3795d2ea64
Rework ssh ca ( #2419 )
...
* docs: input format for default_critical_options and default_extensions
* s/sshca/ssh
* Added default_critical_options and default_extensions to the read endpoint of role
* Change default time return value to 0
2017-03-01 15:50:23 -05:00
ff1ff02bd7
Changes from code review
...
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
2017-03-01 15:19:18 -05:00
099d561b20
Add ability to create SSH certificates
2017-03-01 15:19:18 -05:00
3855021b40
Re-enable soft purging, stale-if-error
2017-03-01 12:38:40 -05:00
5e1e314bf9
Cache for a longer time on Fastly ( #2417 )
2017-02-28 16:54:51 -05:00
7012d63a28
Update policies doc with allowed/denied params and min/max wrapping ttl info
2017-02-27 15:17:19 -05:00
184b47e20c
Add a TTL to the dynamodb lock implementation. ( #2141 )
2017-02-27 14:30:34 -05:00
1518d626e3
docs: update sys heal status codes
2017-02-26 15:20:23 -05:00
e13fc759d8
Update sys-health.html.md
...
typo
2017-02-26 15:20:23 -05:00
b762c43fe2
Aws Ec2 additional binds for SubnetID, VpcID and Region ( #2407 )
...
* awsec2: Added bound_region
* awsec2: Added bound_subnet_id and bound_vpc_id
* Add bound_subnet_id and bound_vpc_id to docs
* Remove fmt.Printf
* Added crud test for aws ec2 role
* Address review feedback
2017-02-24 14:19:10 -05:00
c6f138bb9a
PKI: Role switch to control lease generation ( #2403 )
...
* pki: Make generation of leases optional
* pki: add tests for upgrading generate_lease
* pki: add tests for leased and non-leased certs
* docs++ pki generate_lease
* Generate lease is applicable for both issuing and signing
* pki: fix tests
* Address review feedback
* Address review feedback
2017-02-24 12:12:40 -05:00
3ddffbe574
awsec2: markdown text alignment
2017-02-23 14:52:38 -05:00
f992103615
Merge branch 'master' into acl-parameters-permission
2017-02-21 14:46:06 -08:00
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
0c39b613c8
Port some replication bits to OSS ( #2386 )
2017-02-16 15:15:02 -05:00
0044ea8917
Update hsm.html.md ( #2381 )
2017-02-16 07:25:22 -05:00
817bec0955
Add Organization support to PKI backend. ( #2380 )
...
Fixes #2369
2017-02-16 01:04:29 -05:00
51f7114648
Merge branch 'master-oss' into acl-parameters-permission
2017-02-15 20:37:58 -05:00
e2de7ec7fe
Edit to the language of the description of disable_mlock on the configuration documentation page. Previous wording could lead to confusion as to the recommended setting of the disable_mlock option. ( #2377 )
2017-02-15 11:09:27 -05:00
b86e9bc09f
aws-ec2 auth: fix docs ( #2375 )
2017-02-15 06:29:27 -05:00
ca06bc0b53
audit: support a configurable prefix string to write before each message ( #2359 )
...
A static token at the beginning of a log line can help systems parse
logs better. For example, rsyslog and syslog-ng will recognize the
'@cee: ' prefix and will parse the rest of the line as a valid json message.
This is useful in environments where there is a mix of structured and
unstructured logs.
2017-02-10 16:56:28 -08:00
2a79627a2e
Update libraries.html.md ( #2360 )
2017-02-10 09:39:18 -08:00
65b274299f
docs: transit parameter is actually deletion_allowed ( #2356 )
2017-02-09 15:10:28 -05:00
12ba3f7640
Cache assets longer
2017-02-09 14:39:12 -05:00
231238a6f8
Change cache to 4h
2017-02-09 14:37:12 -05:00
72db329d67
Add support for backup/multiple LDAP URLs. ( #2350 )
2017-02-08 14:59:24 -08:00
d5b1cc7ebe
Add correct output to unmount documentation ( #2352 )
...
Simply adding the actual output of: 'vault unmount generic/'
2017-02-08 10:40:56 -05:00
2fd59ad308
Merge branch 'master-oss' into acl-parameters-permission
2017-02-08 01:59:52 -05:00
f9c67273f3
Add audited headers to sidebar
2017-02-07 17:02:14 -05:00
6612744576
Add Okta docs to sidebar
2017-02-07 16:57:28 -05:00
b1ad99ebba
Prep for 0.6.5 release
2017-02-07 16:11:32 -05:00
29d9d5676e
RADIUS Authentication Backend ( #2268 )
2017-02-07 16:04:27 -05:00
f3de9f57ce
Add etcd API info
2017-02-07 11:33:02 -08:00
2923934813
Merge pull request #2326 from hashicorp/pr-2161
...
Add Socket Audit Backend
2017-02-07 11:27:25 -08:00
128de55742
Added a warning about the dropped socket connection edge case
2017-02-07 11:06:36 -08:00
29b3cc6b00
Fixing a few typos in the docs ( #2344 )
2017-02-07 11:55:29 -05:00
a566097657
Add info about UNIX sockets
2017-02-06 15:56:58 -08:00
d56c0e33b3
docs: add note about request size limit ( #2337 )
2017-02-06 18:24:40 -05:00
7f2717b74a
transit: change batch input format ( #2331 )
...
* transit: change batch input format
* transit: no json-in-json for batch response
* docs: transit: update batch input format
* transit: fix tests after changing response format
2017-02-06 14:56:16 -05:00
af1847f2b4
Update the docs and move the logic for reconnecting into its own function
2017-02-04 16:55:17 -08:00
1d0d353901
Fix incorrect sample URL in aws-ec2 docs
2017-02-04 19:27:35 -05:00
b09077c2d8
add socket audit backend
2017-02-02 14:21:48 -08:00
6701ba8a10
Configure the request headers that are output to the audit log ( #2321 )
...
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited
* Remove some debug lines
* Add a persistant layer and refactor a bit
* update the api endpoints to be more restful
* Add comments and clean up a few functions
* Remove unneeded hash structure functionaility
* Fix existing tests
* Add tests
* Add test for Applying the header config
* Add Benchmark for the ApplyConfig method
* ResetTimer on the benchmark:
* Update the headers comment
* Add test for audit broker
* Use hyphens instead of camel case
* Add size paramater to the allocation of the result map
* Fix the tests for the audit broker
* PR feedback
* update the path and permissions on config/* paths
* Add docs file
* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
5fb28f53cb
Transit: Support batch encryption and decryption ( #2143 )
...
* Transit: Support batch encryption
* Address review feedback
* Make the normal flow go through as a batch request
* Transit: Error out if encryption fails during batch processing
* Transit: Infer the 'derived' parameter based on 'context' being set
* Transit: Batch encryption doc updates
* Transit: Return a JSON string instead of []byte
* Transit: Add batch encryption tests
* Remove plaintext empty check
* Added tests for batch encryption, more coming..
* Added more batch encryption tests
* Check for base64 decoding of plaintext before encrypting
* Transit: Support batch decryption
* Transit: Added tests for batch decryption
* Transit: Doc update for batch decryption
* Transit: Sync the path-help and website docs for decrypt endpoint
* Add batch processing for rewrap
* transit: input validation for context
* transit: add rewrap batch option to docs
* Remove unnecessary variables from test
* transit: Added tests for rewrap use cases
* Address review feedback
* Address review feedback
* Address review feedback
* transit: move input checking out of critical path
* transit: allow empty plaintexts for batch encryption
* transit: use common structs for batch processing
* transit: avoid duplicate creation of structs; add omitempty to response structs
* transit: address review feedback
* transit: fix tests
* address review feedback
* transit: fix tests
* transit: rewrap encrypt user error should not error out
* transit: error out for internal errors
2017-02-02 14:24:20 -05:00
3457a11afd
awsec2: support periodic tokens ( #2324 )
...
* awsec2: support periodic tokens
* awsec2: add api docs for 'period'
2017-02-02 13:28:01 -05:00
0548555219
Support for Cross-Account AWS Auth ( #2148 )
2017-02-01 14:16:03 -05:00
6033ea884c
Okta implementation ( #1966 )
2017-01-26 19:08:52 -05:00
89b0ee09d3
Merge pull request #2296 from hashicorp/rfay-20161230_add_cookbook_with_root_token_generation
...
Add 'Guides' section
2017-01-25 15:33:43 -05:00
715732502d
Update docs.erb
2017-01-25 15:33:20 -05:00
a898996c43
Update title and other minor changes.
2017-01-24 08:47:53 -08:00
c5f690b891
Fixing a few incorrect entries
2017-01-24 11:08:58 -05:00
03d05b448a
Minor transit docs fixes
2017-01-23 22:26:38 -05:00
b3fc3db6ec
Adding LDAP API reference and misc docs formatting issues
2017-01-23 22:08:08 -05:00
c19e7ce793
undo inadvertant tabs to spaces on docs.erb
2017-01-23 17:02:06 -08:00
a307328f04
Additional changes to @rfay's PR from https://github.com/hashicorp/vault/pull/2217 .
...
- Renamed Cookbook to Guides
- Made Guides index page
- Moved Guides link on sidebar
- Minor formatting changes to generate-root guide
2017-01-23 16:41:25 -08:00
82af6a17c8
Merge branch '20161230_add_cookbook_with_root_token_generation' of https://github.com/rfay/vault into rfay-20161230_add_cookbook_with_root_token_generation
2017-01-23 16:13:58 -08:00
1615280efa
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener ( #2293 )
2017-01-23 13:48:35 -05:00
98df700495
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
7568a212b1
Adding support for exportable transit keys ( #2133 )
2017-01-23 11:04:43 -05:00
5aba2d47b6
ldap: Minor enhancements, tests and doc update ( #2272 )
2017-01-23 10:56:43 -05:00
2cdd70fdf9
First attempt at adding docs for permissions
2017-01-20 16:34:30 -08:00
d6198b7e24
change consistency config value from a bool to a string ( #2282 )
2017-01-19 17:36:33 -05:00
4da3cf3479
Fix file_path argument in audit's index.html
2017-01-18 21:43:29 -05:00
06c586ccd1
tokenStore: document the 'period' field ( #2267 )
2017-01-18 17:25:52 -05:00
5f28afdf32
Example "List" command missing a forward slash ( #2233 )
...
The List command example is missing a forward slash before the query parameter.
2017-01-18 17:25:23 -05:00
8668f82831
vaultsharp is now cross-platform ( #2285 )
2017-01-18 08:45:16 -05:00
0d59c1e6db
Adding the 429 code back in
2017-01-17 13:36:56 -05:00
62f17774f5
doc: remove unused 429 code from docs to avoid confusion
2017-01-13 23:12:32 -05:00
f11cd7f54a
SP error
2017-01-13 11:50:23 -08:00
aff6282e78
Add require_conistent to docs
2017-01-13 11:48:35 -08:00
d71bdf893a
Fixed rabbitmq documentation
...
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
2017-01-13 08:54:04 +01:00
e5551afac7
paraphrasing the cluster_addr doc
2017-01-12 11:26:43 -05:00
eb7f4ef467
Describe how actually configuration option for 'Per-Node Cluster Address' topic is called.
...
According to 'Server Configuration' web page it's 'cluster_addr' (note, not 'cluster_address').
Previously this was not clear, what exactly 'this' was.
2017-01-12 12:20:19 +03:00
cb8bbc4fbd
Transit key actions ( #2254 )
...
* add supports_* for transit key reads
* update transit docs with new supports_* fields
2017-01-11 10:05:06 -06:00
af192b2081
Note about VAULT_UI environment variable. ( #2255 )
2017-01-11 09:29:45 -05:00
a5fc6d1f31
fix lookup-self response json
...
reflect the true 0.6.4 response.
2017-01-10 23:19:49 -08:00
f18d08cf2b
Remove documenting that the token to revoke can be part of the URL as ( #2250 )
...
this should never be used and only remains for backwards compat.
Fixes #2248
2017-01-09 22:09:29 -05:00
4d83db66df
Clarify text around redirect addr being required
2017-01-06 15:07:01 -05:00
64e7e99755
prevent startup error when user has multiple private IPs configured locally
2017-01-03 15:24:11 -05:00
6dd1de959c
Add link to vault-client vc written in go ( #2225 )
2017-01-03 11:29:54 -05:00
787b6aa93c
Add cookbook section, with root token generation technique
2016-12-30 09:19:55 -07:00
c8248b0d97
Adds a link to the latest releases CHANGELOG on the downloads.html page ( #2205 )
2016-12-29 19:57:16 -06:00
f6cc4c89ec
Adding Vault.NET C# Library ( #2213 )
2016-12-29 19:26:47 -06:00
6c8a071a01
Fixed docs - auth backend aws had a typo on API example ( #2211 )
2016-12-28 11:41:50 -06:00
ad5bdfa83c
Update vs HSM text
2016-12-28 11:23:50 -05:00
69da5bc021
Replace app-id with approle due to deprecation ( #2197 )
...
According to the documentation the App-ID backend is deprecated in favor of the AppRole backend since Vault 0.6.1.
2016-12-20 13:29:42 -05:00
98a6e0fea3
Add Duo pushinfo capabilities ( #2118 )
2016-12-19 15:37:44 -05:00
ba026aeaa1
TokenStore: Added tidy endpoint ( #2192 )
2016-12-16 15:29:27 -05:00
f6044764c0
Fix revocation of leases when num_uses goes to 0 ( #2190 )
2016-12-16 13:11:55 -05:00
ca1f0115b6
add unix socket example as well ( #2193 )
2016-12-16 05:13:35 -05:00
9a9edfb515
Update index.html.md ( #2191 )
...
add DSN as link to go-sql-driver/mysql to know the syntax
2016-12-16 03:37:54 -05:00
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
b70eff9b26
website: turn off autocomplete on the demo ( #2187 )
...
Removes the akward browser autocomplete bar from the tutorial input.
2016-12-15 11:00:44 -05:00
0b082bff42
Edits to the deploy guide
2016-12-14 11:17:50 -05:00
e2ef0b75b6
Edits to the authorization/acl guide
2016-12-14 11:11:14 -05:00
c47c8343b5
Edits to the authentication guide
2016-12-14 11:06:42 -05:00
73ce47d0fe
Formatting and language updates to help guide
2016-12-14 10:55:11 -05:00
ce6c0dcf95
Minor formatting fix to dynamic secrets guide
2016-12-14 10:51:56 -05:00
f1b5377e81
Updated some formatting and language in the secret backends doc
2016-12-14 10:46:14 -05:00
73324e2cba
Updated some formatting and language in the first secret doc
2016-12-14 10:39:45 -05:00
3a981ae7b4
Updated some language and formatting in the dev-server guide
2016-12-14 10:34:52 -05:00
49dd4f70df
Edits to the install doc in getting started
2016-12-14 10:15:26 -05:00
6df55a3126
Added next step to install section
2016-12-14 10:13:15 -05:00
a46217989b
Fix broken link
2016-12-13 10:56:18 +05:30
f1ef8485ab
Small typo
2016-12-08 16:51:16 -08:00
bd41c48304
Add doc for ui to config page
2016-12-06 17:13:12 -05:00
a81d18b437
Add 0.6.3 upgrade page to sidebar
2016-12-06 16:37:28 -05:00
f5891b6677
Prep for 0.6.3
2016-12-06 11:26:29 -05:00
f07a19c503
gcs physical backend ( #2099 )
2016-12-01 11:42:31 -08:00
a381f727e6
Add Rust ( #2136 )
...
Add the Rust crate to the list
2016-12-01 10:54:41 -08:00
b17100cf0d
Fix aws auth login example ( #2122 )
2016-12-01 10:17:08 -08:00
3d66907966
Disallow passwords LDAP binds by default ( #2103 )
2016-12-01 10:11:40 -08:00
efe97559ea
Improve link to intro and getting started ( #2049 )
2016-11-28 09:41:08 -08:00
d1c3367168
return code is 403 not 400 ( #2128 )
2016-11-25 06:47:27 -08:00
e1d3650b7f
Minor documentation tweak ( #2127 )
...
Should be arn, not policy - latter will error as that assume an inline policy json document
2016-11-24 07:36:46 -08:00
1812ce8d4a
Change command examples for First Secrets #2116 ( #2117 )
...
These were discovered to be out of date as per https://github.com/hashicorp/vault/issues/2116
2016-11-22 12:44:17 -05:00
a94962e004
Update docs to fix #2102
2016-11-22 12:19:22 -05:00
aac4f894c9
Update libraries doc for Haskell community library ( #2101 )
2016-11-17 13:36:00 -05:00
6b5327a04d
Document bug causing certain LDAP settings to be forgotten on upgrade to
...
0.6.1+.
Fixes #2104
2016-11-16 17:08:16 -05:00
db9dbdeb86
Added document to github auth backend covering user-specific policies. ( #2084 )
2016-11-11 08:59:26 -05:00
57925ee863
Vendor circonus ( #2082 )
2016-11-10 16:17:55 -05:00
a8f35e95a0
Clarify that Swift only supports v1.0 auth ( #2070 )
2016-11-08 06:44:34 -05:00
799707fdd0
Specify the value of "generated secrets" ( #2066 )
...
This small change is to specify (mostly for new users) that only dynamic secrets are revoked when running revoke-self.
2016-11-07 15:02:23 -05:00
0357d73dad
Add information on HMAC verification to transit docs ( #2062 )
2016-11-07 13:44:14 -05:00
9d4eedcce4
Update unwrap call documentation
2016-11-02 13:36:32 -04:00
9066f012a7
Fix cache default size and docs
2016-11-01 10:24:35 -04:00
35542e39d7
Use gpg binary in PGP website documentation ( #2047 )
2016-10-30 13:09:56 -04:00
b8b962c6e5
Rearrange libs
2016-10-29 13:53:06 -04:00
8c5d40df16
Add Spring Vault to client libraries ( #2042 )
2016-10-29 13:52:16 -04:00
48196228d6
s/localhost/127.0.0.1 in approle docs
2016-10-28 09:46:39 -04:00
260424244b
s/localhost/127.0.0.1
2016-10-28 09:23:05 -04:00
4ab6bd41c4
Using AppRole as an example. Removed 'root' policy being used in examples
2016-10-28 01:24:25 -04:00
089798b5d1
Update libraries.html.md
...
Add Clojure Vault client.
2016-10-27 11:39:52 -07:00
e0fb8c17ce
Added revocation_sql to the website docs
2016-10-27 12:15:08 -04:00
c74303dd59
Merge pull request #2029 from bfallik/patch-1
...
Update aws-ec2.html.md
2016-10-26 16:57:39 -04:00
d3f71e7232
doc: syslog change data type from bool to string ( #1998 )
2016-10-26 16:18:31 -04:00
59a59a3235
Update aws-ec2.html.md
...
fix minor typo
2016-10-26 15:40:40 -04:00
9bba65e614
doc: change data type from boolean to string ( #1997 )
...
the api doesn't accept the boolean value. it needs a string containing a boolean value.
2016-10-26 11:29:42 -04:00
5ef3e4b5ef
Docs: Add port numbers to redirect_addr
2016-10-19 22:07:25 -04:00
fec9d83dce
Docs: Update the client redirection defaults
2016-10-18 13:27:19 -04:00
45f720cea7
Merge pull request #2006 from hashicorp/update-github-docs
...
Update github login output in the docs
2016-10-18 10:27:06 -04:00
4b6e82afcb
Add ability to list keys in transit backend ( #1987 )
2016-10-18 10:13:01 -04:00
6646656e32
Merge pull request #2013 from rjhornsby/master
...
Fix sidebar typo
2016-10-18 09:45:03 -04:00
efa76a02ad
Merge pull request #2010 from rajanadar/patch-5
...
doc: add doc for the GET lease settings api
2016-10-18 09:39:23 -04:00
5e89fc4997
Fix typo
...
Fix typo in sidebar layout that prevented sidebar item 'getting started apis' from correctly rendering when that page was active.
2016-10-17 10:59:16 -05:00
d43e7395c7
fix indentation
2016-10-15 22:58:25 -07:00
f743ac97c2
doc: add doc for the GET lease settings api
...
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
2016-10-15 22:43:50 -07:00
f31d99e51d
doc: add consistency field in get-role response
2016-10-15 01:15:58 -07:00
f556a38959
Update github login output in the docs
2016-10-14 22:39:56 -04:00
c1be9ce062
Merge pull request #1988 from mp911de/issue/refdocs-approle-post-on-secret-id-destroy
...
Use POST method for destroy operations in documentation
2016-10-14 15:37:13 -04:00
11db53e2f1
Merge pull request #1991 from hashicorp/pgp-gpg-doc-update
...
Update pgp-gpg concepts page to use base64 decoding instead of hex
2016-10-14 15:34:04 -04:00
557bf45de6
Update the getting started API doc to not use 'root' policy
2016-10-11 16:07:48 -04:00
6c9358dbec
Update pgp-gpg concepts page to use base64 decoding instead of hex
2016-10-11 15:58:32 -04:00
95144ddae3
Use POST method for destroy operations in documentation
...
Use POST method as most clients (including Vault cli) cannot send a body when using the DELETE HTTP method.
2016-10-11 17:12:07 +02:00
9fc5a37e84
address feedback
2016-10-09 22:23:30 -04:00
1b8d12fe82
changes for 'mode'
2016-10-08 19:52:49 -04:00
39e7732473
website documentation update
2016-10-07 15:48:29 -04:00
d580bb1c27
Update upgrade guide
2016-10-05 14:10:27 -04:00
7f9a88d8db
Postgres revocation sql, beta mode ( #1972 )
2016-10-05 13:52:59 -04:00
83b85dea1c
Prep for 0.6.2
2016-10-05 08:23:31 -04:00
6b0f886756
Update website with breaking change information
2016-10-04 22:35:56 -04:00
661a8a4734
Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature
...
aws-ec2-auth using identity doc and RSA digest
2016-10-04 15:45:12 -04:00
0f8c132ede
Minor doc updates
2016-10-04 15:46:09 -04:00
59475d7f14
Address review feedback
2016-10-04 15:05:44 -04:00
4141b632fa
Merge pull request #1957 from hashicorp/website-list-userpass
...
Added user listing endpoint to userpass docs
2016-10-04 14:10:49 -04:00
348a09e05f
Add only relevant certificates
2016-10-03 20:34:28 -04:00
dbd364453e
aws-ec2 config endpoints support type option to distinguish certs
2016-10-03 20:25:07 -04:00
61975f4265
add documentation for cluster_name and link atlas listener docs
2016-10-03 15:04:33 -05:00
34a6abcbb6
document the atlas listener
2016-10-03 10:41:50 -05:00
2c85fdfeb9
Switch default case of disable cluster. ( #1959 )
2016-10-02 14:54:01 -04:00
aef1a88de4
Added docs for reading and deleting username
2016-09-30 16:13:57 -04:00
2ad698ec0b
Added user listing endpoint to userpass docs
2016-09-30 15:47:33 -04:00
606d717ad9
Update changelog and website for GH-1958
2016-09-30 15:08:38 -04:00
4a505bfa3e
Update text around cubbyhole/response
2016-09-29 17:44:15 -04:00
7a8fcfcf55
Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection"
...
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.
The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
2016-09-29 14:05:47 -05:00
4c74b646fe
Merge pull request #1947 from hashicorp/secret-id-lookup-delete
...
Introduce lookup and destroy endpoints for secret IDs and its accessors
2016-09-29 10:19:54 -04:00
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
34e76f8b41
Added website docs for lookup and destroy APIs
2016-09-28 22:11:48 -04:00
2dd1f584e6
Update documentation for required AWS API permissions
...
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
2016-09-28 16:50:20 -07:00
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
a9976dca1c
Remove a mistyped character
2016-09-28 18:30:49 -04:00
69c57f843d
Merge pull request #1943 from hashicorp/iam-bounds-prefix
...
Check for prefix match instead of exact match for IAM bound parameters
2016-09-28 18:11:53 -04:00
e01f99f042
Check for prefix match instead of exact match for IAM bound parameters
2016-09-28 18:08:28 -04:00
ba5da65163
Merge pull request #1940 from chrishoffman/consul-doc
...
Small consul doc fix
2016-09-28 15:48:45 -04:00
4a30a6b4f8
Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn
...
Proper naming for bound_iam_instance_profile_arn
2016-09-28 15:34:56 -04:00
8c755bfe92
Small consul doc fix
2016-09-28 15:11:39 -04:00
010293ccc3
Merge pull request #1931 from hashicorp/cass-consistency
...
Adding consistency into cassandra
2016-09-27 21:12:02 -04:00
d235acf809
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
883b5db420
typo correction
2016-09-27 16:38:27 -04:00
648a71fa11
updates to the documents
2016-09-27 16:36:20 -04:00
96afb1d27a
Update getting started docs since root can no longer be used from github
2016-09-26 13:09:26 -04:00
be9fb99a99
Update middleman-hashicorp ( #1922 )
2016-09-26 12:40:48 -04:00
b1ee56a15b
Merge pull request #1910 from hashicorp/secret-id-cidr-list
...
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
f8e3cf4591
Add information about accessors to the token concepts page.
...
Fixes #1918
2016-09-26 10:18:38 -04:00
d080107a87
Update docs to contain bound_iam_role_arn
2016-09-26 09:37:38 -04:00
c39eeecaea
tip to override VAULT_ADDR in getting started guide ( #1915 )
2016-09-23 19:34:07 -04:00
2d4bfeff49
Update website for bound_iam_instance_profile_arn
2016-09-23 11:23:59 -04:00
aaadd4ad97
Store the CIDR list in the secret ID storage entry.
...
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
226ef5d78c
Make HA in etcd off by default. ( #1909 )
...
Fixes #1908
(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
2016-09-21 14:01:36 -04:00
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
982f151722
Update docs to reflect that there is more than one constraint for EC2 now
2016-09-20 16:11:32 -04:00
5c241d31e7
Renaming ttl_max -> max_ttl in mssql backend ( #1905 )
2016-09-20 12:39:02 -04:00
f6239cf0c0
fix shell quoting ( #1904 )
...
$() doesnt get evaluated in single quotes, so you need to break out of it first
2016-09-19 17:11:16 -04:00
7f3041d6a5
Fix formatting
2016-09-19 13:00:50 -04:00
6e40d606d4
Bump to newer middleman-hashicorp
2016-09-19 12:42:35 -04:00
85c51fd861
Update website docs to indicate sudo being required for auth/audit
...
endpoints.
2016-09-19 12:10:08 -04:00
f7b3937c77
Fix website display of tune paths
2016-09-16 12:03:50 -04:00
61664bc653
Merge pull request #1886 from hashicorp/approle-upgrade-notes
...
upgrade notes entry for approle constraint and warning on role read
2016-09-15 12:14:01 -04:00
4f33e8d713
Merge pull request #1892 from hashicorp/role-tag-defaults
...
Specify that role tags are not tied to an instance by default
2016-09-15 12:04:41 -04:00
9bca127631
Updated docs with nonce usage
2016-09-14 19:31:09 -04:00
2639ca4d4f
Address review feedback
2016-09-14 16:06:38 -04:00
dcddaa8094
Address review feedback
2016-09-14 15:13:54 -04:00
d5cc763b8d
Clarify that tags can be used on all instances that satisfies constraints
2016-09-14 14:55:09 -04:00
03fc7b517f
Specify that role tags are not tied to an instance by default
2016-09-14 14:49:18 -04:00
53c919b1d0
Generate the nonce by default
2016-09-14 14:28:02 -04:00
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
99a2655d8e
upgrade notes entry for approle constraint and warning on role read
2016-09-13 17:44:07 -04:00
bc3cce7d2d
Add 0.6.2 page to sidebar
2016-09-13 16:49:54 -04:00
bef9c2ee61
Ensure at least one constraint on the role
2016-09-13 16:03:15 -04:00
888e833aae
Remove old text from upgrade notes, as changes were made
2016-09-13 11:51:46 -04:00
c01bf6cb1b
Update libraries.html.md ( #1879 )
2016-09-13 09:23:46 -04:00
b524e43f15
Small change: Fix permission vault requires.
...
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
2016-09-12 14:38:10 -06:00
14f2a673e2
Out of date `code`
...
Looks like the `500` is now a `405`:
```
$ vault read aws/config/root
Error reading aws/config/root: Error making API request.
URL: GET http://127.0.0.1:8200/v1/aws/config/root
Code: 405. Errors:
* 1 error(s) occurred:
* unsupported operation
```
2016-09-12 15:58:25 -04:00
d8b1ab05dd
doc: change invalid otp response code to 400 ( #1863 )
...
invalid otp response code is 400 bad request.
2016-09-08 11:13:13 -04:00
b06167c748
doc: fixing field name to security_token ( #1850 )
...
response field is security_token, not secret_token.
2016-09-03 22:40:57 -04:00
5bd665a842
Update atlas listener factory to use version with pre-release info.
2016-09-01 17:21:11 -04:00
9c78c58948
Remove the string 'Vault' from version information
2016-09-01 14:54:04 -04:00
242105a0ad
Correcting typo on "mechanisms" ( #1822 )
2016-09-01 09:53:20 -04:00
7bd0edee4b
doc: add keys_base64 to response json ( #1824 )
...
add the missing fields in json response for initializing vault.
keys_base64
2016-09-01 09:40:40 -04:00
f6cfc1c7ad
doc: add missing version and cluster fields ( #1826 )
...
adding the missing "version" field in json response.
also adding a new response when the unseal completes, and 2 more fields are returned. (cluster..)
2016-09-01 09:39:26 -04:00
97e5a02692
doc: add missing token field to generate-root apis ( #1828 )
...
the response is missing the encoded token field for a couple of apis.
2016-09-01 09:39:00 -04:00
2f35789e71
Update index.html.md ( #1819 )
...
Corrected a minor spelling error.
2016-08-31 10:02:43 -04:00
222adbdb61
Fix headers in aws-ec2 doc.
2016-08-30 11:53:21 -04:00
93b5b2a2c0
Update website with POST STS path
2016-08-30 10:37:55 -04:00
5172cdab3f
doc: remove duplicate aws-ec2 menu item
...
the auth backends menu had a duplicate entry for aws-ec2 auth.
removed the dup one.
2016-08-30 00:59:44 -07:00
1ae71ce7db
add missing field keys_base64 to rekey operation
...
fixing the json response blob in the documentation
2016-08-28 17:38:10 -07:00
d9c46aadc2
update docs
2016-08-26 17:52:42 -04:00
2f5876dfe9
Use key derivation for convergent nonce. ( #1794 )
...
Use key derivation for convergent nonce.
Fixes #1792
2016-08-26 14:11:03 -04:00
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
aa5daadd67
Don't duplicate building info
2016-08-25 13:00:26 -04:00
9fee9ce8ff
Don't allow tokens in paths. ( #1783 )
2016-08-24 15:59:43 -04:00
0b9d0c1cec
Update website Vagrantfile ( #1689 )
...
* Upgrade base box to `bento/ubuntu-16.04`
* Remove JS stuff
* Install `git` and `bundler`
* Add gpg key for RVM
2016-08-24 13:53:00 -04:00
66d3117cad
fix aws-ec2 formatting around ttl ( #1770 )
2016-08-23 16:07:57 -04:00
6cbae1388e
[Documentation] AppRole /login is unauthenticated ( #1771 )
2016-08-23 16:03:36 -04:00
c64dba556c
Swap push/pull.
2016-08-22 19:34:53 -04:00
6db65c317e
Fix grammar ( #1759 )
2016-08-22 12:17:48 -04:00
9bd1a95850
Fix spelling ( #1758 )
2016-08-22 11:56:37 -04:00
7395fb02bc
Update tokens.html.md
...
Bullet points at the end were off (probably due to some line wrapping settings somewhere)
2016-08-22 10:47:11 -04:00
3320aeb4f6
Update upgrade guide
2016-08-22 09:33:36 -04:00
48eac5434b
Bump version
2016-08-22 09:19:13 -04:00
Vishal Nayak