Commit graph

1388 commits

Author SHA1 Message Date
Seth Vargo 5c1f017274
Reformat replication API 2017-03-16 11:57:06 -07:00
Seth Vargo 037700b86e
Update PKI backend API docs 2017-03-16 11:26:09 -07:00
Seth Vargo b340d9ff8c
Fix formatting in SSH 2017-03-16 11:25:59 -07:00
Seth Vargo faef58b355
Fix Cassandra text 2017-03-16 11:25:37 -07:00
Seth Vargo 9934b66fe0
Add new SSH field 2017-03-16 09:48:45 -07:00
Seth Vargo e86465c13b
Add SSH 2017-03-16 09:47:08 -07:00
Seth Vargo e473ee99a8
Fix TODOs 2017-03-16 09:47:08 -07:00
Seth Vargo b078963ab2
Hide auth backends for now
The migration is getting too large, so we'll tackle this move in another
PR
2017-03-16 09:47:08 -07:00
Seth Vargo 3fd0bd36cc
Break out API documentation for secret backends 2017-03-16 09:47:06 -07:00
Seth Vargo 19b2b049c3
Redo docs for system backend
This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.
2017-03-16 09:46:49 -07:00
Seth Vargo db4f689009
Do not have a large margin 2017-03-16 09:46:48 -07:00
Seth Vargo cd4bcc9c00
Allow nested code in li to receive new highlighting 2017-03-16 09:46:48 -07:00
Seth Vargo 849f57e73a
Update layouts and assets for consistency 2017-03-16 09:46:47 -07:00
Mike Okner 95df7beed9 Adding allow_user_key_ids field to SSH role config (#2494)
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
2017-03-16 08:45:11 -04:00
Jeff Mitchell 2b98f004ac Fix layout for replication 2017-03-16 06:50:33 -04:00
Jeff Mitchell 12e5132779 Allow roles to specify whether CSR SANs should be used instead of (#2489)
request values. Fix up some documentation.

Fixes #2451
Fixes #2488
2017-03-15 14:38:18 -04:00
Andy Manoske 8aa7f120b0 Vault_Enterprise_WWW (#2327) 2017-03-15 14:31:14 -04:00
Jeff Mitchell 584aedad04 Add upgrade to 0.7 page 2017-03-15 12:34:11 -04:00
Stanislav Grozev 4bc3abd152 Remove superfluous argument from SSH CA docs 2017-03-14 10:21:48 -04:00
Stanislav Grozev 7d59d7d3ac Reads on ssh/config/ca return the public keys
If configured/generated.
2017-03-14 10:21:48 -04:00
Stanislav Grozev 830de2dbbd If generating an SSH CA signing key - return the public part
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
2017-03-14 10:21:48 -04:00
Jeff Mitchell ab56fdbebf Clarify cluster_addr and cluster_address 2017-03-14 10:17:58 -04:00
Jeff Mitchell 4fa4034d50 Minor doc updates 2017-03-14 10:11:47 -04:00
Vishal Nayak 285bdf0a6f docs: clarify 'storage' and 'ha_storage' requirements (#2471) 2017-03-11 09:43:14 -05:00
Vishal Nayak 220beb2cde doc: ssh allowed_users update (#2462)
* doc: ssh allowed_users update

* added some more context in default_user field
2017-03-09 10:34:55 -05:00
vishalnayak 431070f828 doc: ssh markdown alignments 2017-03-08 21:58:12 -05:00
Jason Costello 012c8f6c2f remove offset from footer 2017-03-08 17:36:59 -08:00
Jason Costello 52b3d7beb5 Re apply offset change after rebase 2017-03-08 17:34:57 -08:00
Jack Pearkes 2c3736bbe2 website: add squashed mega-nav work 2017-03-08 17:27:31 -08:00
Seth Vargo f18318f6dd Move upgrade into guides (#2460)
* Move upgrades to guides

* Make root token copy-pastable
2017-03-08 17:33:58 -05:00
Seth Vargo aa6346a8f6
Use htmlcompat in middleman-hashicorp 2017-03-08 14:14:52 -08:00
Seth Vargo 23c0c47ff5
Update favicons, container, turbolinks 2017-03-08 11:07:20 -08:00
Jeff Mitchell 4d133b8423 Minor doc updates 2017-03-08 10:25:57 -05:00
Jeff Mitchell 5d760d4090 Add option to require valid client certificates (#2457) 2017-03-08 10:21:31 -05:00
Jeff Mitchell f03d500808 Add option to disable caching per-backend. (#2455) 2017-03-08 09:20:09 -05:00
Jeff Mitchell b11f92ba5a Rename physical backend to storage and alias old value (#2456) 2017-03-08 09:17:00 -05:00
Seth Vargo 624c6eab20 Separate backend configurations into their own pages (#2454)
* Clean vertical lines

* Make sidebar slightly larger on bigger displays

* Separate backend configurations into their own pages
2017-03-07 21:47:23 -05:00
Seth Vargo f0ad367b8c
Do not print header or footer 2017-03-06 16:11:06 -05:00
Seth Vargo a109e18661
Underline in black 2017-03-06 16:11:06 -05:00
Seth Vargo 1f7bdbf966
Fix http layout 2017-03-06 16:11:05 -05:00
Seth Vargo 93357d7519
Move install guides into docs layout 2017-03-06 16:11:05 -05:00
Seth Vargo 751a2bff1d
Update upgrade guides 2017-03-06 16:11:05 -05:00
Seth Vargo 2b371e1189
Tabs to spaces 2017-03-06 16:11:04 -05:00
Seth Vargo 5be9c0e33a
Add syntax highlighting 2017-03-06 16:11:04 -05:00
Seth Vargo 839fd199f3
Clean up scss 2017-03-06 16:11:04 -05:00
Seth Vargo 8706a16800
Do not show "Edit this Page" in dev either 2017-03-06 16:11:04 -05:00
Seth Vargo 7228475bc4
Use × instead of "X" 2017-03-06 16:11:03 -05:00
Seth Vargo 9ae2b0838f
Remove empty scss file 2017-03-06 16:11:03 -05:00
Seth Vargo a7f6b3b7f1
Unify layout partials 2017-03-06 16:11:02 -05:00
Michael 412aad7c6e Updated doc to match real output (#2443)
Regards hashicorp/vault#2116
2017-03-06 10:39:34 -05:00
Vishal Nayak 491a56fe9f AppRole: Support restricted use tokens (#2435)
* approle: added token_num_uses to the role

* approle: added RUD tests for token_num_uses on role

* approle: doc: added token_num_uses
2017-03-03 09:31:20 -05:00
Jason Costello 5ea7b4436c Website update typography (#2429) 2017-03-02 17:10:33 -05:00
Jeff Mitchell 76bec343f4 Some minor ssh docs updating 2017-03-02 16:47:21 -05:00
Will May 70bfdb5ae9 Changes from code review 2017-03-02 14:36:13 -05:00
Will May 36b3d89604 Allow internal generation of the signing SSH key pair 2017-03-02 14:36:13 -05:00
Vishal Nayak 3795d2ea64 Rework ssh ca (#2419)
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
2017-03-01 15:50:23 -05:00
Will May ff1ff02bd7 Changes from code review
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
2017-03-01 15:19:18 -05:00
Will May 099d561b20 Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00
Jeff Mitchell 7012d63a28 Update policies doc with allowed/denied params and min/max wrapping ttl info 2017-02-27 15:17:19 -05:00
Marshall Brekka 184b47e20c Add a TTL to the dynamodb lock implementation. (#2141) 2017-02-27 14:30:34 -05:00
vishalnayak 1518d626e3 docs: update sys heal status codes 2017-02-26 15:20:23 -05:00
Gregory Reshetniak e13fc759d8 Update sys-health.html.md
typo
2017-02-26 15:20:23 -05:00
Vishal Nayak b762c43fe2 Aws Ec2 additional binds for SubnetID, VpcID and Region (#2407)
* awsec2: Added bound_region

* awsec2: Added bound_subnet_id and bound_vpc_id

* Add bound_subnet_id and bound_vpc_id to docs

* Remove fmt.Printf

* Added crud test for aws ec2 role

* Address review feedback
2017-02-24 14:19:10 -05:00
Vishal Nayak c6f138bb9a PKI: Role switch to control lease generation (#2403)
* pki: Make generation of leases optional

* pki: add tests for upgrading generate_lease

* pki: add tests for leased and non-leased certs

* docs++ pki generate_lease

* Generate lease is applicable for both issuing and signing

* pki: fix tests

* Address review feedback

* Address review feedback
2017-02-24 12:12:40 -05:00
vishalnayak 3ddffbe574 awsec2: markdown text alignment 2017-02-23 14:52:38 -05:00
Brian Kassouf f992103615 Merge branch 'master' into acl-parameters-permission 2017-02-21 14:46:06 -08:00
Jeff Mitchell c81582fea0 More porting from rep (#2388)
* More porting from rep

* Address review feedback
2017-02-16 16:29:30 -05:00
Jeff Mitchell 0c39b613c8 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Frank Gevaerts 0044ea8917 Update hsm.html.md (#2381) 2017-02-16 07:25:22 -05:00
Jeff Mitchell 817bec0955 Add Organization support to PKI backend. (#2380)
Fixes #2369
2017-02-16 01:04:29 -05:00
Jeff Mitchell 51f7114648 Merge branch 'master-oss' into acl-parameters-permission 2017-02-15 20:37:58 -05:00
Phil Watts e2de7ec7fe Edit to the language of the description of disable_mlock on the configuration documentation page. Previous wording could lead to confusion as to the recommended setting of the disable_mlock option. (#2377) 2017-02-15 11:09:27 -05:00
Vishal Nayak b86e9bc09f aws-ec2 auth: fix docs (#2375) 2017-02-15 06:29:27 -05:00
Tommy Murphy ca06bc0b53 audit: support a configurable prefix string to write before each message (#2359)
A static token at the beginning of a log line can help systems parse
logs better. For example, rsyslog and syslog-ng will recognize the
'@cee: ' prefix and will parse the rest of the line as a valid json message.
This is useful in environments where there is a mix of structured and
unstructured logs.
2017-02-10 16:56:28 -08:00
P.Nikolajevs (pl) 2a79627a2e Update libraries.html.md (#2360) 2017-02-10 09:39:18 -08:00
Tommy Murphy 65b274299f docs: transit parameter is actually deletion_allowed (#2356) 2017-02-09 15:10:28 -05:00
Jeff Mitchell 72db329d67 Add support for backup/multiple LDAP URLs. (#2350) 2017-02-08 14:59:24 -08:00
Jack Harris d5b1cc7ebe Add correct output to unmount documentation (#2352)
Simply adding the actual output of: 'vault unmount generic/'
2017-02-08 10:40:56 -05:00
Jeff Mitchell 2fd59ad308 Merge branch 'master-oss' into acl-parameters-permission 2017-02-08 01:59:52 -05:00
Jeff Mitchell f9c67273f3 Add audited headers to sidebar 2017-02-07 17:02:14 -05:00
Jeff Mitchell 6612744576 Add Okta docs to sidebar 2017-02-07 16:57:28 -05:00
Matteo Sessa 29d9d5676e RADIUS Authentication Backend (#2268) 2017-02-07 16:04:27 -05:00
Jeff Mitchell f3de9f57ce Add etcd API info 2017-02-07 11:33:02 -08:00
Brian Kassouf 2923934813 Merge pull request #2326 from hashicorp/pr-2161
Add Socket Audit Backend
2017-02-07 11:27:25 -08:00
Brian Kassouf 128de55742 Added a warning about the dropped socket connection edge case 2017-02-07 11:06:36 -08:00
Brian Vans 29b3cc6b00 Fixing a few typos in the docs (#2344) 2017-02-07 11:55:29 -05:00
Brian Kassouf a566097657 Add info about UNIX sockets 2017-02-06 15:56:58 -08:00
Cameron Stokes d56c0e33b3 docs: add note about request size limit (#2337) 2017-02-06 18:24:40 -05:00
Vishal Nayak 7f2717b74a transit: change batch input format (#2331)
* transit: change batch input format

* transit: no json-in-json for batch response

* docs: transit: update batch input format

* transit: fix tests after changing response format
2017-02-06 14:56:16 -05:00
Brian Kassouf af1847f2b4 Update the docs and move the logic for reconnecting into its own function 2017-02-04 16:55:17 -08:00
Jeff Mitchell 1d0d353901 Fix incorrect sample URL in aws-ec2 docs 2017-02-04 19:27:35 -05:00
Harrison Harnisch b09077c2d8 add socket audit backend 2017-02-02 14:21:48 -08:00
Brian Kassouf 6701ba8a10 Configure the request headers that are output to the audit log (#2321)
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
Vishal Nayak 5fb28f53cb Transit: Support batch encryption and decryption (#2143)
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
2017-02-02 14:24:20 -05:00
Vishal Nayak 3457a11afd awsec2: support periodic tokens (#2324)
* awsec2: support periodic tokens

* awsec2: add api docs for 'period'
2017-02-02 13:28:01 -05:00
louism517 0548555219 Support for Cross-Account AWS Auth (#2148) 2017-02-01 14:16:03 -05:00
Shane Starcher 6033ea884c Okta implementation (#1966) 2017-01-26 19:08:52 -05:00
Jeff Mitchell 89b0ee09d3 Merge pull request #2296 from hashicorp/rfay-20161230_add_cookbook_with_root_token_generation
Add 'Guides' section
2017-01-25 15:33:43 -05:00
Jeff Mitchell 715732502d Update docs.erb 2017-01-25 15:33:20 -05:00
Cameron Stokes a898996c43 Update title and other minor changes. 2017-01-24 08:47:53 -08:00
Chris Hoffman c5f690b891 Fixing a few incorrect entries 2017-01-24 11:08:58 -05:00
Chris Hoffman 03d05b448a Minor transit docs fixes 2017-01-23 22:26:38 -05:00
Chris Hoffman b3fc3db6ec Adding LDAP API reference and misc docs formatting issues 2017-01-23 22:08:08 -05:00
Cameron Stokes c19e7ce793 undo inadvertant tabs to spaces on docs.erb 2017-01-23 17:02:06 -08:00
Cameron Stokes a307328f04 Additional changes to @rfay's PR from https://github.com/hashicorp/vault/pull/2217.
- Renamed Cookbook to Guides
- Made Guides index page
- Moved Guides link on sidebar
- Minor formatting changes to generate-root guide
2017-01-23 16:41:25 -08:00
Cameron Stokes 82af6a17c8 Merge branch '20161230_add_cookbook_with_root_token_generation' of https://github.com/rfay/vault into rfay-20161230_add_cookbook_with_root_token_generation 2017-01-23 16:13:58 -08:00
Roman Vynar 1615280efa Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 13:48:35 -05:00
joe miller 98df700495 allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman 7568a212b1 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
Vishal Nayak 5aba2d47b6 ldap: Minor enhancements, tests and doc update (#2272) 2017-01-23 10:56:43 -05:00
Brian Kassouf 2cdd70fdf9 First attempt at adding docs for permissions 2017-01-20 16:34:30 -08:00
Brian Kassouf d6198b7e24 change consistency config value from a bool to a string (#2282) 2017-01-19 17:36:33 -05:00
vishalnayak 4da3cf3479 Fix file_path argument in audit's index.html 2017-01-18 21:43:29 -05:00
Vishal Nayak 06c586ccd1 tokenStore: document the 'period' field (#2267) 2017-01-18 17:25:52 -05:00
Jacob Crowther 5f28afdf32 Example "List" command missing a forward slash (#2233)
The List command example is missing a forward slash before the query parameter.
2017-01-18 17:25:23 -05:00
Raja Nadar 8668f82831 vaultsharp is now cross-platform (#2285) 2017-01-18 08:45:16 -05:00
vishalnayak 0d59c1e6db Adding the 429 code back in 2017-01-17 13:36:56 -05:00
vishalnayak 62f17774f5 doc: remove unused 429 code from docs to avoid confusion 2017-01-13 23:12:32 -05:00
Brian Kassouf f11cd7f54a SP error 2017-01-13 11:50:23 -08:00
Brian Kassouf aff6282e78 Add require_conistent to docs 2017-01-13 11:48:35 -08:00
Erwin de Keijzer d71bdf893a Fixed rabbitmq documentation
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
2017-01-13 08:54:04 +01:00
vishalnayak e5551afac7 paraphrasing the cluster_addr doc 2017-01-12 11:26:43 -05:00
Pavel TImofeev eb7f4ef467 Describe how actually configuration option for 'Per-Node Cluster Address' topic is called.
According to 'Server Configuration' web page it's 'cluster_addr' (note, not 'cluster_address').
Previously this was not clear, what exactly 'this' was.
2017-01-12 12:20:19 +03:00
Matthew Irish cb8bbc4fbd Transit key actions (#2254)
* add supports_* for transit key reads

* update transit docs with new supports_* fields
2017-01-11 10:05:06 -06:00
Cameron Stokes af192b2081 Note about VAULT_UI environment variable. (#2255) 2017-01-11 09:29:45 -05:00
Raja Nadar a5fc6d1f31 fix lookup-self response json
reflect the true 0.6.4 response.
2017-01-10 23:19:49 -08:00
Jeff Mitchell f18d08cf2b Remove documenting that the token to revoke can be part of the URL as (#2250)
this should never be used and only remains for backwards compat.

Fixes #2248
2017-01-09 22:09:29 -05:00
Jeff Mitchell 4d83db66df Clarify text around redirect addr being required 2017-01-06 15:07:01 -05:00
windowsrefund 64e7e99755 prevent startup error when user has multiple private IPs configured locally 2017-01-03 15:24:11 -05:00
Michael Hofer 6dd1de959c Add link to vault-client vc written in go (#2225) 2017-01-03 11:29:54 -05:00
Randy Fay 787b6aa93c Add cookbook section, with root token generation technique 2016-12-30 09:19:55 -07:00
Phil Porada c8248b0d97 Adds a link to the latest releases CHANGELOG on the downloads.html page (#2205) 2016-12-29 19:57:16 -06:00
Chris Hoffman f6cc4c89ec Adding Vault.NET C# Library (#2213) 2016-12-29 19:26:47 -06:00
Stenio Ferreira 6c8a071a01 Fixed docs - auth backend aws had a typo on API example (#2211) 2016-12-28 11:41:50 -06:00
Jeff Mitchell ad5bdfa83c Update vs HSM text 2016-12-28 11:23:50 -05:00
Daniel Heitmann 69da5bc021 Replace app-id with approle due to deprecation (#2197)
According to the documentation the App-ID backend is deprecated in favor of the AppRole backend since Vault 0.6.1.
2016-12-20 13:29:42 -05:00
Brian Nuszkowski 98a6e0fea3 Add Duo pushinfo capabilities (#2118) 2016-12-19 15:37:44 -05:00
Vishal Nayak ba026aeaa1 TokenStore: Added tidy endpoint (#2192) 2016-12-16 15:29:27 -05:00
Jeff Mitchell f6044764c0 Fix revocation of leases when num_uses goes to 0 (#2190) 2016-12-16 13:11:55 -05:00
Elan Ruusamäe ca1f0115b6 add unix socket example as well (#2193) 2016-12-16 05:13:35 -05:00
Elan Ruusamäe 9a9edfb515 Update index.html.md (#2191)
add DSN as link to go-sql-driver/mysql to know the syntax
2016-12-16 03:37:54 -05:00
Vishal Nayak 8400b87473 Don't add default policy to child token if parent does not have it (#2164) 2016-12-16 00:36:39 -05:00
Jack Pearkes b70eff9b26 website: turn off autocomplete on the demo (#2187)
Removes the akward browser autocomplete bar from the tutorial input.
2016-12-15 11:00:44 -05:00
James Turnbull 0b082bff42 Edits to the deploy guide 2016-12-14 11:17:50 -05:00
James Turnbull e2ef0b75b6 Edits to the authorization/acl guide 2016-12-14 11:11:14 -05:00
James Turnbull c47c8343b5 Edits to the authentication guide 2016-12-14 11:06:42 -05:00
James Turnbull 73ce47d0fe Formatting and language updates to help guide 2016-12-14 10:55:11 -05:00
James Turnbull ce6c0dcf95 Minor formatting fix to dynamic secrets guide 2016-12-14 10:51:56 -05:00
James Turnbull f1b5377e81 Updated some formatting and language in the secret backends doc 2016-12-14 10:46:14 -05:00
James Turnbull 73324e2cba Updated some formatting and language in the first secret doc 2016-12-14 10:39:45 -05:00
James Turnbull 3a981ae7b4 Updated some language and formatting in the dev-server guide 2016-12-14 10:34:52 -05:00
James Turnbull 49dd4f70df Edits to the install doc in getting started 2016-12-14 10:15:26 -05:00
James Turnbull 6df55a3126 Added next step to install section 2016-12-14 10:13:15 -05:00
vishesh92 a46217989b Fix broken link 2016-12-13 10:56:18 +05:30
Frank Farmer f1ef8485ab Small typo 2016-12-08 16:51:16 -08:00
Jeff Mitchell bd41c48304 Add doc for ui to config page 2016-12-06 17:13:12 -05:00
Jeff Mitchell a81d18b437 Add 0.6.3 upgrade page to sidebar 2016-12-06 16:37:28 -05:00
Jeff Mitchell f5891b6677 Prep for 0.6.3 2016-12-06 11:26:29 -05:00
Christopher Pauley f07a19c503 gcs physical backend (#2099) 2016-12-01 11:42:31 -08:00
Chris MacNaughton a381f727e6 Add Rust (#2136)
Add the Rust crate to the list
2016-12-01 10:54:41 -08:00
vishesh92 b17100cf0d Fix aws auth login example (#2122) 2016-12-01 10:17:08 -08:00
Brian Nuszkowski 3d66907966 Disallow passwords LDAP binds by default (#2103) 2016-12-01 10:11:40 -08:00
Talal Obeid efe97559ea Improve link to intro and getting started (#2049) 2016-11-28 09:41:08 -08:00
Andrea Crotti d1c3367168 return code is 403 not 400 (#2128) 2016-11-25 06:47:27 -08:00
Dan Gorst e1d3650b7f Minor documentation tweak (#2127)
Should be arn, not policy - latter will error as that assume an inline policy json document
2016-11-24 07:36:46 -08:00
Em Smith 1812ce8d4a Change command examples for First Secrets #2116 (#2117)
These were discovered to be out of date as per https://github.com/hashicorp/vault/issues/2116
2016-11-22 12:44:17 -05:00
Jeff Mitchell a94962e004 Update docs to fix #2102 2016-11-22 12:19:22 -05:00
Benjamin Farley aac4f894c9 Update libraries doc for Haskell community library (#2101) 2016-11-17 13:36:00 -05:00
Jeff Mitchell 6b5327a04d Document bug causing certain LDAP settings to be forgotten on upgrade to
0.6.1+.

Fixes #2104
2016-11-16 17:08:16 -05:00
Daniel Somerfield db9dbdeb86 Added document to github auth backend covering user-specific policies. (#2084) 2016-11-11 08:59:26 -05:00
matt maier 57925ee863 Vendor circonus (#2082) 2016-11-10 16:17:55 -05:00
Brad Jones a8f35e95a0 Clarify that Swift only supports v1.0 auth (#2070) 2016-11-08 06:44:34 -05:00
Jacob Crowther 799707fdd0 Specify the value of "generated secrets" (#2066)
This small change is to specify (mostly for new users) that only dynamic secrets are revoked when running revoke-self.
2016-11-07 15:02:23 -05:00
Joel Thompson 0357d73dad Add information on HMAC verification to transit docs (#2062) 2016-11-07 13:44:14 -05:00
Jeff Mitchell 9d4eedcce4 Update unwrap call documentation 2016-11-02 13:36:32 -04:00
Jeff Mitchell 9066f012a7 Fix cache default size and docs 2016-11-01 10:24:35 -04:00
Benjamin Campbell 35542e39d7 Use gpg binary in PGP website documentation (#2047) 2016-10-30 13:09:56 -04:00
Jeff Mitchell b8b962c6e5 Rearrange libs 2016-10-29 13:53:06 -04:00
Mark Paluch 8c5d40df16 Add Spring Vault to client libraries (#2042) 2016-10-29 13:52:16 -04:00
vishalnayak 48196228d6 s/localhost/127.0.0.1 in approle docs 2016-10-28 09:46:39 -04:00
vishalnayak 260424244b s/localhost/127.0.0.1 2016-10-28 09:23:05 -04:00
vishalnayak 4ab6bd41c4 Using AppRole as an example. Removed 'root' policy being used in examples 2016-10-28 01:24:25 -04:00
Greg Look 089798b5d1 Update libraries.html.md
Add Clojure Vault client.
2016-10-27 11:39:52 -07:00
vishalnayak e0fb8c17ce Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
Vishal Nayak c74303dd59 Merge pull request #2029 from bfallik/patch-1
Update aws-ec2.html.md
2016-10-26 16:57:39 -04:00
Raja Nadar d3f71e7232 doc: syslog change data type from bool to string (#1998) 2016-10-26 16:18:31 -04:00
Brian Fallik 59a59a3235 Update aws-ec2.html.md
fix minor typo
2016-10-26 15:40:40 -04:00
Raja Nadar 9bba65e614 doc: change data type from boolean to string (#1997)
the api doesn't accept the boolean value. it needs a string containing a boolean value.
2016-10-26 11:29:42 -04:00
vishalnayak 5ef3e4b5ef Docs: Add port numbers to redirect_addr 2016-10-19 22:07:25 -04:00
vishalnayak fec9d83dce Docs: Update the client redirection defaults 2016-10-18 13:27:19 -04:00
Vishal Nayak 45f720cea7 Merge pull request #2006 from hashicorp/update-github-docs
Update github login output in the docs
2016-10-18 10:27:06 -04:00
Chris Hoffman 4b6e82afcb Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
Vishal Nayak 6646656e32 Merge pull request #2013 from rjhornsby/master
Fix sidebar typo
2016-10-18 09:45:03 -04:00
Vishal Nayak efa76a02ad Merge pull request #2010 from rajanadar/patch-5
doc: add doc for the GET lease settings api
2016-10-18 09:39:23 -04:00
rjhornsby 5e89fc4997 Fix typo
Fix typo in sidebar layout that prevented sidebar item 'getting started apis' from correctly rendering when that page was active.
2016-10-17 10:59:16 -05:00
Raja Nadar d43e7395c7 fix indentation 2016-10-15 22:58:25 -07:00
Raja Nadar f743ac97c2 doc: add doc for the GET lease settings api
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
2016-10-15 22:43:50 -07:00
Raja Nadar f31d99e51d doc: add consistency field in get-role response 2016-10-15 01:15:58 -07:00
vishalnayak f556a38959 Update github login output in the docs 2016-10-14 22:39:56 -04:00
Vishal Nayak c1be9ce062 Merge pull request #1988 from mp911de/issue/refdocs-approle-post-on-secret-id-destroy
Use POST method for destroy operations in documentation
2016-10-14 15:37:13 -04:00
Vishal Nayak 11db53e2f1 Merge pull request #1991 from hashicorp/pgp-gpg-doc-update
Update pgp-gpg concepts page to use base64 decoding instead of hex
2016-10-14 15:34:04 -04:00
vishalnayak 557bf45de6 Update the getting started API doc to not use 'root' policy 2016-10-11 16:07:48 -04:00
vishalnayak 6c9358dbec Update pgp-gpg concepts page to use base64 decoding instead of hex 2016-10-11 15:58:32 -04:00
Mark Paluch 95144ddae3 Use POST method for destroy operations in documentation
Use POST method as most clients (including Vault cli) cannot send a body when using the DELETE HTTP method.
2016-10-11 17:12:07 +02:00
Laura Bennett 9fc5a37e84 address feedback 2016-10-09 22:23:30 -04:00
Laura Bennett 1b8d12fe82 changes for 'mode' 2016-10-08 19:52:49 -04:00
Laura Bennett 39e7732473 website documentation update 2016-10-07 15:48:29 -04:00
Jeff Mitchell d580bb1c27 Update upgrade guide 2016-10-05 14:10:27 -04:00
Jeff Mitchell 7f9a88d8db Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
Jeff Mitchell 6b0f886756 Update website with breaking change information 2016-10-04 22:35:56 -04:00
Vishal Nayak 661a8a4734 Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature
aws-ec2-auth using identity doc and RSA digest
2016-10-04 15:45:12 -04:00
vishalnayak 0f8c132ede Minor doc updates 2016-10-04 15:46:09 -04:00
vishalnayak 59475d7f14 Address review feedback 2016-10-04 15:05:44 -04:00
Vishal Nayak 4141b632fa Merge pull request #1957 from hashicorp/website-list-userpass
Added user listing endpoint to userpass docs
2016-10-04 14:10:49 -04:00
vishalnayak 348a09e05f Add only relevant certificates 2016-10-03 20:34:28 -04:00
vishalnayak dbd364453e aws-ec2 config endpoints support type option to distinguish certs 2016-10-03 20:25:07 -04:00
Matthew Irish 61975f4265 add documentation for cluster_name and link atlas listener docs 2016-10-03 15:04:33 -05:00
Matthew Irish 34a6abcbb6 document the atlas listener 2016-10-03 10:41:50 -05:00
Jeff Mitchell 2c85fdfeb9 Switch default case of disable cluster. (#1959) 2016-10-02 14:54:01 -04:00
vishalnayak aef1a88de4 Added docs for reading and deleting username 2016-09-30 16:13:57 -04:00
vishalnayak 2ad698ec0b Added user listing endpoint to userpass docs 2016-09-30 15:47:33 -04:00
Jeff Mitchell 606d717ad9 Update changelog and website for GH-1958 2016-09-30 15:08:38 -04:00
Jeff Mitchell 4a505bfa3e Update text around cubbyhole/response 2016-09-29 17:44:15 -04:00
Chris Stevens 7a8fcfcf55 Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection"
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.

The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
2016-09-29 14:05:47 -05:00
Vishal Nayak 4c74b646fe Merge pull request #1947 from hashicorp/secret-id-lookup-delete
Introduce lookup and destroy endpoints for secret IDs and its accessors
2016-09-29 10:19:54 -04:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
vishalnayak 34e76f8b41 Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
Michael S. Fischer 2dd1f584e6 Update documentation for required AWS API permissions
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
2016-09-28 16:50:20 -07:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
vishalnayak a9976dca1c Remove a mistyped character 2016-09-28 18:30:49 -04:00
Vishal Nayak 69c57f843d Merge pull request #1943 from hashicorp/iam-bounds-prefix
Check for prefix match instead of exact match for IAM bound parameters
2016-09-28 18:11:53 -04:00
vishalnayak e01f99f042 Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
Vishal Nayak ba5da65163 Merge pull request #1940 from chrishoffman/consul-doc
Small consul doc fix
2016-09-28 15:48:45 -04:00
Vishal Nayak 4a30a6b4f8 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn
Proper naming for bound_iam_instance_profile_arn
2016-09-28 15:34:56 -04:00
Chris Hoffman 8c755bfe92 Small consul doc fix 2016-09-28 15:11:39 -04:00
Laura Bennett 010293ccc3 Merge pull request #1931 from hashicorp/cass-consistency
Adding consistency into cassandra
2016-09-27 21:12:02 -04:00
Chris Hoffman d235acf809 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett 883b5db420 typo correction 2016-09-27 16:38:27 -04:00
Laura Bennett 648a71fa11 updates to the documents 2016-09-27 16:36:20 -04:00
Jeff Mitchell 96afb1d27a Update getting started docs since root can no longer be used from github 2016-09-26 13:09:26 -04:00
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Jeff Mitchell f8e3cf4591 Add information about accessors to the token concepts page.
Fixes #1918
2016-09-26 10:18:38 -04:00
vishalnayak d080107a87 Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
John c39eeecaea tip to override VAULT_ADDR in getting started guide (#1915) 2016-09-23 19:34:07 -04:00
vishalnayak 2d4bfeff49 Update website for bound_iam_instance_profile_arn 2016-09-23 11:23:59 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry.
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
Jeff Mitchell 226ef5d78c Make HA in etcd off by default. (#1909)
Fixes #1908

(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
2016-09-21 14:01:36 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell 982f151722 Update docs to reflect that there is more than one constraint for EC2 now 2016-09-20 16:11:32 -04:00
Chris Hoffman 5c241d31e7 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00