luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
10,975 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

2812 Commits

Author SHA1 Message Date
Joel Thompson 8a981004ec Add reading AWS root/config endpoint (#7245) 2019-09-13 10:07:04 -07:00
Michel Vocks f048a7c1be
Fixed wrong API method in API docs for identity token generation (#7462) 2019-09-13 09:08:18 +02:00
Laurent Godet 3de32582ae Fix kv destroy command (#7461) 2019-09-11 15:20:49 +02:00
Austin Heiman c1f41a5e77 document mysql and postgres generated password complexity (#7435) 2019-09-07 09:48:08 -07:00
Jim Kalafut 27377dd612
Document Postgres ha_table parameter (#7444) 
Fixes #7416
 2019-09-07 08:49:14 -07:00
Jim Kalafut 4859d253d5
Fix Azure auth api docs (#7446) 
Fixes #6793, #6785
 2019-09-06 15:38:12 -07:00
Yoko 72618cb5cf
Auto-unseal with Azure Key Vault (#7414) 
* Added note based on Asana report

* Removed extra space
 2019-09-06 15:03:37 -07:00
Jim Kalafut 210d6a4217
Update JWT docs re: host parameter (#7445) 2019-09-06 14:58:14 -07:00
Vu Pham e5f955f9a7 Updated naming for OCI Auth and Object Storage plugins (#7423) 2019-09-05 10:26:05 -07:00
Jim Kalafut 6d4d4b5636
Update docs sidebar for CF and OCI (#7421) 2019-09-04 15:31:21 -07:00
Vu Pham a09d13c54a Added OCI Auth plugin documentation (#7284) 2019-09-04 13:25:08 -07:00
Vu Pham 9c8dc4d179 OCI KMS plugin documentation (#7283) 2019-09-04 13:23:06 -07:00
Vu Pham 3318e883e1 OCI Object Storage documentation (#7282) 2019-09-04 13:22:20 -07:00
Jim Kalafut 7919bfb3de
Fix sidebar order (#7409) 2019-09-03 09:32:44 -07:00
Yoko 17ea1fb294
Fixed typo - --> _ (#7391) 2019-08-29 12:44:31 -07:00
Noelle Daley f1c1d47b34 fix ciphertext typo (#7366) 2019-08-26 19:40:00 -04:00
Becca Petrin 64ecf46fb6
rename pcf to cf maintaining backwards compat (#7346) 2019-08-26 09:55:08 -07:00
Becca Petrin efba500548
describe API calls made by the cf client (#7351) 2019-08-22 11:53:27 -07:00
Jason O'Donnell a23f7e71b6
docs: update vault helm doc (#7348) 
* docs: update vault helm doc

* Update wording per review
 2019-08-22 13:09:22 -04:00
Jeff Malnick ba4fbd4df8
Allow setting file mode on vault agent sink file (#7275) 
* feat: enable setting mode on vault agent sink file

* doc: update vault agent file sink with mode configuration
 2019-08-21 20:41:55 -07:00
Michael Gaffney 9da6460f4d
Add docs for Vault Agent Auto-auth Certificate Method (#7344) 
Closes #7343
 2019-08-21 10:34:26 -04:00
Tommy Murphy fc3f1896ad telemetry: add stackdriver metrics sink (#6957) 
* telemetry: add stackdriver metrics sink

* telemetry: stackdriver go mod tidy
 2019-08-20 14:47:08 -07:00
Joel Thompson ac18a44fae secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles (#6789) 
* secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles

AWS now allows you to pass policy ARNs as well as, and in addition to,
policy documents for AssumeRole and GetFederationToken (see
https://aws.amazon.com/about-aws/whats-new/2019/05/session-permissions/).
Vault already collects policy ARNs for iam_user credential types; now it
will allow policy ARNs for assumed_role and federation_token credential
types and plumb them through to the appropriate AWS calls.

This brings along a minor breaking change. Vault roles of the
federation_token credential type are now required to have either a
policy_document or a policy_arns specified. This was implicit
previously; a missing policy_document would result in a validation error
from the AWS SDK when retrieving credentials. However, it would still
allow creating a role that didn't have a policy_document specified and
then later specifying it, after which retrieving the AWS credentials
would work. Similar workflows in which the Vault role didn't have a
policy_document specified for some period of time, such as deleting the
policy_document and then later adding it back, would also have worked
previously but will now be broken.

The reason for this breaking change is because a credential_type of
federation_token without either a policy_document or policy_arns
specified will return credentials that have equivalent permissions to
the credentials the Vault server itself is using. This is quite
dangerous (e.g., it could allow Vault clients access to retrieve
credentials that could modify Vault's underlying storage) and so should
be discouraged. This scenario is still possible when passing in an
appropriate policy_document or policy_arns parameter, but clients should
be explicitly aware of what they are doing and opt in to it by passing
in the appropriate role parameters.

* Error out on dangerous federation token retrieval

The AWS secrets role code now disallows creation of a dangerous role
configuration; however, pre-existing roles could have existed that would
trigger this now-dangerous code path, so also adding a check for this
configuration at credential retrieval time.

* Run makefmt

* Fix tests

* Fix comments/docs
 2019-08-20 12:34:41 -07:00
Jim Kalafut 3ce3e40db7
Update role parameters in JWT API docs (#7328) 
This is a temporary revert related to https://github.com/hashicorp/vault-plugin-auth-jwt/issues/66.
Once that change is in a released Vault, this docs change should be reverted back.
 2019-08-16 08:09:15 -07:00
Jeff Mitchell 87f649bf99 Prep for 1.2.2 2019-08-14 16:54:16 -04:00
skarsol 073ff32900 Add section for consul 1.4+ (#6366) 2019-08-14 10:19:14 -04:00
Didi Kohen a14b44ee8b Add some more detail for the root generation process (#5720) 
* Add some more detail for the root generation process

* Remove mention of old OTP and OTP provided on the start request
 2019-08-14 10:16:10 -04:00
IPv4v6 8fe861ec04 add examples for ECC key sizes in documentation (#2952) 
* add examples for ECC key sizes in documentation

Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>

* remove links to Go documentation
 2019-08-14 10:08:41 -04:00
Calvin Leung Huang 675593bd18 docs: add 1.2.1 upgrade guide (#7274) 2019-08-14 09:45:09 -04:00
Jim Kalafut 4653861333
Fix PCF API docs field names (#7302) 2019-08-12 10:55:23 -07:00
Michel Boucey badb089ffb Add gothic, a Haskell KVv2 engine API client (#7301) 2019-08-12 13:30:25 -04:00
Jason O'Donnell ac16dec5c4
docs: update k8s helm doc (#7279) 2019-08-08 17:05:01 -04:00
Jeff Mitchell c9d4e83350 Bump some versions to prep 2019-08-05 17:43:12 -04:00
Jason O'Donnell 13ffbcd984
doc: add k8s vault-helm doc (#7193) 
* doc: add k8s vault-helm doc

* Replace TODO with security warning

* Add TLS example

* Add production deployment checklist

* Add kube hardening guide

* Fix link to configuration values

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Fix typo in example

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Remove anchors, add tolerations/selector

* Fix rendering of global configuration

* Fix sidebar navigation and update links

* Add sidebar title to run doc

* Add platform index.html

* Add relative links

* Rename file

* Fix titles

* Add syntax highlighting to examples

* Move platforms in navigation bar
 2019-08-05 17:15:28 -04:00
ncabatoff 439ea99c83
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true (#7241) 
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true, i.e. return 200 instead of 429.
 2019-08-05 16:44:41 -04:00
Jim Kalafut 4584c84d79
Add docs for OIDC verbose_oidc_logging (#7236) 2019-08-01 14:41:35 -07:00
Jeff Mitchell a9ba15a075
Add AppRole upgrade issue to upgrade guide for 1.2.0 (#7234) 2019-08-01 11:50:43 -04:00
Jim Kalafut beea6358f3
Fix GCP docs formatting (#7120) 2019-08-01 08:00:42 -07:00
Andre Hilsendeger 8f8af53394 docs: add connection options for MySQL storage backend (#7171) 2019-08-01 08:00:00 -07:00
Eko Simanjuntak a6b45bd2df fixing typo on chiphertext prefix (#7189) 2019-08-01 07:41:52 -07:00
Paul Banks 2c62c96fee Fix JSON example syntax in identity docs (#7227) 2019-07-31 15:23:00 -07:00
Becca Petrin 5c9228a021
Fix tag (#7221) 
* fix tag

* Update index.html.md.erb
 2019-07-30 15:51:31 -07:00
Becca Petrin 0b31996aa7
improve tls cert docs (#7132) 2019-07-30 13:57:36 -07:00
Jeff Mitchell 20aeba2fbe Fix PCF location in sidebar 2019-07-30 16:12:55 -04:00
Calvin Leung Huang 1eb7e3cd43 docs: add kmip docs/api to the sidebar (#7218) 2019-07-30 15:59:07 -04:00
Calvin Leung Huang d9ec7ea38c docs: add pcf docs/api to sidebar (#7219) 2019-07-30 15:58:51 -04:00
Jeff Mitchell fc79848856
Add token helper partial and pull into auth docs (#7220) 2019-07-30 15:58:32 -04:00
Jeff Mitchell e118b41d09 Fix yml exception in PCF docs 2019-07-30 15:02:53 -04:00
Jeff Mitchell 01987f972c Add 1.2.0 upgrade guide 2019-07-30 12:37:45 -04:00
Jeff Mitchell 1d75ace163 Update files for release 2019-07-30 00:23:20 -04:00