimum TLS version
 2015-07-23 13:42:42 -07:00
Armon Dadgar 9ec3cefea9 Merge pull request #433 from infame-io/feature/s3_sts 
Granting S3 backend temporary access
 2015-07-23 13:33:58 -07:00
Karl Gutwin 3a5e036727 Document warning for using lower TLS versions 2015-07-23 11:54:45 -04:00
Lauro Balderas 436dfd464d S3 backend session token documentation updated 2015-07-23 22:53:20 +10:00
Justin LaRose 361f10f79e Cassandra secret backend doc update for connection config - "hosts" instead of "host" 2015-07-23 03:07:29 -04:00
Karl Gutwin 1096f5a53e Avoid unnecessary abbreviation 2015-07-22 23:28:46 -04:00
Karl Gutwin 9c963a0632 TLS minimum version documentation 2015-07-22 23:21:18 -04:00
Armon Dadgar 63fcb61145 Merge pull request #419 from nbrownus/telemetry_names 
Disable hostname prefix for runtime telemetry
 2015-07-22 15:38:23 -07:00
Armon Dadgar 01147622ce Merge pull request #420 from bgirardeau/master 
LDAP Auth - Add per-user policies and option to login with userPrincipalName
 2015-07-22 14:35:21 -07:00
Bradley Girardeau e8d26d244b ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Seth Vargo 564f6d3743 Small tutorial fixes and tweaks 2015-07-19 16:52:11 -04:00
Daniel Somerfield 30920dc751 Finished draft of api tutorial and worked it into the flow. 2015-07-19 12:29:06 -07:00
Daniel Somerfield 89e0ed22db More work on apis doc. 2015-07-16 06:29:52 -07:00
Daniel Somerfield 3f45692500 Added start of page in intro that explains / demos the REST apis 2015-07-15 06:28:04 -07:00
Bradley Girardeau 1e1d4ba66d ldap: add documentation for setting policies based on user 2015-07-14 16:13:40 -07:00
Nate Brown 65dc78ba35 Docs for the telemetry object 2015-07-14 15:45:45 -07:00
Bradley Girardeau 0e2edc2378 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Seth Vargo d86a608db8 Use Rack::Protection 2015-07-13 13:07:24 -04:00
Seth Vargo 2ddeb831e4 Update middleman-hashicorp 2015-07-13 13:07:18 -04:00
Armon Dadgar 3042452def website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar 7be012b8b6 website: help command is now path-help 2015-07-13 20:03:29 +10:00
Armon Dadgar 26937498f6 physical/zk: Fixing node representation. Fixes #416 2015-07-13 19:33:23 +10:00
Armon Dadgar 8dd9478e14 website: fixing documentation errors. Fixes #412 2015-07-13 19:10:44 +10:00
Armon Dadgar 2da54da6ed website: update HA status, discourage ZK 2015-07-13 19:01:32 +10:00
Matt Button 76bc988e50 Remove documentation that was copied from the terraform project 2015-07-12 16:52:24 +00:00
mootpt 872593d1e1 fixed secrets backend url 
minor doc fix
 2015-07-06 11:11:58 -07:00
mootpt f782e7382e pointed authentication backend to proper location 
pointed authentication backend to proper location
 2015-07-06 10:42:14 -07:00
Armon Dadgar 70cd3d1206 Merge pull request #400 from hashicorp/f-glob 
Change ACL semantics, use explicit glob and deny has highest precedence
 2015-07-06 11:15:49 -06:00
Armon Dadgar 768a6e33b0 website: clarify changes in addition to feedback 2015-07-06 11:10:09 -06:00
Armon Dadgar 0be3d419c8 secret/transit: address PR feedback 2015-07-05 19:58:31 -06:00
Armon Dadgar 37b68d6dce website: clarify getting started ACL docs 2015-07-05 18:40:05 -06:00
Armon Dadgar 01b0257c5f website: update for glob matching 2015-07-05 17:43:13 -06:00
Armon Dadgar f4d555a2ba website: document derived keys in secret/transit 2015-07-05 14:47:16 -07:00
Armon Dadgar 0521c6df6c http: support ?standbyok for 200 status on standby. Fixes #389 2015-07-02 17:49:35 -07:00
Bradley Girardeau 42050fe77b ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar 3c58773598 Merge pull request #380 from kgutwin/cert-cli 
Enable TLS client cert authentication via the CLI
 2015-06-30 11:44:28 -07:00
Armon Dadgar b8f2e8d498 website: document insecure_tls for LDAP backend 2015-06-30 09:42:18 -07:00
Jeff Mitchell 42b90fa9b9 Address some issues from code review. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:27:23 -04:00
Karl Gutwin 70fc49be84 Website docs. 2015-06-30 09:18:39 -04:00
Jeff Mitchell fccbc587c6 A Cassandra secrets backend. 
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:04:01 -04:00
Armon Dadgar 3902626163 Merge pull request #310 from jefferai/f-pki 
Initial PKI backend implementation
 2015-06-21 11:12:22 +01:00
sergiopatino 3e58e8fff2 Fix typo in link to Atlas URL. 
Missing a colon after https!
 2015-06-21 02:41:26 -07:00
Jeff Mitchell e086879fa3 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell a6fc48b854 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Armon Dadgar 28ddff305c physical/mysql: cleanup and documentation 2015-06-18 14:31:00 -07:00
Jeff Mitchell 34f495a354 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00
Armon Dadgar 7e6f44e39e website: document transit upsert behavior 2015-06-17 18:51:58 -07:00
Armon Dadgar 93ee9f6b76 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Jeff Mitchell 49f1fdbdcc Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Armon Dadgar 07df5c251d Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix 
Do not output the trailing newline in encoding.
 2015-06-15 17:36:01 -07:00
Seth Vargo db178571eb Document longest-prefix match 
Fixes https://github.com/hashicorp/vault/issues/331
 2015-06-15 14:29:20 -04:00
Seth Vargo 90dfbe2883 Update gems 2015-06-15 13:54:36 -04:00
Ryan Currah c232fee6b3 Do not output the trailing newline in encoding. 
Added -n to echo command to prevent newlines from showing up in encoding.
 2015-06-13 12:03:57 -04:00
Jeff Mitchell e17ced0d51 Fix a docs-out-of-date bug. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-12 16:33:00 -04:00
Jeff Mitchell db5354823f Fix some out-of-date examples. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 21:17:05 -04:00
Jeff Mitchell 1513e2baa4 Add acceptance tests 
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Jeff Mitchell 0d832de65d Initial PKI backend implementation. 
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Justin Campbell 2a1eac837c docs: Fix examples of auth via JSON 
For both userpass and LDAP
 2015-06-04 10:38:11 -04:00
Justin Campbell d634a92d2a Remove .DS_Store 
Already gitignored
 2015-06-04 10:17:00 -04:00
Armon Dadgar 66ab2bbf54 Merge pull request #263 from sheldonh/iam-policy 
List IAM permissions required by root credentials
 2015-06-01 13:16:51 +02:00
Armon Dadgar 98cca9cb18 Merge pull request #261 from jsok/consul-lease 
Add ability to configure consul lease durations
 2015-06-01 13:04:28 +02:00
Armon Dadgar 82caf31532 Merge pull request #277 from hashicorp/f-rotate 
Add support for key rotation
 2015-06-01 12:52:32 +02:00
Seth Vargo 507f5b0114 Cleanup style on http index docs 2015-05-31 21:23:44 -07:00
Seth Vargo 4a41d05870 Merge pull request #271 from boncheff/f-doc-update-read-write-example 
Update index.html.md
 2015-05-31 21:20:34 -07:00
Seth Vargo 090de2c6d3 Merge pull request #279 from whit537/patch-1 
Capitalize the first word of a sentence
 2015-05-31 15:53:34 -07:00
Seth Vargo 7fd3d50f3e Merge pull request #280 from whit537/patch-2 
Put me in charge of dev mode :)
 2015-05-31 15:53:24 -07:00
Seth Vargo d90b63a520 Merge pull request #282 from whit537/patch-3 
Add a missing word
 2015-05-31 15:52:21 -07:00
Seth Vargo 68c9b9dd83 Merge pull request #283 from whit537/patch-4 
revisions to Getting Started > Dynamic Secrets
 2015-05-31 15:52:08 -07:00
Seth Vargo dba3fde064 Merge pull request #284 from whit537/patch-5 
revisions to Getting Started > Built-in Help
 2015-05-31 15:51:51 -07:00
Seth Vargo 83ad07bb72 Merge pull request #285 from whit537/patch-6 
revisions to Getting Started > Authentication
 2015-05-31 15:51:39 -07:00
Seth Vargo 1514dd5a14 Merge pull request #286 from whit537/patch-7 
revisions to Getting Started > Access Control Policies
 2015-05-31 15:51:08 -07:00
Seth Vargo 105def7354 Merge pull request #287 from whit537/patch-8 
revisions to Getting Started > Deploy Vault
 2015-05-31 15:50:58 -07:00
Chad Whitacre b83f3f2d02 Provide missing verb 2015-05-31 17:19:34 -04:00
Chad Whitacre e7cc5649dd Fix punctuation 
We want an apostrophe (for the contraction, not the possessive), but we don't want an extra period.
 2015-05-31 17:00:44 -04:00
Chad Whitacre 2df20f0c8c Remove an errant article 2015-05-31 16:47:15 -04:00
Chad Whitacre 1629f9ac93 Fix number of a noun 2015-05-31 16:42:29 -04:00
Chad Whitacre b1b2a4be7c Fix another broken passive 2015-05-31 16:34:34 -04:00
Chad Whitacre fcc7cbaee5 Fix a broken verb voice 2015-05-31 16:31:10 -04:00
Chad Whitacre 4a4d944bcc Charges don't incur themselves 2015-05-31 16:24:03 -04:00
Chad Whitacre 2ee0e9c51b REMOVE A SINGLE WHITESPACE CHARACTER 2015-05-31 16:21:39 -04:00
Chad Whitacre bd4dce28b5 Remove quotes to match styling elsewhere 
Cf. http://vaultproject.io/intro/getting-started/dynamic-secrets.html
 2015-05-31 16:20:56 -04:00
Chad Whitacre 11cd9eb6f5 Add a missing word 2015-05-31 16:19:38 -04:00
Chad Whitacre 2e00c9dd27 fix line wrapping 
Sorry!
 2015-05-31 16:07:50 -04:00