Commit graph

530 commits

Author SHA1 Message Date
hc-github-team-secure-vault-core a486b13957
backport of commit 63ccb60b9a6dadf717e6813f9789c7194a2375de (#20877)
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-30 23:49:24 +00:00
hc-github-team-secure-vault-core 09569aa28e
backport of commit be2464fbea069f8aed6b6bd271a24ff3ed6037da (#20861)
Co-authored-by: Milena Zlaticanin <60530402+Zlaticanin@users.noreply.github.com>
2023-05-30 21:54:09 +00:00
hc-github-team-secure-vault-core 2f52c505a0
backport of commit 54685189eb1b210ed14bd3c35a2a337c58ca8e42 (#20851)
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-30 20:12:47 +00:00
Thy Ton 9fbf8ad72f
update API docs for kubernetes secrets engine (#20726)
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-05-26 07:38:22 -07:00
kpcraig 628c51516a
VAULT-12226: Add Static Roles to the AWS plugin (#20536)
Add static roles to the aws secrets engine

---------

Co-authored-by: maxcoulombe <max.coulombe@hashicorp.com>
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-24 14:55:13 -04:00
Alexander Scheel 04bb7eef15
Update transit public keys for Ed25519 support (#20727)
* Refine documentation for public_key

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Support additional key types in importing version

This originally left off the custom support for Ed25519 and RSA-PSS
formatted keys that we've added manually.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add support for Ed25519 keys

Here, we prevent importing public-key only keys with derived Ed25519
keys. Notably, we still allow import of derived Ed25519 keys via private
key method, though this is a touch weird: this private key must have
been packaged in an Ed25519 format (and parseable through Go as such),
even though it is (strictly) an HKDF key and isn't ever used for Ed25519.

Outside of this, importing non-derived Ed25519 keys works as expected.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key only export method to Transit

This allows the existing endpoints to retain private-key only, including
empty strings for versions which lack private keys. On the public-key
endpoint, all versions will have key material returned.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for exporting via public-key interface

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add public-key export option to docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-24 11:26:35 -04:00
Peter Wilson 5eb03f785e
Docs: audit - add warning when disabling device regarding HMAC (#20715)
* added note to warn of potential issues in disabling audit when using HMAC

* added to command docs pages too
2023-05-23 14:55:55 +01:00
claire bontempo f4793cdca1
remove paragraph (#20709) 2023-05-22 16:14:17 -04:00
Mike Palmiotto dc8d2af2d8
Add current_billing_period activity endpoint param (#20694)
* Add current_billing_period activity endpoint param

This commit introduces a new parameter: `current_billing_period`, which
can be used in lieu of `start_time` and `end_time` options.

GET ... /sys/internal/counters/activity?current_billing_period=true now
results in a response which contains the full billing period
information.

* changelog

* Update internal counters docs
2023-05-22 09:22:45 -04:00
Violet Hynes a47c0c7073
VAULT-15546 First pass at Vault Proxy docs (#20578)
* VAULT-15546 First pass at Vault Proxy docs

* VAULT-15546 correct errors

* VAULT-15546 fully qualify paths

* VAULT-15546 remove index

* VAULT-15546 Some typos and clean up

* VAULT-15546 fix link

* VAULT-15546 Add redirects so old links stay working

* VAULT-15546 more explicit redirects

* VAULT-15546 typo fixes

* Suggestions for Vault Agent & Vault Proxy docs (#20612)

* Rename 'agentandproxy' to 'agent-and-proxy' for better URL

* Update the index pages for each section

* VAULT-15546 fix link typo

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-05-19 13:11:39 -04:00
l-with d1d3d697da
Add possibility to decode generated encoded root token to api (#20595) 2023-05-18 15:18:19 -04:00
Luis (LT) Carbonell 95e6723aa9
Correct Default for MaximumPageSize (#20453)
* default max page size for config

* Add changelog

* update test int to *int

* add testing defaults

* update default to -1, i.e. dont paginate

* update test

* Add error message for invalid search

* Make 0 the default

* cleanup

* Add to known issues doc

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.12.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Add workaround to docs

* Update changelog/20453.txt

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

---------

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-05-17 20:56:53 +00:00
Gabriel Santos 05f3236c15
Provide public key encryption via transit engine (#17934)
* import rsa and ecdsa public keys

* allow import_version to update public keys - wip

* allow import_version to update public keys

* move check key fields into func

* put private/public keys in same switch cases

* fix method in UpdateKeyVersion

* move asymmetrics keys switch to its own method - WIP

* test import public and update it with private counterpart

* test import public keys

* use public_key to encrypt if RSAKey is not present and failed to decrypt
if key version does not have a private key

* move key to KeyEntry parsing from Policy to KeyEntry method

* move extracting of key from input fields into helper function

* change back policy Import signature to keep backwards compatibility and
add new method to import private or public keys

* test import with imported public rsa and ecdsa keys

* descriptions and error messages

* error messages, remove comments and unused code

* changelog

* documentation - wip

* suggested changes - error messages/typos and unwrap public key passed

* fix unwrap key error

* fail if both key fields have been set

* fix in extractKeyFromFields, passing a PolicyRequest wouldn't not work

* checks for read, sign and verify endpoints so they don't return errors when a private key was not imported and tests

* handle panic on "export key" endpoint if imported key is public

* fmt

* remove 'isPrivateKey' argument from 'UpdateKeyVersion' and
'parseFromKey' methods

also: rename 'UpdateKeyVersion' method to 'ImportPrivateKeyForVersion' and 'IsPublicKeyImported' to 'IsPrivateKeyMissing'

* delete 'RSAPublicKey' when private key is imported

* path_export: return public_key for ecdsa and rsa when there's no private key imported

* allow signed data validation with pss algorithm

* remove NOTE comment

* fix typo in EC public key export where empty derBytes was being used

* export rsa public key in pkcs8 format instead of pkcs1 and improve test

* change logic on how check for is private key missing is calculated

---------

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-11 11:56:46 +00:00
claire bontempo 00e43b88b4
fix typo (#20473) 2023-05-02 19:29:14 +00:00
Josh Black 1d307d48b6
Clarify origin of ID parameter for path filter creation (#20415)
* Clarify origin of ID parameter for path filter creation

* add additional note

* add additional info
2023-05-01 08:34:03 -07:00
Alexander Scheel 32a7f8250a
Update to tidy status and docs (#20442)
* Add missing tidy-status state values

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on auto-tidy reading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing tidy status field revocation_queue_safety_buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Include pause_duration in tidy-status docs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add date of last auto-tidy operation to status

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-01 14:26:29 +00:00
Alexander Scheel 91481143af
Show existing keys, issuers on PKI import (#20441)
* Add additional existing keys response field

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update tests for validating existing keys

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update docs for import to include new fields

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-05-01 14:07:31 +00:00
Ben Ash 2f63318cea
api-docs/pki: common_name is no longer required. (#20403) 2023-04-27 16:11:49 -04:00
Josh Black 80a9d7d4ce
Correct an oversight re: skip_flush in the docs (#20383) 2023-04-26 17:30:09 -07:00
Brian Shumate 7fcdb23376
Docs: DR replication API updates (#20373)
* Docs: DR replication API updates

- Add clarification for secondary_public_key parameter
- Update section header

* During activation
2023-04-26 16:15:46 -07:00
miagilepner 7d631cb44f
VAULT-15791: Update docs to use vault-java-driver fork (#20316) 2023-04-25 11:08:05 +02:00
Braulio Gomes Rodrigues 03fa9432a4
changing chouchbase host variable (#19812)
* changing chouchbase host variable

* Alterando linha 82 couchbase
2023-04-24 13:56:56 +00:00
Josh Black 4b9599fddb
update website docs for new update-primary mode (#20302) 2023-04-21 15:21:28 -07:00
Luis (LT) Carbonell d308c31cbf
Add Configurable LDAP Max Page Size (#19032)
* Add config flag for LDAP max page size

* Add changelog

* move changelog to correct file

* cleanup

* Default to non-paged searching for with -1

* Update website/content/api-docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update tests

---------

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-04-20 20:39:27 +00:00
Austin Gebauer eaf67b7c0e
Add OIDC provider docs for IBM ISAM (#19247)
* Add OIDC provider docs for IBM ISAM

* Add changelog, api docs and docs-nav-data

---------

Co-authored-by: Benjamin Voigt <benjamin.voigt@god.dev>
2023-04-20 11:30:59 -07:00
Sohil Kaushal 5424eb2e8f
docs(postgresql): Update Postgresql SE API doco (#19931)
* docs(postgresql): Update Postgresql SE API doco

Update the postgresql secret engine API docs to include some "caveats"
of the pgx library. In particular, this enhances the docs to inform the
user that if any sslcreds are supplied as a part of the Database
connection string, the user/vault admin will need to ensure that the
certificates are present at those paths.

* Chore: fixup minor error with db docs

* Keep the language simple

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-19 00:17:44 +00:00
Yura Shutkin 7de8a3bc31
Update wrapping-unwrap.mdx (#20109)
* Update wrapping-unwrap.mdx

It is possible to unwrap data without authentication in Vault. I've added an example of a curl request.

* Add changelog record
2023-04-18 14:20:27 -07:00
Max Bowsher 91abc177bb
Minor follow-ups to #16865 (#20220)
* Minor follow-ups to #16865

Fix PKI issuer upgrade logic when upgrading to 1.12 or later, to
actually turn off the issuer crl-signing usage when it intended to.

Fix minor typo in docs.

* changelog
2023-04-18 07:39:05 -04:00
Milena Zlaticanin 42400699c0
add missing mongodb atlas fields to the docs (#20207) 2023-04-17 14:10:07 -07:00
Scott Miller 5be4d61d13
Add documentation for cert auth OCSP checking (#18064) 2023-04-13 18:33:21 +00:00
Jason O'Donnell ec9e08c931
sdk/ldaputil: add connection_timeout configurable (#20144)
* sdk/ldaputil: add connection_timeout configurable

* changelog

* Update doc

* Fix test

* Change default to 30s
2023-04-13 12:43:28 -04:00
Matt Schultz 2310e13cf1
Update docs to include specifics and caveats around Transit Managed Keys support. (#20099) 2023-04-12 12:19:25 -05:00
Mike Palmiotto 1b5d527521
api: Add reporting fields to activitylog config endpoint (#20086)
This PR adds the internal reporting state to the
`internal/counters/config` read endpoint:
* reporting_enabled
* billing_start_timestamp
2023-04-12 12:02:28 -04:00
Yoko Hyakuna 0b3f24a2d8
Update the HTTP verb for consistency (#20056) 2023-04-11 13:35:06 -07:00
John-Michael Faircloth 8a4e50fa64
secrets/openldap: add creds/ endpoint to API docs (#19973) 2023-04-11 08:42:50 -05:00
Brian Shumate 29fdfeeb04
API docs: update Transit restore payload example (#20032)
- Correct JSON payload example
2023-04-07 08:14:43 -04:00
Chip Stepowski 8cd90fc1e2
Update Create Role heading to Create/Update Role (#20000)
The subheading states you can update a named role but for navigation purposes I think it would also make sense to add it to the heading too.
2023-04-06 11:42:22 +01:00
Alain Chiasson 9ee73e38fb
Update replication-dr.mdx (#19604)
In testing, disabling the dr secondary requires a DR Operations token, not a vault token.
2023-04-03 13:35:16 -04:00
Alexander Scheel a94541080f
Clarify that other operations run while tidy is paused (#19914)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-31 16:09:37 -04:00
Peter Wilson 538e66ffea
Add available types to API documentation for enable audit (#19850) 2023-03-30 15:30:35 +00:00
Anton Averchenkov 41466b9eca
docs: Fix duration format link in kv-v2 docs page (#19768) 2023-03-27 13:18:25 -04:00
ram-parameswaran f491cc8225
Update username template description for AWS (#19690)
Update username template description for AWS by calling out what DisplayName and PolicyName actually are placeholders for
2023-03-23 19:56:55 -07:00
ram-parameswaran b24115cf1e
Updated connection_url to be pgx library relevant (#19667)
Updated connection_url to be according to the options available in the pgx library instead of the now deprecated use of the lib/pq which was done as part of Vault 1.11 as documented here - https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#june-20-2022
2023-03-22 09:02:47 -07:00
Raymond Ho 96e966e9ef
VAULT-13614 Support SCRAM-SHA-256 encrypted passwords for PostgreSQL (#19616) 2023-03-21 12:12:53 -07:00
Violet Hynes 31f764b82b
Update KV-V2 docs to explicitly call out the secret mount path as a parameter (#19607)
* Update KV-V2 docs to explicitly call out the secret mount path as a parameter

* Missed some angular brackets

* remove wishy language
2023-03-17 12:21:55 -04:00
Max Winslow dbbdd33c63
Change headings to h2 (#19402) 2023-03-07 15:48:51 -08:00
Max Winslow c44f94d7ff
update entity-alias doc fix (#19435) 2023-03-03 08:16:26 -08:00
Tony Wittinger 64b4ee234d
docs: updated key size in transit documentation (#19346) 2023-03-02 16:07:40 -08:00
Max Winslow 109fbe06bb
change verbiage for lookup group and entity (#19406) 2023-02-28 12:40:38 -08:00
Austin Gebauer 10fe43701f
docs/ad: adds deprecation announcements and migration guide (#19388)
* docs/ad: adds deprecation announcements and migration guide

* fix table ending

* remove fully-qualified links

* Minor format fixes - migrationguide

* Update website/content/docs/secrets/ad/migration-guide.mdx

Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>

* Update website/content/docs/secrets/ad/migration-guide.mdx

Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
2023-02-28 10:41:59 -08:00