luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
8234 commits 1 branch 0 tags 214 MiB
Commit graph

1353 commits

Author SHA1 Message Date
Vishal Nayak 5d976794d4
API refactoring and doc updates (#3577) 
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
 2017-11-13 20:59:42 -05:00
Brian Shumate 697a506b7b DOCS: Update telemetry docs - fixes #3557 (#3571) 2017-11-13 09:58:04 -05:00
Calvin Leung Huang 87feab4492
Docs update related to new top-level config values (#3556) 
* Add new top level config value docs, add VAULT_API_ADDR, purge old references

* Fix indentation

* Update wording on ha.html

* Add section on split data/HA mode

* Fix grammar
 2017-11-10 20:06:07 -05:00
James Soubry f2a98cc662 Fix curl commands (#3558) 
Curl commands require HCL within JSON to work.
 2017-11-09 10:16:09 -05:00
Joel Thompson 2c8cd19e14 auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Jonathan Freedman 4109473134 More Mount Conflict Detection (#2919) 2017-11-06 15:29:09 -05:00
Jason Antman af649c60d0 Add third party tools list to website (#3488) 2017-11-06 12:11:02 -05:00
Nicolas Corrarello 5a317a1a32
Updated documentation 2017-11-06 15:13:50 +00:00
Vishal Nayak 06923430cc
docs: s/persona/alias (#3529) 2017-11-03 11:17:59 -04:00
Chris Hoffman 3d8d887676
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Nicolas Corrarello d540985926 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Nicolas Corrarello 0fc65cabc7 Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00
Nathan Valentine 0345dca20f Should these names not reference Vault? (#3506) 
Since we are in the Vault docs, should these names not reference Vault instead of Nomad?
 2017-10-30 11:04:38 -05:00
Vishal Nayak b16084fdaf aws-ec2: Avoid audit logging of custom nonces (#3381) 2017-10-27 11:23:15 -04:00
smeach c575435040 Updated cli arg to reflect text description (#3487) 2017-10-27 09:44:56 -05:00
AJ Bourg a71add2973 Add a doc for the token helper (#3411) 
* Add token helper docs.

* Update it so the new token helpers page appears in the navigation.
 2017-10-27 09:42:33 -05:00
Seth Vargo 83b1eb900a
More naming cleanup 2017-10-24 09:35:03 -04:00
Seth Vargo 6c1411447c
Remove more references to auth backend 2017-10-24 09:34:12 -04:00
Seth Vargo 926ca5c125
Update k8s documentation 2017-10-24 09:34:12 -04:00
Seth Vargo 51a27b758b
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo c5665920f6
Standardize on "auth method" 
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
 2017-10-24 09:32:15 -04:00
Seth Vargo 3bbeace911
Audit backend -> device 2017-10-24 09:30:52 -04:00
Seth Vargo aa34fb17c7
Absorb help and read-write into index 2017-10-24 09:30:52 -04:00
Seth Vargo 162c525159
Add "write" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 6fa133852e
Add "unwrap" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4d80ccbb4c
Add "token" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 51e185b9a2
Add "status" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4634949b9b
Add "ssh" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo a106350950
Add "server" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 28fa271c4e
Add "secrets" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo bcf6657e9c
Add "read" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo c743167f4c
Add "policy" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 54f8e0adb2
Update "path-help" documentation 2017-10-24 09:30:51 -04:00
Seth Vargo f48bc06d93
Add "operator" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo a81ff9a97c
Add "login" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 50d6c9a642
Add "list" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 57c0d53121
Add "lease" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo d31bccccdf
Add "delete" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 48e84342c2
Add "auth" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 0fa0a5ca41
Add "audit" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 3c43409e6c
Add "token revoke" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 6d150b5228
Add "token renew" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo cac3515379
Add "token lookup" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo ffe608d535
Add "token create" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 61edbf3325
Add "token capabilities" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 529b9bd224
Add "secrets tune" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 40b8f3c204
Add "secrets move" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo f2bbb3cc18
Add "secrets list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c782b25e7c
Add "secrets enable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 087a87c59e
Add "secrets disable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 6995d1e06b
Add "policy write" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 79b3f7d8fe
Add "policy read" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo e29e78eb7d
Add "policy list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 6522bd12d5
Add "policy fmt" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo b735d70922
Add "policy delete" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c9d74f77e4
Add "operator unseal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo f15eddf299
Add "operator step-down" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c62de019dd
Add "operator seal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c2f31c503a
Add "operator rotate" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 310d4adc87
Add "operator rekey" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 83df4a8c4c
Add "operator key-status" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c35d67c9e3
Add "operator init" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo ed15b273ca
Add "operator generate-root" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo baf2edbc57
Add "lease revoke" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo a1de44f93c
Add "lease renew" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 21e74d73dd
Add "auth tune" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 7d880e3154
Add "auth list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 01780e9b75
Add "auth help" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo e04fb8423a
Add "auth enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 95af51f279
Add "auth disable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 89e23d0e84
Add "audit list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 04ee9ce40a
Add "audit enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo fd2a12bce4
Add "audit disable" command documentation 2017-10-24 09:30:49 -04:00
Chris Hoffman df29bc4fc0 updating mssql docs (#3477) 2017-10-19 11:21:29 -04:00
Brian Shumate d150f374fd Match plugin name from releases (#3453) 2017-10-19 11:10:42 -04:00
Brian Kassouf fdd76563eb Add a note about the instant client libraries (#3434) 
* Add a note about the instant client libraries

* Update oracle.html.md
 2017-10-12 09:40:06 -04:00
emily cbe41b590f add GCP APIs that need to be enabled to GCP auth docs, small doc fixes (#3446) 2017-10-11 09:18:32 -04:00
Nicolas Corrarello 3380fd647d Adding Nomad docs to the nav. Minor cosmetics fixes 2017-10-06 16:03:06 +01:00
David Dixon cfd27317d8 Small typo corrections for policies doc (#3413) 2017-10-06 09:38:00 -04:00
Oluwafemi Sule b6ec6351af fix spellings errors (#3400) 2017-09-29 11:52:42 -04:00
Alex Dadgar f56e191020 Fix spelling errors (#3390) 2017-09-28 07:54:40 -04:00
Brian Kassouf b1db3765ca Kubernetes Docs Update (#3386) 
* Update Kubnernetes Docs

* Add a note about alpha clusters on GKE

* Fix JSON formatting

* Update kubernetes.html.md

* Fix a few review comments
 2017-09-27 14:02:18 -07:00
Jeff Mitchell 17a15cd594 Add option to disable client certificate requesting. (#3373) 
Fixes #3372
 2017-09-25 14:41:46 -04:00
Nicolas Corrarello 5178e5f5f2 Adding Nomad secret backend documentation 2017-09-20 17:31:28 -05:00
Dave Pedu 19e4d8b6c3 Spelling fix (#3351) 2017-09-19 15:25:39 -04:00
Brian Kassouf 9b0d594d02 Kubernetes auth (#3350) 
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a9427bcde7e73cea41dea19d0922f94789.

* Update the vendored directory
 2017-09-19 09:27:26 -05:00
emily ed3d75d0b1 Add GCE docs for GCP Auth Backend (#3341) 2017-09-19 07:44:05 -05:00
Bruno Miguel Custódio 2abddb248e Fix a few quirks in the GCP auth backend's docs. (#3322) 2017-09-19 07:41:41 -05:00
Vishal Nayak e99640f462 Add 'pid_file' config option (#3321) 
* add pid_file config option

* address review feedback

* address review comments
 2017-09-16 17:09:37 -04:00
Chris Hoffman 1029ad3b33 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman a2d2f1a543 Adding support for base_url for Okta api (#3316) 
* Adding support for base_url for Okta api

* addressing feedback suggestions, bringing back optional group query

* updating docs

* cleaning up the login method

* clear out production flag if base_url is set

* docs updates

* docs updates
 2017-09-15 00:27:45 -04:00
Chris Hoffman 9d73c81f38 Disable the sys/raw endpoint by default (#3329) 
* disable raw endpoint by default

* adding docs

* config option raw -> raw_storage_endpoint

* docs updates

* adding listing on raw endpoint

* reworking tests for enabled raw endpoints

* root protecting base raw endpoint
 2017-09-15 00:21:35 -04:00
Chris Hoffman 2e60b20eae update enterprise urls /docs/vault-enterprise -> /docs/enterprise (#3333) 2017-09-13 15:37:40 -04:00
Bruno Miguel Custódio 886a0acee6 Fix navigation and prameters in the 'gcp' auth backend docs. (#3317) 2017-09-11 15:26:24 -04:00
Adam Duke a3f97c5e3e fix typo in policies documentation (#3302) 2017-09-07 11:55:24 -04:00
Jeff Mitchell 9578361513 Massive update to response-wrapping concept page 2017-09-01 08:32:55 -04:00
Jeff Mitchell 8acef196a8 Add 'discard' target to file audit backend (#3262) 
Fixes #seth
 2017-08-30 19:16:47 -04:00
Joel Thompson caf90f58d8 auth/aws: Allow wildcard in bound_iam_principal_id (#3213) 2017-08-30 17:51:48 -04:00
stephan stachurski e396d87bc5 add support to use application default credentials to gcs storage backend (#3257) 2017-08-30 15:42:02 -04:00
Seth Vargo 9f80099fae
Remove fake news about custom plugins 
This also adds a redirect from the old page to the new one
 2017-08-30 12:57:45 -04:00
Christopher Pauley eccbb21ce8 stdout support for file backend via logger (#3235) 2017-08-29 14:51:16 -04:00
Brian Kassouf 23089dafbc Add basic autocompletion (#3223) 
* Add basic autocompletion

* Add autocomplete to some common commands

* Autocomplete the generate-root flags

* Add information about autocomplete to the docs
 2017-08-24 15:23:40 -07:00
Serg 66b178f969 Update index.html.md (#3233) 2017-08-24 10:08:35 -04:00
Seth Vargo ec9e187ce4 Thread stderr through too (#3211) 
* Thread stderr through too

* Small docs typo
 2017-08-21 17:23:29 -04:00
Seth Vargo 1f45a6c96e Addd more SSH CA troubleshooting (#3201) 
* Add notes about pty and other permit-* extensions

* Update troubleshooting

* Add an example of JSON for sign

* Fix a bug about what keys to push up
 2017-08-21 17:22:54 -04:00
Calvin Leung Huang 73fd103456 Update gcp auth backend docs (#3209) 
* Update gcp auth backend docs

* Minor formatting and wording fixes

* Minor formatting fixes
 2017-08-18 16:25:52 -04:00
Seth Vargo b4bec62d47
Typo fix 2017-08-16 18:38:35 -04:00
Seth Vargo 7b1e013511
Refactor SSH CA backend docs 2017-08-16 18:38:35 -04:00
Brian Kassouf 406396603a Fix a few links (#3188) 2017-08-16 10:27:12 -07:00
Jeff Mitchell bbcbe1f6d5 Fix ping docs location 2017-08-16 12:57:31 -04:00
emily 31a994e452 Initial GCP auth backend documentation (#3167) 2017-08-15 22:03:04 -04:00
Jeff Mitchell 0c2c078e48 Add PingID MFA docs (#3182) 2017-08-15 22:01:34 -04:00
Brian Kassouf 89b81bcb4c Oracle plugin docs (#3131) 
* Add oracle database docs

* Add oracle database docs

* Fix commas in json output

* Update oracle.html.md
 2017-08-15 17:24:01 -07:00
Andy Manoske bc7d77c83f Update index.html.md 
Updated replication docs for DR
 2017-08-14 19:02:02 -07:00
Jeff Mitchell 035d37cd36 Fix hanadb link 2017-08-14 13:04:26 -04:00
Lucas Vasconcelos Santana ea2d4c7d55 add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Lucas Vasconcelos Santana 914fab79ce add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Seth Vargo 8ee362744b Break SSH types into their own pages (#3157) 
@jefferai and I discussed this on Friday. With three fully-documented
SSH backends, the page is lengthy, ungreppable, and intimidating. This
commit separates the SSH backends into their own pages with as little
text changes as possible.
 2017-08-14 10:49:41 -04:00
Seth Vargo 0274a0f639 Rename database plugins for SEO (#3156) 
When we "nest" like this, it's important to use a common suffix,
"Database Secret Backend" in this case, so that the SEO minions can
properly group search results for end users.
 2017-08-14 10:46:39 -04:00
Jeff Mitchell 75bc43e961 Update github comment 2017-08-11 17:03:18 -04:00
Seth Vargo d931a2fa85 Remove references to VSI (#3143) 
Andy approved
 2017-08-10 20:47:59 -04:00
Issac 07dc10cdc8 Add TLS config to skeleton plugin (#3137) 2017-08-09 11:41:17 -07:00
vishalnayak c88db7b185 docs: Add API section for MFA docs 2017-08-09 13:26:29 -04:00
vishalnayak 0a0e697e05 docs: fix broken link 2017-08-09 13:17:56 -04:00
vishalnayak 254c1b6ae0 docs: Added identity concepts 2017-08-09 13:08:05 -04:00
vishalnayak 9844475b64 docs: Add X-Vault-MFA to the list of env vars 2017-08-09 11:31:30 -04:00
Chris Hoffman e3e5be4617 API Docs updates (#3135) 2017-08-09 11:22:19 -04:00
Jeff Mitchell d8a3bccb43 Fix cassandra doc link 2017-08-09 10:32:03 -04:00
Vishal Nayak 6d6e84f804 docs: MFA usage details (#3133) 2017-08-08 23:48:31 -04:00
Jeff Mitchell 5cb3a79568 Add an extra sentence to the github warning 2017-08-08 21:10:15 -04:00
Calvin Leung Huang 95af5bf6c7 Add plugin backends docs (#3125) 
* Add docs on plugins/backend/reload, add plugin backend guide

* Fix docs headers

* Fix API endpoint description

* Update plugin guide and internals pages
 2017-08-08 12:39:19 -04:00
Chris Hoffman 191d48f848 API Docs updates (#3101) 2017-08-08 12:28:17 -04:00
Jeff Mitchell accba5287c Add a note about GitHub auth backend security 2017-08-08 10:26:05 -04:00
Paulo Ribeiro 1e3c74862e Fix minor grammatical error (#3110) 2017-08-04 11:08:49 -04:00
Jeff Mitchell 65d7face69 Merge branch 'master-oss' into issue-2241 2017-08-03 07:41:34 -04:00
Gobin Sougrakpam 8e01c994bf tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Jeff Mitchell 7e3ff5e56c Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Minkyu Kim 68fd01e3fc Fix outdated documentation about AWS STS credentials (#3093) (#3094) 2017-08-02 11:18:35 -04:00
Jeff Mitchell 4885b3e502 Use RemoteCredProvider instead of EC2RoleProvider (#2983) 2017-07-31 18:27:16 -04:00
Brian Rodgers d8e47e6f79 docs: Added text to clarify that root does not refer to AWS root creds (#2950) 2017-07-31 17:31:44 -04:00
Oliver Beattie e5a3156429 Fix docs to use new style 2017-07-31 15:24:08 +01:00
Filipe Varela a5a480551c Makes naming consistent w/ other storage backends (ie: etcd) 2017-07-31 15:18:07 +01:00
Filipe Varela b0446a2b25 Adds docs for new configuration options 2017-07-31 15:18:06 +01:00
Oliver Beattie 3919f38bd5 Add a (basic) Cassandra storage backend 2017-07-31 15:18:01 +01:00
James Phillips 0ab5b0e26b Fixes a typo in the VSI doc. (#3047) 2017-07-26 12:18:52 -04:00
Jeremy Voorhis 87d4014b6b s/alterate/alternate/ (#3056) 2017-07-26 11:44:06 -04:00
Vishal Nayak a80d7fb9c8 docs: Identity Store (#3055) 2017-07-25 18:33:17 -04:00
Chris Hoffman 2aa02fb3f0 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Calvin Leung Huang bb54e9c131 Backend plugin system (#2874) 
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
 2017-07-20 13:28:40 -04:00
Joel Thompson 3704751a8f Improve sts header parsing (#3013) 2017-07-18 09:51:45 -04:00
Gobin Sougrakpam 2ddbc4a939 Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT (#3022) 2017-07-18 09:48:31 -04:00
Andy Manoske d82f231753 Update configuration.html.md (#3029) 2017-07-17 14:37:32 -04:00
Jeff Mitchell 4387871bca Add max_parallel to mssql and postgresql (#3026) 
For storage backends, set max open connections to value of max_parallel.
 2017-07-17 13:04:49 -04:00
Seth Vargo ce1808f77d Update Policies and Auth concepts pages (#3011) 2017-07-14 11:15:22 -04:00
Jeff Mitchell 8903f68bf6 Reformat some wrapping docs 2017-07-13 19:02:15 -04:00
Tony Cai 07088fe8a0 Added HANA database plugin (#2811) 
* Added HANA dynamic secret backend

* Added acceptance tests for HANA secret backend

* Add HANA backend as a logical backend to server

* Added documentation to HANA secret backend

* Added vendored libraries

* Go fmt

* Migrate hana credential creation to plugin

* Removed deprecated hana logical backend

* Migrated documentation for HANA database plugin

* Updated HANA DB plugin to use role name in credential generation

* Update HANA plugin tests

* If env vars are not configured, tests will skip rather than succeed

* Fixed some improperly named string variables

* Removed unused import

* Import SAP hdb driver
 2017-07-07 13:11:23 -07:00
Will May 23ff17c769 Allow Okta auth backend to specify TTL and max TTL values (#2915) 2017-07-05 09:42:37 -04:00
Jasper Siepkes 5ae38eb745 Added documentation for working with MySQL wildcards in GRANT (#2963) 2017-07-04 13:59:08 -04:00
Brian Shumate 5fb9c73e1d DOCS: fix typo (#2965) 2017-07-03 12:40:31 -04:00
Cameron Stokes 711d6e6569 [docs] Add requirements for hsm. (#2941) 2017-07-01 21:21:51 +01:00
Seth Vargo 00e2213790 Add rekeying guide & move guides to top-level (#2935) 2017-06-29 14:43:43 +01:00
Brian Shumate 7a8b16f441 Docs: Expand Telemetry documentation (#2860) 2017-06-29 04:02:48 +01:00
Brian Boerst 0631c02558 Typo fix in vault enterprise/replication docs. (#2932) 2017-06-29 04:01:32 +01:00
Seth Vargo cb7e3051c0 Merge pull request #2914 from hashicorp/sethvargo/ec2authimage 
Add diagram for EC2 Auth flow
 2017-06-28 07:31:37 +08:00
Seth Vargo ca966b6e79
Re-org and move text around in list instead 2017-06-27 22:38:16 +08:00
Seth Vargo 16149fbbf2
Capitalize C 2017-06-27 22:38:16 +08:00
Seth Vargo 436d656a32
Add diagram for EC2 Auth flow 2017-06-27 22:38:16 +08:00
Armon Dadgar 4cd3a56b8b adding link to security model 2017-06-26 17:43:04 -07:00
Armon Dadgar fb8b737ae8 website: Add more hardening tips 2017-06-26 14:00:36 -07:00
TheCodeAssassin 9e09899c69 Small typo fix (#2921) 2017-06-26 10:08:18 -04:00
Cameron Stokes e28244cb8b [docs]: Fix typo in hardening guide. 2017-06-22 22:20:17 -07:00
Armon Dadgar e184c3fa0d Merge pull request #2898 from hashicorp/docs-prod-hard 
website: adding production hardening guide
 2017-06-22 15:05:35 -07:00
Saj Goonatilleke a576feeb1d Fix a typo in the telemetry documentation (#2910) 2017-06-22 20:12:28 +01:00
Armon Dadgar a40d24772e Make recommendation vs requirement more clear 2017-06-22 11:02:18 -07:00
Armon Dadgar 266f55c5d9 Copy changes 2017-06-21 09:55:00 -07:00
Armon Dadgar 9ae6004dbe website copy updates 2017-06-20 21:21:04 -07:00
Armon Dadgar 10a56c7ceb website: adding production hardening guide 2017-06-20 17:44:54 -07:00
Jeff Mitchell 40ef2e5c85 More cleanup 
Ping #2894
 2017-06-20 10:46:24 -04:00
Jeff Mitchell 9edbf1c8d1 Clarify/fix some configuration info. 
Fixes #2894
 2017-06-20 10:12:59 -04:00
Jeff Mitchell 8f1f9d5522 Add ACL info to Consul configuration page 2017-06-19 19:39:52 -04:00
Raphael Randschau db4e1b4a99 CouchDB physical backend (#2880) 2017-06-17 11:22:10 -04:00
Jeff Mitchell cf7d56e8f3 Fix up CORS. 
Ref #2021
 2017-06-17 01:26:25 -04:00
Aaron Salvo 0303f51b68 Cors headers (#2021) 2017-06-17 00:04:55 -04:00
Jeff Mitchell 33ca94773f Add DogStatsD metrics output. (#2883) 
Fixes #2490
 2017-06-16 23:51:46 -04:00
Jeff Mitchell 0ea8f17357 Add some warnings to the upgrade guide 2017-06-16 13:23:22 -04:00
vishalnayak a50ce54603 doc: add radius to MFA backend docs 2017-06-15 18:31:53 -04:00
Nathan Valentine 3309496916 Clean up extra word in docs (#2847) 2017-06-12 13:08:54 -04:00
Jeff Mitchell 8b3657d840 Add note about lowercasing usernames to userpass docs 2017-06-08 09:41:01 -04:00
Cameron Stokes 8e0ac2dbb0 [docs] Add notes about deprecated database backends. (#2835) 2017-06-07 23:45:01 -07:00
Brian Kassouf 8d58b43906 update database interface in the docs 2017-06-07 11:20:13 -07:00
Joel Thompson 4a934915d7 Resolve AWS IAM unique IDs (#2814) 2017-06-07 10:27:11 -04:00
Joel Thompson 7437ada31c Check if there's a bound iam arn when renewing (#2819) 
Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN.  However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.

This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.

Fixes #2781
 2017-06-06 22:35:12 -04:00
Brian Kassouf 606fe393be Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
sam boyer 789d7ab4e0 Minor typos & wordsmithing for clarity (#2807) 2017-06-05 09:32:09 -07:00
Jeff Mitchell dad291c93c Add plugin_directory to configuration page (#2801) 
Fixes #2795
 2017-06-03 08:11:03 -04:00
Igor Katson 88118dce0f Add max_parallel parameter to MySQL backend. (#2760) 
* Add max_parallel parameter to MySQL backend.

This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".

This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.

* Fix a typo in mysql storage readme
 2017-06-01 15:20:32 -07:00
Vishal Nayak 128907172f doc: leases are generated only for dynamic secrets (#2772) 
* doc: leases are generated only for dynamic secrets

* Address review feedback
 2017-05-31 09:47:17 -04:00
vishalnayak 9bbeff3f44 doc: Fix the sample input value for cache_size 2017-05-19 12:32:44 -04:00
Kenny Gatdula f9a71de87a Update plugins.html.md (#2744) 
Minor typo and spellcheck update
 2017-05-18 14:06:44 -04:00
Martins Sipenko f3f6b02682 Fix X-Vault-AWS-IAM-Server-ID example (#2728) 2017-05-15 09:06:45 -04:00