Commit graph

1930 commits

Author SHA1 Message Date
Roy Sindre Norangshol a9c717b44e project is now project_id (#4251)
Verified both via vault CLI and direct curl'ing towards API endpoints.
2018-04-03 17:11:47 -04:00
Jeff Mitchell f5ba4796f5
Case insensitive behavior for LDAP (#4238) 2018-04-03 09:52:43 -04:00
Lowe Schmidt f2c302f920 Grammatical error (#4246)
As per Franklin Davis suggestion on the mailing list.
2018-04-03 07:53:38 -04:00
Vishal Nayak 96fc0c2509
Update group alias by ID (#4237)
* update group alias by id

* update docs
2018-04-02 10:42:01 -04:00
Vishal Nayak 032ca979dc
move identity docs from ent docs to oss (#4235) 2018-04-01 13:59:43 -04:00
Vishal Nayak ab3579aeb6
add entity merge API to docs (#4234) 2018-04-01 12:59:57 -04:00
LeSuisse cdd7cc1635 Update usage of the deprecated generated-root command in the documentation (#4232) 2018-03-31 11:17:08 -04:00
Seth Vargo b48a9878e7 Add HA support to the Google Cloud Storage backend (#4226) 2018-03-30 12:36:37 -04:00
Brian Shumate bf1b8709a6 Update Consuls Secrets quick start (#4224)
- Fix typo in role name
- Drop ordered list formatting on get credential example
2018-03-30 10:46:05 -04:00
Jon Benson d1b0d6efb3 Update mfa-totp.html.md (#4220) 2018-03-29 16:51:13 -04:00
Jeff Mitchell 2f90e0c2e1 Merge branch 'master-oss' into 0.10-beta 2018-03-27 12:40:30 -04:00
Yoko d03056eed3
Update Github auth method API reference (#4202)
* Update Github auth method API reference

* Replaced vault.rocks in API
2018-03-26 16:56:14 -07:00
vishalnayak 37153482be docs: update aws ec2 auth step 2018-03-26 17:26:48 -04:00
Jeff Mitchell e8fc0a11ce Remove a few more vault.rocks usages 2018-03-26 15:02:22 -04:00
Wilhelmina Drengwitz a10f02ef7b Add general recommendation for the api_addr config value (#4198)
We ran into some confusion about what we should be setting the api_addr config value to. I feel this general recommendation should nudge any others into a better understanding of what this value should point to.
2018-03-26 13:46:54 -04:00
Jeff Mitchell 65d8eb0914 Add more docs around list paths in policies.
CC #4199
2018-03-26 11:30:58 -04:00
Brian Shumate 0c30145325 Docs: add note about enterprise replication installations section to upgrade guide (#3631) 2018-03-26 10:25:09 -04:00
Seth Vargo 0b827774ae Drop vault.rocks (#4186) 2018-03-23 11:41:51 -04:00
Chris Hoffman b7ef4a3a6f
adding Azure docs (#4185)
Adding Azure Auth Method docs
2018-03-22 18:28:42 -04:00
Jeff Mitchell f45a57af7a Bump versions for beta release 2018-03-22 09:44:03 -04:00
Jim Kalafut 7842557e62 Fix minor docs and help text issues (#4184) 2018-03-22 09:29:59 -04:00
Brian Kassouf ad383e911f Update kv backend and add some docs (#4182)
* Add kv backend

* Move kv in apha order

* Update kv backend and add some docs
2018-03-21 23:10:05 -04:00
Brian Kassouf 3324d6dd12 Add kv backend (#4181) 2018-03-21 22:56:52 -04:00
Calvin Leung Huang 25792df5a9
Passthrough request headers (#4172)
* Add passthrough request headers for secret/auth mounts

* Update comments

* Fix SyncCache deletion of passthrough_request_headers

* Remove debug line

* Case-insensitive header comparison

* Remove unnecessary allocation

* Short-circuit filteredPassthroughHeaders if there's nothing to filter

* Add whitelistedHeaders list

* Update router logic after merge

* Add whitelist test

* Add lowercase x-vault-kv-client to whitelist

* Add back const

* Refactor whitelist logic
2018-03-21 19:56:47 -04:00
emily f9b6f4b1c5 Docs for Vault GCP secrets plugin (#4159) 2018-03-21 15:02:38 -04:00
Brian Shumate 1fcf0c6a38 Docs: update formatting / heading (#4175)
- Correct Generate Disaster Recovery Operation Token heading level
- Tighten up formatting/trailing spaces
2018-03-21 10:14:52 -04:00
Jeff Mitchell c25c60117a Fix file location for 0.9.6 upgrade guide 2018-03-20 22:34:41 -04:00
Jeff Mitchell f1aff69d92 Add 0.9.6 upgrade guide 2018-03-20 22:27:01 -04:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell 396ccd8699 Push up changes to prep for release 2018-03-20 14:10:53 -04:00
Jason Martin b3e5ec865d README Spelling error (#4165) 2018-03-20 11:45:56 -04:00
Jeff Mitchell 9e46f0f84a Explicitly call out that we use aes-256 gcm-96 for the barrier.
Fixes #2913
2018-03-19 19:53:12 -04:00
Jeff Mitchell 9d030aaf37 Note that you can set a CA chain when using set-signed.
Fixes #2246
2018-03-19 19:44:07 -04:00
Yoko 4a25c18134
Transit rewrap (#4091)
* Adding new guides

* Replaced backend with engine

* Grammar for the encryption guide

* Grammar and Markdown style for the Transite Rewrap guide

See
https://github.com/hashicorp/engineering-docs/blob/master/writing/markdown.md
for notes on numbered Markdown lists.

* grammar and wording updates for ref arch guide

* Updating replication diagram

* Removing multi-tenant pattern guide

* Added a note 'Enterprise Only'

* Removing multi-tenant pattern guide

* Modified the topic order

* Grammar and Markdown formatting

* Grammar, Markdown syntax, and phrasing

* Grammar and Markdown syntax

* Replaced 'backend' with appropriate terms

* Added a note clarifying that replication is an enterprise-only feature

* Updated the diagram & added additional resource links

* update some grammar and ordering

* Removed the inaccurate text in index for EaaS
2018-03-19 14:56:45 -07:00
Jacob Crowther 35ccbe504c Add Cryptr to related tools (#4126) 2018-03-19 14:46:54 -04:00
Jeff Mitchell 3a5e1792c0 Update path-help to make clear you shouldn't put things in the URL.
Remove from website docs as those have been long deprecated.
2018-03-19 11:50:16 -04:00
vishalnayak fe0a077e17 s/Methods/Method 2018-03-18 15:46:57 -04:00
Joel Thompson 3e2006eb13 Allow non-prefix-matched IAM role and instance profile ARNs in AWS auth backend (#4071)
* Update aws auth docs with new semantics

Moving away from implicitly globbed bound_iam_role_arn and
bound_iam_instance_profile_arn variables to make them explicit

* Refactor tests to reduce duplication

auth/aws EC2 login tests had the same flow duplicated a few times, so
refactoring to reduce duplication

* Add tests for aws auth explicit wildcard constraints

* Remove implicit prefix matching from AWS auth backend

In the aws auth backend, bound_iam_role_arn and
bound_iam_instance_profile_arn were ALWAYS prefix matched, and there was
no way to opt out of this implicit prefix matching. This now makes the
implicit prefix matching an explicit opt-in feature by requiring users
to specify a * at the end of an ARN if they want the prefix matching.
2018-03-17 21:24:49 -04:00
Roger Berlind 753f8a8545 Fixed broken k8s TokenReview API link (#4144) 2018-03-17 21:23:41 -04:00
Jeff Mitchell 3d44060b5f Update interactive tutorial commands 2018-03-16 15:03:51 -04:00
immutability 04d1202426 Plugins need setcap too for syscall mlock (#4138) 2018-03-16 06:05:01 -07:00
Yoko 2752855faa Fixed the hyperlink (#4140) 2018-03-15 19:24:26 -07:00
Yoko fb8d1566e6
updating the AppRole diagram (#4139)
Fixing the build error
2018-03-15 18:23:25 -07:00
Yoko 3a72bcc4ae
Approle diagram (#4132)
* Updates requested by the SE team

* Added links to AppRole blog and webinar

* Updated diagram

* Updated diagram
2018-03-15 17:16:59 -07:00
Joel Thompson 39dc981301 auth/aws: Allow binding by EC2 instance IDs (#3816)
* auth/aws: Allow binding by EC2 instance IDs

This allows specifying a list of EC2 instance IDs that are allowed to
bind to the role. To keep style formatting with the other bindings, this
is still called bound_ec2_instance_id rather than bound_ec2_instance_ids
as I intend to convert the other bindings to accept lists as well (where
it makes sense) and keeping them with singular names would be the
easiest for backwards compatibility.

Partially fixes #3797
2018-03-15 09:19:28 -07:00
Brian Nuszkowski 76be90f384 Add PKCS1v15 as a RSA signature and verification option on the Transit secret engine (#4018)
Option to specify the RSA signature type, in specific add support for PKCS1v15
2018-03-15 09:17:02 -07:00
Jeff Mitchell 59b3e28151 Make the API docs around ed25519 more clear about what derivation means for this key type 2018-03-15 11:59:50 -04:00
Jim Kalafut 3f1ed4eb0d Fix description of parameter value globbing (#4131) 2018-03-14 17:03:00 -04:00
Edward Z. Yang ac98730578 Vault user needed to use STS Federation Tokens (#4108)
If you try to use role authorization to get an STS token, you'll get this error:

* Error generating STS keys: AccessDenied: Cannot call GetFederationToken with session credentials
2018-03-14 10:24:29 -04:00
Malte a0776eb703 Fix typo in recommended vault auth iam policy (#4128)
The resource arn for the `sts:AssumeRole` action is missing a `:` for the region and therefore invalid.
2018-03-14 03:45:21 -04:00