luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
7,329 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

1830 Commits

Author SHA1 Message Date
Seth Vargo 48e84342c2
Add "auth" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 0fa0a5ca41
Add "audit" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 3c43409e6c
Add "token revoke" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 6d150b5228
Add "token renew" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo cac3515379
Add "token lookup" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo ffe608d535
Add "token create" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 61edbf3325
Add "token capabilities" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 529b9bd224
Add "secrets tune" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 40b8f3c204
Add "secrets move" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo f2bbb3cc18
Add "secrets list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c782b25e7c
Add "secrets enable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 087a87c59e
Add "secrets disable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 6995d1e06b
Add "policy write" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 79b3f7d8fe
Add "policy read" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo e29e78eb7d
Add "policy list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 6522bd12d5
Add "policy fmt" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo b735d70922
Add "policy delete" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c9d74f77e4
Add "operator unseal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo f15eddf299
Add "operator step-down" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c62de019dd
Add "operator seal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c2f31c503a
Add "operator rotate" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 310d4adc87
Add "operator rekey" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 83df4a8c4c
Add "operator key-status" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c35d67c9e3
Add "operator init" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo ed15b273ca
Add "operator generate-root" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo baf2edbc57
Add "lease revoke" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo a1de44f93c
Add "lease renew" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 21e74d73dd
Add "auth tune" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 7d880e3154
Add "auth list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 01780e9b75
Add "auth help" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo e04fb8423a
Add "auth enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 95af51f279
Add "auth disable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 89e23d0e84
Add "audit list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 04ee9ce40a
Add "audit enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo fd2a12bce4
Add "audit disable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo b654f81763
Allow quotes in meta description fields 2017-10-24 09:30:49 -04:00
Seth Vargo 0afff80b5e
Document mount types/values 2017-10-24 09:28:05 -04:00
Seth Vargo 44851f992e
Expand root generation guide with a PGP example 2017-10-24 09:28:05 -04:00
Chris Hoffman e4065e33d2 copying general purpose tools from transit backend to /sys/tools (#3391) 2017-10-20 10:59:17 -04:00
Chris Hoffman df29bc4fc0 updating mssql docs (#3477) 2017-10-19 11:21:29 -04:00
Brian Shumate d150f374fd Match plugin name from releases (#3453) 2017-10-19 11:10:42 -04:00
blazindragon 6c6e2a3baa Correct typo: DELET to DELETE (#3452) 2017-10-13 10:11:04 -04:00
Brian Kassouf fdd76563eb Add a note about the instant client libraries (#3434) 
* Add a note about the instant client libraries

* Update oracle.html.md
 2017-10-12 09:40:06 -04:00
Jeremy Voorhis af24163abd Implement signing of pre-hashed data (#3448) 
Transit backend sign and verify endpoints now support algorithm=none
 2017-10-11 11:48:51 -04:00
Martins Sipenko a2808db1af Fix docs (#3449) 2017-10-11 11:29:26 -04:00
Brendan d5decccbfe Update index.html.md (#3433) 
Fixed typo in json property used to create custom secret_id
 2017-10-11 09:25:43 -04:00
emily cbe41b590f add GCP APIs that need to be enabled to GCP auth docs, small doc fixes (#3446) 2017-10-11 09:18:32 -04:00
Nicolas Corrarello 3380fd647d Adding Nomad docs to the nav. Minor cosmetics fixes 2017-10-06 16:03:06 +01:00
David Dixon cfd27317d8 Small typo corrections for policies doc (#3413) 2017-10-06 09:38:00 -04:00
Nicolas Corrarello d7bb311db3 A few simple fixes for the Github API docs (#3432) 2017-10-06 06:13:47 -04:00
Daniel DeFisher 974332c2c5 upgrade ldap api docs to refrect 0.8.3 change to returned json of policies (#3421) 2017-10-04 15:40:28 -04:00
Jeff Mitchell e3ce60eb1f Allow entering PKI URLs as arrays. (#3409) 
Fixes #3407
 2017-10-03 16:13:57 -04:00
Oluwafemi Sule b6ec6351af fix spellings errors (#3400) 2017-09-29 11:52:42 -04:00
Nicolas Corrarello b207b76f14 Updated API Docs with the Global Token Parameter 2017-09-29 11:23:47 +01:00
Alex Dadgar f56e191020 Fix spelling errors (#3390) 2017-09-28 07:54:40 -04:00
Paulo Ribeiro 43540e9c32 Fix grammatical error (#3395) 
Also changed capitalization for consistency.
 2017-09-28 06:28:48 -04:00
Brian Kassouf b1db3765ca Kubernetes Docs Update (#3386) 
* Update Kubnernetes Docs

* Add a note about alpha clusters on GKE

* Fix JSON formatting

* Update kubernetes.html.md

* Fix a few review comments
 2017-09-27 14:02:18 -07:00
Vishal Nayak abcf4b3bb2 docs: Added certificate deletion operation API (#3385) 2017-09-26 20:28:52 -04:00
Jeff Mitchell 17a15cd594 Add option to disable client certificate requesting. (#3373) 
Fixes #3372
 2017-09-25 14:41:46 -04:00
Nicolas Corrarello 2b4561dccb Adding Nomad Secret Backend API documentation 2017-09-21 09:18:35 -05:00
Nicolas Corrarello 5178e5f5f2 Adding Nomad secret backend documentation 2017-09-20 17:31:28 -05:00
Dave Pedu 19e4d8b6c3 Spelling fix (#3351) 2017-09-19 15:25:39 -04:00
Jeff Mitchell bad1555919 Bump version 2017-09-19 10:54:01 -04:00
Brian Kassouf 9b0d594d02 Kubernetes auth (#3350) 
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a9427bcde7e73cea41dea19d0922f94789.

* Update the vendored directory
 2017-09-19 09:27:26 -05:00
Calvin Leung Huang d4a5362835 Clarify backup data that is being stored (#3345) 2017-09-19 07:44:34 -05:00
emily ed3d75d0b1 Add GCE docs for GCP Auth Backend (#3341) 2017-09-19 07:44:05 -05:00
Bruno Miguel Custódio 2abddb248e Fix a few quirks in the GCP auth backend's docs. (#3322) 2017-09-19 07:41:41 -05:00
Vishal Nayak e99640f462 Add 'pid_file' config option (#3321) 
* add pid_file config option

* address review feedback

* address review comments
 2017-09-16 17:09:37 -04:00
Laura Uva 8529972bfb Updated https://www.vaultproject.io/api/system/replication-dr.html#generate-dr-secondary-token to be a POST rather than GET. This was reported by a customer and I confirmed that this should be a logical.UpdateOperation rather than ReadOperation (24f2b961fd/vault/replication_api.go (L121)). (#3342) 2017-09-15 16:19:16 -04:00
Chris Hoffman 1029ad3b33 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman a2d2f1a543 Adding support for base_url for Okta api (#3316) 
* Adding support for base_url for Okta api

* addressing feedback suggestions, bringing back optional group query

* updating docs

* cleaning up the login method

* clear out production flag if base_url is set

* docs updates

* docs updates
 2017-09-15 00:27:45 -04:00
Chris Hoffman 9d73c81f38 Disable the `sys/raw` endpoint by default (#3329) 
* disable raw endpoint by default

* adding docs

* config option raw -> raw_storage_endpoint

* docs updates

* adding listing on raw endpoint

* reworking tests for enabled raw endpoints

* root protecting base raw endpoint
 2017-09-15 00:21:35 -04:00
Chris Hoffman 2e60b20eae update enterprise urls /docs/vault-enterprise -> /docs/enterprise (#3333) 2017-09-13 15:37:40 -04:00
Paul Pieralde 2c640950e0 Fixed docs to reflect correct HTTP method for /sys/config/auditing endpoing (#3331) 
Updated documentation to reflect "Read Single Audit Request Header" endpoint is GET-based.
 2017-09-13 11:59:27 -07:00
Jeff Mitchell cb6ac1e926 Change behavior of TTL in sign-intermediate (#3325) 
* Fix using wrong public key in sign-self-issued

* Change behavior of TTL in sign-intermediate

This allows signing CA certs with an expiration past the signer's
NotAfter.

It also change sign-self-issued to replace the Issuer, since it's
potentially RFC legal but stacks won't validate it.

Ref: https://groups.google.com/d/msg/vault-tool/giP69-n2o20/FfhRpW1vAQAJ
 2017-09-13 11:42:45 -04:00
Chris Hoffman cfa74e6a95 remove token header from login samples (#3320) 2017-09-11 18:14:05 -04:00
Bruno Miguel Custódio 886a0acee6 Fix navigation and prameters in the 'gcp' auth backend docs. (#3317) 2017-09-11 15:26:24 -04:00
Jose Diaz-Gonzalez 12cde76112 fix: add missing comma to payload (#3308) 2017-09-11 12:03:43 -04:00
Dan Urson 57a7002210 Update AWS CloudHSM comparison. (#3311) 
* Update AWS CloudHSM comparison.

* Update hsm.html.md

* Update hsm.html.md
 2017-09-10 12:54:05 -04:00
Calvin Leung Huang c747caac2a Fix cassandra tests, explicitly set cluster port if provided (#3296) 
* Fix cassandra tests, explicitly set cluster port if provided

* Update cassandra.yml test-fixture

* Add port as part of the config option, fix tests

* Remove hostport splitting in cassandraConnectionProducer.createSession

* Include port in API docs
 2017-09-07 23:04:40 -04:00
Adam Duke a3f97c5e3e fix typo in policies documentation (#3302) 2017-09-07 11:55:24 -04:00
Paul Pieralde 567f2ce1f1 Fix docs for Certificate authentication (#3301) 
Fix discrepencies in the documentation for TLS Certificate
authentication. The Delete CRL method has a misleading title and
description.
 2017-09-07 10:28:14 -04:00
Paul Pieralde 25976b340e Fixed small typo in RabbitMQ secret backend. (#3300) 
Fixed `name` param for the Delete Role API in the RabbitMQ secret backend.
 2017-09-07 10:00:32 -04:00
Jeff Mitchell 44bf03e3b6 Fix compile after dep update 2017-09-05 18:18:34 -04:00
Jeff Mitchell 7f7f2c7cfc Update version 2017-09-05 11:14:25 -04:00
Eugene Bekker e85e22b00e Fixing the response sample for reading a plugin (#3278) 
The plugin config data properties are returned immediately within the response's `data` object.
 2017-09-01 08:34:54 -04:00
Jeff Mitchell 9578361513 Massive update to response-wrapping concept page 2017-09-01 08:32:55 -04:00
Jeff Mitchell abb2ab2918 Add pki/root/sign-self-issued. (#3274) 
* Add pki/root/sign-self-issued.

This is useful for root CA rolling, and is also suitably dangerous.

Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.

* Add tests
 2017-08-31 23:07:15 -04:00
Calvin Leung Huang 6f417d39da Normalize plugin_name option for mount and enable-auth (#3202) 2017-08-31 12:16:59 -04:00
Chris Hoffman 194491759d Updating Okta lib for credential backend (#3245) 
* migrating to chrismalek/oktasdk-go Okta library

* updating path docs

* updating bool reference from config
 2017-08-30 22:37:21 -04:00
Jeff Mitchell 8acef196a8 Add 'discard' target to file audit backend (#3262) 
Fixes #seth
 2017-08-30 19:16:47 -04:00
Joel Thompson caf90f58d8 auth/aws: Allow wildcard in bound_iam_principal_id (#3213) 2017-08-30 17:51:48 -04:00
stephan stachurski e396d87bc5 add support to use application default credentials to gcs storage backend (#3257) 2017-08-30 15:42:02 -04:00
Seth Vargo 9f80099fae
Remove fake news about custom plugins 
This also adds a redirect from the old page to the new one
 2017-08-30 12:57:45 -04:00
Christopher Pauley eccbb21ce8 stdout support for file backend via logger (#3235) 2017-08-29 14:51:16 -04:00
djboris9 21a15204bd Fix API/AUTH/AppRole doc issue concerning bound_cidr_list (#3205) 
This patch fixes a little documentation issue.
bind_cidr_list doesn't exist as parameter to AppRole creation. It should be "bound_cidr_list".
In "path-help" it is documented correctly.
 2017-08-29 12:37:20 -04:00
Hamza Tümtürk 525c124d69 Add missing code ending to Sample Payload (#3239) 2017-08-25 12:34:12 -04:00
Jon Benson d88aefc64f Fix typo (#3237) 2017-08-25 09:51:33 -04:00
Brian Kassouf 23089dafbc Add basic autocompletion (#3223) 
* Add basic autocompletion

* Add autocomplete to some common commands

* Autocomplete the generate-root flags

* Add information about autocomplete to the docs
 2017-08-24 15:23:40 -07:00
Chris Hoffman bf9658ec61 fix docs formatting 2017-08-24 11:23:26 -04:00
Serg 66b178f969 Update index.html.md (#3233) 2017-08-24 10:08:35 -04:00
Chris Hoffman 27598ce960 Add GET variant on LIST endpoints (#3232) 2017-08-23 17:59:22 -04:00
Seth Vargo ec9e187ce4 Thread stderr through too (#3211) 
* Thread stderr through too

* Small docs typo
 2017-08-21 17:23:29 -04:00
Seth Vargo 1f45a6c96e Addd more SSH CA troubleshooting (#3201) 
* Add notes about pty and other permit-* extensions

* Update troubleshooting

* Add an example of JSON for sign

* Fix a bug about what keys to push up
 2017-08-21 17:22:54 -04:00
Yaroslav Lukyanov da19d2941f add new php client to the doc (#3206) 2017-08-21 13:07:03 -04:00
Calvin Leung Huang 73fd103456 Update gcp auth backend docs (#3209) 
* Update gcp auth backend docs

* Minor formatting and wording fixes

* Minor formatting fixes
 2017-08-18 16:25:52 -04:00
Paulo Ribeiro ba98b60e41 Fix typo in AppRole API page (#3207) 2017-08-18 10:46:29 -04:00
Chris Maki 7b5978634f Update policies.html.md 
Using the latest vault release, I was getting the following error when the policy used `write`:

Error: Error making API request.

URL: PUT http://0.0.0.0:8200/v1/sys/policy/secret
Code: 400. Errors:

* Failed to parse policy: path "secret/*": invalid capability 'write'

I think `create` is the correct new Capability.
 2017-08-17 12:26:29 -07:00
Seth Vargo 6f4bd86be0
YAML is literally the worst 2017-08-17 11:42:47 -04:00
Seth Vargo 0ffe86963c
Update news 2017-08-17 11:34:22 -04:00
Seth Vargo b4bec62d47
Typo fix 2017-08-16 18:38:35 -04:00
Seth Vargo 7b1e013511
Refactor SSH CA backend docs 2017-08-16 18:38:35 -04:00
Brian Kassouf 406396603a Fix a few links (#3188) 2017-08-16 10:27:12 -07:00
Jeff Mitchell bbcbe1f6d5 Fix ping docs location 2017-08-16 12:57:31 -04:00
Jeff Mitchell 411419cbf8 plugins/backend/reload -> plugins/reload/backend (#3186) 2017-08-16 12:40:38 -04:00
Calvin Leung Huang ae75e39c44 Fix plugin docs (#3185) 
* Fix plugin docs

* Add plugin_name to auth endpoint
 2017-08-16 12:36:46 -04:00
Jeff Mitchell 8a168cd0a0 Bump version for release 2017-08-16 11:55:06 -04:00
Jeff Mitchell 4dc55474e6 Remove erroneous flag from hmac docs 2017-08-16 11:27:39 -04:00
Jeff Mitchell c34a5b2e93 * Add ability to specify a plugin dir in dev mode (#3184) 
* Change (with backwards compatibility) sha_256 to sha256 for plugin
registration
 2017-08-16 11:17:50 -04:00
emily 31a994e452 Initial GCP auth backend documentation (#3167) 2017-08-15 22:03:04 -04:00
Jeff Mitchell 0c2c078e48 Add PingID MFA docs (#3182) 2017-08-15 22:01:34 -04:00
Brian Kassouf 89b81bcb4c Oracle plugin docs (#3131) 
* Add oracle database docs

* Add oracle database docs

* Fix commas in json output

* Update oracle.html.md
 2017-08-15 17:24:01 -07:00
Jeff Mitchell 340fe4e609 Add permitted dns domains to pki (#3164) 2017-08-15 16:10:36 -04:00
Jeff Mitchell e4eb6e9020 Make PKI root generation idempotent-ish and add delete endpoint. (#3165) 2017-08-15 14:00:40 -04:00
Andy Manoske bc7d77c83f Update index.html.md 
Updated replication docs for DR
 2017-08-14 19:02:02 -07:00
Johan Haals d25bc60feb Update libraries (#3160) 
* Remove vault-java which has better alternatives.
* Add ansible-vault, a zero dependency
[lookup-plugin](http://docs.ansible.com/ansible/latest/playbooks_lookups.html) for ansible
 2017-08-14 20:28:11 -04:00
Jeff Mitchell 035d37cd36 Fix hanadb link 2017-08-14 13:04:26 -04:00
vishalnayak 09d0a894d7 docs: Fix the default value for 'generate_signing_key' 2017-08-14 12:39:11 -04:00
Tony Cai 07160ed814 Add missing link to sidebar menu (#3153) 
* Add missing link to sidebar menu

* Add missing link to sidebar menu
 2017-08-14 12:33:47 -04:00
Jeff Mitchell ce73c26b0d Add note about turning off core dumps into production hardening guide 2017-08-14 12:29:54 -04:00
Lucas Vasconcelos Santana ea2d4c7d55 add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Lucas Vasconcelos Santana 914fab79ce add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Seth Vargo 8ee362744b Break SSH types into their own pages (#3157) 
@jefferai and I discussed this on Friday. With three fully-documented
SSH backends, the page is lengthy, ungreppable, and intimidating. This
commit separates the SSH backends into their own pages with as little
text changes as possible.
 2017-08-14 10:49:41 -04:00
Seth Vargo 0274a0f639 Rename database plugins for SEO (#3156) 
When we "nest" like this, it's important to use a common suffix,
"Database Secret Backend" in this case, so that the SEO minions can
properly group search results for end users.
 2017-08-14 10:46:39 -04:00
Tony Cai 1b6991c8f3 Removed unused parameter from docs (#3152) 
According to #3116, it seems like this parameter isn't used. I couldn't trigger any differences by playing around with transit signing function, and could not find anything in the source code that actually parses this param. Presumably, it is unused?
 2017-08-11 20:57:06 -04:00
Jeff Mitchell 75bc43e961 Update github comment 2017-08-11 17:03:18 -04:00
Jeff Mitchell d477b9455e Fix broken url in replication performance docs 2017-08-11 16:03:05 -04:00
Seth Vargo d931a2fa85 Remove references to VSI (#3143) 
Andy approved
 2017-08-10 20:47:59 -04:00
Issac 07dc10cdc8 Add TLS config to skeleton plugin (#3137) 2017-08-09 11:41:17 -07:00
vishalnayak c88db7b185 docs: Add API section for MFA docs 2017-08-09 13:26:29 -04:00
vishalnayak 0a0e697e05 docs: fix broken link 2017-08-09 13:17:56 -04:00
vishalnayak 254c1b6ae0 docs: Added identity concepts 2017-08-09 13:08:05 -04:00
vishalnayak 9844475b64 docs: Add X-Vault-MFA to the list of env vars 2017-08-09 11:31:30 -04:00
Chris Hoffman e3e5be4617 API Docs updates (#3135) 2017-08-09 11:22:19 -04:00
Jeff Mitchell d8a3bccb43 Fix cassandra doc link 2017-08-09 10:32:03 -04:00
Calvin Leung Huang f80addc563 docs: Fix errors on plugin backends guide (#3134) 
* docs: Fix path on sample command in plugin backend guide

* Fix grammar on intro

* Fix ref links in plugin guide
 2017-08-09 10:28:13 -04:00
Jeff Mitchell 9295a440f9 Prep for release 2017-08-09 05:05:21 -04:00
Vishal Nayak 6d6e84f804 docs: MFA usage details (#3133) 2017-08-08 23:48:31 -04:00
Jeff Mitchell 5cb3a79568 Add an extra sentence to the github warning 2017-08-08 21:10:15 -04:00
Vishal Nayak 9410ec2c6d docs: API docs for TOTP, Okta and Duo MFA (#3129) 
* docs: API docs for TOTP, Okta and Duo MFA

* docs: List types in the MFA main page
 2017-08-08 20:20:37 -04:00
Jeff Mitchell 12982ab207 Add 0.8 guide (#3130) 2017-08-08 16:32:27 -04:00
Calvin Leung Huang 95af5bf6c7 Add plugin backends docs (#3125) 
* Add docs on plugins/backend/reload, add plugin backend guide

* Fix docs headers

* Fix API endpoint description

* Update plugin guide and internals pages
 2017-08-08 12:39:19 -04:00
Chris Hoffman 191d48f848 API Docs updates (#3101) 2017-08-08 12:28:17 -04:00
Jeff Mitchell accba5287c Add a note about GitHub auth backend security 2017-08-08 10:26:05 -04:00
Jeff Mitchell 118dea1ad8 Fix replication guide with new paths 2017-08-07 11:52:29 -04:00
Matthew Irish 53ef0156da update dr replication docs with the promotion response (#3124) 2017-08-07 09:59:46 -05:00
Aaron Salvo ad1d74cae0 Set allowed headers via API instead of defaulting to wildcard. (#3023) 2017-08-07 10:03:30 -04:00
Seth Vargo 3fb75beb59 Fix formatting in mfa docs (#3122) 2017-08-07 09:55:17 -04:00
Paulo Ribeiro 1e3c74862e Fix minor grammatical error (#3110) 2017-08-04 11:08:49 -04:00
Vishal Nayak 26ee120ca4 docs: MFA API (#3109) 2017-08-03 23:32:22 -04:00
Jeff Mitchell 65d7face69 Merge branch 'master-oss' into issue-2241 2017-08-03 07:41:34 -04:00
Gobin Sougrakpam 8e01c994bf tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Calvin Leung Huang db9d9e6415 Store original request path in WrapInfo (#3100) 
* Store original request path in WrapInfo as CreationPath

* Add wrapping_token_creation_path to CLI output

* Add CreationPath to AuditResponseWrapInfo

* Fix tests

* Add and fix tests, update API docs with new sample responses
 2017-08-02 18:28:58 -04:00
Jeff Mitchell 7e3ff5e56c Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Seth Vargo b45b378d49 Remove people from community section (#3099) 
* Remove people from community section

This is going to be replaced with dynamic content from our CMS in the
future, but we agreed to remove it in the interim.

* Update deploy process
 2017-08-02 17:57:19 -04:00
Minkyu Kim 68fd01e3fc Fix outdated documentation about AWS STS credentials (#3093) (#3094) 2017-08-02 11:18:35 -04:00
Jay Crumb c775cac148 Fix typo in rekey documentation (#3039) 2017-08-01 10:27:06 -04:00
Jeff Mitchell 4885b3e502 Use RemoteCredProvider instead of EC2RoleProvider (#2983) 2017-07-31 18:27:16 -04:00
Jeff Mitchell d0f329e124 Add leader cluster address to status/leader output. (#3061) 
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.

Fixes #3042
 2017-07-31 18:25:27 -04:00
Brian Rodgers d8e47e6f79 docs: Added text to clarify that `root` does not refer to AWS root creds (#2950) 2017-07-31 17:31:44 -04:00
Oliver Beattie e5a3156429 Fix docs to use new style 2017-07-31 15:24:08 +01:00
Filipe Varela a5a480551c Makes naming consistent w/ other storage backends (ie: etcd) 2017-07-31 15:18:07 +01:00
Filipe Varela b0446a2b25 Adds docs for new configuration options 2017-07-31 15:18:06 +01:00
Oliver Beattie 3919f38bd5 Add a (basic) Cassandra storage backend 2017-07-31 15:18:01 +01:00
Jeff Mitchell 45fd7dad60 Add note about ed25519 hashing to docs and path help. 
Fixes #3074
Closes #3076
 2017-07-28 09:30:27 -04:00
Chris Hoffman a3b5e18da0 adding filtered mount docs (#3059) 2017-07-27 09:28:52 -04:00
Brian Kassouf 1a3b6facf0 Add docs for DR Replication (#3067) 
* Add docs for DR Replication

* Fix up docs
 2017-07-26 13:47:41 -07:00
Jonathan Duncan 8e9f54fc70 Updated policy format to use capabilities keyword (#3063) 
The `policy` key name is deprecated and has been replaced with `capabilities`.
 2017-07-26 14:05:11 -04:00
James Phillips 0ab5b0e26b Fixes a typo in the VSI doc. (#3047) 2017-07-26 12:18:52 -04:00
Jeremy Voorhis 87d4014b6b s/alterate/alternate/ (#3056) 2017-07-26 11:44:06 -04:00
Vishal Nayak a80d7fb9c8 docs: Identity Store (#3055) 2017-07-25 18:33:17 -04:00
Chris Hoffman 2aa02fb3f0 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Calvin Leung Huang bb54e9c131 Backend plugin system (#2874) 
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
 2017-07-20 13:28:40 -04:00
Joel Thompson 3704751a8f Improve sts header parsing (#3013) 2017-07-18 09:51:45 -04:00
Gobin Sougrakpam 2ddbc4a939 Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT (#3022) 2017-07-18 09:48:31 -04:00
vishalnayak 22bb35b020 doc fix 2017-07-18 04:55:00 -04:00
Andy Manoske d82f231753 Update configuration.html.md (#3029) 2017-07-17 14:37:32 -04:00
Jeff Mitchell 4387871bca Add max_parallel to mssql and postgresql (#3026) 
For storage backends, set max open connections to value of max_parallel.
 2017-07-17 13:04:49 -04:00
Seth Vargo ce1808f77d Update Policies and Auth concepts pages (#3011) 2017-07-14 11:15:22 -04:00
Jeff Mitchell 8903f68bf6 Reformat some wrapping docs 2017-07-13 19:02:15 -04:00
Jeff Mitchell f3f4452334 Revert "Remove wrapping/wrap from default policy and add a note about guarantees (#2957)" (#3008) 
This reverts commit b2d2459711d9cb7552daf1cc2330c07d31ef4f51.
 2017-07-13 18:47:29 -04:00
Jeff Mitchell 2c6b7db279 Remove wrapping/wrap from default policy and add a note about guarantees (#2957) 2017-07-13 15:29:04 -07:00
Tony Cai 07088fe8a0 Added HANA database plugin (#2811) 
* Added HANA dynamic secret backend

* Added acceptance tests for HANA secret backend

* Add HANA backend as a logical backend to server

* Added documentation to HANA secret backend

* Added vendored libraries

* Go fmt

* Migrate hana credential creation to plugin

* Removed deprecated hana logical backend

* Migrated documentation for HANA database plugin

* Updated HANA DB plugin to use role name in credential generation

* Update HANA plugin tests

* If env vars are not configured, tests will skip rather than succeed

* Fixed some improperly named string variables

* Removed unused import

* Import SAP hdb driver
 2017-07-07 13:11:23 -07:00
Brian Shumate 40b365ae61 DOCS: Update API docs for /sys/generate-root (#2978) 
- Fix invalid JSON example
 2017-07-07 08:25:32 -04:00
Will May 23ff17c769 Allow Okta auth backend to specify TTL and max TTL values (#2915) 2017-07-05 09:42:37 -04:00
Jeff Mitchell 7394214b94 Don't indicate signed data can be returned as hex. 
Fixes #2953
 2017-07-04 15:06:50 -04:00
Jasper Siepkes 5ae38eb745 Added documentation for working with MySQL wildcards in GRANT (#2963) 2017-07-04 13:59:08 -04:00
Brian Shumate 5fb9c73e1d DOCS: fix typo (#2965) 2017-07-03 12:40:31 -04:00
Cameron Stokes 711d6e6569 [docs] Add requirements for hsm. (#2941) 2017-07-01 21:21:51 +01:00
Cameron Stokes 4ae3e1295a [docs] production hardening typo 2017-06-30 15:18:17 -07:00
Seth Vargo 00e2213790 Add rekeying guide & move guides to top-level (#2935) 2017-06-29 14:43:43 +01:00
Brian Nuszkowski 45c7bc718f Add the option to specify a specific key id format that is generated … (#2888) 2017-06-29 04:05:06 +01:00
Brian Shumate 7a8b16f441 Docs: Expand Telemetry documentation (#2860) 2017-06-29 04:02:48 +01:00
Brian Boerst 0631c02558 Typo fix in vault enterprise/replication docs. (#2932) 2017-06-29 04:01:32 +01:00
Seth Vargo cb7e3051c0 Merge pull request #2914 from hashicorp/sethvargo/ec2authimage 
Add diagram for EC2 Auth flow
 2017-06-28 07:31:37 +08:00
Armon Dadgar 872e9ba8fb Merge pull request #2925 from hashicorp/docs-harden 
website: Add more hardening tips
 2017-06-27 11:22:46 -07:00
Seth Vargo 7d59190129
Clarify Vault server 2017-06-27 22:38:16 +08:00
Seth Vargo ca966b6e79
Re-org and move text around in list instead 2017-06-27 22:38:16 +08:00
Seth Vargo 16149fbbf2
Capitalize C 2017-06-27 22:38:16 +08:00
Seth Vargo 436d656a32
Add diagram for EC2 Auth flow 2017-06-27 22:38:16 +08:00
Ryon 7b0402ea6f Update middleman-hashicorp to 0.3.28 for mega nav fixes (#2924) 2017-06-27 12:04:04 +01:00
Armon Dadgar 4cd3a56b8b adding link to security model 2017-06-26 17:43:04 -07:00
Armon Dadgar fb8b737ae8 website: Add more hardening tips 2017-06-26 14:00:36 -07:00
TheCodeAssassin 9e09899c69 Small typo fix (#2921) 2017-06-26 10:08:18 -04:00
Cameron Stokes e28244cb8b [docs]: Fix typo in hardening guide. 2017-06-22 22:20:17 -07:00
Armon Dadgar e184c3fa0d Merge pull request #2898 from hashicorp/docs-prod-hard 
website: adding production hardening guide
 2017-06-22 15:05:35 -07:00
Saj Goonatilleke a576feeb1d Fix a typo in the telemetry documentation (#2910) 2017-06-22 20:12:28 +01:00
Armon Dadgar a40d24772e Make recommendation vs requirement more clear 2017-06-22 11:02:18 -07:00
lisli 82f28aecbb update news section with vault update and webinar update (#2904) 2017-06-22 17:07:36 +01:00
Armon Dadgar 266f55c5d9 Copy changes 2017-06-21 09:55:00 -07:00
Armon Dadgar 9ae6004dbe website copy updates 2017-06-20 21:21:04 -07:00
Armon Dadgar 10a56c7ceb website: adding production hardening guide 2017-06-20 17:44:54 -07:00
Jeff Mitchell 40ef2e5c85 More cleanup 
Ping #2894
 2017-06-20 10:46:24 -04:00
Jeff Mitchell 9edbf1c8d1 Clarify/fix some configuration info. 
Fixes #2894
 2017-06-20 10:12:59 -04:00
Jeff Mitchell 8f1f9d5522 Add ACL info to Consul configuration page 2017-06-19 19:39:52 -04:00
Eugene Bekker 1e3e83f7b0 Add Zyborg.Vault PowerShell module to libs list (#2869) 2017-06-17 11:24:13 -04:00
Raphael Randschau db4e1b4a99 CouchDB physical backend (#2880) 2017-06-17 11:22:10 -04:00
Jeff Mitchell cf7d56e8f3 Fix up CORS. 
Ref #2021
 2017-06-17 01:26:25 -04:00
Aaron Salvo 0303f51b68 Cors headers (#2021) 2017-06-17 00:04:55 -04:00
Jeff Mitchell 33ca94773f Add DogStatsD metrics output. (#2883) 
Fixes #2490
 2017-06-16 23:51:46 -04:00
Jeff Mitchell 0ea8f17357 Add some warnings to the upgrade guide 2017-06-16 13:23:22 -04:00
vishalnayak a50ce54603 doc: add radius to MFA backend docs 2017-06-15 18:31:53 -04:00
Jeff Mitchell df229f5255 Fix typo in transit docs 2017-06-14 11:49:12 -04:00
Seth Vargo 789247d922 Add callouts for deprecations and beta (#2854) 
This makes the sidebar emphasize the deprecated database backends more.
 2017-06-14 16:11:16 +01:00
Nathan Valentine 3309496916 Clean up extra word in docs (#2847) 2017-06-12 13:08:54 -04:00
Jonathan Duncan 7038348b6d Adding some visual separation for parameters (#2841) 
Currently on the Documentation pages when parameters are listed, there is no visual separation between the parameter names, flags, and descriptions. This should make it a bit easier for humans to read.
 2017-06-12 06:59:38 -04:00
Jeff Mitchell 8b3657d840 Add note about lowercasing usernames to userpass docs 2017-06-08 09:41:01 -04:00
Cameron Stokes 8e0ac2dbb0 [docs] Add notes about deprecated database backends. (#2835) 2017-06-07 23:45:01 -07:00
Cameron Stokes d26bb4f2fb [docs] Fix Mongodb link in sidebar. 2017-06-07 20:36:36 -07:00
Seth Vargo 00ab0d713f
Update packer and makefile 2017-06-07 16:00:30 -04:00
Jeff Mitchell b8bc3d101b Bump versions 2017-06-07 15:23:51 -04:00
Brian Kassouf 8d58b43906 update database interface in the docs 2017-06-07 11:20:13 -07:00
Jeff Mitchell f6d48312d8 Add new transit features to documentation 2017-06-07 13:00:14 -04:00
Joel Thompson 4a934915d7 Resolve AWS IAM unique IDs (#2814) 2017-06-07 10:27:11 -04:00
Dan Brown 4f3fb87b9d Docs typo fixes (#2830) 
* Fix passing payload.json file to curl

* Correct API endpoint
 2017-06-07 10:02:58 -04:00
Joel Thompson 7437ada31c Check if there's a bound iam arn when renewing (#2819) 
Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN.  However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.

This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.

Fixes #2781
 2017-06-06 22:35:12 -04:00
Katie Bayes cff022a65c update middleman version from 24 to 26 (#2824) 2017-06-06 22:33:26 -04:00
Brian Kassouf 606fe393be Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
sam boyer 789d7ab4e0 Minor typos & wordsmithing for clarity (#2807) 2017-06-05 09:32:09 -07:00
Jeff Mitchell dad291c93c Add plugin_directory to configuration page (#2801) 
Fixes #2795
 2017-06-03 08:11:03 -04:00