Justin Gerace
403efeb5ae
Add globbing support to the PKI backend's allowed_domains list ( #2517 )
2017-05-01 10:40:18 -04:00
Michael Ansel
30b71cbbac
Add constraints on the Common Name for certificate-based authentication ( #2595 )
...
* Refactor to consolidate constraints on the matching chain
* Add CN prefix/suffix constraint
* Maintain backwards compatibility (pick a random cert if multiple match)
* Vendor go-glob
* Replace cn_prefix/suffix with required_name/globbing
Move all the new tests to acceptance-capable tests instead of embedding in the CRL test
* Allow authenticating against a single cert
* Add new params to documentation
* Add CLI support for new param
* Refactor for style
* Support multiple (ORed) name patterns
* Rename required_names to allowed_names
* Update docs for parameter rename
* Use the new TypeCommaStringSlice
2017-04-30 11:37:10 -04:00
Cameron Stokes
73867dab92
Add local flag to docs for API endpoints. ( #2625 )
2017-04-28 14:33:27 -04:00
Ryan Smith-Evans
d0d448cfbe
Added required header ( #2656 )
2017-04-28 08:56:14 -04:00
greenbrian
90a442ec92
Fix links on Consul storage backend page ( #2652 )
2017-04-28 07:48:23 -04:00
Chris Hoffman
1a60fede58
Updating revoke/renew to prefer PUT method ( #2646 )
2017-04-27 10:47:43 -04:00
Jeff Mitchell
d9e639ece2
Fix types of listener options, currently they're all strings
2017-04-25 11:20:48 -04:00
Seth Vargo
7b21562f07
Make sidebar a bit wider on smaller screens ( #2638 )
2017-04-24 15:39:58 -04:00
Joel Thompson
e06a78a474
Create unified aws auth backend ( #2441 )
...
* Rename builtin/credential/aws-ec2 to aws
The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.
* Expand aws-ec2 backend to more generic aws
This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.
* Add missing aws auth handler to CLI
This was omitted from the previous commit
* aws auth backend general variable name cleanup
Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.
* Update docs for the aws auth backend
* Refactor aws bind validation
* Fix env var override in aws backend test
Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.
* Update docs on use of IAM authentication profile
AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.
* Fix typo in aws auth cli help
* Respond to PR feedback
* More PR feedback
* Respond to additional PR feedback
* Address more feedback on aws auth PR
* Make aws auth_type immutable per role
* Address more aws auth PR feedback
* Address more iam auth PR feedback
* Rename aws-ec2.html.md to aws.html.md
Per PR feedback, to go along with new backend name.
* Add MountType to logical.Request
* Make default aws auth_type dependent upon MountType
When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.
* Pass MountPoint and MountType back up to the core
Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
2017-04-24 15:15:50 -04:00
Matthew Gallagher
8c75c2611a
Remove mention of Darwin mlock support from docs. ( #2624 )
2017-04-22 16:56:01 -04:00
Cameron Stokes
82e9b089be
[docs] Fix typo in Transit API docs.
2017-04-20 15:18:55 -07:00
Chad Greenburg
960fdb6a8a
Added documentation for listing roles in the Consul secret backend ( #2619 )
2017-04-20 07:44:25 -04:00
Eric Bock
f3be8927db
Fixing typo in Transit API rewrap section ( #2617 )
2017-04-19 09:29:33 -07:00
Brian Nuszkowski
74d78f247c
Add api documentation for unauthenticated SSH CA public key retrieval ( #2616 )
2017-04-19 11:30:24 -04:00
Jeff Mitchell
4995c69763
Update sign-verbatim to correctly set generate_lease ( #2593 )
2017-04-18 15:54:31 -04:00
Mitch Davis
a051ec1b59
Use service bind for searching LDAP groups ( #2534 )
...
Fixes #2387
2017-04-18 15:52:05 -04:00
Jeff Mitchell
f4cd8c5200
Merge pull request #2607 from hashicorp/b-grammar
...
Fix sentence - remove "and"
2017-04-18 15:50:56 -04:00
Jeff Mitchell
563ad2175f
Update index.html.md
2017-04-18 15:50:44 -04:00
Seth Vargo
490b98ee93
Update logos
2017-04-18 14:17:56 -04:00
Jon Benson
73950e8fb1
Fix sentence - remove "and"
2017-04-17 19:35:04 -07:00
Jeff Mitchell
d5f5ecf0ab
Remove allow_token_displayname from docs as we don't support that any longer
2017-04-17 17:25:44 -04:00
Jeff Mitchell
f14fd329fd
Add more info to STS TTL to website
2017-04-17 17:19:13 -04:00
Phil Watts
c98de70310
Update revoke.html.md ( #2604 )
...
Changed param's description verb from renew to revoke, to match the page context.
2017-04-17 12:40:24 -04:00
Jeff Mitchell
ce58bfa88f
Update SSH docs to indicate deprecation of dynamic key type
2017-04-17 11:11:05 -04:00
James Phillips
b6758b7ea9
Update 404.html.md ( #2594 )
2017-04-14 12:19:15 -04:00
Jeff Mitchell
c2407eab5a
Add some extra documentation around ssh-keygen -L to see signed cert
...
info.
Ping #2569
2017-04-13 15:23:27 -04:00
Chris Hoffman
3c7a69b119
minor docs update
2017-04-10 09:46:25 -04:00
Jeff Mitchell
9136952055
Update AES-GCM verification text
2017-04-07 14:35:29 -04:00
Shivaram Lingamneni
2117dfd717
implement a no_store option for pki roles ( #2565 )
2017-04-07 11:25:47 -07:00
Jeff Mitchell
e0d00fdf7b
Remove superfluous/misleading comments around some listener options
2017-04-07 14:23:56 -04:00
Jeff Mitchell
f805618a2c
Update SSH CA documentation
...
Fixes #2551
Fixes #2569
2017-04-07 11:59:25 -04:00
Seth Vargo
53e1bd02a1
Add press-kit
2017-04-06 18:43:55 -04:00
Seth Vargo
4ac4b92cbb
Import fonts
2017-04-06 18:42:09 -04:00
Seth Vargo
6883eebbd9
Add press kit, hashicorp logo
2017-04-06 18:28:26 -04:00
Jeff Mitchell
d39ca0be68
Remove "these are denoted below" w.r.t. SIGHUP
...
SIGHUP support is denoted in the sections/options that support actions on SIGHUP, so with the new docs layout it's confusing to have the old statement in there. Remove in favor of the inline comments.
Fixes #2572
2017-04-06 16:08:58 -04:00
Sebastian Haba
3322f637ac
add mssql physical backend ( #2546 )
2017-04-06 09:33:49 -04:00
Pavel Timofeev
d2afabe4f6
Ldap auth doc fix ( #2568 )
...
* Move url parameter to the next line and fix a typo
* Add userdn paramater to the Scenario 1.
Without userdn set Vault can't search with error like
Code: 400. Errors:
* LDAP search failed for detecting user: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
''
2017-04-05 08:29:38 -07:00
Cameron Stokes
76c74a3995
[docs] Add header to fix formatting.
2017-04-05 10:35:59 +10:00
Cameron Stokes
1884845525
[docs] Adding missing guide from index page.
...
Also, make guide titles consistent with sidebar.
2017-04-05 10:22:20 +10:00
Jeff Mitchell
04bbc50ccb
Add back lost Postgres creation sql for storage backend
2017-04-04 12:30:07 -04:00
Emre Erkunt
de3d2438b7
Fixed an example on aws backend documentation about an iam profile. ( #2522 )
2017-04-04 09:03:27 -07:00
Jonathan Sokolowski
a4ceaf0035
Etcd DNS discovery ( #2521 )
...
* etcd: Add discovery_srv option
2017-04-04 08:50:44 -07:00
Jeff Mitchell
9ec414016d
Update SSH docs to note that host key verification is not performed.
2017-04-03 10:43:41 -04:00
Francis Chuang
917158a510
Fix typo ( #2558 )
2017-04-03 05:46:40 -07:00
Paul Cichonski
75e531e8aa
fix typo in pki api doc
2017-04-02 17:02:11 -04:00
Adam Shannon
a6156d8e79
Quote dynamodb's ha_enabled property ( #2547 )
...
With `ha_enabled = true` vault crashes with the following error:
```
error parsing 'storage': storage.dynamodb: At 17:16: root.ha_enabled: unknown type for string *ast.LiteralType
```
This seems related to https://github.com/hashicorp/vault/issues/1559
2017-03-30 14:09:47 -07:00
Seth Vargo
b5ab4745fc
Update helpers
2017-03-29 21:39:48 -04:00
Seth Vargo
8bcb3bda9c
Remove commented colors
2017-03-29 19:08:09 -04:00
Seth Vargo
c600a426d8
Add new colored header styles
2017-03-29 19:04:39 -04:00
vishalnayak
1cfd0e94b3
docs: aws-ec2: link sts configuration from cross account access
2017-03-28 14:34:21 -07:00
Seth Vargo
383a4cacaa
Re-add FOUT
2017-03-26 17:07:29 -04:00
Seth Vargo
4fb3f7f32a
Remove dependency on bootstrap
...
This greatly reduces our javascript footprint
2017-03-26 16:58:16 -04:00
Seth Vargo
dd44ad7b85
Remove pry
2017-03-26 16:08:16 -04:00
Seth Vargo
5b0acbfeba
Cleanup CSS
2017-03-26 16:04:21 -04:00
Dan Everton
4ef8ce1198
Add permitPool support to S3 ( #2466 )
2017-03-26 14:32:26 -04:00
Paul Nicholson
85acdb7f5e
fix typo in ssh api documentation ( #2529 )
2017-03-23 23:48:26 -07:00
Matthew Irish
9f6dea5ffd
remove sidebar include in sass ( #2516 )
2017-03-21 13:08:27 -05:00
Matthew Irish
f6fba9bb3c
replication is an enterprise-only feature ( #2514 )
2017-03-21 13:30:27 -04:00
Jeff Mitchell
04d8f3a34d
Fix AWS-EC2 sts/certificate typo
...
Fixes #2512
2017-03-21 13:29:40 -04:00
Jack Pearkes
efa2a280aa
website: update docs to clearly link to enterprise version
2017-03-21 08:41:39 -07:00
Jonathan Thomas
c41ee12c38
website: latest news section ( #2506 )
...
* website: add latest news section which includes vault webinar details
* small padding tweak
2017-03-20 18:23:46 -04:00
Seth Vargo
0f1b9499c0
Nevermind... meganav uses it
2017-03-20 01:51:57 -04:00
Seth Vargo
2357039044
Fix typo
2017-03-20 01:50:45 -04:00
Seth Vargo
f30f6f489f
Do not require bootstrap
2017-03-20 01:50:40 -04:00
Seth Vargo
d3da5b231b
Link to index.html pages
2017-03-20 01:37:22 -04:00
Seth Vargo
3a4e14cfe6
Remove quotes from meta descriptions
...
SEO stops at that quote, so many of our pages have a description of
"the".
2017-03-20 01:35:21 -04:00
Seth Vargo
166e0b4ef4
Use inline svgs
2017-03-20 01:27:23 -04:00
Seth Vargo
f2355301c3
Upgrade to latest middleman-hashicorp
2017-03-20 01:27:23 -04:00
Seth Vargo
cb1a2cb361
Migrate to middleman-hashicorp sidebar
2017-03-20 01:27:23 -04:00
Seth Vargo
45a5982a6f
Remove unused javascript
...
It looks like these came over from Nomad(?), but we do not use them
anywhere. This saves about 4kb on the compressed javascript, so it's a
big savings. Also, it causes namespace conflicts.
2017-03-20 01:27:23 -04:00
Vishal Nayak
b9b68ca5e8
docs: Elaborate the steps for SSH CA backend with 'sshd_config' changes ( #2507 )
2017-03-19 18:52:15 -04:00
Seth Vargo
985b283b08
Ensure description
2017-03-17 23:14:36 -04:00
Matthew Irish
b5e49af2d8
website: turbolinks + ember = ❤ ( #2504 )
...
* move application.js to head
* move ember app to separate file and exclude from turbolinks
2017-03-17 16:05:59 -05:00
Brian Kassouf
5437cf2e51
Add note about prefix/suffix globbing on policy parameters
2017-03-17 13:53:41 -07:00
Seth Vargo
6d83640c85
Add API to sidebar
2017-03-17 15:44:09 -04:00
Seth Vargo
21ecbda1f4
Update titles
2017-03-17 14:37:01 -04:00
Seth Vargo
6931bbd091
Links
2017-03-17 14:27:32 -04:00
Seth Vargo
66321cdb76
Space out downloads links a bit
2017-03-17 14:07:39 -04:00
Seth Vargo
d4390d103e
/docs/http -> /api
2017-03-17 14:06:03 -04:00
Jeff Mitchell
d2e9e0b873
Merge branch 'master-oss' into pr-2495
2017-03-17 13:40:58 -04:00
Jeff Mitchell
a38b55385a
Update replication guide and add to sidebar
2017-03-17 12:38:19 -04:00
Jeff Mitchell
6109dcf7d7
Fix broken GCS account link
2017-03-17 12:12:28 -04:00
Jeff Mitchell
9bfcc0be94
Fix misspelling of website link
2017-03-17 12:07:37 -04:00
Seth Vargo
05e8b1861f
Formatting
2017-03-16 12:06:15 -07:00
Seth Vargo
0f845ef67d
Use relative links
2017-03-16 12:04:36 -07:00
Seth Vargo
bfa7fe9a3e
Fix sentence
2017-03-16 12:04:14 -07:00
Seth Vargo
5c1f017274
Reformat replication API
2017-03-16 11:57:06 -07:00
Seth Vargo
037700b86e
Update PKI backend API docs
2017-03-16 11:26:09 -07:00
Seth Vargo
b340d9ff8c
Fix formatting in SSH
2017-03-16 11:25:59 -07:00
Seth Vargo
faef58b355
Fix Cassandra text
2017-03-16 11:25:37 -07:00
Seth Vargo
9934b66fe0
Add new SSH field
2017-03-16 09:48:45 -07:00
Seth Vargo
e86465c13b
Add SSH
2017-03-16 09:47:08 -07:00
Seth Vargo
e473ee99a8
Fix TODOs
2017-03-16 09:47:08 -07:00
Seth Vargo
b078963ab2
Hide auth backends for now
...
The migration is getting too large, so we'll tackle this move in another
PR
2017-03-16 09:47:08 -07:00
Seth Vargo
3fd0bd36cc
Break out API documentation for secret backends
2017-03-16 09:47:06 -07:00
Seth Vargo
19b2b049c3
Redo docs for system backend
...
This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.
2017-03-16 09:46:49 -07:00
Seth Vargo
a80e0695be
Update middleman version
2017-03-16 09:46:48 -07:00
Seth Vargo
db4f689009
Do not have a large margin
2017-03-16 09:46:48 -07:00
Seth Vargo
cd4bcc9c00
Allow nested code in li to receive new highlighting
2017-03-16 09:46:48 -07:00
Seth Vargo
849f57e73a
Update layouts and assets for consistency
2017-03-16 09:46:47 -07:00
Jeff Mitchell
dce031bec2
Bump for 0.7 release
2017-03-16 11:41:50 -04:00
Mike Okner
95df7beed9
Adding allow_user_key_ids field to SSH role config ( #2494 )
...
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name. Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
2017-03-16 08:45:11 -04:00
Jeff Mitchell
2b98f004ac
Fix layout for replication
2017-03-16 06:50:33 -04:00
Jeff Mitchell
12e5132779
Allow roles to specify whether CSR SANs should be used instead of ( #2489 )
...
request values. Fix up some documentation.
Fixes #2451
Fixes #2488
2017-03-15 14:38:18 -04:00
Andy Manoske
8aa7f120b0
Vault_Enterprise_WWW ( #2327 )
2017-03-15 14:31:14 -04:00
Jeff Mitchell
584aedad04
Add upgrade to 0.7 page
2017-03-15 12:34:11 -04:00
Stanislav Grozev
4bc3abd152
Remove superfluous argument from SSH CA docs
2017-03-14 10:21:48 -04:00
Stanislav Grozev
7d59d7d3ac
Reads on ssh/config/ca return the public keys
...
If configured/generated.
2017-03-14 10:21:48 -04:00
Stanislav Grozev
830de2dbbd
If generating an SSH CA signing key - return the public part
...
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
2017-03-14 10:21:48 -04:00
Jeff Mitchell
ab56fdbebf
Clarify cluster_addr and cluster_address
2017-03-14 10:17:58 -04:00
Jeff Mitchell
4fa4034d50
Minor doc updates
2017-03-14 10:11:47 -04:00
Vishal Nayak
285bdf0a6f
docs: clarify 'storage' and 'ha_storage' requirements ( #2471 )
2017-03-11 09:43:14 -05:00
Vishal Nayak
220beb2cde
doc: ssh allowed_users update ( #2462 )
...
* doc: ssh allowed_users update
* added some more context in default_user field
2017-03-09 10:34:55 -05:00
vishalnayak
431070f828
doc: ssh markdown alignments
2017-03-08 21:58:12 -05:00
Jason Costello
012c8f6c2f
remove offset from footer
2017-03-08 17:36:59 -08:00
Jason Costello
52b3d7beb5
Re apply offset change after rebase
2017-03-08 17:34:57 -08:00
Jack Pearkes
2c3736bbe2
website: add squashed mega-nav work
2017-03-08 17:27:31 -08:00
Seth Vargo
f18318f6dd
Move upgrade into guides ( #2460 )
...
* Move upgrades to guides
* Make root token copy-pastable
2017-03-08 17:33:58 -05:00
Seth Vargo
aa6346a8f6
Use htmlcompat in middleman-hashicorp
2017-03-08 14:14:52 -08:00
Seth Vargo
d9c10960b7
Update license
2017-03-08 11:38:38 -08:00
Seth Vargo
7cd31072c2
Update license
2017-03-08 11:36:25 -08:00
Seth Vargo
2204e50f53
Delete config.ru
2017-03-08 11:28:43 -08:00
Seth Vargo
23c0c47ff5
Update favicons, container, turbolinks
2017-03-08 11:07:20 -08:00
Seth Vargo
49189e76f2
Fix website command
2017-03-08 09:47:16 -08:00
Seth Vargo
d26d87f4a8
Remove Vagrantfile
2017-03-08 09:35:34 -08:00
Jeff Mitchell
4d133b8423
Minor doc updates
2017-03-08 10:25:57 -05:00
Jeff Mitchell
5d760d4090
Add option to require valid client certificates ( #2457 )
2017-03-08 10:21:31 -05:00
Jeff Mitchell
f03d500808
Add option to disable caching per-backend. ( #2455 )
2017-03-08 09:20:09 -05:00
Jeff Mitchell
b11f92ba5a
Rename physical backend to storage and alias old value ( #2456 )
2017-03-08 09:17:00 -05:00
Seth Vargo
624c6eab20
Separate backend configurations into their own pages ( #2454 )
...
* Clean vertical lines
* Make sidebar slightly larger on bigger displays
* Separate backend configurations into their own pages
2017-03-07 21:47:23 -05:00
Seth Vargo
f0ad367b8c
Do not print header or footer
2017-03-06 16:11:06 -05:00
Seth Vargo
a109e18661
Underline in black
2017-03-06 16:11:06 -05:00
Seth Vargo
1f7bdbf966
Fix http layout
2017-03-06 16:11:05 -05:00
Seth Vargo
93357d7519
Move install guides into docs layout
2017-03-06 16:11:05 -05:00
Seth Vargo
751a2bff1d
Update upgrade guides
2017-03-06 16:11:05 -05:00
Seth Vargo
2b371e1189
Tabs to spaces
2017-03-06 16:11:04 -05:00
Seth Vargo
5be9c0e33a
Add syntax highlighting
2017-03-06 16:11:04 -05:00
Seth Vargo
839fd199f3
Clean up scss
2017-03-06 16:11:04 -05:00
Seth Vargo
8706a16800
Do not show "Edit this Page" in dev either
2017-03-06 16:11:04 -05:00
Seth Vargo
7228475bc4
Use × instead of "X"
2017-03-06 16:11:03 -05:00
Seth Vargo
9ae2b0838f
Remove empty scss file
2017-03-06 16:11:03 -05:00
Seth Vargo
4d6fe20bec
Remove displaying-bnr
...
This is not used anywhere
2017-03-06 16:11:03 -05:00
Seth Vargo
a7f6b3b7f1
Unify layout partials
2017-03-06 16:11:02 -05:00
Michael
412aad7c6e
Updated doc to match real output ( #2443 )
...
Regards hashicorp/vault#2116
2017-03-06 10:39:34 -05:00
Seth Vargo
9d8dad3269
Switch to new container-based build ( #2436 )
2017-03-03 11:26:26 -05:00
Vishal Nayak
491a56fe9f
AppRole: Support restricted use tokens ( #2435 )
...
* approle: added token_num_uses to the role
* approle: added RUD tests for token_num_uses on role
* approle: doc: added token_num_uses
2017-03-03 09:31:20 -05:00
Jason Costello
5ea7b4436c
Website update typography ( #2429 )
2017-03-02 17:10:33 -05:00
Jeff Mitchell
76bec343f4
Some minor ssh docs updating
2017-03-02 16:47:21 -05:00
Will May
70bfdb5ae9
Changes from code review
2017-03-02 14:36:13 -05:00
Will May
36b3d89604
Allow internal generation of the signing SSH key pair
2017-03-02 14:36:13 -05:00
Vishal Nayak
3795d2ea64
Rework ssh ca ( #2419 )
...
* docs: input format for default_critical_options and default_extensions
* s/sshca/ssh
* Added default_critical_options and default_extensions to the read endpoint of role
* Change default time return value to 0
2017-03-01 15:50:23 -05:00
Will May
ff1ff02bd7
Changes from code review
...
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
2017-03-01 15:19:18 -05:00
Will May
099d561b20
Add ability to create SSH certificates
2017-03-01 15:19:18 -05:00
Seth Vargo
3855021b40
Re-enable soft purging, stale-if-error
2017-03-01 12:38:40 -05:00
Seth Vargo
5e1e314bf9
Cache for a longer time on Fastly ( #2417 )
2017-02-28 16:54:51 -05:00
Jeff Mitchell
7012d63a28
Update policies doc with allowed/denied params and min/max wrapping ttl info
2017-02-27 15:17:19 -05:00
Marshall Brekka
184b47e20c
Add a TTL to the dynamodb lock implementation. ( #2141 )
2017-02-27 14:30:34 -05:00
vishalnayak
1518d626e3
docs: update sys heal status codes
2017-02-26 15:20:23 -05:00
Gregory Reshetniak
e13fc759d8
Update sys-health.html.md
...
typo
2017-02-26 15:20:23 -05:00
Vishal Nayak
b762c43fe2
Aws Ec2 additional binds for SubnetID, VpcID and Region ( #2407 )
...
* awsec2: Added bound_region
* awsec2: Added bound_subnet_id and bound_vpc_id
* Add bound_subnet_id and bound_vpc_id to docs
* Remove fmt.Printf
* Added crud test for aws ec2 role
* Address review feedback
2017-02-24 14:19:10 -05:00
Vishal Nayak
c6f138bb9a
PKI: Role switch to control lease generation ( #2403 )
...
* pki: Make generation of leases optional
* pki: add tests for upgrading generate_lease
* pki: add tests for leased and non-leased certs
* docs++ pki generate_lease
* Generate lease is applicable for both issuing and signing
* pki: fix tests
* Address review feedback
* Address review feedback
2017-02-24 12:12:40 -05:00
vishalnayak
3ddffbe574
awsec2: markdown text alignment
2017-02-23 14:52:38 -05:00
Brian Kassouf
f992103615
Merge branch 'master' into acl-parameters-permission
2017-02-21 14:46:06 -08:00
Jeff Mitchell
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
Jeff Mitchell
0c39b613c8
Port some replication bits to OSS ( #2386 )
2017-02-16 15:15:02 -05:00
Frank Gevaerts
0044ea8917
Update hsm.html.md ( #2381 )
2017-02-16 07:25:22 -05:00
Jeff Mitchell
817bec0955
Add Organization support to PKI backend. ( #2380 )
...
Fixes #2369
2017-02-16 01:04:29 -05:00
Jeff Mitchell
51f7114648
Merge branch 'master-oss' into acl-parameters-permission
2017-02-15 20:37:58 -05:00
Phil Watts
e2de7ec7fe
Edit to the language of the description of disable_mlock on the configuration documentation page. Previous wording could lead to confusion as to the recommended setting of the disable_mlock option. ( #2377 )
2017-02-15 11:09:27 -05:00
Vishal Nayak
b86e9bc09f
aws-ec2 auth: fix docs ( #2375 )
2017-02-15 06:29:27 -05:00
Tommy Murphy
ca06bc0b53
audit: support a configurable prefix string to write before each message ( #2359 )
...
A static token at the beginning of a log line can help systems parse
logs better. For example, rsyslog and syslog-ng will recognize the
'@cee: ' prefix and will parse the rest of the line as a valid json message.
This is useful in environments where there is a mix of structured and
unstructured logs.
2017-02-10 16:56:28 -08:00
P.Nikolajevs (pl)
2a79627a2e
Update libraries.html.md ( #2360 )
2017-02-10 09:39:18 -08:00
Tommy Murphy
65b274299f
docs: transit parameter is actually deletion_allowed ( #2356 )
2017-02-09 15:10:28 -05:00
Seth Vargo
12ba3f7640
Cache assets longer
2017-02-09 14:39:12 -05:00
Seth Vargo
231238a6f8
Change cache to 4h
2017-02-09 14:37:12 -05:00
Jeff Mitchell
72db329d67
Add support for backup/multiple LDAP URLs. ( #2350 )
2017-02-08 14:59:24 -08:00
Jack Harris
d5b1cc7ebe
Add correct output to unmount documentation ( #2352 )
...
Simply adding the actual output of: 'vault unmount generic/'
2017-02-08 10:40:56 -05:00
Jeff Mitchell
2fd59ad308
Merge branch 'master-oss' into acl-parameters-permission
2017-02-08 01:59:52 -05:00
Jeff Mitchell
f9c67273f3
Add audited headers to sidebar
2017-02-07 17:02:14 -05:00
Jeff Mitchell
6612744576
Add Okta docs to sidebar
2017-02-07 16:57:28 -05:00
Jeff Mitchell
b1ad99ebba
Prep for 0.6.5 release
2017-02-07 16:11:32 -05:00
Matteo Sessa
29d9d5676e
RADIUS Authentication Backend ( #2268 )
2017-02-07 16:04:27 -05:00
Jeff Mitchell
f3de9f57ce
Add etcd API info
2017-02-07 11:33:02 -08:00
Brian Kassouf
2923934813
Merge pull request #2326 from hashicorp/pr-2161
...
Add Socket Audit Backend
2017-02-07 11:27:25 -08:00
Brian Kassouf
128de55742
Added a warning about the dropped socket connection edge case
2017-02-07 11:06:36 -08:00
Brian Vans
29b3cc6b00
Fixing a few typos in the docs ( #2344 )
2017-02-07 11:55:29 -05:00
Brian Kassouf
a566097657
Add info about UNIX sockets
2017-02-06 15:56:58 -08:00
Cameron Stokes
d56c0e33b3
docs: add note about request size limit ( #2337 )
2017-02-06 18:24:40 -05:00
Vishal Nayak
7f2717b74a
transit: change batch input format ( #2331 )
...
* transit: change batch input format
* transit: no json-in-json for batch response
* docs: transit: update batch input format
* transit: fix tests after changing response format
2017-02-06 14:56:16 -05:00
Brian Kassouf
af1847f2b4
Update the docs and move the logic for reconnecting into its own function
2017-02-04 16:55:17 -08:00
Jeff Mitchell
1d0d353901
Fix incorrect sample URL in aws-ec2 docs
2017-02-04 19:27:35 -05:00
Harrison Harnisch
b09077c2d8
add socket audit backend
2017-02-02 14:21:48 -08:00
Brian Kassouf
6701ba8a10
Configure the request headers that are output to the audit log ( #2321 )
...
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited
* Remove some debug lines
* Add a persistant layer and refactor a bit
* update the api endpoints to be more restful
* Add comments and clean up a few functions
* Remove unneeded hash structure functionaility
* Fix existing tests
* Add tests
* Add test for Applying the header config
* Add Benchmark for the ApplyConfig method
* ResetTimer on the benchmark:
* Update the headers comment
* Add test for audit broker
* Use hyphens instead of camel case
* Add size paramater to the allocation of the result map
* Fix the tests for the audit broker
* PR feedback
* update the path and permissions on config/* paths
* Add docs file
* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
Vishal Nayak
5fb28f53cb
Transit: Support batch encryption and decryption ( #2143 )
...
* Transit: Support batch encryption
* Address review feedback
* Make the normal flow go through as a batch request
* Transit: Error out if encryption fails during batch processing
* Transit: Infer the 'derived' parameter based on 'context' being set
* Transit: Batch encryption doc updates
* Transit: Return a JSON string instead of []byte
* Transit: Add batch encryption tests
* Remove plaintext empty check
* Added tests for batch encryption, more coming..
* Added more batch encryption tests
* Check for base64 decoding of plaintext before encrypting
* Transit: Support batch decryption
* Transit: Added tests for batch decryption
* Transit: Doc update for batch decryption
* Transit: Sync the path-help and website docs for decrypt endpoint
* Add batch processing for rewrap
* transit: input validation for context
* transit: add rewrap batch option to docs
* Remove unnecessary variables from test
* transit: Added tests for rewrap use cases
* Address review feedback
* Address review feedback
* Address review feedback
* transit: move input checking out of critical path
* transit: allow empty plaintexts for batch encryption
* transit: use common structs for batch processing
* transit: avoid duplicate creation of structs; add omitempty to response structs
* transit: address review feedback
* transit: fix tests
* address review feedback
* transit: fix tests
* transit: rewrap encrypt user error should not error out
* transit: error out for internal errors
2017-02-02 14:24:20 -05:00
Vishal Nayak
3457a11afd
awsec2: support periodic tokens ( #2324 )
...
* awsec2: support periodic tokens
* awsec2: add api docs for 'period'
2017-02-02 13:28:01 -05:00
louism517
0548555219
Support for Cross-Account AWS Auth ( #2148 )
2017-02-01 14:16:03 -05:00
Shane Starcher
6033ea884c
Okta implementation ( #1966 )
2017-01-26 19:08:52 -05:00
Jeff Mitchell
89b0ee09d3
Merge pull request #2296 from hashicorp/rfay-20161230_add_cookbook_with_root_token_generation
...
Add 'Guides' section
2017-01-25 15:33:43 -05:00
Jeff Mitchell
715732502d
Update docs.erb
2017-01-25 15:33:20 -05:00
Cameron Stokes
a898996c43
Update title and other minor changes.
2017-01-24 08:47:53 -08:00
Chris Hoffman
c5f690b891
Fixing a few incorrect entries
2017-01-24 11:08:58 -05:00
Chris Hoffman
03d05b448a
Minor transit docs fixes
2017-01-23 22:26:38 -05:00
Chris Hoffman
b3fc3db6ec
Adding LDAP API reference and misc docs formatting issues
2017-01-23 22:08:08 -05:00
Cameron Stokes
c19e7ce793
undo inadvertant tabs to spaces on docs.erb
2017-01-23 17:02:06 -08:00
Cameron Stokes
a307328f04
Additional changes to @rfay's PR from https://github.com/hashicorp/vault/pull/2217 .
...
- Renamed Cookbook to Guides
- Made Guides index page
- Moved Guides link on sidebar
- Minor formatting changes to generate-root guide
2017-01-23 16:41:25 -08:00
Cameron Stokes
82af6a17c8
Merge branch '20161230_add_cookbook_with_root_token_generation' of https://github.com/rfay/vault into rfay-20161230_add_cookbook_with_root_token_generation
2017-01-23 16:13:58 -08:00
Roman Vynar
1615280efa
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener ( #2293 )
2017-01-23 13:48:35 -05:00
joe miller
98df700495
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
Chris Hoffman
7568a212b1
Adding support for exportable transit keys ( #2133 )
2017-01-23 11:04:43 -05:00
Vishal Nayak
5aba2d47b6
ldap: Minor enhancements, tests and doc update ( #2272 )
2017-01-23 10:56:43 -05:00
Brian Kassouf
2cdd70fdf9
First attempt at adding docs for permissions
2017-01-20 16:34:30 -08:00
Brian Kassouf
d6198b7e24
change consistency config value from a bool to a string ( #2282 )
2017-01-19 17:36:33 -05:00
vishalnayak
4da3cf3479
Fix file_path argument in audit's index.html
2017-01-18 21:43:29 -05:00
Vishal Nayak
06c586ccd1
tokenStore: document the 'period' field ( #2267 )
2017-01-18 17:25:52 -05:00
Jacob Crowther
5f28afdf32
Example "List" command missing a forward slash ( #2233 )
...
The List command example is missing a forward slash before the query parameter.
2017-01-18 17:25:23 -05:00
Raja Nadar
8668f82831
vaultsharp is now cross-platform ( #2285 )
2017-01-18 08:45:16 -05:00
vishalnayak
0d59c1e6db
Adding the 429 code back in
2017-01-17 13:36:56 -05:00
vishalnayak
62f17774f5
doc: remove unused 429 code from docs to avoid confusion
2017-01-13 23:12:32 -05:00
Brian Kassouf
f11cd7f54a
SP error
2017-01-13 11:50:23 -08:00
Brian Kassouf
aff6282e78
Add require_conistent to docs
2017-01-13 11:48:35 -08:00
Erwin de Keijzer
d71bdf893a
Fixed rabbitmq documentation
...
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
2017-01-13 08:54:04 +01:00
vishalnayak
e5551afac7
paraphrasing the cluster_addr doc
2017-01-12 11:26:43 -05:00
Pavel TImofeev
eb7f4ef467
Describe how actually configuration option for 'Per-Node Cluster Address' topic is called.
...
According to 'Server Configuration' web page it's 'cluster_addr' (note, not 'cluster_address').
Previously this was not clear, what exactly 'this' was.
2017-01-12 12:20:19 +03:00
Matthew Irish
cb8bbc4fbd
Transit key actions ( #2254 )
...
* add supports_* for transit key reads
* update transit docs with new supports_* fields
2017-01-11 10:05:06 -06:00
Cameron Stokes
af192b2081
Note about VAULT_UI environment variable. ( #2255 )
2017-01-11 09:29:45 -05:00
Raja Nadar
a5fc6d1f31
fix lookup-self response json
...
reflect the true 0.6.4 response.
2017-01-10 23:19:49 -08:00
Jeff Mitchell
f18d08cf2b
Remove documenting that the token to revoke can be part of the URL as ( #2250 )
...
this should never be used and only remains for backwards compat.
Fixes #2248
2017-01-09 22:09:29 -05:00
Jeff Mitchell
4d83db66df
Clarify text around redirect addr being required
2017-01-06 15:07:01 -05:00
windowsrefund
64e7e99755
prevent startup error when user has multiple private IPs configured locally
2017-01-03 15:24:11 -05:00
Michael Hofer
6dd1de959c
Add link to vault-client vc written in go ( #2225 )
2017-01-03 11:29:54 -05:00
Randy Fay
787b6aa93c
Add cookbook section, with root token generation technique
2016-12-30 09:19:55 -07:00
Phil Porada
c8248b0d97
Adds a link to the latest releases CHANGELOG on the downloads.html page ( #2205 )
2016-12-29 19:57:16 -06:00
Chris Hoffman
f6cc4c89ec
Adding Vault.NET C# Library ( #2213 )
2016-12-29 19:26:47 -06:00
Stenio Ferreira
6c8a071a01
Fixed docs - auth backend aws had a typo on API example ( #2211 )
2016-12-28 11:41:50 -06:00
Jeff Mitchell
ad5bdfa83c
Update vs HSM text
2016-12-28 11:23:50 -05:00
Daniel Heitmann
69da5bc021
Replace app-id with approle due to deprecation ( #2197 )
...
According to the documentation the App-ID backend is deprecated in favor of the AppRole backend since Vault 0.6.1.
2016-12-20 13:29:42 -05:00
Brian Nuszkowski
98a6e0fea3
Add Duo pushinfo capabilities ( #2118 )
2016-12-19 15:37:44 -05:00
Vishal Nayak
ba026aeaa1
TokenStore: Added tidy endpoint ( #2192 )
2016-12-16 15:29:27 -05:00
Jeff Mitchell
f6044764c0
Fix revocation of leases when num_uses goes to 0 ( #2190 )
2016-12-16 13:11:55 -05:00
Elan Ruusamäe
ca1f0115b6
add unix socket example as well ( #2193 )
2016-12-16 05:13:35 -05:00
Elan Ruusamäe
9a9edfb515
Update index.html.md ( #2191 )
...
add DSN as link to go-sql-driver/mysql to know the syntax
2016-12-16 03:37:54 -05:00
Vishal Nayak
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
Jack Pearkes
b70eff9b26
website: turn off autocomplete on the demo ( #2187 )
...
Removes the akward browser autocomplete bar from the tutorial input.
2016-12-15 11:00:44 -05:00
James Turnbull
0b082bff42
Edits to the deploy guide
2016-12-14 11:17:50 -05:00
James Turnbull
e2ef0b75b6
Edits to the authorization/acl guide
2016-12-14 11:11:14 -05:00
James Turnbull
c47c8343b5
Edits to the authentication guide
2016-12-14 11:06:42 -05:00
James Turnbull
73ce47d0fe
Formatting and language updates to help guide
2016-12-14 10:55:11 -05:00
James Turnbull
ce6c0dcf95
Minor formatting fix to dynamic secrets guide
2016-12-14 10:51:56 -05:00
James Turnbull
f1b5377e81
Updated some formatting and language in the secret backends doc
2016-12-14 10:46:14 -05:00
James Turnbull
73324e2cba
Updated some formatting and language in the first secret doc
2016-12-14 10:39:45 -05:00
James Turnbull
3a981ae7b4
Updated some language and formatting in the dev-server guide
2016-12-14 10:34:52 -05:00
James Turnbull
49dd4f70df
Edits to the install doc in getting started
2016-12-14 10:15:26 -05:00
James Turnbull
6df55a3126
Added next step to install section
2016-12-14 10:13:15 -05:00
vishesh92
a46217989b
Fix broken link
2016-12-13 10:56:18 +05:30
Frank Farmer
f1ef8485ab
Small typo
2016-12-08 16:51:16 -08:00
Jeff Mitchell
bd41c48304
Add doc for ui to config page
2016-12-06 17:13:12 -05:00
Jeff Mitchell
a81d18b437
Add 0.6.3 upgrade page to sidebar
2016-12-06 16:37:28 -05:00
Jeff Mitchell
f5891b6677
Prep for 0.6.3
2016-12-06 11:26:29 -05:00
Christopher Pauley
f07a19c503
gcs physical backend ( #2099 )
2016-12-01 11:42:31 -08:00
Chris MacNaughton
a381f727e6
Add Rust ( #2136 )
...
Add the Rust crate to the list
2016-12-01 10:54:41 -08:00
vishesh92
b17100cf0d
Fix aws auth login example ( #2122 )
2016-12-01 10:17:08 -08:00
Brian Nuszkowski
3d66907966
Disallow passwords LDAP binds by default ( #2103 )
2016-12-01 10:11:40 -08:00
Talal Obeid
efe97559ea
Improve link to intro and getting started ( #2049 )
2016-11-28 09:41:08 -08:00
Andrea Crotti
d1c3367168
return code is 403 not 400 ( #2128 )
2016-11-25 06:47:27 -08:00
Dan Gorst
e1d3650b7f
Minor documentation tweak ( #2127 )
...
Should be arn, not policy - latter will error as that assume an inline policy json document
2016-11-24 07:36:46 -08:00
Em Smith
1812ce8d4a
Change command examples for First Secrets #2116 ( #2117 )
...
These were discovered to be out of date as per https://github.com/hashicorp/vault/issues/2116
2016-11-22 12:44:17 -05:00
Jeff Mitchell
a94962e004
Update docs to fix #2102
2016-11-22 12:19:22 -05:00
Benjamin Farley
aac4f894c9
Update libraries doc for Haskell community library ( #2101 )
2016-11-17 13:36:00 -05:00
Jeff Mitchell
6b5327a04d
Document bug causing certain LDAP settings to be forgotten on upgrade to
...
0.6.1+.
Fixes #2104
2016-11-16 17:08:16 -05:00
Daniel Somerfield
db9dbdeb86
Added document to github auth backend covering user-specific policies. ( #2084 )
2016-11-11 08:59:26 -05:00
matt maier
57925ee863
Vendor circonus ( #2082 )
2016-11-10 16:17:55 -05:00
Brad Jones
a8f35e95a0
Clarify that Swift only supports v1.0 auth ( #2070 )
2016-11-08 06:44:34 -05:00
Jacob Crowther
799707fdd0
Specify the value of "generated secrets" ( #2066 )
...
This small change is to specify (mostly for new users) that only dynamic secrets are revoked when running revoke-self.
2016-11-07 15:02:23 -05:00
Joel Thompson
0357d73dad
Add information on HMAC verification to transit docs ( #2062 )
2016-11-07 13:44:14 -05:00
Jeff Mitchell
9d4eedcce4
Update unwrap call documentation
2016-11-02 13:36:32 -04:00
Jeff Mitchell
9066f012a7
Fix cache default size and docs
2016-11-01 10:24:35 -04:00
Benjamin Campbell
35542e39d7
Use gpg binary in PGP website documentation ( #2047 )
2016-10-30 13:09:56 -04:00
Jeff Mitchell
b8b962c6e5
Rearrange libs
2016-10-29 13:53:06 -04:00
Mark Paluch
8c5d40df16
Add Spring Vault to client libraries ( #2042 )
2016-10-29 13:52:16 -04:00
vishalnayak
48196228d6
s/localhost/127.0.0.1 in approle docs
2016-10-28 09:46:39 -04:00
vishalnayak
260424244b
s/localhost/127.0.0.1
2016-10-28 09:23:05 -04:00
vishalnayak
4ab6bd41c4
Using AppRole as an example. Removed 'root' policy being used in examples
2016-10-28 01:24:25 -04:00
Greg Look
089798b5d1
Update libraries.html.md
...
Add Clojure Vault client.
2016-10-27 11:39:52 -07:00
vishalnayak
e0fb8c17ce
Added revocation_sql to the website docs
2016-10-27 12:15:08 -04:00
Vishal Nayak
c74303dd59
Merge pull request #2029 from bfallik/patch-1
...
Update aws-ec2.html.md
2016-10-26 16:57:39 -04:00
Raja Nadar
d3f71e7232
doc: syslog change data type from bool to string ( #1998 )
2016-10-26 16:18:31 -04:00
Brian Fallik
59a59a3235
Update aws-ec2.html.md
...
fix minor typo
2016-10-26 15:40:40 -04:00
Raja Nadar
9bba65e614
doc: change data type from boolean to string ( #1997 )
...
the api doesn't accept the boolean value. it needs a string containing a boolean value.
2016-10-26 11:29:42 -04:00
vishalnayak
5ef3e4b5ef
Docs: Add port numbers to redirect_addr
2016-10-19 22:07:25 -04:00
vishalnayak
fec9d83dce
Docs: Update the client redirection defaults
2016-10-18 13:27:19 -04:00
Vishal Nayak
45f720cea7
Merge pull request #2006 from hashicorp/update-github-docs
...
Update github login output in the docs
2016-10-18 10:27:06 -04:00
Chris Hoffman
4b6e82afcb
Add ability to list keys in transit backend ( #1987 )
2016-10-18 10:13:01 -04:00
Vishal Nayak
6646656e32
Merge pull request #2013 from rjhornsby/master
...
Fix sidebar typo
2016-10-18 09:45:03 -04:00
Vishal Nayak
efa76a02ad
Merge pull request #2010 from rajanadar/patch-5
...
doc: add doc for the GET lease settings api
2016-10-18 09:39:23 -04:00
rjhornsby
5e89fc4997
Fix typo
...
Fix typo in sidebar layout that prevented sidebar item 'getting started apis' from correctly rendering when that page was active.
2016-10-17 10:59:16 -05:00
Raja Nadar
d43e7395c7
fix indentation
2016-10-15 22:58:25 -07:00
Raja Nadar
f743ac97c2
doc: add doc for the GET lease settings api
...
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
2016-10-15 22:43:50 -07:00
Raja Nadar
f31d99e51d
doc: add consistency field in get-role response
2016-10-15 01:15:58 -07:00
vishalnayak
f556a38959
Update github login output in the docs
2016-10-14 22:39:56 -04:00
Vishal Nayak
c1be9ce062
Merge pull request #1988 from mp911de/issue/refdocs-approle-post-on-secret-id-destroy
...
Use POST method for destroy operations in documentation
2016-10-14 15:37:13 -04:00