Commit Graph

4404 Commits

Author SHA1 Message Date
Christopher Swenson b04d6e6720
Remove SHA1 for certs in prep for Go 1.18 (#16455)
Remove SHA1 for certs in prep for Go 1.18

* Remove certs with SHA1 from tests
* Use default SHA-256 with PKCS7 in AWS
* Update SHA1 deprecation note

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-07-28 09:14:33 -07:00
Scott Miller 1b1c6fe168
Correct the Transit HMAC key source in docs (#16463)
* Correct the Transit HMAC key source in docs

* Update website/content/api-docs/secret/transit.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-07-27 11:48:41 -05:00
Theron Voran 66ef22b735
docs/k8s: adding terraform config examples (#16121)
Adding a terraform examples page for configuring vault-helm.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-26 20:43:26 -04:00
Tom Proctor bd0461619c
Docs: Add list of supported k8s versions for agent injector (#16433) 2022-07-26 15:59:27 +01:00
akshya96 6e0c04d602
vault-951Documentation (#16434) 2022-07-25 16:53:03 -07:00
Yoko Hyakuna 7b43bf4c68
Add a note referring to automated upgrade (#16444)
* Add a note referring to automated upgrade

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-07-25 15:03:55 -07:00
tdsacilowski 887e77c2ae
Agent JWT auto auth `remove_jwt_after_reading` config option (#11969)
Add a new config option for Vault Agent's JWT auto auth
`remove_jwt_after_reading`, which defaults to true. Can stop
Agent from attempting to delete the file, which is useful in k8s
where the service account JWT is mounted as a read-only file
and so any attempt to delete it generates spammy error logs.

When leaving the JWT file in place, the read period for new
tokens is 1 minute instead of 500ms to reflect the assumption
that there will always be a file there, so finding a file does not
provide any signal that it needs to be re-read. Kubernetes
has a minimum TTL of 10 minutes for tokens, so a period of
1 minute gives Agent plenty of time to detect new tokens,
without leaving it too unresponsive. We may want to add a
config option to override these default periods in the future.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-25 07:42:09 -06:00
Jason O'Donnell 140406143e
command/server: add dev-tls flag (#16421)
* command/server: add dev-tls flag

* Add website documentation

* changelog

* Lower file permissions

* Update cert gen per review

* Add dev-tls-cert-dir flag and cert clean up

* fmt

* Update cert generation per review

* Remove unused function

* Add better error messages

* Log errors in cleanup, fix directory not existing bug

* Remove hidden flag from -dev-tls-cert-dir

* Add usage

* Update 16421.txt

* Update variable names for files

* Remove directory on cleanup
2022-07-22 14:04:03 -04:00
Matt Schultz 31151671ab
Transform tokenization key auto-rotate docs (#16410)
* Document auto rotate fields for transform tokenization endpoints.

* Update Transform tokenization docs to mention key auto-rotation.
2022-07-21 15:48:58 -05:00
Steven Zamborsky c0b0c4fde7
Add an "Important Note" regarding EKS CSR approval. (#16406) 2022-07-21 13:34:03 -07:00
Austin Gebauer 5062502756
auth/oidc: documents the client_nonce parameter (#16403) 2022-07-21 09:34:46 -07:00
Rachel Culpepper 133535fabe
add paths for import endpoints (#16401) 2022-07-21 11:19:13 -05:00
Wojtek Czekalski d05e8d1222
Fix typo in the docs (#16323)
It's very confusing, `Volumes` are very similar to `volumes` and can cause confusion 😄
2022-07-21 10:42:46 -04:00
Francois BAYART 24b9fa39bc
Update s3.mdx (#13630)
fix IAM requirements to use KMS key
2022-07-21 10:41:33 -04:00
Jason Peng 08b0cf40d5
Update reload.mdx (#14207)
To match with the API version of docs- https://www.vaultproject.io/api-docs/system/plugins-reload-backend#sys-plugins-reload-backend.
2022-07-21 10:39:25 -04:00
Barak BD 164d37b11a
Add section for Engine V2 requests (#14381)
This may be a related issue: https://github.com/hashicorp/vault/issues/7161
2022-07-21 10:38:57 -04:00
Pratik Khasnabis 3e4f4fdd55
Change AWS to Azure in Tutorial section (#15206)
* Change AWS to Azure in Tutorial section

* trigger ci

Co-authored-by: taoism4504 <loann@hashicorp.com>
2022-07-21 10:36:27 -04:00
Florent Tatard 9dc861a8b3
Missing word (#16269)
Can't believe this went unnoticed for 5 years :)
2022-07-20 08:54:10 -07:00
Loann Le 58a646c726
updated note (#16372) 2022-07-19 16:52:41 -07:00
Andy Assareh 1313a53702
formatting issue - missing list bullet (#16352) 2022-07-19 15:51:36 -07:00
Loïc Saint-Roch 3d978605f8
Add HashiBox to community tools (#16150) 2022-07-19 11:37:58 -07:00
Rodolfo Castelo Méndez b44d0ab1df
Information about aws_s3_server_side_encryption (#16253)
Add when cannot use the combination of parameters.
2022-07-19 11:18:19 -07:00
Jakob Beckmann d72064cb81
[Kubernetes Secret Engine]: Role namespace configuration possible via LabelSelector (#16240)
* docs(#16222): add documentation for changes in PR hashicorp/vault-plugin-secrets-kubernetes#10

* docs(#16222): add changelog entry

* docs(#16222): improve documentation to make the use case of setting both allowed_kubernetes_namespaces and allowed_kubernetes_namespace_selector parameters for role configuration
2022-07-19 13:11:45 -05:00
Tom Proctor 460388d957
Docs: Add release notes for MSSQL TDE (#16326) 2022-07-19 11:52:59 +01:00
Austin Gebauer 1a71678954
docs/plugin-portal: adds missing HashiCorp supported plugins (#16346) 2022-07-18 22:42:49 -07:00
Mạnh Tử 6b3cc4adc0
docs(plugin-portal): added Harbor Robot Account plugin (#16320) 2022-07-18 18:03:32 -07:00
Yoko Hyakuna 745ea70434
Fix the contribution guide link (#16344) 2022-07-18 16:37:31 -07:00
Robert 8169940284
docs: fix consul secrets feature version (#16304)
* Move consul_namespace into Consul v1.7 instead of v1.8
2022-07-18 13:03:45 -05:00
Nestor Reyes e3ce0f0d1d
Update policies.mdx (#16312)
548 From "builtin" to "built-in" to be consistent with the previous sentence. 

589 from "can not" to "cannot"
2022-07-15 15:28:49 -07:00
Kit Haines a4b5813817
append slash to consul path in doc (#15260)
Co-authored-by: Chulki Lee <chulki.lee@gmail.com>
2022-07-14 12:27:31 -07:00
Alexander Scheel 0113f8c586
Update localhost:3000 links to be correct (#16301)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-07-14 12:08:28 -07:00
Yoko Hyakuna cf0cb3be49
Update the policy examples (#16297)
* Update the policy examples

* Adjusted the examples
2022-07-14 08:01:22 -07:00
Loann Le e6b24b09f0
update sys-mfa-doc (#16291) 2022-07-13 10:36:52 -07:00
Yoko Hyakuna 485b7b0abe
Remove the callout note about Ent (#16288) 2022-07-13 09:00:11 -07:00
Alexander Scheel 662395be90
Back out panic message, add new warning to FIPS docs (#16243)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-07-12 17:05:45 -04:00
VAL 90bef11019
Fix import statements for auth submodules (#16278) 2022-07-12 12:06:44 -07:00
Lucy Davinhart || Strawb System ebd0da3201
Clarification for local mounts in the context of DR (#16218)
* Clarification for local mounts in the context of DR

The docs were unclear on this point, so @russparsloe and I looked into it.

Local mounts are indeed replicated to DR secondaries.

This is the opposite of what it says on https://developer.hashicorp.com/vault/tutorials/enterprise/performance-replication#disaster-recovery 
> Local backend mounts are not replicated and their use will require existing DR mechanisms if DR is necessary in your implementation.
So that page will also need updating

* changelog

* fix changelog syntax for local mount with DR (#16218)
2022-07-12 10:17:12 -07:00
Austin Gebauer 4dda00ee1a
auth/oidc: Adds documentation for SecureAuth IdP (#16274) 2022-07-12 08:11:55 -07:00
Vishal Nayak c9e17d6219
Document autopilot config differences at a high level (#15000)
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-07-11 14:37:44 -07:00
Joel Kenny 2f1502556a
docs/configuration: document CockroachDB HA mode (#16202)
HA support for CockroachDB was added in #12965. This commit updates the docs
to reflect that support.
2022-07-11 12:00:51 -07:00
Austin Gebauer 647c2eba42
auth/oidc: splits IdP setup guides into separate pages (#16167) 2022-07-11 10:20:24 -07:00
Austin Gebauer c00e605b48
secrets/k8s: updates API docs for kubernetes_host with correct env var (#16251) 2022-07-08 08:52:42 -07:00
Steven Clark d04b143bd5
pki: When a role sets key_type to any ignore key_bits value when signing a csr (#16246)
* pki: When a role sets key_type to any ignore key_bits value when signing

 - Bypass the validation for the role's key_bits value when signing CSRs
   if the key_type is set to any. We still validate the key is at least
   2048 for RSA backed CSRs as we did in 1.9.x and lower.
2022-07-08 10:56:15 -04:00
Loann Le e942fae6cc
Vault documentation: added info about new policy flag (#16244)
* added info about new policy flag

* updated wording
2022-07-07 12:54:27 -07:00
Loann Le 9ebaab28c2
added content for network guidance (#16242) 2022-07-07 11:18:45 -07:00
Yoko Hyakuna c54d33608c
Update 'master key' -> 'root key' (#16226) 2022-07-06 16:03:08 -07:00
akshya96 c70a2cd198
Minor grammar correction in help for login command (#16211)
* Minor grammar correction in help for login command

* Fix login command help

Co-authored-by: Pero P <ppejovic@users.noreply.github.com>
2022-07-06 09:17:11 -07:00
Loann Le 752c7374a9
vault documentation: updated examples to use volumes (#16175)
* updated examples to use volumes

* Update website/content/docs/platform/k8s/helm/examples/ha-with-consul.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/examples/standalone-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/content/docs/platform/k8s/helm/run.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-07-05 08:32:51 -07:00
Michael Hofer 96e52760e3
docs(seal): improve readability, fix master key occurrence and typos (#16220) 2022-07-01 10:21:49 -07:00
Cristian Iaroi 5727762ce5
Adding Vault HydrantID Pki Plugin (#16058)
repository: https://github.com/PaddyPowerBetfair/vault-plugin-hydrant-pki
raised issue: #16011
also updated docs (link to page for PR)
2022-07-01 07:55:17 -07:00