Commit graph

280 commits

Author SHA1 Message Date
Hridoy Roy f8a248ce48
Port: change leader status metric name to active (#10245)
* change active node metric name

* comment to see if commit is fine

Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-10-29 10:30:45 -07:00
Jonas-Taha El Sesiy b7cf4a05ff
Add support for Managed Identity auth for physical/Azure (#10189)
* Add support for Managed Identity auth for physical/Azure

Obtain OAuth token from IMDS to allow for access to Azure Blob with
short-lived dynamic credentials

Fix #7322

* add tests & update docs/dependencies
2020-10-28 15:04:26 -07:00
Jason O'Donnell a4bcbb84e2
docs: fix k8s helm configuration rendering (#10257) 2020-10-28 10:51:40 -04:00
Hridoy Roy 0259be04e0
Port: Add metrics to report mount table sizes for auth and logical [Vault 671] (#10201)
* first commit

* update

* removed some ent features from backport

* final refactor

* backport patch

Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MBP.hitronhub.home>
2020-10-27 08:24:43 -07:00
Jason Witkowski ebfaa551eb
Add ability to specify region for OCI Storage Backend (#9302)
* Add ability to specify region for OCI Storage Backend

* Fix capitalization in Vault documentation

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-26 18:28:32 -04:00
Theron Voran d8dc45f03f
UI/OIDC: allow passing namespace in state (#10171)
* UI/OIDC: allow passing namespace in state

Suppport in the UI OIDC callback flow to parse namespace out of the
state parameter instead of a separate query parameter in the
redirect_uri. Includes docs for the option that enables this behavior
in the JWT plugin.

* 1.6 wordsmithing

* pass_namespace_in_state -> namespace_in_state

* re-wording

* use strict equals

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-26 18:17:21 -04:00
Michael Golowka e07fe992ef
DBPW - Add readme to dbplugin package (#10230) 2020-10-26 13:57:02 -06:00
Theron Voran b705d71ae7
Add info about aws timeouts to docs (#10209)
In auth/aws, seal/awskms, and secrets/aws, storage/s3, and
storage/dynamodb.

One blurb for the docs pages and one for the .0 upgrade pages.
2020-10-26 11:15:59 -07:00
Aleksandr Bezobchuk 95bbd8d920
Merge PR #10192: Auto-Join: Configurable Scheme & Port (and add k8s provider) 2020-10-23 16:13:09 -04:00
Ryan Treat d5169bae28
Update Venafi Secrets Engine doc to account for recent enhancements (#10221) 2020-10-22 16:25:37 -07:00
Jason O'Donnell cdcbac013b
docs: update helm to 0.8.0 (#10190)
* docs: update helm to 0.8.0

* Fix formatting

* Add allowed values to failurePolicy
2020-10-20 15:47:47 -04:00
Jason O'Donnell 2dbd6dd098
Update injector docs for 0.6.0 (#10186) 2020-10-20 13:09:37 -04:00
Mike Green 77ea265a0a
Clarify prometheus_retention_time to 0 (#10187)
zero prometheus_retention_time will disable.
2020-10-20 11:51:08 -04:00
Michael Golowka ec29078acb
DBPW - Update docs with password policies & new Database interface (#10138) 2020-10-19 15:58:09 -06:00
Julien Rottenberg 6c6dc2bfbb
Fix for broken link (#10152) 2020-10-16 16:44:33 -07:00
davidadeleon ab18a74c08
Updated missing code encoding around two path references (#10161) 2020-10-16 16:26:28 -07:00
Aleksandr Bezobchuk 0d6a0ec589
Merge PR #10010: Rate Limit Quotas: Allow Exempt Paths to be Configurable 2020-10-16 14:58:19 -04:00
Peter Souter feaafb2c3a
Adds note that it requires a PEM-encoded file (#10145) 2020-10-14 16:43:07 -07:00
Jim Kalafut a23ed17806
Add GCS storage change to 1.5.0 upgrade guide (#10139) 2020-10-14 07:34:47 -07:00
Hridoy Roy 771da35261
upgrade docs for new telemetry [VAULT-672] (#10137)
* upgrade docs for new telemetry

* Update telemetry.mdx

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-10-14 06:52:23 -07:00
Connor 8b1a3301f0
Add telemetry for LRU cache (#10079)
Vault creates an LRU cache that is used when interacting with the
physical backend. Add telemetry when the cache is hit, missed, written
to and deleted from. Use the MetricSink from ClusterMetrics
2020-10-13 10:11:54 -05:00
James Connor 86e79f6f26
lease_renewable false on STS AWS credentials (#10115)
See #1804
2020-10-08 10:25:01 -07:00
Peter Souter c48ec9cfc3
Adding note about commands that are root only (#10098)
* We don’t specifically note anywhere that these 
have to be run from root, so makes sense to add
2020-10-08 09:46:43 -07:00
Martin Baillie 09aa3dfa6c
Add reference to community GitHub secrets plugin (#10111) 2020-10-08 09:45:42 -07:00
Josh Black 3e278b33dc
Clarify docs around audit non-hmac request and response keys (#10018) 2020-10-06 10:43:32 -07:00
Michel Vocks dc5a0da770
Pull latest raft updates (#10055)
* Implement raft peers metric

* Remove old peers metric

* Update vault raft dependency

* Add peer_id docs
2020-10-05 16:36:48 +02:00
Meggie da82b2096d
Adding an UG note on primary_cluster_addr behavior (#10071) 2020-10-02 13:25:09 -04:00
Troy Fluegge 2b9b41115a
Update index.mdx (#10064)
Reworded disable_mlock to remove confusion regarding what is acceptable for production deployments.  Disabling mlock is alright for production given the additional security recommendations are implemented.  Disabling mlock is also recommended for integrated storage
2020-10-01 15:31:03 -07:00
Andy Assareh ab7cd4f8db
corrected typo in "certificate" (#9916) 2020-09-28 17:39:01 -07:00
Andy Assareh 818120b401
corrected a missing noun (#9917) 2020-09-28 17:38:39 -07:00
Wacław Schiller 5d419f73c3
Minor fix to audit documentation (#10047) 2020-09-28 16:04:45 -07:00
Hridoy Roy a20fe5c066
moved the documentation to kv2 page (#10017)
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-09-22 11:58:00 -07:00
Meggie 9190860cc0
docs: Change sidebar labeling to use Integrated Storage (#10002)
I changed some verbiage in the page as well.
2020-09-21 15:55:36 -04:00
Mike Green 9eb1fb1df4
minor only ha_storage clarification (#10001) 2020-09-21 13:06:03 -04:00
Sebin John 9b3e244e40
Fix doc formatting. (#9994) 2020-09-21 10:01:43 -07:00
acahn 795b118941
Update index.mdx (#9950)
MongoDB Atlas Language modernization update
2020-09-16 12:02:34 -07:00
Lauren Voswinkel 5740e1ff9e
5844 AWS Root Credential Rotation (#9921)
* strip redundant field type declarations

* root credential rotation for aws creds plugin

* Change location of mocks awsutil and update methods that no longer exist

* Update website/pages/docs/auth/aws.mdx

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk version to get the awsutil mock file

* Re-vendor modules to pass CI

* Use write lock for the entirety of AWS root cred rotation

* Update docs for AWS root cred rotation for clarity

Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-09-15 15:26:56 -07:00
Scott Miller 4062c8a5c3
Add a note on performance and availability to the HSM behavior docs (#9923) 2020-09-14 11:28:23 -05:00
Jason O'Donnell 9a9d886a2d
doc: add VAULT_DISABLE_MLOCK env (#9933) 2020-09-11 13:57:09 -04:00
Mike Green 8d3b8440e8
Docs: Add that vault deletes IAM user (#9919) 2020-09-10 15:23:41 -07:00
Jim Kalafut 51a1ccea1c
Update upgrade guides for latest releases (#9908) 2020-09-08 16:53:43 -07:00
Jason O'Donnell fe7229028f
docs: add required/optional to kerberos autoauth config (#9897)
* docs: add required/optional to kerberos autoauth config

* Remove double space
2020-09-04 17:20:21 -04:00
Mark Gritter f12719fbde
Add upgrade note about the KV metric crash. (#9882)
Co-authored-by: swayne275 <swayne275@gmail.com>
2020-09-02 22:19:09 -05:00
Calvin Leung Huang 63d484b831
docs: fix URL for plugin portal mdx page (#9885) 2020-09-02 17:20:00 -07:00
Calvin Leung Huang 744623746a
docs: add a plugin portal page (#9590)
* docs: add a plugins directory page

* docs: remove divs on the plugins directory page

* add columns

* tag component

* docs: use tags on plugins directory

* docs: revert tags on plugins directory for now

* fix header for official plugins

* add note on submission for community plugins

* s/plugins directory/plugin portal/

* move portal page into docs section

* tag oracle db as external, fix kerberos misspelling

* include gh issue template as submission form

Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2020-09-02 16:25:06 -07:00
Theron Voran 4fa8cc422a
Updating the vault injector connectivity docs (#9783)
Adding more detail about connectivity requirements, noting that
masters sometimes need to connect to workers on :8080, and
considerations when Vault is running outside of Kubernetes.
2020-09-02 14:07:31 -07:00
Jason O'Donnell d10a000e2f
docs: add injector tls setup (#9871)
* docs: add injector tls setup

* Add missing prompts

* Grammar

* fix sidebar

* Update website/pages/docs/platform/k8s/helm/examples/injector-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/pages/docs/platform/k8s/helm/examples/injector-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/pages/docs/platform/k8s/helm/examples/injector-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Move note before command

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-09-02 11:36:21 -04:00
Jason O'Donnell b2110a2e87
docs: add ldap ppolicy to enforce password hashing (#9856)
* docs: add ldap ppolicy to enforce password hashing

* formatting

* grammar

* Clarify password policy doc
2020-08-31 13:05:27 -04:00
Calvin Leung Huang 0d723e54a9
docs: add tls settings on cert auto-auth's config page (#9848) 2020-08-27 19:21:32 -07:00
Michael Ethridge a71798a445
TLS Cert Authentication example updates (#9735)
* TLS Cert Authentication example updates

- Updated the Cert Auth example description to clarify which CA
should issue the certificate.
- Removed `-ca-cert` parameter from examples as this caused
confusion.  Is this the auth CA or the CA of the listener?

* Return CA parameter to examples, add Note

- Returned CA parameter to login examples
- Added note above examples to explain which CA is being used in CLI
- Updated examples in API doc to use httpS
- Added note above login example to explain wich CA is being used

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-08-27 17:47:16 -07:00