Commit graph

293 commits

Author SHA1 Message Date
Armon Dadgar 0521c6df6c http: support ?standbyok for 200 status on standby. Fixes #389 2015-07-02 17:49:35 -07:00
Bradley Girardeau 42050fe77b ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar 3c58773598 Merge pull request #380 from kgutwin/cert-cli
Enable TLS client cert authentication via the CLI
2015-06-30 11:44:28 -07:00
Armon Dadgar b8f2e8d498 website: document insecure_tls for LDAP backend 2015-06-30 09:42:18 -07:00
Jeff Mitchell 42b90fa9b9 Address some issues from code review.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:27:23 -04:00
Karl Gutwin 70fc49be84 Website docs. 2015-06-30 09:18:39 -04:00
Jeff Mitchell fccbc587c6 A Cassandra secrets backend.
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:04:01 -04:00
Armon Dadgar 3902626163 Merge pull request #310 from jefferai/f-pki
Initial PKI backend implementation
2015-06-21 11:12:22 +01:00
sergiopatino 3e58e8fff2 Fix typo in link to Atlas URL.
Missing a colon after https!
2015-06-21 02:41:26 -07:00
Jeff Mitchell e086879fa3 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell a6fc48b854 A few things:
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00
Armon Dadgar 28ddff305c physical/mysql: cleanup and documentation 2015-06-18 14:31:00 -07:00
Jeff Mitchell 34f495a354 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 15:22:58 -04:00
Armon Dadgar 7e6f44e39e website: document transit upsert behavior 2015-06-17 18:51:58 -07:00
Armon Dadgar 93ee9f6b76 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Jeff Mitchell 49f1fdbdcc Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Armon Dadgar 07df5c251d Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix
Do not output the trailing newline in encoding.
2015-06-15 17:36:01 -07:00
Seth Vargo db178571eb Document longest-prefix match
Fixes https://github.com/hashicorp/vault/issues/331
2015-06-15 14:29:20 -04:00
Ryan Currah c232fee6b3 Do not output the trailing newline in encoding.
Added -n to echo command to prevent newlines from showing up in encoding.
2015-06-13 12:03:57 -04:00
Jeff Mitchell e17ced0d51 Fix a docs-out-of-date bug.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-12 16:33:00 -04:00
Jeff Mitchell db5354823f Fix some out-of-date examples.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:17:05 -04:00
Jeff Mitchell 1513e2baa4 Add acceptance tests
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Jeff Mitchell 0d832de65d Initial PKI backend implementation.
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Justin Campbell 2a1eac837c docs: Fix examples of auth via JSON
For both userpass and LDAP
2015-06-04 10:38:11 -04:00
Justin Campbell d634a92d2a Remove .DS_Store
Already gitignored
2015-06-04 10:17:00 -04:00
Armon Dadgar 66ab2bbf54 Merge pull request #263 from sheldonh/iam-policy
List IAM permissions required by root credentials
2015-06-01 13:16:51 +02:00
Armon Dadgar 98cca9cb18 Merge pull request #261 from jsok/consul-lease
Add ability to configure consul lease durations
2015-06-01 13:04:28 +02:00
Armon Dadgar 82caf31532 Merge pull request #277 from hashicorp/f-rotate
Add support for key rotation
2015-06-01 12:52:32 +02:00
Seth Vargo 507f5b0114 Cleanup style on http index docs 2015-05-31 21:23:44 -07:00
Seth Vargo 4a41d05870 Merge pull request #271 from boncheff/f-doc-update-read-write-example
Update index.html.md
2015-05-31 21:20:34 -07:00
Seth Vargo 090de2c6d3 Merge pull request #279 from whit537/patch-1
Capitalize the first word of a sentence
2015-05-31 15:53:34 -07:00
Seth Vargo 7fd3d50f3e Merge pull request #280 from whit537/patch-2
Put me in charge of dev mode :)
2015-05-31 15:53:24 -07:00
Seth Vargo d90b63a520 Merge pull request #282 from whit537/patch-3
Add a missing word
2015-05-31 15:52:21 -07:00
Seth Vargo 68c9b9dd83 Merge pull request #283 from whit537/patch-4
revisions to Getting Started > Dynamic Secrets
2015-05-31 15:52:08 -07:00
Seth Vargo dba3fde064 Merge pull request #284 from whit537/patch-5
revisions to Getting Started > Built-in Help
2015-05-31 15:51:51 -07:00
Seth Vargo 83ad07bb72 Merge pull request #285 from whit537/patch-6
revisions to Getting Started > Authentication
2015-05-31 15:51:39 -07:00
Seth Vargo 1514dd5a14 Merge pull request #286 from whit537/patch-7
revisions to Getting Started > Access Control Policies
2015-05-31 15:51:08 -07:00
Seth Vargo 105def7354 Merge pull request #287 from whit537/patch-8
revisions to Getting Started > Deploy Vault
2015-05-31 15:50:58 -07:00
Chad Whitacre b83f3f2d02 Provide missing verb 2015-05-31 17:19:34 -04:00
Chad Whitacre e7cc5649dd Fix punctuation
We want an apostrophe (for the contraction, not the possessive), but we don't want an extra period.
2015-05-31 17:00:44 -04:00
Chad Whitacre 2df20f0c8c Remove an errant article 2015-05-31 16:47:15 -04:00
Chad Whitacre 1629f9ac93 Fix number of a noun 2015-05-31 16:42:29 -04:00
Chad Whitacre b1b2a4be7c Fix another broken passive 2015-05-31 16:34:34 -04:00
Chad Whitacre fcc7cbaee5 Fix a broken verb voice 2015-05-31 16:31:10 -04:00
Chad Whitacre 4a4d944bcc Charges don't incur themselves 2015-05-31 16:24:03 -04:00
Chad Whitacre 2ee0e9c51b REMOVE A SINGLE WHITESPACE CHARACTER 2015-05-31 16:21:39 -04:00
Chad Whitacre bd4dce28b5 Remove quotes to match styling elsewhere
Cf. http://vaultproject.io/intro/getting-started/dynamic-secrets.html
2015-05-31 16:20:56 -04:00
Chad Whitacre 11cd9eb6f5 Add a missing word 2015-05-31 16:19:38 -04:00
Chad Whitacre 2e00c9dd27 fix line wrapping
Sorry!
2015-05-31 16:07:50 -04:00
Chad Whitacre 4aee92f5e4 Direct new users over to the getting started guide
I found myself on the dev server reference, when really I was more interested in the getting started guide. This link is intended to help others get back on the right track.
2015-05-31 16:06:58 -04:00