Commit graph

4942 commits

Author SHA1 Message Date
hc-github-team-secure-vault-core a486b13957
backport of commit 63ccb60b9a6dadf717e6813f9789c7194a2375de (#20877)
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-30 23:49:24 +00:00
hc-github-team-secure-vault-core 09569aa28e
backport of commit be2464fbea069f8aed6b6bd271a24ff3ed6037da (#20861)
Co-authored-by: Milena Zlaticanin <60530402+Zlaticanin@users.noreply.github.com>
2023-05-30 21:54:09 +00:00
hc-github-team-secure-vault-core 2f52c505a0
backport of commit 54685189eb1b210ed14bd3c35a2a337c58ca8e42 (#20851)
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-30 20:12:47 +00:00
hc-github-team-secure-vault-core 1fe6475c72
Backport: Add 1.14 draft docs and UI known issue #20665 (#20854)
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
2023-05-30 10:27:48 -05:00
Thy Ton 9fbf8ad72f
update API docs for kubernetes secrets engine (#20726)
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-05-26 07:38:22 -07:00
Ben Ash 57e41db42a
Update VSO API reference docs for v0.1.0-beta.1 (#20801)
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2023-05-25 20:31:45 -04:00
Kyle Schochenmaier b43e865aef
[docs] update helm docs for vso beta1 release (#20776)
* update helm docs for vso beta1 release
2023-05-25 16:45:08 -05:00
Jonathan Frappier 24edfc6be4
Add additional endpoints, remove non-protected endpoints (#20669)
* Add additional endpoints, remove non-protected endpoints

* Add step-down per engineering

* Match HTTP verb to individual doc pages

* Add /sys/internal/inspect/router to table

* Apply additional suggestions

* Updates based on engineering feedback

* Adding unsaved changes
2023-05-24 17:32:53 -04:00
kpcraig 628c51516a
VAULT-12226: Add Static Roles to the AWS plugin (#20536)
Add static roles to the aws secrets engine

---------

Co-authored-by: maxcoulombe <max.coulombe@hashicorp.com>
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-24 14:55:13 -04:00
Alexander Scheel 04bb7eef15
Update transit public keys for Ed25519 support (#20727)
* Refine documentation for public_key

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Support additional key types in importing version

This originally left off the custom support for Ed25519 and RSA-PSS
formatted keys that we've added manually.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add support for Ed25519 keys

Here, we prevent importing public-key only keys with derived Ed25519
keys. Notably, we still allow import of derived Ed25519 keys via private
key method, though this is a touch weird: this private key must have
been packaged in an Ed25519 format (and parseable through Go as such),
even though it is (strictly) an HKDF key and isn't ever used for Ed25519.

Outside of this, importing non-derived Ed25519 keys works as expected.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key only export method to Transit

This allows the existing endpoints to retain private-key only, including
empty strings for versions which lack private keys. On the public-key
endpoint, all versions will have key material returned.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for exporting via public-key interface

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key export option to docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-24 11:26:35 -04:00
Tom Proctor e41119d5f4
Docs: Updates for latest Vault CSI Provider releases (#20721) 2023-05-24 13:07:00 +01:00
Peter Wilson 5eb03f785e
Docs: audit - add warning when disabling device regarding HMAC (#20715)
* added note to warn of potential issues in disabling audit when using HMAC

* added to command docs pages too
2023-05-23 14:55:55 +01:00
claire bontempo f4793cdca1
remove paragraph (#20709) 2023-05-22 16:14:17 -04:00
Mike Palmiotto dc8d2af2d8
Add current_billing_period activity endpoint param (#20694)
* Add current_billing_period activity endpoint param

This commit introduces a new parameter: `current_billing_period`, which
can be used in lieu of `start_time` and `end_time` options.

GET ... /sys/internal/counters/activity?current_billing_period=true now
results in a response which contains the full billing period
information.

* changelog

* Update internal counters docs
2023-05-22 09:22:45 -04:00
Christopher Swenson f80a73d0fe
docs: Traditional HA standby nodes do *not* serve read requests directly (#20687) 2023-05-19 13:00:57 -07:00
Violet Hynes a47c0c7073
VAULT-15546 First pass at Vault Proxy docs (#20578)
* VAULT-15546 First pass at Vault Proxy docs

* VAULT-15546 correct errors

* VAULT-15546 fully qualify paths

* VAULT-15546 remove index

* VAULT-15546 Some typos and clean up

* VAULT-15546 fix link

* VAULT-15546 Add redirects so old links stay working

* VAULT-15546 more explicit redirects

* VAULT-15546 typo fixes

* Suggestions for Vault Agent & Vault Proxy docs (#20612)

* Rename 'agentandproxy' to 'agent-and-proxy' for better URL

* Update the index pages for each section

* VAULT-15546 fix link typo

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-19 13:11:39 -04:00
Equus quagga 0750d31a4c
Added a note to remove-peer (#20583)
* Update raft.mdx

* Update website/content/docs/commands/operator/raft.mdx

Co-authored-by: Josh Black <raskchanky@gmail.com>

---------

Co-authored-by: Josh Black <raskchanky@gmail.com>
2023-05-19 12:21:30 +02:00
Equus quagga 5ff1bfc1e8
Update docs/secrets/databases/mssql.mdx (#20623)
Added a note in the `Example for Azure SQL Database` section stating that we only support SQL auth and no Azure AD auth.
2023-05-18 19:33:55 -07:00
l-with d1d3d697da
Add possibility to decode generated encoded root token to api (#20595) 2023-05-18 15:18:19 -04:00
Jonathan Frappier 03a684eb7e
Add root protected endpoint table (#20650)
* Add root protected endpoint table

* Fix heading case
2023-05-18 11:53:22 -04:00
Luis (LT) Carbonell 95e6723aa9
Correct Default for MaximumPageSize (#20453)
* default max page size for config

* Add changelog

* update test int to *int

* add testing defaults

* update default to -1, i.e. dont paginate

* update test

* Add error message for invalid search

* Make 0 the default

* cleanup

* Add to known issues doc

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.12.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Add workaround to docs

* Update changelog/20453.txt

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

---------

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-05-17 20:56:53 +00:00
Stefano Cattonar 023d847182
Fixed a typo in the "Environment Variable Example" because it was generating a parsing error (#20574)
Fixed a typo in the "Environment Variable Example" because it was generating a parsing error:

template server error: error="(dynamic): execute: template: :2:30: executing \"\" at <.Data.data.payments_api_key>: can't evaluate field data in type *dependency.Secret"
2023-05-12 22:34:51 +00:00
Josh Black 8c08ac8df4
add undo logs metrics to docs (#20568) 2023-05-11 18:28:25 -07:00
Rowan Smith 57af313dc8
Update server.mdx (#19881)
added a note detailing that usage of `-log-file` functions as an additional output, does not replace journald / stdout
2023-05-11 17:18:55 -07:00
Gabriel Santos 05f3236c15
Provide public key encryption via transit engine (#17934)
* import rsa and ecdsa public keys

* allow import_version to update public keys - wip

* allow import_version to update public keys

* move check key fields into func

* put private/public keys in same switch cases

* fix method in UpdateKeyVersion

* move asymmetrics keys switch to its own method - WIP

* test import public and update it with private counterpart

* test import public keys

* use public_key to encrypt if RSAKey is not present and failed to decrypt
if key version does not have a private key

* move key to KeyEntry parsing from Policy to KeyEntry method

* move extracting of key from input fields into helper function

* change back policy Import signature to keep backwards compatibility and
add new method to import private or public keys

* test import with imported public rsa and ecdsa keys

* descriptions and error messages

* error messages, remove comments and unused code

* changelog

* documentation - wip

* suggested changes - error messages/typos and unwrap public key passed

* fix unwrap key error

* fail if both key fields have been set

* fix in extractKeyFromFields, passing a PolicyRequest wouldn't not work

* checks for read, sign and verify endpoints so they don't return errors when a private key was not imported and tests

* handle panic on "export key" endpoint if imported key is public

* fmt

* remove 'isPrivateKey' argument from 'UpdateKeyVersion' and
'parseFromKey' methods

also: rename 'UpdateKeyVersion' method to 'ImportPrivateKeyForVersion' and 'IsPublicKeyImported' to 'IsPrivateKeyMissing'

* delete 'RSAPublicKey' when private key is imported

* path_export: return public_key for ecdsa and rsa when there's no private key imported

* allow signed data validation with pss algorithm

* remove NOTE comment

* fix typo in EC public key export where empty derBytes was being used

* export rsa public key in pkcs8 format instead of pkcs1 and improve test

* change logic on how check for is private key missing is calculated

---------

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-11 11:56:46 +00:00
Jonathan Frappier 82427e355f
Add requested generated secret example (#20556)
* Add requested generated secret example

* Fix code block types

* Update website/content/docs/secrets/kv/kv-v1.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/kv/kv-v2.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-10 18:21:26 -04:00
Jens Hofmann b8ac5ec2da
Update elasticdb.mdx (#20437)
* Update elasticdb.mdx

Remove success message of vault write operations from text blocks to better support copy&paste to console

* Update code block types

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-04 16:17:57 -07:00
Alex Cahn 976881954a
Update interoperability-matrix.mdx (#20501)
* Update interoperability-matrix.mdx

* Update interoperability-matrix.mdx

Added MySQL as well
2023-05-04 08:58:00 -07:00
Alexander Scheel c1bc341b88
Add note about cross-cluster write failures (#20506)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-04 13:05:14 +00:00
claire bontempo 00e43b88b4
fix typo (#20473) 2023-05-02 19:29:14 +00:00
Yoko Hyakuna a56e4ca96a
Fix the title header - What is Vault (#20465) 2023-05-02 11:29:36 -07:00
marcin-kulik fda0a731fc
Update installation.mdx (#17954) 2023-05-02 13:34:42 -04:00
Jonathan Frappier 3c6e130ca2
Add HCP tabs, apply Vale suggestions, fix heading case (#20361)
* Add HCP tabs, apply Vale suggestions, fix heading case

* Apply feedback

* Apply PM feedback

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/secrets/databases/oracle.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-01 11:56:16 -04:00
Josh Black 1d307d48b6
Clarify origin of ID parameter for path filter creation (#20415)
* Clarify origin of ID parameter for path filter creation

* add additional note

* add additional info
2023-05-01 08:34:03 -07:00
Alexander Scheel 32a7f8250a
Update to tidy status and docs (#20442)
* Add missing tidy-status state values

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on auto-tidy reading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing tidy status field revocation_queue_safety_buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Include pause_duration in tidy-status docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add date of last auto-tidy operation to status

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-01 14:26:29 +00:00
Alexander Scheel 91481143af
Show existing keys, issuers on PKI import (#20441)
* Add additional existing keys response field

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for validating existing keys

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update docs for import to include new fields

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-05-01 14:07:31 +00:00
Yoko Hyakuna ad96cf88e8
Update the command output example (#20427) 2023-04-28 13:46:20 -07:00
Jason Peng 2a954ef072
Updated the HA Upgrade Instructions (#20206)
* Update index.mdx

Updated instructions for Vault Upgrade HA

* Create vault-ha-upgrade.mdx

Moved HA Vault upgrade instruction to a new page and added a Note for disabling automated upgrade procedure

* Add the new vault-ha-upgrade page to the side menu

* Format and wording edits

* Remove extra paracentesis

* Fix a typo

* Change the title appears on the navigation

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-28 10:54:53 -07:00
Tom Proctor 767dc6283f
docs: Set uniform supported Kubernetes versions for all integrations (#20010) 2023-04-28 10:33:37 +01:00
Ben Ash 2f63318cea
api-docs/pki: common_name is no longer required. (#20403) 2023-04-27 16:11:49 -04:00
Yoko Hyakuna 155a32fc77
Fix the GDPR link (#20382) 2023-04-27 08:57:23 -07:00
Josh Black 80a9d7d4ce
Correct an oversight re: skip_flush in the docs (#20383) 2023-04-26 17:30:09 -07:00
Brian Shumate 7fcdb23376
Docs: DR replication API updates (#20373)
* Docs: DR replication API updates

- Add clarification for secondary_public_key parameter
- Update section header

* During activation
2023-04-26 16:15:46 -07:00
Braulio Gomes Rodrigues 627fe60044
Vault change doc main couchbase (#20314)
* changing chouchbase host variable

* Alterando linha 82 couchbase

* Changing couchbase host address in main document
2023-04-25 10:21:25 -07:00
miagilepner 7d631cb44f
VAULT-15791: Update docs to use vault-java-driver fork (#20316) 2023-04-25 11:08:05 +02:00
Nick Cabatoff 3ddb69bd2b
Fix docs-nav-data.json that I broke in #20312 (#20322) 2023-04-24 13:10:53 -04:00
Nick Cabatoff 4d42b08644
Add guidelines for agent/server version compatibility (#20312) 2023-04-24 11:49:50 -04:00
Braulio Gomes Rodrigues 03fa9432a4
changing chouchbase host variable (#19812)
* changing chouchbase host variable

* Alterando linha 82 couchbase
2023-04-24 13:56:56 +00:00
Josh Black 4b9599fddb
update website docs for new update-primary mode (#20302) 2023-04-21 15:21:28 -07:00
John Children bebe6dcaa0
Docs: Fix k8s injector templating example (#20271)
From every other example I can find, the secret name in the template should match the one in the inject annotation. Indeed the same example appears in the examples page.

https://github.com/hashicorp/vault/blob/main/website/content/docs/platform/k8s/injector/examples.mdx#patching-existing-pods
2023-04-21 17:12:13 +00:00