Commit graph

399 commits

Author SHA1 Message Date
Michael Golowka 302cc4870e
Add Username Templating Concepts page (#10935) 2021-02-26 16:04:12 -07:00
Tom Proctor 45d9efd0c2
Add notice about MongoDB Atlas whitelist deprecation (#10967) 2021-02-26 20:38:27 +00:00
Lauren Voswinkel 075898cf73
Add IAM tagging support for iam_user roles in AWS secret engine (#10953)
* Added support for iam_tags for AWS secret roles

This change allows iam_users generated by the secrets engine
to add custom tags in the form of key-value pairs to users
that are created.
2021-02-25 16:03:24 -08:00
Jim Kalafut e60cc11f33
Add configurable exponential backoff to Agent auto-auth (#10964) 2021-02-23 12:04:21 -08:00
Clint b0b121753a
update docs related to OCI alias changes (#10952)
* update docs related to OCI alias changes

* covert CHANGELOG update to a changelog/ entry
2021-02-23 10:08:15 -06:00
Jim Kalafut 4b1557e6ab
Minor update to Secrets engine overview docs (#10977)
The reference to API calls and link to code isn't a good fit here.

Reverts eb3e34d
2021-02-23 07:17:44 -08:00
Clint f998f96451
Add documentation for upcoming Terraform Cloud secret engine (#10823)
* add side navigation for Terraform Cloud Secret Engine

* terraform cloud engine docs

* add api-docs for terraform cloud secret engine

* fix some typos and improve wording, now with less management

* fix capitalization

* change text->shell-session

* clarify rotating user roles returns an error
2021-02-22 10:57:52 -06:00
Jim Kalafut 7e54bc15c2
Add TOTP support to Okta Auth (#10942) 2021-02-21 21:18:17 -08:00
Austin Gebauer 0017b78919
Adds API docs for max_age role parameter of JWT/OIDC auth method (#10916) 2021-02-19 13:39:58 -08:00
Nick Cabatoff 81105274d1
Add docs for Agent's template_retry option added in #10644, based on those from consul-template configuration. Also fix some existing config docs that weren't adhering to our conventions. (#10911) 2021-02-18 11:24:36 -08:00
Brian Fox 7f6ec265a1
Update KV Secrets Engine index (#10933)
Just a suggestion on how to perhaps improve the language as I found myself re-reading the sentences due to the missing "either ... or ..." having been _told_ that it `can be run in two modes`.
2021-02-17 14:27:37 -08:00
Nick Cabatoff 1b789f5ae5
Note that all local mounts are impacted, including on primary. (#10807) 2021-02-16 10:37:37 -05:00
Rosemary Wang a48db957ca
docs: Update Azure AD OIDC documentation (#10853)
Addresses #8191 with clearer external groups configuration.
2021-02-12 17:28:00 -08:00
Mark Gritter a8d2e6e350
Added a table showing the entity alias name used by each auth method. (#10908)
* Also corrected the text about token auth method.
2021-02-11 18:34:45 -06:00
aphorise 17003328ab
Docs - Namespace monitoring corrected examples (#10863)
Re-doing PR #10305
2021-02-11 11:32:52 -06:00
Tom Proctor 5f9891f992
auth/kubernetes docs: Correct default issuer (#10900)
As per 207d1b4c1c/path_login.go (L24), the default issuer when none is set is `kubernetes/serviceaccount`.
2021-02-11 15:26:34 +00:00
Vishal Nayak 53cb1deb38
Revert "Read-replica instead of non-voter (#10875)" (#10890)
This reverts commit fc745670cf34821f5834357d9caebc3351dbc1e7.
2021-02-10 16:41:58 -05:00
Vishal Nayak a2394e7353
Read-replica instead of non-voter (#10875) 2021-02-10 09:58:18 -05:00
Jim 7cb100e9a7
Update kubernetes.mdx (#10871)
Add suggestion to validate K8S cluster address and TCP port using cluster-info command and update sample config (line 77) to prompt for validation. Feedback from prospect was that doc is misleading since our sample uses TCP 8443.
2021-02-09 14:50:31 -05:00
jonZlotnik 541079dec3
both serviceaccount and namespace can be splat (#10829)
Needs to be changed in the docs.
Please see commit 70bc47384bedfc895d08d1df17a45b0c4ea8b6de
2021-02-09 11:14:13 -08:00
Scott Miller ad1621dd5f
Add documentation about the horizontal cluster scalability of PKI secret engine operations (#10745)
* Add documentation about the horizontal cluster scalability of PKI secret engine operations

* Mention generate_lease

* cluster terminology

* Discuss generate_lease

* active again

* One more go
2021-02-09 11:00:24 -06:00
Michael Golowka aaa51e975f
Add docs for OpenLDAP dynamic secrets (#10817) 2021-02-05 10:49:29 -07:00
Calvin Leung Huang b1c4b86d7f
approle: add ttl to the secret ID generation response (#10826)
* approle: add ttl to the secret ID generation response

* approle: move TTL derivation into helper func

* changelog: add changelog entry

* docs: update approle docs and api-docs pages
2021-02-03 16:32:16 -08:00
Jason O'Donnell 84cb949802
k8s doc: update for 0.9.1 and 0.8.0 releases (#10825)
* k8s doc: update for 0.9.1 and 0.8.0 releases

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-02-02 16:37:34 -05:00
Josh Black 449b9ddedb
Clarify docs around using the Vault Agent as a windows service (#10519) 2021-02-01 10:03:42 -08:00
Mark Gritter 3ec15c4927
Fix use of identity/group endpoint to edit group by name (#10812)
* Updates identity/group to allow updating a group by name (#10223)
* Now that lookup by name is outside handleGroupUpdateCommon, do not
use the second name lookup as the object to update.
* Added changelog.

Co-authored-by: dr-db <25711615+dr-db@users.noreply.github.com>
2021-01-29 16:50:08 -06:00
Mike Green 588ce498d3
clarify space limits in bytes (#10811) 2021-01-29 14:43:48 -05:00
Nick Cabatoff 936ce3ba62
Document identity behaviour on local auth mounts. (#10805) 2021-01-28 11:45:53 -05:00
Hridoy Roy 17e20bdaa6
docs change for max request size community PR (#10723) 2021-01-27 10:02:00 -08:00
Hridoy Roy 537189cab8
make token create case insensitive [VAULT-1021] (#10743)
* make token create case insensitive

* changelog

* comment update
2021-01-27 09:56:54 -08:00
Hridoy Roy d1241b5286
changelog for entropy augmentation PR [VAULT-1179] (#10755)
* changelog for entropy augmentation

* docs upgrade

* docs upgrade

* docs upgrade

* docs upgrade
2021-01-26 21:06:38 -08:00
Aleksandr Bezobchuk 46c3f1f7bc
docs: update "Policy Syntax" section (#10590)
Co-authored-by: mgritter <mgritter@hashicorp.com>
2021-01-26 22:14:47 -06:00
Aleksandr Bezobchuk 2ec8f9a222
metrics: activity log (#10514)
* core: add vault.identity.entity.active.monthly log
* Fixed end-of-month metrics and unit test.
* Added metric covering month-to-date (not broken down by namespace.)
* Updated documentation
* Added changelog.

Co-authored-by: mgritter <mgritter@hashicorp.com>
2021-01-26 16:37:07 -06:00
Jim Kalafut fb049caa7f
Clarify agent lease renewal docs (#10772) 2021-01-26 12:07:59 -08:00
John Eikenberry 1ecd3464eb
fix deep links to consul-template docs (#10768) 2021-01-25 16:42:19 -08:00
Mike Green b0d5660765
Clarify slash is needed on gcs and azure (#10710)
Clarify user question, unexpected behavior with no slash on gcs.
2021-01-21 12:32:24 -05:00
Lauren Voswinkel 086e8bbb74
Updates api-docs for static role deletion (#10736)
We now specify that the user will remain unless cleaned up manually
2021-01-20 12:57:00 -08:00
Nick Cabatoff b93c5ff304
Spell out how to configure credentials for GCS. (#10589) 2021-01-20 09:09:23 -05:00
Lauren Voswinkel 1ec64fd010
Update Snowflake docs (#10691)
* Update Snowflake docs

Snowflake docs had an issue, `DEFAULT ROLE` should be `DEFAULT_ROLE`

* Update docs to show an actual username
2021-01-13 14:59:16 -08:00
Eugene R 331529fc94
Aerospike storage backend (#10131)
* add an Aerospike storage backend

* go mod vendor

* add Aerospike storage configuration docs

* review fixes

* bump aerospike client to v3.1.1

* rename the defaultHostname variable

* relocate the docs page
2021-01-12 15:26:07 -08:00
Scott Miller 77d27cb968
Add NIST guidance on rotating keys used for AES-GCM encryption (#10612)
* Add NIST guidance on rotating keys used for AES-GCM encryption

* Capture more places barrier encryption is used

* spacing issue

* Probabilistically track an estimated encryption count by key term

* Un-reorder imports

* wip

* get rid of sampling
2021-01-07 15:37:37 -06:00
Theron Voran c788e98a16
Adding documentation for multiple vault-k8s replicas (#10659)
Describes the setup and config for using multiple injector replicas
with auto and manual TLS.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-01-07 12:22:21 -08:00
Mark Gritter d076d95d37
Feature flags API (#10613)
* Added sys/internal/ui/feature-flags endpoint.
* Added documentation for new API endpoint.
* Added integration test.
Co-authored-by: swayne275 <swayne@hashicorp.com>
2021-01-06 16:05:00 -06:00
Jim Kalafut 9064097c5d
Make example Okta creds more obviously fake (#10639) 2021-01-06 10:05:23 -08:00
Lauren Voswinkel ce90acd68d
Add Snowflake docs to the website (#10617)
* Add snowflake docs to the website

* Update navs

* Add Snowflake to the DB Capabilities table
2021-01-05 14:44:28 -08:00
Jason O'Donnell abfb92173c
docs: update Vault Helm to 0.9.0 (#10656)
* docs: update vault-helm for 0.9.0

* Fix typo in leaderElector config

* Add default value to ttl

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Add affinity default for injector

* Update website/content/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-01-05 16:46:20 -05:00
Nick Cabatoff 5c446d9d53
Clarify which seal/recovery config we mean. (#10634) 2021-01-04 10:31:36 -05:00
Nick Cabatoff 69e68c4d0d
Document constraints re primary vs secondary clusters. (#10527) 2021-01-04 08:35:17 -05:00
Jeff Escalante ec620a7765
Implement MDX Remote (#10581)
* implement mdx remote

* fix an unfenced code block

* fix partials path

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2020-12-17 16:53:33 -05:00