199f99d031
Decode json.Number before handing to mapstructure
2016-05-25 19:02:31 +00:00
05b2d4534c
Add unwrap test function and some robustness around paths for the wrap lookup function
2016-05-19 11:49:46 -04:00
0da8762bd5
Add unwrap command, and change how the response is embedded (as a string, not an object)
2016-05-19 11:25:15 -04:00
dce8a8da42
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-19 02:43:22 +00:00
0168b74e03
Rename lease_duration to refresh_interval when there is no lease ID, and output ---- between header and values
2016-05-17 17:10:12 +00:00
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
4c67a739b9
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-16 12:14:40 -04:00
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
560e9c30a3
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-12 14:59:12 -04:00
885cc73b2e
Merge branch 'master-oss' into f-vault-service
2016-05-04 17:20:00 -04:00
99a5b4402d
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-04 14:42:14 -04:00
47a7ada7e8
Fix number of recovery shares output during init
2016-05-03 23:07:09 -04:00
2bbb39f4af
Properly handle sigint/hup
2016-05-03 14:30:58 -04:00
1ffd5653c6
Add wrap support to API/CLI
2016-05-02 02:03:23 -04:00
749b60d57d
Ensure seal finalizing happens even when using verify-only
2016-04-28 14:06:05 -04:00
0b72906fc3
Change the interface of ServiceDiscovery
...
Instead of passing state, signal that the state has changed and provide a callback handler that can query Core.
2016-04-28 11:05:18 -07:00
aeea7628d6
Add a *log.Logger argument to physical.Factory
...
Logging in the backend is a good thing. This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
f5183fa506
Collapse UpdateAdvertiseAddr() into RunServiceDiscovery()
2016-04-25 18:01:13 -07:00
3977057cc9
Disable service registration for consul HA tests
2016-04-25 18:01:13 -07:00
1f8397f0a3
Use spaces in tests to be consistent
...
The rest of the tests here use spaces, not tabs
2016-04-25 18:01:13 -07:00
60006f550f
Various refactoring to clean up code organization
...
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
e7f600b4e6
Improve error handling re: homedir expansion
...
Useful if the HOME envvar is not set because `vault` was launched in a clean environment (e.g. `env -i vault ...`).
2016-04-25 18:01:13 -07:00
6b2c83564e
Teach Vault how to register with Consul
...
Vault will now register itself with Consul. The active node can be found using `active.vault.service.consul`. All standby vaults are available via `standby.vault.service.consul`. All unsealed vaults are considered healthy and available via `vault.service.consul`. Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)).
Healthy/active:
```
curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty ' && echo;
[
{
"Node": {
"Node": "vm1",
"Address": "127.0.0.1",
"TaggedAddresses": {
"wan": "127.0.0.1"
},
"CreateIndex": 3,
"ModifyIndex": 20
},
"Service": {
"ID": "vault:127.0.0.1:8200",
"Service": "vault",
"Tags": [
"active"
],
"Address": "127.0.0.1",
"Port": 8200,
"EnableTagOverride": false,
"CreateIndex": 17,
"ModifyIndex": 20
},
"Checks": [
{
"Node": "vm1",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"CreateIndex": 3,
"ModifyIndex": 3
},
{
"Node": "vm1",
"CheckID": "vault-sealed-check",
"Name": "Vault Sealed Status",
"Status": "passing",
"Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
"Output": "",
"ServiceID": "vault:127.0.0.1:8200",
"ServiceName": "vault",
"CreateIndex": 19,
"ModifyIndex": 19
}
]
}
]
```
Healthy/standby:
```
[snip]
"Service": {
"ID": "vault:127.0.0.2:8200",
"Service": "vault",
"Tags": [
"standby"
],
"Address": "127.0.0.2",
"Port": 8200,
"EnableTagOverride": false,
"CreateIndex": 17,
"ModifyIndex": 20
},
"Checks": [
{
"Node": "vm2",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"CreateIndex": 3,
"ModifyIndex": 3
},
{
"Node": "vm2",
"CheckID": "vault-sealed-check",
"Name": "Vault Sealed Status",
"Status": "passing",
"Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
"Output": "",
"ServiceID": "vault:127.0.0.2:8200",
"ServiceName": "vault",
"CreateIndex": 19,
"ModifyIndex": 19
}
]
}
]
```
Sealed:
```
"Checks": [
{
"Node": "vm2",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"CreateIndex": 3,
"ModifyIndex": 3
},
{
"Node": "vm2",
"CheckID": "vault-sealed-check",
"Name": "Vault Sealed Status",
"Status": "critical",
"Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
"Output": "Vault Sealed",
"ServiceID": "vault:127.0.0.2:8200",
"ServiceName": "vault",
"CreateIndex": 19,
"ModifyIndex": 38
}
]
```
2016-04-25 18:01:13 -07:00
230b59f34c
Stub out service discovery functionality
...
Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.
2016-04-25 18:00:54 -07:00
0c23acb818
Comment nits
2016-04-25 18:00:54 -07:00
8d4e5aacae
Change seal test name in command package
2016-04-26 00:12:14 +00:00
267b13c1ba
Merge pull request #1326 from hashicorp/sethvargo/hint_noreauth
...
Hint that you don't need to run auth twice
2016-04-25 15:43:55 -04:00
98d09b0dc6
Add seal tests and update generate-root and others to handle dualseal.
2016-04-25 19:39:04 +00:00
4e53f4b1a4
Use UseNumber() on json.Decoder to have numbers be json.Number objects
...
instead of float64. This fixes some display bugs.
2016-04-20 18:38:20 +00:00
055a8e04e4
Change recovery options in init to be 'key'-less
2016-04-18 17:02:07 +00:00
b4620d5d04
Add check against seal type to catch errors before we attempt to use the data
2016-04-15 18:16:48 -04:00
069d9cf021
Fix SIGINT handling.
...
No signal handler was setup to receive SIGINT. I didn't investigate to
see if signal(2) mask was setup (ala `SIG_IGN`) or if sigprocmask(2) is
being used, but in either case, the correct behavior is to capture and
treat SIGINT the same as SIGTERM. At some point in the future these two
signals may affect the running process differently, but we will clarify
that difference in the future.
2016-04-15 10:03:22 -07:00
119238149b
Add Finalize method to seal.
2016-04-14 20:37:34 +00:00
5c336297ad
Provide clarity for output statements of idempotent calls.
2016-04-14 15:46:45 +00:00
b7178846c1
Clarify token-revoke operation
2016-04-14 15:34:01 +00:00
54c414abb2
Clarify delete operation
...
One thing that has been a point of confusion for users is Vault's
response when deleting a key that does not actually exist in the system.
For example, consider:
$ vault delete secret/foo
Success! Deleted 'secret/foo'
This message is misleading if the secret does not exist, especially if
the same command is run twice in a row.
Obviously the reason for this is clear - returning an error if a secret
does not exist would reveal the existence of a secret (the same reason
everything on S3 is a 403 or why GitHub repos 404 instead of 403 if you
do not have permission to view them).
I think we can make the UX a little bit better by adding just a few
words to the output:
$ vault delete secret/foo
Success! Deleted 'secret/foo' if it existed
This makes it clear that the operation was only performed if the secret
existed, but it does not reveal any more information.
2016-04-14 10:38:10 +01:00
a4ff72841e
Check for seal status when initing and change logic order to avoid defer
2016-04-14 01:13:59 +00:00
217035d081
Hint that you don't need to run auth twice
...
This came up twice, in two different training courses. The UX is a
little confusing here on the CLI. Users are used to running:
$ vault auth abcd-1234...
So when they auth using a method, the output leads them to believe the
need to "re-auth" as the generated token:
$ vault auth -method=userpass username=foo password=bar
Successfully authenticated!
token: defg-5678...
A number of users then run:
$ vault auth defg-5678
I've added some helpful text to hint this is not required if the method
is not "token".
2016-04-13 19:45:48 +01:00
759915bb55
Fix panic when using -field with read or write with a non-string value.
...
Fixes #1308
2016-04-07 22:16:33 +00:00
58846f8eac
Reinstall the mlockall(2) command
...
Requested by: jefferai
2016-04-05 13:58:26 -07:00
47c3202811
Unconditionally warn on systems w/o mlock support
...
If someone begins using Vault on Windows in dev mode, always hint so that this isn't a surprise when they get to production.
2016-04-05 12:32:53 -07:00
348be0e50b
Remove RevokePrefix from the API too as we simply do not support it any
...
longer.
2016-04-05 11:00:12 -04:00
9102b994aa
Sync some seal stuff
2016-04-04 13:46:33 -04:00
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
1b7335cf4e
Fix up the meta common options text function to not strip leading space and fix up commands
2016-04-01 16:50:12 -04:00
b0888e8af1
Remove config from Meta; it's only used right now with the token helper.
2016-04-01 16:02:18 -04:00
a137081241
Move token helper out of meta
2016-04-01 14:23:15 -04:00
133d9c1008
Move meta into its own package
2016-04-01 13:16:05 -04:00
1be69ae235
Sort infokeys on startup and add more padding
2016-03-30 12:31:47 -04:00
528b25c5f4
Merge HA Backend objects
2016-03-21 16:56:13 -04:00
119fa1653b
Restore the previous valid token if token authentication fails
2016-03-18 14:43:16 -04:00
6d7cbc890d
Fix Typo
2016-03-18 14:06:49 +00:00
3dbac2e2cb
Add `-field` and `-format` to write command.
...
Fixes #1186
2016-03-17 14:57:30 -04:00
7db7b47fdd
Merge pull request #1210 from hashicorp/audit-id-path
...
Rename id to path and path to file_path, print audit backend paths
2016-03-15 20:13:21 -04:00
71fc07833f
Rename id to path and path to file_path, print audit backend paths
2016-03-14 17:15:07 -04:00
0e3764832a
Add test for listener reloading, and update website docs.
2016-03-14 14:05:47 -04:00
b3218d26d6
Properly scope config objects for reloading
2016-03-14 11:18:02 -04:00
84af6ec8ac
Don't generate an ID; use address for the ID. Generally speaking we'll need to sane against what's in the config
2016-03-11 17:28:03 -05:00
996c584192
Don't inline factory
2016-03-11 17:02:44 -05:00
9ce1be3b00
For not shutdown triggered...
2016-03-11 17:01:26 -05:00
d75ce9de9b
Retool to have reloading logic run in command/server
2016-03-11 16:47:03 -05:00
c6066af4c1
Add tests. This actually adds the initial tests for the TLS listener,
...
then layers reloading tests on top.
2016-03-11 14:05:52 -05:00
baf0763b3c
Add reload capability for Vault listener certs. No tests (other than
...
manual) yet, and no documentation yet.
2016-03-11 14:05:52 -05:00
c70b4bbbb2
Merge pull request #1201 from hashicorp/accessor-cli-flags
...
Accessor CLI flags
2016-03-11 09:55:45 -05:00
9659e3d148
Added test for token-revoke accessor flag
2016-03-10 21:38:27 -05:00
0486fa1a3a
Added accessor flag to token-revoke CLI
2016-03-10 21:21:20 -05:00
266af2a5e2
Added test for token-lookup accessor flag
2016-03-10 21:21:20 -05:00
ed8a096596
Add accessor flag to token-lookup command and add lookup-accessor client API
2016-03-10 21:21:20 -05:00
30c8204da6
Remove log statement
2016-03-10 17:48:34 -05:00
68170d770a
Add missing fixture
2016-03-10 17:40:40 -05:00
b207fc403c
Fix failing config test
2016-03-10 17:36:10 -05:00
0adab4182f
Fix test fixtures
2016-03-10 16:51:08 -05:00
6739804118
Fix failing policy-write integration test
...
This was a flawed test. Previously the test passed in a fixture that
corresponded to a CLI config file, not an actual policy. The test
_should_ have been failing, but it wasn't. This commit adds a new
fixture.
2016-03-10 15:45:49 -05:00
b817b60183
Parse HCL keys in command config
2016-03-10 15:25:25 -05:00
f916ed349d
Print errors on extra keys in server config
...
This does NOT apply to the backend config, since each backend config
could have a variation of options that differ based off of the
configured backend itself. This may be an optimization that can be made
in the future, but I think each backend should be responsible for
performing its own configuration validation instead of overloading the
config itself with this functionality.
2016-03-10 15:25:25 -05:00
fa2ba47a5c
Merge branch 'master' into token-roles
2016-03-09 17:23:34 -05:00
6df72e6efd
Merge pull request #1168 from hashicorp/revoke-force
...
Add forced revocation.
2016-03-09 16:59:52 -05:00
151c932875
AccessorID --> Accessor, accessor_id --> accessor
2016-03-09 06:23:31 -05:00
301776012f
Introduced AccessorID in TokenEntry and returning it along with token
2016-03-08 14:06:10 -05:00
3b463c2d4e
use errwrap to check the type of error message, fix typos
2016-03-07 18:36:26 -05:00
cc1f5207b3
Merge branch 'master' into token-roles
2016-03-07 10:03:54 -05:00
73943546c3
Documentation for capabilities and capabilities-self APIs
2016-03-07 06:13:56 -05:00
aab24113b0
test cases for capabilities endpoint
2016-03-05 00:03:55 -05:00
9946a2d8b5
refactoring changes due to acl.Capabilities
2016-03-04 18:55:48 -05:00
7fe871e60a
Removing the 'Message' field
2016-03-04 10:36:03 -05:00
3730e095ac
testcase changes
2016-03-04 10:36:03 -05:00
b67ab8ab7c
Test files for capabilities endpoint
2016-03-04 10:36:03 -05:00
816f1f8631
self review rework
2016-03-04 10:36:03 -05:00
286e63a648
Handled root token use case
2016-03-04 10:36:03 -05:00
07f9486ecb
Added capabilities and capabilities-self endpoints to http muxer
2016-03-04 10:36:03 -05:00
5749a6718c
Added sys/capabililties endpoint
2016-03-04 10:36:02 -05:00
0998e1cdf9
Update help text exporting dev mode listen address.
...
Ping #1160
2016-03-03 18:10:14 -05:00
3e7bca82a1
Merge pull request #1146 from hashicorp/step-down
...
Provide 'sys/step-down' and 'vault step-down'
2016-03-03 12:30:08 -05:00
69c853fd2f
Add the ability to specify dev mode address via CLI flag and envvar.
...
Fixes #1160
2016-03-03 10:48:52 -05:00
750b33c51b
Add ability to control dev root token id with
...
VAULT_DEV_ROOT_TOKEN_ID env var, and change the CLI flag to match.
Ping #1160
2016-03-03 10:24:44 -05:00
cd86226845
Add forced revocation.
...
In some situations, it can be impossible to revoke leases (for instance,
if someone has gone and manually removed users created by Vault). This
can not only cause Vault to cycle trying to revoke them, but it also
prevents mounts from being unmounted, leaving them in a tainted state
where the only operations allowed are to revoke (or rollback), which
will never successfully complete.
This adds a new endpoint that works similarly to `revoke-prefix` but
ignores errors coming from a backend upon revocation (it does not ignore
errors coming from within the expiration manager, such as errors
accessing the data store). This can be used to force Vault to abandon
leases.
Like `revoke-prefix`, this is a very sensitive operation and requires
`sudo`. It is implemented as a separate endpoint, rather than an
argument to `revoke-prefix`, to ensure that control can be delegated
appropriately, as even most administrators should not normally have
this privilege.
Fixes #1135
2016-03-03 10:13:59 -05:00
8011148fb5
Allow specifying an initial root token ID in dev mode.
...
Ping #1160
2016-03-02 12:03:26 -05:00
521a956e4d
Address review feedback
2016-03-01 20:25:40 -05:00
addf92e185
Allow `token-renew` to not be given a token; it will then use the
...
renew-self endpoint. Otherwise it will use the renew endpoint, even if
the token matches the client token.
Adds an -increment flag to allow increments even with no token passed
in.
Fixes #1150
2016-03-01 17:02:48 -05:00
8a500e0181
Add command and token store documentation for roles
2016-03-01 13:02:40 -05:00
ef990a3681
Initial work on token roles
2016-03-01 12:41:40 -05:00
6314057b9a
fix typo
2016-03-01 11:48:17 -05:00
11ddd2290b
Provide 'sys/step-down' and 'vault step-down'
...
This endpoint causes the node it's hit to step down from active duty.
It's a noop if the node isn't active or not running in HA mode. The node
will wait one second before attempting to reacquire the lock, to give
other nodes a chance to grab it.
Fixes #1093
2016-02-26 19:43:55 -05:00
6de1a0ecd7
add missing verb
2016-02-26 14:43:56 +01:00
efc48f2473
Fix CLI formatter to show warnings again on CLI list output.
2016-02-24 21:45:58 -05:00
5a35ee2ddd
Merge pull request #1080 from jkanywhere/improve-formatter
...
Refactor formatting of output
2016-02-24 21:36:57 -05:00
a387725e96
help sentence improved
2016-02-22 09:38:30 -06:00
31862dc5c2
When writing from a file it must be a JSON file
...
Making clear from write help text that when writing secrets
using @file, the file must be a JSON file.
2016-02-21 19:02:09 -06:00
d0489e16c1
Fixing auth-enable help text
...
auth-enable command help in the "Auth Enable Options" is suggesting
the usage of a non-existing command called 'auth-list' instead of
the correct one "auth -methods"
2016-02-21 14:54:50 -06:00
597ba98895
Merge pull request #1099 from hashicorp/fix-ssh-cli
...
ssh: use resolved IP address while executing ssh command
2016-02-19 13:02:34 -05:00
28857cb419
Fix mixed whitespacing in ssh help text
2016-02-19 12:47:58 -05:00
bccbf2b87e
ssh: use resolved IP address while executing ssh command
2016-02-19 12:19:10 -05:00
c4c6bbf33c
Refactor formatting of output
...
This change is almost perfectly compatible with the existing code,
except it's a little shorter because it uses a list of a available
formatters that must implement a `command.Formatter` interface.
Also added some basic formatting tests.
2016-02-16 12:27:29 -08:00
1e65c4a01f
don't panic when config directory is empty
2016-02-12 16:40:19 -08:00
5f5542cb91
Return status for rekey/root generation at init time. This mitigates a
...
(very unlikely) potential timing attack between init-ing and fetching
status.
Fixes #1054
2016-02-12 14:24:36 -05:00
ba71ff7b0c
Update documentation for status command to reflect new return codes
2016-02-08 11:36:08 -05:00
da2360c7f4
On the CLI, ensure listing ends with /.
2016-02-03 21:08:46 -05:00
38c51f9412
Fix build tag
2016-02-03 08:41:31 -05:00
7e0d4bef3e
Add test for HA availability to command/server
2016-02-02 17:47:02 -05:00
a2bb51e7de
remove unneeded assignment
2016-02-02 15:11:35 -05:00
a5bf677bb3
Ensure that we fall back to Backend if HABackend is not specified.
2016-02-02 15:09:58 -05:00
cb046c4ce2
Fix command status test with new return value
2016-01-29 19:31:01 -05:00
2712a10750
Return 2 for sealed instead of 1 to match the new init -check behavior
2016-01-29 10:55:31 -05:00
7cf93c0e37
Don't return 1 when flags don't parse for status command, as all other errors return 2; 1 is for when the vault is sealed
2016-01-29 10:53:56 -05:00
5d7537ff85
Docs typo in server command
2016-01-28 08:26:49 +00:00
3b7a533b5a
Fix test on 1.6 by comparing to nil instead of a nil-defined map
2016-01-22 21:26:06 -05:00
d95adc731a
Add -check flag to init.
...
Fixes #949
2016-01-22 13:06:40 -05:00
be1b4c8a46
Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.
2016-01-22 10:07:32 -05:00
e412ac8461
Remove bare option, prevent writes ending in slash, and return an exact file match as "."
2016-01-22 10:07:32 -05:00
455931873a
Address some review feedback
2016-01-22 10:07:32 -05:00
5341cb69cc
Updates and documentation
2016-01-22 10:07:32 -05:00
10c307763e
Add list capability, which will work with the generic and cubbyhole
...
backends for the moment. This is pretty simple; it just adds the actual
capability to make a list call into both the CLI and the HTTP handler.
The real meat was already in those backends.
2016-01-22 10:07:32 -05:00
9adfdfd6e7
Add -decode flag verification
2016-01-21 12:18:57 -05:00
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
3b100c5965
Address most of the review feedback
2016-01-19 18:28:10 -05:00
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
630b2d83a7
Allow ASCII-armored PGP pub keys to be passed into -pgp-keys.
...
Fixes #940
2016-01-18 17:01:52 -05:00
8cb23835d7
Fix read panic when an empty argument is given.
...
Fixes #923
2016-01-12 08:46:49 -05:00
a2bd31d493
Fix up PGP tests from earlier code fixes
2016-01-08 22:21:41 -05:00
676008b2c5
Lotsa warnings if you choose not to be safe
2016-01-08 17:35:07 -05:00
26e1837a82
Some minor rekey backup fixes
2016-01-08 14:09:40 -05:00
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
80866d036d
update init/rekey documentation around keybase entries
2016-01-04 14:17:51 -05:00
5ef7efffe3
Disable cmd/server tests for now so we can get Travis back on track
2015-12-31 08:48:53 -05:00
c642feebe2
Remove some outdated comments
2015-12-30 21:00:27 -05:00
0509ad9c29
Use RenewSelf instead of Renew if the token we're renewing is the same as the client
2015-12-30 14:41:50 -05:00
442d538deb
Make token-lookup functionality available via Vault CLI
2015-12-29 20:18:59 +00:00
fefa696a33
Merge pull request #886 from ooesili/ssh-error-fetching-username
...
Stop panic when vault ssh username fetching fails
2015-12-29 12:17:51 -06:00
fa1676882f
Merge pull request #853 from hashicorp/issue-850
...
Make TokenHelper an interface and split exisiting functionality
2015-12-29 12:01:49 -06:00
6cdb8aeb4f
Merge branch 'master' into f-disable-tls
2015-12-29 12:59:02 -05:00
eb4aaad082
Using LookupSelf() API method instead of raw HTTP call for auth command
2015-12-28 01:38:00 +00:00
5a368fa9de
Stop panic when vault ssh username fetching fails
2015-12-26 15:09:07 -07:00
e8e492f574
Fix ipv6 address advertisement
2015-12-22 21:40:36 +01:00
1a324cf347
Make TokenHelper an interface and split exisiting functionality
...
Functionality is split into ExternalTokenHelper, which is used if a path
is given in a configuration file, and InternalTokenHelper which is used
otherwise. The internal helper no longer shells out to the same Vault
binary, instead performing the same actions with internal code. This
avoids problems using dev mode when there are spaces in paths or when
the binary is built in a container without a shell.
Fixes #850 among others
2015-12-22 10:23:30 -05:00
5017907785
Move telemetry metrics up to fix one possible race, but deeper problems in go-metrics can't be solved with this
2015-12-17 16:38:17 -05:00
db7a2083bf
Allow setting the advertise address via an environment variable.
...
Fixes #581
2015-12-14 21:22:55 -05:00
1e653442cd
Ensure advertise address detection runs without a specified HA backend
...
Ping #840
2015-12-14 21:13:27 -05:00
521ea42f6b
Merge pull request #840 from hashicorp/issue-395
...
Allow separate HA physical backend.
2015-12-14 20:56:47 -05:00
7ce8aff906
Address review feedback
2015-12-14 17:58:30 -05:00
b00b476c7a
Show error if output format is invalid
...
Rather than silently using table as a fallback.
2015-12-14 17:14:22 +01:00
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
e941f699d3
Merge pull request #832 from mlafeldt/yaml-ouput
...
Allow to output secrets in YAML format
2015-12-11 12:04:41 -05:00
61d4ef70f4
Allow to output secrets in YAML format
...
This can be done with https://github.com/ghodss/yaml , which reuses
existing JSON struct tags for YAML.
2015-12-10 11:32:31 +01:00
607d12174d
Output secrets sorted by key
...
Instead of printing them in random order each time `vault read` is invoked.
2015-12-10 10:08:23 +01:00
985717b428
server: sanity check value for 'tls_disable'
2015-11-25 11:37:57 -08:00
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
5d5d58ffe4
Fix unmount help output
2015-11-09 15:23:49 -05:00
75f1c1e40c
Print version on startup.
...
Fixes #765
2015-11-09 13:52:55 -05:00
32e23bea71
Move environment variable reading logic to API.
...
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.
Fixes #618
2015-11-04 10:28:00 -05:00
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
7b25204a19
Fix cache disabling
2015-10-28 13:05:56 -04:00
1da78942e8
Modifies documentation in output of vault server -dev
...
Environment variable setting is different in windows
2015-10-22 00:48:46 -07:00
cba4e82682
Don't use http.DefaultClient
...
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.
Fixes #700 , I believe.
2015-10-15 17:54:00 -04:00
9f0b1547bb
Allow disabling the physical storage cache with 'disable_cache'.
...
Fixes #674 .
2015-10-12 13:00:32 -04:00
b8455be005
Support and use TTL instead of lease for token creation
2015-10-09 19:52:13 -04:00
ee92124357
Fix output of token-create help to use ttl instead of lease
2015-10-09 19:40:30 -04:00
aa3055f816
Fix mount-tune CLI output
2015-10-09 16:03:31 -04:00
d39580b38c
Update CLI help text for init/rekey regarding base64-encoded keys
2015-10-08 11:09:30 -04:00
4e0a6c5e5f
Adjust warnings message to make it clear they are from the server
2015-10-07 16:18:39 -04:00
d740fd4a6a
Add the ability for warnings to be added to responses. These are
...
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.
Fixes #676
2015-10-07 16:18:39 -04:00
145aee229e
Merge branch 'master' of https://github.com/hashicorp/vault
2015-10-03 00:07:34 -04:00
645932a0df
Remove use of os/user as it cannot be run with CGO disabled
2015-10-02 18:43:38 -07:00
c7fd639b2e
Remove format parameter
2015-10-02 14:10:24 -04:00
3dd84446ab
Github backend: enable auth renewals
2015-10-02 13:33:19 -04:00
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
81e535dc2d
Minor updates to passthrough and additional tests
2015-09-21 16:57:41 -04:00
e7dfb4f943
Use 'ttl_seconds' in CLI output so as not to shadow actual 'ttl' parameter
2015-09-21 16:37:37 -04:00
425e286f90
If there's no lease, output ttl instead of lease_duration
2015-09-21 16:37:37 -04:00
15e1a2281d
If lease_duration is not zero, output it even if there is no lease.
2015-09-21 16:37:37 -04:00
9c5dcac90c
Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527
2015-09-18 14:01:28 -04:00
fdf05e8ead
Adding type checking to ensure only BasicUi is affected
2015-09-17 11:37:21 -04:00
e885dff580
CLI: Avoiding CR when printing specific fields
2015-09-17 10:05:56 -04:00
0532682816
improve documentation for available log levels
2015-09-16 11:01:33 -06:00
c5a3b0c681
Typo fix
2015-09-11 21:36:20 -04:00
142cb563a6
Improve documentation of token renewal
2015-09-11 21:08:32 -04:00
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
c460ff10ca
Push a lot of logic into Router to make a bunch of it nicer and enable a
...
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
2015-09-10 15:09:54 -04:00
971e4144ec
Fix typo
2015-09-10 15:09:54 -04:00
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
696d0c7b1d
Plumb per-mount config options through API
2015-09-10 15:09:53 -04:00
5063a0608b
Vault SSH: Default CIDR for roles
2015-08-27 13:04:15 -04:00
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
8669a87fdd
When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes.
2015-08-26 07:59:50 -07:00
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
c887df93cc
Add support for pgp-keys argument to rekey, as well as tests, plus
...
refactor common bits out of init.
2015-08-25 14:52:13 -07:00
f57e7892e7
Don't store the given public keys in the seal config
2015-08-25 14:52:13 -07:00
a7316f2e24
Handle people specifying PGP key files with @ in front
2015-08-25 14:52:13 -07:00
2f3e245b0b
Add support for "pgp-tokens" parameters to init.
...
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
2015-08-25 14:52:13 -07:00
a8ef0e8a80
Remove cookie authentication.
2015-08-21 19:46:23 -07:00
1f5062a6e1
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-19 12:16:37 -07:00
fe8c1c514d
Add -no-verify option to CLI auth command, to avoid decrementing the token use count during auth.
2015-08-18 19:22:17 -07:00
251cd997ad
Vault SSH: TLS client creation test
2015-08-18 19:00:27 -07:00
9324db7979
Vault SSH: verify echo test
2015-08-18 16:48:50 -07:00
1f402fb42e
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-17 18:22:13 -07:00
b91ebbc6e2
Vault SSH: Documentation update and minor refactoring changes.
2015-08-17 18:22:03 -07:00
7c12aaa24b
command: Fixing setup of client certificates
2015-08-17 12:18:14 -07:00
9db318fc55
Vault SSH: Website page for SSH backend
2015-08-14 12:41:26 -07:00
7f9babed2a
Vault SSH: CLI embellishments
2015-08-13 16:55:47 -07:00
e782717ba8
Vault SSH: Renamed path with mountPoint
2015-08-12 10:30:50 -07:00
33d7ef71b9
Vault SSH: Fixed constructor of SSH api
2015-08-12 09:56:17 -07:00
93dfa67039
Merging changes from master
2015-08-12 09:28:16 -07:00
2b4c6ab0e2
command/meta.go: document environment variables
...
Document the environment variables which, if set, can provide default
values for configuration options.
Fixes #476
2015-08-07 15:13:30 -07:00
9f363913e9
Allow the `vault token-create` command to specify the token's id
2015-08-07 08:45:34 +00:00
e5080a7f32
Merging with master
2015-08-06 18:44:40 -04:00
32502977f6
Vault SSH: Automate OTP typing if sshpass is installed
2015-08-06 17:00:50 -04:00
0af97b8291
Vault SSH: uninstall dynamic keys using script
2015-08-06 15:50:12 -04:00
c7ef0b95c2
Vault SSH: CRUD test case for OTP Role
2015-07-31 13:24:23 -04:00
4bad987e58
PR review updates
2015-07-30 13:21:41 -04:00
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
61c9f884a4
Vault SSH: Review Rework
2015-07-29 14:21:36 -04:00
4b4df4271d
Vault SSH: Refactoring
2015-07-27 16:42:03 -04:00
e9f507caf0
Vault SSH: Refactoring
2015-07-27 13:02:31 -04:00
b532ee0bf4
Vault SSH: Dynamic Key test case fix
2015-07-24 12:13:26 -04:00
e998face87
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-07-23 17:20:34 -04:00
791a250732
Vault SSH: Support OTP key type from CLI
2015-07-23 17:20:28 -04:00
ae28087f67
server: import sha512. Fixes #448
2015-07-23 13:51:45 -07:00
1096f5a53e
Avoid unnecessary abbreviation
2015-07-22 23:28:46 -04:00
2e81d9047d
Allow specifying a TLS minimum version
2015-07-22 23:19:41 -04:00
dec99f2bf6
Git ignore getting in the way
2015-07-14 15:57:06 -07:00
5804c4a872
Fix travis build
2015-07-14 15:50:29 -07:00
0ec0b41aa3
Telemetry object in config
2015-07-14 15:36:28 -07:00
d2c048d870
Disable hostname prefix for runtime telemetry
2015-07-13 13:17:57 -07:00
ed258f80c6
Vault SSH: Refactoring and fixes
2015-07-10 18:44:31 -06:00
ef11dd99f7
Vault SSH: Added comments to ssh_test
2015-07-10 16:59:32 -06:00
89a0e37a89
Vault SSH: Backend and CLI testing
2015-07-10 16:18:02 -06:00
3c7dd8611c
Vault SSH: Test case skeleton
2015-07-10 09:56:14 -06:00
73414154f8
Vault SSH: Made port number configurable
2015-07-06 16:56:45 -04:00
170dae7f91
Vault SSH: Revoking key after SSH session from CLI
2015-07-06 11:05:02 -04:00
425b69be32
Vault SSH: PR review rework: Formatting/Refactoring
2015-07-02 19:52:47 -04:00
a1e2705173
Vault SSH: PR review rework
2015-07-02 17:23:09 -04:00
bb16052141
Vault SSH: replaced concatenated strings by fmt.Sprintf
2015-07-01 20:35:11 -04:00
d691a95531
Vault SSH: PR review rework - 1
2015-07-01 11:58:49 -04:00
8627f3c360
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-06-30 18:33:37 -04:00
5e5e6788be
Input validations, help strings, default_user support
2015-06-30 18:33:17 -04:00
e025c33ab9
command: source general options docs from common source
2015-06-30 12:01:23 -07:00
c12734b27c
CLI docs
2015-06-30 09:04:57 -04:00
0062d923cc
Better error messages.
2015-06-30 08:59:38 -04:00
91ed2dcdc2
Refactoring changes
2015-06-29 22:00:08 -04:00
24d0af39b4
Initial sketch for client TLS auth
2015-06-29 15:33:16 -04:00
29696d4b6b
Creating SSH keys and removal of files in pure 'go'
2015-06-26 15:43:27 -04:00
8c15e2313b
ssh/lookup implementation and refactoring
2015-06-25 21:47:32 -04:00
b237a3bcc2
POC: Rework. Doing away with policy file.
2015-06-24 18:13:12 -04:00
f8d164f477
SSHs to multiple users by registering the respective host keys
2015-06-19 12:59:36 -04:00
90605c6079
merging with master
2015-06-18 20:51:11 -04:00
8d98968a54
Roles, key renewal handled. End-to-end basic flow working.
2015-06-18 20:48:41 -04:00
9772a72772
command/read: Ensure only a single argument. Fixes #304
2015-06-18 16:00:41 -07:00
c54868120a
command/path-help: rename command, better error if sealed. Fixes #234
2015-06-18 15:56:42 -07:00
3533d87746
command/write: adding force flag for when no data fields are necessary. Fixes #357
2015-06-18 13:51:06 -07:00
7394c7bd8d
command/server: fixing output weirdness
2015-06-18 13:48:18 -07:00
7bd1e7d826
command/auth: warn earlier about VAULT_TOKEN
2015-06-18 13:48:04 -07:00
28f18119e0
command/auth: warn about the VAULT_TOKEN env var. Fixes #195
2015-06-17 19:19:02 -07:00
2aed5f8798
Implementation for storing and deleting the host information in Vault
2015-06-17 22:10:47 -04:00
3a2adcb3b8
cmomand/read: strip path prefix if necessary. Fixes #343
2015-06-17 18:33:15 -07:00
6bc2b06de4
server: graceful shutdown for fast failover. Fixes #308
2015-06-17 18:24:56 -07:00
cfef144dc2
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-06-17 20:34:56 -04:00
303a7cef9a
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH.
2015-06-17 20:33:03 -04:00
1f963ec1bb
command/token-create: provide more useful output. Fixes #337
2015-06-17 16:59:50 -07:00
3ed73d98c2
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect
2015-06-17 12:39:49 -04:00
0ecf05c043
command/auth, github: improve cli docs
...
/cc @sethvargo
2015-06-16 10:05:11 -07:00
3a0e19cb4e
Merge pull request #270 from sheldonh/no_export_vault_token
...
Don't recommend exporting VAULT_TOKEN
2015-06-01 11:52:40 -04:00
d605a437b6
Merge pull request #278 from Zhann/feature/add_dev_to_server_options_help
...
Add help info for -dev flag
2015-06-01 13:08:50 +02:00
607fc295e5
command/rekey: use same language in rekey as init
2015-06-01 13:08:20 +02:00
fbc51109cc
Merge pull request #273 from hashicorp/unseal-keys-notice
...
Change phrasing for unseal key notification
2015-06-01 13:06:52 +02:00
8155b3927e
Add help info for -dev flag
2015-05-31 18:05:15 +02:00
4e79210934
Updated phrasing to note restarts, stop, and other sealing scenarios
2015-05-28 17:07:38 -07:00
528d0c6e28
Changed phrasing for unseal key notification
2015-05-28 17:02:09 -07:00
7f26f5a4cb
command/rekey: adding tests
2015-05-28 15:22:42 -07:00
9a162191cd
command/rekey: first pass at rekey
2015-05-28 15:08:09 -07:00
42b91fe411
command/rotate: Adding new rotate command
2015-05-28 10:16:33 -07:00
6cda28f9e7
Don't recommend exporting VAULT_TOKEN
...
It's not needed by the dev server (which writes ~/.vault-token),
and breaks the Getting Started guide (e.g. #267 ).
2015-05-28 14:39:35 +02:00
388022bac1
command/key-status: Adding new key-status command
2015-05-27 18:17:02 -07:00
11b6abe886
Merge pull request #251 from DavidWittman/auth-prompt-without-args
...
Prompt for auth token when no args provided
2015-05-27 11:24:33 -07:00
5df1d725aa
Add test for stdin input
...
Shamelessly borrowed this pattern from write_test.go
2015-05-23 13:23:38 -05:00
1411749222
Read from stdin with auth command
2015-05-23 13:23:37 -05:00
48778c5260
Add ability to read raw field from secret
2015-05-22 11:28:23 -07:00
3713ef9fb7
command/renew: typo fix. Fixes #240
2015-05-21 11:03:25 -07:00
fb898ecc1b
Prompt for auth token when no args provided
...
This makes `vault auth` work as documented:
> If no -method is specified, then the token is expected. If it is not
> given on the command-line, it will be asked via user input. If the
> token is "-", it will be read from stdin.
2015-05-20 22:10:02 -05:00
a3ddd9ddb2
server: Minor copy change
2015-05-20 17:49:16 -07:00
7e08d68e48
Merge pull request #222 from DavidWittman/config-backend-check
...
Fail gracefully if a physical backend is not supplied
2015-05-20 17:47:45 -07:00
268db24819
command/listener: Request TLS client cert. Fixes #214
2015-05-20 16:01:40 -07:00
faa07cc165
Improve unseal CLI message
2015-05-19 00:34:18 -07:00
b04332f8fc
Fail gracefully if a phys backend is not supplied
2015-05-18 22:55:12 -05:00
88d5d6a4c8
Use strconv.ParseBool
2015-05-15 16:41:30 -04:00
a2831b0144
Explicitly check if tls_disable == 1
2015-05-15 16:39:30 -04:00
f40dba1c48
command/token: add Env to Helper
...
Specify environment variables on the Helper rather than on
the command line.
Fixes command/token test failures on Windows.
2015-05-12 07:22:38 +02:00
ce5786d133
Rename skip verify env
2015-05-11 11:27:54 -07:00
7c180fb6fd
Merge pull request #181 from jefferai/fix-ca-path-walk
...
Fix CA path walking, and add TLS-related env vars.
2015-05-11 11:26:47 -07:00
66c8d2dd2a
command: fix tests
2015-05-11 11:25:45 -07:00
073820a6cc
command/token: Use cmd on windows instead of sh
2015-05-11 11:08:08 -07:00
7bff682e8e
command/*: -tls-skip-verify [GH-130]
2015-05-11 11:01:52 -07:00
4f8c9e8fe2
This adds one bugfix and one feature enhancement.
...
Bugfix: When walking a given CA path, the walk gives both files and
directories to the function. However, both were being passed in to be
read as certificates, with the result that "." (the given directory for
the CA path) would cause an error. This fixes that problem by simply
checking whether the given path in the walk is a directory or a file.
Feature enhancement: VAULT_CACERT, VAULT_CAPATH, and VAULT_INSECURE now
perform as expected.
2015-05-11 17:58:56 +00:00
a3afed6811
command/meta: don't read token file if token is already set [GH-162]
2015-05-11 10:31:14 -07:00
bbddaff5c9
Make the VAULT_TOKEN and VAULT_ADDR copy-pastable in dev mode
...
This allows someone to quickly start a dev mode server and hit the ground
running without the need to copy-paste twice.
2015-05-07 18:32:40 -04:00
b71afe54e5
Merge pull request #139 from fubar-coder/master
...
Escape backslash to allow usage of dev server on Windows using MinGW
2015-05-06 11:05:06 -07:00
a4b92ebb3a
Merge pull request #133 from hashicorp/f-advertise
...
Attempt advertise address detection
2015-05-04 12:13:45 -07:00
47d2cc8349
Escape backslash to allow usage of dev server on Windows using MinGW (partially fixes issue #95 )
2015-05-04 09:20:40 +02:00
53d5a801e5
Fix lease_renewable output
2015-05-02 19:58:48 -07:00
c76b59812e
command/server: Attempt advertise address detection
2015-05-02 15:57:40 -07:00
c7ff8f8458
Merge pull request #82 from DavidWittman/75-auth-revoked-token
...
Check for invalid token when authing via cli
2015-05-02 13:20:57 -07:00
842a8ec818
command/format: add `lease_renewable` to output
2015-05-02 13:11:40 -07:00
2fff913263
Check for invalid token when authing via cli
...
If a token does not exist, the Read request returns without an
error, but the secret returned is `nil`, so we need to check for
that.
Closes #75
2015-04-28 21:50:51 -05:00
3d3274a66b
command/server: fix one race condition
2015-04-28 19:11:46 -07:00
d29ada47eb
command/server: disable mlock in dev mode
2015-04-28 15:11:39 -07:00
006d4fccfd
command/server: allow disabling mlock
2015-04-28 15:09:30 -07:00
6898c60292
command/server: warning if no mlock
2015-04-28 15:04:40 -07:00
c53dc04d92
command/token: use executable path to find token helper [GH-60]
2015-04-28 14:52:55 -07:00
1346040c86
Update server.go
...
Did you mean "talking?" Or something else?
2015-04-28 14:01:45 -06:00
3998804347
command: support custom CAs
2015-04-28 09:36:03 -07:00
244a0c56bc
command/*: lets try to remove this before 0.1.0
2015-04-28 09:20:42 -07:00
1b0d75719d
command/*: more TODO removal
2015-04-28 09:15:38 -07:00
fc6569ad59
command/*: fix spacing
2015-04-28 09:15:21 -07:00
0e112bf026
command/* fill in the addr
2015-04-28 09:13:32 -07:00
ff352c32fe
command/server: Catch error from core initialization. Fixes #42
2015-04-27 21:29:40 -07:00
3b0c993909
command/write: test output
2015-04-27 15:08:03 -07:00
4ff3acfbe3
command/write: handle writes with output
2015-04-27 14:55:43 -07:00
06a4c6b08f
command: refactor to share output formating code
2015-04-27 14:55:29 -07:00
b2a689bfc9
command/init: minor output text fix
2015-04-22 11:48:07 -07:00
3f9711fa63
command/status: no weird indentintg
2015-04-21 20:11:15 +02:00
d56a0ce2ef
command/status: refactor to improve output
2015-04-20 13:37:32 -07:00
2609977683
command/status: improve output when sealed
2015-04-20 12:21:35 -07:00
52f8b2d8ef
command/status: improve output when sealed
2015-04-20 12:19:25 -07:00
f76e5b2fc5
command: Rename seal-status to status
2015-04-20 12:11:21 -07:00
f1c97ab2cf
command: Adding HA status
2015-04-20 12:08:54 -07:00
fb3645214c
command/token-create: add display name and one time use
2015-04-19 18:08:08 -07:00
58d476edd0
command/token-renew
2015-04-19 18:04:01 -07:00
0ebf2508e0
command/policy-delete
2015-04-19 16:36:11 -07:00
6c497a8708
command/read: handle 404s
2015-04-18 22:05:08 -07:00
ee254a332e
command/server: can set advertise addr
2015-04-17 12:56:31 -07:00
415e7cef22
command/server: config for setting stats addresses
2015-04-17 12:56:31 -07:00
44b634c0d5
command/server: not HA possibilities when starting
2015-04-17 12:56:31 -07:00
f04d33b170
command/server: Enable telemetry. cc: @mitchellh
2015-04-14 18:44:09 -07:00
d251876363
command/read: output the duration
2015-04-13 20:42:07 -07:00
0cc0fb066b
command/renew
2015-04-13 20:42:07 -07:00
770116b8e9
command: Set minimum TLS version to 1.2
2015-04-13 19:09:44 -07:00
cc21b80a64
command/unseal: update error message
2015-04-12 18:41:42 -07:00
1f084139d5
command/unseal: can accept key from command-line
2015-04-12 18:39:41 -07:00
e8fec8b658
command/meta: can force config
2015-04-12 17:51:38 -07:00
4fd3bd8ab1
command: can force address
2015-04-12 17:30:19 -07:00
8ef487a4f5
command/revoke: rename vars to leaseId
2015-04-10 20:49:10 -07:00
48205d166b
rename vault id to lease id all over
2015-04-10 20:35:14 -07:00
466c7575d3
Replace VaultID with LeaseID for terminology simplification
2015-04-08 13:35:32 -07:00
9366be4895
command/auth: should let <1 args go through
2015-04-07 23:53:45 -07:00
071b72186e
command/auth: unify
2015-04-07 23:29:49 -07:00
73edbebd4d
command/audit-enable
2015-04-07 22:42:04 -07:00
8e3746d347
helper/kv-builder
2015-04-07 22:30:25 -07:00
71923a3abc
command/audit-disable
2015-04-07 18:23:50 -07:00
0b45ffcd66
command/audit-list
2015-04-07 18:19:44 -07:00
d97d9b928a
command/token-revoke
2015-04-07 14:36:17 -07:00
457694c28b
command/token-create: test
2015-04-07 14:22:18 -07:00
ee690ee3b3
command/token-create
2015-04-07 14:20:18 -07:00
7442bc1ef6
command/delete
2015-04-07 11:15:20 -07:00
f2ee82a17f
command/remount
2015-04-07 10:46:47 -07:00
ce0b0202ea
command/unmount: better output
2015-04-07 10:39:17 -07:00
a5ef1b6437
command/unmount
2015-04-07 10:38:51 -07:00
169666972a
command/server: env var for dev mode
2015-04-06 10:28:17 -07:00
62f4d1dd0e
credential/github: CLI handler
2015-04-06 09:53:43 -07:00
c1bca480e6
command/auth: test for other methods
2015-04-06 09:40:47 -07:00
ba2feae3f8
command/auth: add -method-help flag
2015-04-06 09:38:16 -07:00
22197fefa7
command/unseal: print newline after reading password
2015-04-06 09:34:08 -07:00
481628c41f
command/auth: framework for supporting more auth methods
2015-04-05 20:50:18 -07:00
8bfa12297d
builtin/audit: add file audit
2015-04-04 18:10:25 -07:00
b0da4056a0
command/server: tests
2015-04-04 17:43:20 -07:00
929931175c
command/server: log levels
2015-04-04 12:11:10 -07:00
afc71d2a7b
command/server: cleaner output
2015-04-04 12:06:41 -07:00
2e3d6d6a0e
command/help
2015-04-02 22:42:05 -07:00
8433b3bfa6
Revert "command/policy"
...
This reverts commit da81ab3b4c813b0c207555b9cdf46c6e67319546.
2015-04-01 23:07:49 -07:00
4a0810dd6a
command/policy
2015-04-01 23:02:03 -07:00
20d6fdf83f
command/policy-write
2015-04-01 23:00:15 -07:00
ca5c55c3eb
command/policies: read a single policy
2015-04-01 18:50:43 -07:00
a31ae896b4
command/policy-list
2015-04-01 18:46:32 -07:00
e87d41d352
command/auth-disable
2015-04-01 17:14:11 -07:00
f21da26766
command/auth-enable
2015-04-01 17:09:11 -07:00
8b3b10abc8
command/mounts: columnize
2015-04-01 17:01:10 -07:00
3876970564
command/read
2015-04-01 16:44:20 -07:00
cee51ddde9
command/server: support CredentialBackends
2015-04-01 15:48:13 -07:00
b5e4e4bf25
command/read: better UX on vault read
2015-03-31 20:50:05 -07:00
d6a57d8a2b
command/revoke: prefix
2015-03-31 19:33:16 -07:00
bbaa137f4e
command/revoke: revoke
2015-03-31 19:21:02 -07:00
67e4bdf1e4
misc typos
2015-03-31 17:27:04 -07:00
4f2ca0bca9
command/write: new format
2015-03-31 17:16:26 -07:00
19283eb5f7
command/server: dev mode
2015-03-31 16:44:47 -07:00
61efbf4930
command/mount
2015-03-31 16:29:04 -07:00
eba817a21c
command/auth: validate the token
2015-03-31 15:22:52 -07:00
407b32ccd5
command/seal: test should use the token
2015-03-31 11:46:55 -07:00
b62d0f187b
command/seal
2015-03-30 23:39:56 -07:00
78a783a1b9
command/meta: tests passing
2015-03-30 23:30:30 -07:00
27d4d861e9
command/auth: add newline so reading token doesn't output
2015-03-30 23:24:41 -07:00
b2e46896f6
command/meta: add token to client if we have it
2015-03-30 23:10:59 -07:00
e40d0874e1
command/auth: tests work wihtout vault installed
2015-03-30 11:07:31 -07:00
47a293579f
command/auth: setting tokens works
2015-03-30 10:55:41 -07:00
e3593d8bdc
command: load configuration
2015-03-30 10:25:24 -07:00
cb09c95824
command/token: HelperPath
2015-03-30 10:11:17 -07:00
27bc188758
token/disk: implement unencrypted disk store
2015-03-30 09:21:59 -07:00
62e36ecb68
command/token: helper to read/write tokens from a helper
2015-03-29 17:42:26 -07:00
e78c972351
command/auth: boilerplate
2015-03-29 16:42:45 -07:00
bd471bfffb
command/init: show root token
2015-03-29 16:25:53 -07:00
db65fd7b95
command: unit tests pass
2015-03-29 16:20:34 -07:00
2024c7a155
Fixing compilation errors due to API change
2015-03-24 16:20:05 -07:00
86a6062ba2
main: enable AWS backend
2015-03-20 19:32:18 +01:00
7b1402b104
command/mounts
2015-03-15 21:28:31 -07:00
9eb22bd3c0
command/read
2015-03-15 20:52:28 -07:00
c206755bdc
command/meta: VAULT_ADDR to set the addr via env var
2015-03-15 20:41:36 -07:00
602281213e
command/write: can write arbitrary data from stdin
2015-03-15 20:40:12 -07:00
1d07df9db6
command/write
2015-03-15 20:35:33 -07:00
ab722a5ec2
fix all tests
2015-03-15 17:10:33 -07:00
fd8f84e00e
command/unseal: tests
2015-03-13 20:17:55 -07:00
e473c655ac
website: imageoptim
2015-03-13 12:58:21 -07:00
c84a9bcaed
command/seal-status
2015-03-13 12:53:09 -07:00
5c2915ba52
command/init: tests
2015-03-13 12:53:09 -07:00
5c8a2812fe
command/init: make the output a little nicer
2015-03-13 12:53:09 -07:00
3c3e96575f
command/init
2015-03-13 12:53:08 -07:00
f71f29b801
command/server: initial working
2015-03-13 12:53:08 -07:00
cb3e91b338
command/sever: copy the TCP keep alive listener
2015-03-13 12:53:08 -07:00
393c6c6c20
command/server: support TLS
2015-03-13 12:53:08 -07:00
61224ce312
command/server: tcp listener
2015-03-13 12:53:08 -07:00
86c7a4c155
command/server: load config from flags
2015-03-12 15:30:07 -07:00
d88c20e293
command/server: add config loading
2015-03-12 15:21:11 -07:00
853e21defb
command/get,put
2015-03-04 11:08:13 -08:00
86d593a8f9
command/seal
2015-03-04 08:56:10 -08:00
115fd9c30d
command/unseal: forward error along
2015-03-04 00:35:02 -08:00
a524ef6537
helper/password: for reading passwords securely
2015-03-04 00:31:35 -08:00
2cb4c63208
command/unseal
2015-03-03 23:57:23 -08:00
cedeb056df
command/auth: document the serer options
2015-03-03 23:52:54 -08:00
38bfea80cc
command/meta: server options
2015-03-03 23:49:37 -08:00
32e640c8d0
command/auth
2015-03-03 23:34:32 -08:00
fdc3368ac0
command: version test
2015-03-03 23:14:54 -08:00
ba870b8fd2
scripts
2015-03-03 23:14:18 -08:00
adbae744fb
basic main boilerplate stuff
2015-03-03 23:03:24 -08:00
Jeff Mitchell