Commit Graph

15000 Commits

Author SHA1 Message Date
Mitchell Hashimoto 850349425a http: /sys/mounts 2015-03-15 21:18:25 -07:00
Mitchell Hashimoto 64c8c6a91b website: imageoptim 2015-03-15 21:12:24 -07:00
Mitchell Hashimoto 9eb22bd3c0 command/read 2015-03-15 20:52:28 -07:00
Mitchell Hashimoto c206755bdc command/meta: VAULT_ADDR to set the addr via env var 2015-03-15 20:41:36 -07:00
Mitchell Hashimoto 602281213e command/write: can write arbitrary data from stdin 2015-03-15 20:40:12 -07:00
Mitchell Hashimoto 1d07df9db6 command/write 2015-03-15 20:35:33 -07:00
Mitchell Hashimoto 08c2409d6f update gitignore 2015-03-15 20:17:13 -07:00
Mitchell Hashimoto 1e36ef252d physical: finish super naive file backend
This thing is SUPER slow and has some dumb edge cases. It is only really
meant for development at this point and is commented as such. We won't
document it publicly unless we make it good.
2015-03-15 20:15:27 -07:00
Mitchell Hashimoto 9b14cf789e api: logical Read/Write 2015-03-15 19:47:32 -07:00
Mitchell Hashimoto 341d71c91d http: 404 if reading secret that doesn't exist 2015-03-15 19:42:24 -07:00
Mitchell Hashimoto 12b12e578c vault: fix merge conflict + pass tests 2015-03-15 19:38:23 -07:00
Mitchell Hashimoto 742923452b http: generic read/write endpoint for secrets 2015-03-15 19:35:04 -07:00
captainill fb6e1c578e update tagline margin 2015-03-15 19:17:16 -07:00
captainill 4727a91fd1 update logo-lockup and add css dots 2015-03-15 19:16:00 -07:00
Armon Dadgar ca358f64dd vault: Merge conflict 2015-03-15 18:06:19 -07:00
Armon Dadgar b96ac9f95f vault: Assign renew time 2015-03-15 18:05:31 -07:00
Mitchell Hashimoto 9f0d59d03f vault: system using the framework 2015-03-15 17:35:59 -07:00
Mitchell Hashimoto ab722a5ec2 fix all tests 2015-03-15 17:10:33 -07:00
Mitchell Hashimoto edd13a5d24 vault: passthrough backend uses logical/framework 2015-03-15 17:07:54 -07:00
Mitchell Hashimoto 5fbe17e8df logical/testing: acceptance testttttttt 2015-03-15 16:52:19 -07:00
Mitchell Hashimoto 11f8423b4f logical/framework, logical/testing 2015-03-15 16:39:49 -07:00
Mitchell Hashimoto d4f54be927 vault: can pass in the backends 2015-03-15 16:25:38 -07:00
Mitchell Hashimoto a0232eedd7 helper/backend: use logical package 2015-03-15 14:57:19 -07:00
Mitchell Hashimoto ece0be434e vault: rename SystemBackend2 to SystemBackend 2015-03-15 14:54:49 -07:00
Mitchell Hashimoto d1d1929192 vault: convert to logical.Request and friends 2015-03-15 14:53:41 -07:00
Mitchell Hashimoto 5ffcd02b7a vault: convert system to logical.Backend 2015-03-15 14:42:05 -07:00
Mitchell Hashimoto c3ae1b59a1 vault: Passthrough backend uses logical.Backend 2015-03-15 14:27:06 -07:00
Mitchell Hashimoto c7e901ce45 vault: incremental change to get closer to logical structs 2015-03-15 14:27:06 -07:00
Mitchell Hashimoto 63a9eb321a logical: put structs here, vault uses them 2015-03-15 14:27:06 -07:00
JT 1837991454 update hero 2015-03-15 14:16:58 -07:00
Mitchell Hashimoto 92910d18d1 vault: make mount functions private again, going to try something else 2015-03-14 18:31:31 -07:00
Mitchell Hashimoto 9d84e7bacc vault: don't copy the key so it can be zeroed, document, add helper 2015-03-14 18:25:55 -07:00
captainill 29adca9afa Merge branch 'master' of github.com:hashicorp/vault 2015-03-14 18:17:18 -07:00
captainill 77bbbb18f3 docs sidebar new animation/cleanup 2015-03-14 18:16:58 -07:00
Mitchell Hashimoto 866b91d858 vault: public TestCoreUnsealed, don't modify key in Unseal
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
2015-03-14 17:47:11 -07:00
captainill c2bcd6092f fix js 2015-03-14 17:37:22 -07:00
Mitchell Hashimoto b2af154fb4 vault: make Mount related core functions public
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.

The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.

If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.

The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
2015-03-14 17:26:59 -07:00
Mitchell Hashimoto 857e00bcdc helper/backend: start acceptance test framework 2015-03-14 17:18:19 -07:00
Mitchell Hashimoto accd8c29ca helper/backend: auto-generate help route 2015-03-14 10:12:50 -07:00
Mitchell Hashimoto e8e55ef8b1 helper/backend: one callback per operation 2015-03-14 00:19:25 -07:00
Mitchell Hashimoto 7f87d9ea6f helper/backend: HandleRequest works 2015-03-13 23:58:20 -07:00
Mitchell Hashimoto d17c3d87d3 helper/backend: store captures for a path 2015-03-13 23:48:49 -07:00
Mitchell Hashimoto c4e35ffb7d helper/backend: cache route regexps (98% speedup)
benchmark                 old ns/op     new ns/op     delta
BenchmarkBackendRoute     49144         589           -98.80%
2015-03-13 23:25:17 -07:00
Mitchell Hashimoto e5871abf77 helper/backend: benchmark route 2015-03-13 23:22:48 -07:00
Mitchell Hashimoto 0751c5db12 helper/backend: basic path routing (naive) 2015-03-13 23:17:25 -07:00
Mitchell Hashimoto a68eb1a994 helper/backend: add default values 2015-03-13 21:15:20 -07:00
Mitchell Hashimoto 33a08fbfa0 helper/backend: start this thing 2015-03-13 21:11:19 -07:00
Mitchell Hashimoto fd8f84e00e command/unseal: tests 2015-03-13 20:17:55 -07:00
Mitchell Hashimoto e473c655ac website: imageoptim 2015-03-13 12:58:21 -07:00
Mitchell Hashimoto c84a9bcaed command/seal-status 2015-03-13 12:53:09 -07:00