luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
8672 commits 1 branch 0 tags 214 MiB
Commit graph

2210 commits

Author SHA1 Message Date
Becca Petrin 12976bf60e add userpass note on bound cidrs (#4610) 2018-05-25 14:35:09 -04:00
Jeff Mitchell 52cb8234a6 Changelogify and fix some minor website bits 2018-05-25 10:39:23 -04:00
Nicholas Jackson 17460461a0 Breakout parameters for x.509 certificate login (#4463) 2018-05-25 10:34:46 -04:00
Yoko 6a2d0e71b6
Vault Interactive Tutorial updates (#4623) 
* Added more tutorial steps

* Updated the step texts
 2018-05-24 11:39:02 -07:00
nelson 196d054f70 Update kv-v2.html.md (#4614) 
correct the payload format for "Configure the KV Engine" and "Update Metadata"
 2018-05-24 12:44:44 -04:00
Jeff Mitchell 8a9cd42fe9 Interactive server now uses kvv2 so update text 2018-05-23 09:59:52 -04:00
Chris Hoffman d066c4a2a8
remove incorrect parameter 2018-05-23 08:58:27 -04:00
Jeff Mitchell 635fd18bf6 Minor website doc updates 2018-05-22 15:12:12 -04:00
Yoko 11646db916
Seal Wrap / FIPS 140-2 Compliance guide (#4558) 
* WIP - Seal Wrap guide

* WIP: Seal Wrap guide

* Added a brief description about the Seal Wrap guide

* Incorporated feedbacks

* Updated FIPS language

Technically everything looks great. I've updated some of the language here as "compliance" could be interpreted to mean that golang's crypto and xcrypto libraries have been certified compliant with FIPS. Unfortunately they have not, and Leidos' cert is only about how Vault can operate in tandem with FIPS-certified modules.

It's a very specific update, but it's an important one for some VE customers.

Looks great - thanks!

* Removed 'Compliance' from title

* typo fix
 2018-05-22 11:23:11 -07:00
Jeff Mitchell d60360ddbe Add instructions for both kvv1 and kvv2 to getting started policies info 2018-05-22 14:07:12 -04:00
Yoko d88e4d5019
Mount Filters guide (#4536) 
* WIP: Mount filter guide

* WIP

* Mount filter guide for CLI, API, and UI

* updated the next step

* Updated the verification steps

* Added a note about the unseal key on secondaries

* Added more details

* Added a reference to mount filter guide

* Added a note about generating a new root token

* Added a note about local secret engine
 2018-05-22 08:57:36 -07:00
Chris Hoffman 3db5a6adaa
updating link 2018-05-22 10:00:20 -04:00
Chris Hoffman ae43f2c25e
adding options information to mount endpoint (#4606) 2018-05-21 16:39:43 -04:00
Jeff Mitchell 3e0dbc5ea7 Remove dupe website text 2018-05-21 16:30:45 -04:00
Jeff Mitchell 8ad0bbbc44 Address feedback 2018-05-21 16:13:38 -04:00
Jeff Mitchell 27ab8d1a20 Add verification documentation 2018-05-21 12:00:36 -04:00
Jeff Mitchell c737778c8d Make description of prehashed a bit more friendly 2018-05-21 09:08:22 -04:00
Jeff Mitchell 3a568b6175 Update key_type parameter description 2018-05-19 12:20:37 -04:00
Kevin Paulisse 6d93ea4d77 Docs: Clarify that revoking token revokes dynamic secrets (#4592) 2018-05-18 23:27:53 -07:00
Jeff Mitchell 5a35dac726 Add missing drsecondarycode to health API docs 2018-05-18 12:39:13 -04:00
Jeff Mitchell 30dc66221c Flip documented resolve_aws_unique_id value 
Fixes #4583
 2018-05-18 12:05:52 -04:00
Reid Wiggins 9813794bc2 Add documentation for MySQL 5.6 root rotation (#4584) 
The default root rotation statement for MySQL is only valid for 5.7 and
up. This commit adds example documentation for 5.6.

Fixes #4567
 2018-05-18 08:56:11 -07:00
Romain Vrignaud 9050bc809b Rename Google Container Engine to Google Kubernetes Engine (#4586) 2018-05-18 08:19:56 -07:00
Jeff Mitchell 124271c1ec
Merge pull request #4580 from tavislikedavis/patch-1 
Update policies.html.md
 2018-05-17 09:14:35 -07:00
Jeff Mitchell 38f5f5f783
Updated for new syntax 2018-05-17 09:14:12 -07:00
Jeff Mitchell 4ab7275c95
Merge pull request #4575 from avoidik/patch-2 
Add more essential notes into production hardening guide
 2018-05-17 09:05:34 -07:00
Jeff Mitchell 63963a73a6
Update production.html.md 2018-05-17 09:05:08 -07:00
Jim Kalafut 5dcfc63ee6
Fix GCP API parameter docs 2018-05-17 08:54:25 -07:00
Seth Vargo 21e79035e0 Move UI docs from enterprise to OSS (#4565) 2018-05-17 08:48:10 -07:00
Andrew Slattery 3bd38517eb Update KV response code (#4568) 
Creating/Updating a secret in KV-V2 produces a status code `200` with a response body of `application/json`, whereas the previous documentation notated a `204 (empty body)` expected response code.
 2018-05-17 08:46:19 -07:00
Tavis Wilson 50e05056d3
Update policies.html.md 2018-05-16 14:35:30 -05:00
Jeff Mitchell ec876c21b3 Update website ldap url text 2018-05-16 11:58:10 -04:00
Viacheslav Vasilyev cc99d82e8f
Update production.html.md 2018-05-16 11:16:04 +03:00
Jacob Friedman 095baa8263 fixed spelling error in step 1 (#4572) 2018-05-15 17:43:35 -07:00
Jeff Mitchell aa98f33f63 Mention that you can actually rekey when using an HSM 2018-05-13 16:49:42 -04:00
Jeff Mitchell 821d347375 Update HSM documentation and fix GCP docs build 2018-05-13 16:39:22 -04:00
Robbie McKinstry 9765779622 Client side rate limiting (#4421) 2018-05-11 10:42:06 -04:00
Seth Vargo a4fa046730 Update GCP secrets to be example-driven (#4539) 
👍
 2018-05-10 16:58:22 -04:00
Tyler Marshall 407550bd89 Fix minor spelling mistake (#4548) 2018-05-10 13:42:01 -07:00
Becca Petrin 76c717b081
Restrict cert auth by CIDR (#4478) 2018-05-09 15:39:55 -07:00
Jeff Kohrman ec4b839741 Add link to updated privacy policy in layout.erb (#4533) 
Added link to updated privacy policy in footer of `layout.erb` for the OSS website.
 2018-05-09 16:11:57 -04:00
Yoko fc97fc09ce
[Guide] DB Root Credential Rotation (#4508) 
* DB root credential rotation guide

* Fixed typos

* Added a note about creating a dedicated superuser

* Incorporated Chris's feedback

* Added a reference to DB root credential rotation

* Rephrase some of the languages

* Minor re-wording of a sentence
 2018-05-09 11:01:58 -07:00
Jeff VanSickle a69e8d81b0 Update jq path for "excited" in JSON output example (#4531) 2018-05-09 08:41:41 -07:00
Shelby Moore f8e1f82225 Updated proxy protocol config validation (#4528) 2018-05-09 10:53:44 -04:00
Jeff Mitchell 274732733e Clarify that rotate requires sudo 2018-05-09 10:19:35 -04:00
tdsacilowski c19e8d0dbc Clarify HA params, fixed typos (#4527) 
* Clarify HA params, fixed typos

* Additional clarifications to listener parameters

* Updated cluster_address values
 2018-05-08 13:36:42 -07:00
Jacob Friedman 64bb0bd58a Updated link for k8s-tokenreview (#4523) 
Link for k8s-tokenreview was broken when they released a new version so I went ahead and fixed it.
 2018-05-08 13:36:12 -07:00
Jacob Friedman 67b8d3dc40 Changed DR docs page to fix generating secondary DR token (#4521) 
The docs for how to create secondary DR tokens were incorrect, which caused issues at a customer. I fixed the documentation with the proper syntax and formatting, which I copied from the perf replication docs (after changing endpoints). Can someone take a quick look for me?
 2018-05-08 13:35:48 -07:00
vishalnayak f95a913bd5 docs: s/entity/group-alias 2018-05-08 16:32:35 -04:00
Chris Hoffman 7c0e590f54
docs update 2018-05-07 16:34:39 -04:00
Chris Hoffman e7bbe6fbed
docs updates 2018-05-07 16:33:38 -04:00
Chris Hoffman 049df3da3e
updating pkcs11 docs (#4520) 2018-05-07 13:50:45 -04:00
Anthony Dong 9b06c0fb56 Fix typo in AppRole guide (#4509) 2018-05-04 10:10:21 -04:00
Jeff 9b9be9622a Typo (#4505) 2018-05-03 13:37:44 -07:00
Jerome Cheng d180e45cf5 Fix incorrect file path in Token Helper doc (#4499) 
Vault stores the token in `~/.vault-token` and not `~/.vault_token`.
 2018-05-02 21:56:38 -07:00
Laura Uva cef1b3b75c Payload key should be dr_operation_token (#4498) 2018-05-02 18:35:51 -07:00
Nathan Valentine 608f013bf2 s/aws_region/region/ (#4497) 
The correct key name is 'region' as opposed to 'aws_region'.
 2018-05-02 14:25:03 -07:00
Fabrizio Cucci cef52dae90 Fix role of example in Kubernetes Auth Method (#4483) 
It was `test` but it should be `demo` to be aligned with the example.
 2018-05-01 15:04:53 -07:00
Matthew Irish 6bd95c596c
add script defer to the demo app tag as well (#4489) 2018-04-29 22:14:54 -05:00
Jeff Escalante f8c18b11d8 fix fout issue (#4477) 2018-04-27 14:34:20 -07:00
Yoko 5bcb5992c9
Spring Cloud Vault Java demo (#4397) 
* WIP - Spring Cloud Vault Java demo

* Added 'Reloading the Static Secrets' step

* Fixed a typo

* Minor wording change

Remove redundant "a".

* Typos and grammar

Fixed a few misspellings ("spring") and the odd "a", "the", or "an".
 2018-04-27 09:18:50 -07:00
Pavlos Ratis cd344bdbb8 [website] fix Markdown formatting on GCP page (#4471) 2018-04-27 09:13:07 -07:00
Jim Kalafut 7f69ff0546 Minor updates to Azure auth docs 2018-04-27 08:47:06 -07:00
Jeff Escalante 8deb32fc80 adjust analytics and other js for turbolinks (#4400) 2018-04-26 16:02:25 -05:00
emily 8a309e6406 fix docs (#4466) 2018-04-26 16:54:19 -04:00
Nathan Dataguake Basanese 1b4406fef5 Make a minor grammar edit for docs (#4467) 
Previous version used `read` in stead of `get` for everything but the code block examples.

It's a minor oversight, and most of us are going to skim to the code blocks anyway. But maybe it'll help.
 2018-04-26 16:41:23 -04:00
Jeff Mitchell 0f806d0950 Remove out of date text on HSM rekeying 2018-04-26 10:10:30 -04:00
Jim Kalafut 063c225f97
Fix typo in aws auth docs 2018-04-25 22:57:39 -07:00
Andrew Speed 418be4cb54 Fix authentication example mentioning vault auth but using vault login (#4458) 2018-04-25 14:59:38 -07:00
Krish f8156a4e68 Update authentication.html.md 
Thanks!
 2018-04-25 14:37:59 -07:00
Jeff Mitchell a6644bff6f Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2018-04-25 10:43:10 -04:00
Chris Hoffman fba759ab97
fix document formatting 2018-04-25 10:16:41 -04:00
Jeff Mitchell 00a577620f Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2018-04-25 10:08:41 -04:00
Chris Hoffman 2d05034dd3
Seal Rotation Docs (#4449) 
* wip docs

* adding docs

* removing vendor supported mechanism
 2018-04-25 09:59:06 -04:00
Jeff Mitchell e656420ba6 Merge branch 'master' of https://github.com/hashicorp/vault into master-oss 2018-04-25 09:48:23 -04:00
Nándor István Krácser 9cf56fe0df Fix mapping read paths (#4448) 2018-04-25 09:22:30 -04:00
Jeff Mitchell e426caf505 Prep for 0.10.1 2018-04-25 00:42:14 -04:00
Chris Kent e2512d6d30 Website download page update (#4444) 
* Update download page to include community resources

+ Added “downloads powered by” text to Fastly icon
+ changed to horizontal grid for download list (vs vertical list)
+ added community resources below page

* Reverting changes from earlier

* Added community links to downloads page

+ added community and getting-started links to sidebar as well
 2018-04-24 20:29:36 -05:00
vishalnayak 94f28e3c24 Merge branch 'master-oss' into approle-local-secretid 2018-04-24 16:17:56 -04:00
Becca Petrin 639dc005ee
uppercase Vault in plugin doc (#4442) 2018-04-24 10:41:37 -07:00
Brian Shumate c35fe4e6f0 Update curl commands / replace invalid '--payload' flag (#4440) 2018-04-24 11:20:29 -04:00
vishalnayak 7039f6dccd Merge branch 'master-oss' into approle-local-secretid 2018-04-24 11:03:39 -04:00
Yoko 48994aee39
Updated the link to the sample app folder which was moved (#4437) 
* Updated the link to the sample app folder which was moved

* Folder name changed from vault-transit-rewrap-example to vault-transit-rewrap
 2018-04-23 16:45:10 -07:00
vishalnayak 6b7a042003 error on enable_local_secret_ids update after role creation 2018-04-23 17:05:53 -04:00
vishalnayak 97d146ca69 update docs 2018-04-23 16:54:23 -04:00
Jeff Mitchell 0882e5afb6 Update audit text to make it clear that audit logs are for authenticated interactions 2018-04-23 10:49:32 -04:00
Malhar Vora 45fe086107 Corrects description for mode option in ssh command (#4420) 
Fixes #4375
 2018-04-22 13:42:46 -04:00
Malhar Vora 739362b081 Correct typo in Kubernetes auth backend docs 
Resolve small typo in Configuring Kubernetes section in Kubernetes Auth Backend
documentation.

Fixes #4417
 2018-04-21 19:37:59 -07:00
Jeff Mitchell 6d95b4d266
Add the ability to restrict token usage by IP. Add to token roles. (#4412) 
Fixes #815
 2018-04-21 10:49:16 -04:00
Chris Kent b6b521d4db Mrktfix (#4411) 
* Updated hero with current logo

* Updated logos in these artifact images as well

* Added Branded Logo

with HashiCorp

* Updated logo with branded logo

(HashiCorp in the name)

* typo

* Wrong spot

* Updated logo
 2018-04-20 14:43:11 -05:00
Chris Kent 4881a53eb0 Updated hero with current logo (#4410) 2018-04-20 12:50:00 -05:00
Alvin Huang 84ffdbb7b5 remove redundant 'Vault' in approle docs (#4405) 2018-04-20 09:55:15 -04:00
skiggety 77d59c527f remove lingering mention of "vault write" command. (#4388) 2018-04-18 16:32:37 -04:00
Vishal Nayak 5fa9e4ca5c
phys/consul: Allow tuning of session ttl and lock wait time (#4352) 
* phys/consul: allow tuning of session ttl and lock wait time

* use parseutil

* udpate docs
 2018-04-18 13:09:55 -04:00
Jeff Mitchell 805b5e5160
X-Forwarded-For (#4380) 2018-04-17 18:52:09 -04:00
Yoko 43cb70c7bf
Versioned KV secret engine (kv-v2) tutorial (#4367) 
* Added versioned kv secret engine tutorial

* Added check-and-set feature

* Fixed archived -> deleted

* Incorporated all suggested changes
 2018-04-17 14:42:14 -07:00
Laura Uva 2ae6d614b8 Add mode to the examples under automation steps (#4374) 2018-04-17 13:47:41 -04:00
vishalnayak da1d68969c docs: update accessor lookup response 2018-04-17 11:52:58 -04:00
vishalnayak 6e827d2b27 docs: update token lookup response 2018-04-17 11:40:00 -04:00
Sohex efd0023d89 Update index.html.md (#4372) 
Remove duplicate of max_ttl description from end of period description under create role parameters.
 2018-04-17 11:05:50 -04:00
George Hartzell 444faec8e6 Touch up getting started doc (#4373) 
The example uses `vault kv put` but the the commentary references `vault write`.  Make them consistent (this commit) or explain the equivalence.
 2018-04-16 13:57:12 -04:00
Calvin Leung Huang 7ba953b969
Add docs for internal UI mounts endpoint (#4369) 
* Add docs for internal UI mounts endpoint

* Update description section
 2018-04-16 12:13:58 -04:00
Jeff Mitchell 530121c655
Add ability to disable an entity (#4353) 2018-04-13 21:49:40 -04:00
Jeff Mitchell 99cf5c6054 Fix token store role documentation around explicit max ttl 2018-04-13 09:59:12 -04:00
Jerome Cheng a82a612e2c Fix indentation of code block in Consul Secrets Engine docs (#4350) 
The indentation of the code block in the Consul Secrets Engine doc was
removed in #4224, but the closing backticks remained indented one level,
resulting in the block swallowing all text after it. Removing the
indentation from the closing backticks fixes this.
 2018-04-13 09:55:35 -04:00
Jeff Escalante 8d9d64c7cf switch from GA to segment tracking (#4109) 2018-04-12 21:35:38 -05:00
Peter Souter 28f6d65032 Remove Enterprise Only flag (#4337) 2018-04-11 14:27:58 -04:00
James Mannion efea4fb6a7 Fixes a reference to deprecated init command (#4338) 
Replace "vault init" with "vault operator init" in initialising the vault section.
 2018-04-11 14:26:53 -04:00
Jeff Mitchell d4db624671 Remove beta tag from Google Cloud 2018-04-10 13:58:16 -04:00
Jim Kalafut 0f823cfb09 Update news.yml 2018-04-10 09:41:11 -07:00
Matthew Irish 2f43a20ebe
fix broken link (#4329) 2018-04-10 11:11:38 -05:00
Jeff Mitchell c56abb0dd8 Add more info to upgrade guide and changelog 2018-04-10 12:09:54 -04:00
Jeff Mitchell 4de07e436e Prep for 0.10 2018-04-10 02:34:01 -04:00
Chris Hoffman 30792caa9f
adding 0.10 upgrade guide (#4321) 2018-04-09 17:32:15 -04:00
Yoko 966e2b63af
Removed extra '( )' in the link (#4316) 2018-04-09 09:57:22 -07:00
Brian Kassouf a8b8ca136e
KV: Update 'versioned' naming to 'v2' (#4293) 
* Update 'versioned' naming to 'v2'

* Make sure options are set

* Fix description of auth flag

* Review feedback
 2018-04-09 09:39:32 -07:00
Yoko 2982199c1f
Fixed a missing 's' (#4314) 2018-04-09 09:22:11 -07:00
Chris Hoffman f6a3a76f25
Docs for configuration UI headers (#4313) 
* adding /sys/config/ui headers

* adding /sys/config/ui headers
 2018-04-09 12:21:02 -04:00
Chris Hoffman 19f9f6ee89
Root Credential Rotation Docs (#4312) 
* updating root credential docs

* more docs updates

* more docs updates
 2018-04-09 12:20:29 -04:00
Yoko c30133d415
AppRole with Terraform & Chef (#4200) 
* WIP - Teddy's webinar

* WIP

* Added more details with diagram

* Fixed a typo

* Added a note about terraform bug with 0.11.4 & 0.11.5

* Minor adjustment

* Fixed typos

* Added matching CLI commands

* Added extra speace for readability
 2018-04-09 08:50:50 -07:00
Matthew Irish cff34e983f
UI - pki updates (#4291) 
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
 2018-04-08 21:09:29 -05:00
Chris Hoffman cbcf31c570
remove token from curl request for login paths (#4303) 2018-04-06 18:10:59 -04:00
Yoko f039404a8a
Added in-region DR scenario diagram (#4292) 
This is a replica of the PR 4243 which has already been approved.
 2018-04-05 16:08:55 -07:00
Andy Manoske 9c1db25639
Update index.html.md 2018-04-05 15:16:28 -07:00
Yoko 3dd3247006
Auto Unseal with AWS KMS guide (#4277) 
* WIP

* Added auto unseal

* Converting to a guide

* Added little more explanations

* Minor fixes

* Fixed a typo

* Fixed a typo

* Changed auto unseal to auto-unseal

* Found more typo... fixed
 2018-04-05 13:28:39 -07:00
Geoffrey Grosenbach 22c1766fc1 Correct the page title to read re-wrapping (#4274) 
The title in the metadata used `re-rapping` instead of `re-wrapping`. This one line change fixes the spelling.
 2018-04-04 16:55:46 -04:00
Quinn Stearns d8dab90113 Rename Example Key from "value" to "foo" (#4270) 
It is slightly confusing to have the first example include a key named "Value". This can create a slight hump to grokking what's happening in this early step of the README. Here we rename the key to "foo" to help indicate it's dynamic nature.
 2018-04-04 16:22:27 -04:00
Yoko 7ef337ad86
Vault HA with Consul guide (#4187) 
* Vault HA guide draft

* Fixed node_id to say node_name based on Brian's input

* Fixed the unwanted hyperlink

* Vault HA guide

* Updated the description of the Vault HA guide

* Typo fixes

* Added a reference to Vault HA with Consule guide

* Incorporated Teddy's feedback

* Fixed an env var name

* Vault configuration has been updated: 'api_addr'
 2018-04-04 08:25:06 -07:00
Seth Vargo a90467289a Rename Google things to say "Google", update telemetry (#4267) 2018-04-04 10:37:44 -04:00
Brian Kassouf 62ce5ec91d
Versioned K/V docs (#4259) 
* Work on kv docs

* Add more kv docs

* Update kv docs

* More docs updates

* address some review coments
 2018-04-03 23:22:41 -07:00
Roy Sindre Norangshol a9c717b44e project is now project_id (#4251) 
Verified both via vault CLI and direct curl'ing towards API endpoints.
 2018-04-03 17:11:47 -04:00
Jeff Mitchell f5ba4796f5
Case insensitive behavior for LDAP (#4238) 2018-04-03 09:52:43 -04:00
Lowe Schmidt f2c302f920 Grammatical error (#4246) 
As per Franklin Davis suggestion on the mailing list.
 2018-04-03 07:53:38 -04:00
Vishal Nayak 96fc0c2509
Update group alias by ID (#4237) 
* update group alias by id

* update docs
 2018-04-02 10:42:01 -04:00
Vishal Nayak 032ca979dc
move identity docs from ent docs to oss (#4235) 2018-04-01 13:59:43 -04:00
Vishal Nayak ab3579aeb6
add entity merge API to docs (#4234) 2018-04-01 12:59:57 -04:00
LeSuisse cdd7cc1635 Update usage of the deprecated generated-root command in the documentation (#4232) 2018-03-31 11:17:08 -04:00
Seth Vargo b48a9878e7 Add HA support to the Google Cloud Storage backend (#4226) 2018-03-30 12:36:37 -04:00
Brian Shumate bf1b8709a6 Update Consuls Secrets quick start (#4224) 
- Fix typo in role name
- Drop ordered list formatting on get credential example
 2018-03-30 10:46:05 -04:00
Jon Benson d1b0d6efb3 Update mfa-totp.html.md (#4220) 2018-03-29 16:51:13 -04:00
Jeff Mitchell 2f90e0c2e1 Merge branch 'master-oss' into 0.10-beta 2018-03-27 12:40:30 -04:00
Yoko d03056eed3
Update Github auth method API reference (#4202) 
* Update Github auth method API reference

* Replaced vault.rocks in API
 2018-03-26 16:56:14 -07:00
vishalnayak 37153482be docs: update aws ec2 auth step 2018-03-26 17:26:48 -04:00
Jeff Mitchell e8fc0a11ce Remove a few more vault.rocks usages 2018-03-26 15:02:22 -04:00
Wilhelmina Drengwitz a10f02ef7b Add general recommendation for the api_addr config value (#4198) 
We ran into some confusion about what we should be setting the api_addr config value to. I feel this general recommendation should nudge any others into a better understanding of what this value should point to.
 2018-03-26 13:46:54 -04:00
Jeff Mitchell 65d8eb0914 Add more docs around list paths in policies. 
CC #4199
 2018-03-26 11:30:58 -04:00
Brian Shumate 0c30145325 Docs: add note about enterprise replication installations section to upgrade guide (#3631) 2018-03-26 10:25:09 -04:00
Seth Vargo 0b827774ae Drop vault.rocks (#4186) 2018-03-23 11:41:51 -04:00
Chris Hoffman b7ef4a3a6f
adding Azure docs (#4185) 
Adding Azure Auth Method docs
 2018-03-22 18:28:42 -04:00
Jeff Mitchell f45a57af7a Bump versions for beta release 2018-03-22 09:44:03 -04:00
Jim Kalafut 7842557e62 Fix minor docs and help text issues (#4184) 2018-03-22 09:29:59 -04:00
Brian Kassouf ad383e911f Update kv backend and add some docs (#4182) 
* Add kv backend

* Move kv in apha order

* Update kv backend and add some docs
 2018-03-21 23:10:05 -04:00
Brian Kassouf 3324d6dd12 Add kv backend (#4181) 2018-03-21 22:56:52 -04:00
Calvin Leung Huang 25792df5a9
Passthrough request headers (#4172) 
* Add passthrough request headers for secret/auth mounts

* Update comments

* Fix SyncCache deletion of passthrough_request_headers

* Remove debug line

* Case-insensitive header comparison

* Remove unnecessary allocation

* Short-circuit filteredPassthroughHeaders if there's nothing to filter

* Add whitelistedHeaders list

* Update router logic after merge

* Add whitelist test

* Add lowercase x-vault-kv-client to whitelist

* Add back const

* Refactor whitelist logic
 2018-03-21 19:56:47 -04:00
emily f9b6f4b1c5 Docs for Vault GCP secrets plugin (#4159) 2018-03-21 15:02:38 -04:00
Brian Shumate 1fcf0c6a38 Docs: update formatting / heading (#4175) 
- Correct Generate Disaster Recovery Operation Token heading level
- Tighten up formatting/trailing spaces
 2018-03-21 10:14:52 -04:00
Jeff Mitchell c25c60117a Fix file location for 0.9.6 upgrade guide 2018-03-20 22:34:41 -04:00
Jeff Mitchell f1aff69d92 Add 0.9.6 upgrade guide 2018-03-20 22:27:01 -04:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell 396ccd8699 Push up changes to prep for release 2018-03-20 14:10:53 -04:00
Jason Martin b3e5ec865d README Spelling error (#4165) 2018-03-20 11:45:56 -04:00
Jeff Mitchell 9e46f0f84a Explicitly call out that we use aes-256 gcm-96 for the barrier. 
Fixes #2913
 2018-03-19 19:53:12 -04:00
Jeff Mitchell 9d030aaf37 Note that you can set a CA chain when using set-signed. 
Fixes #2246
 2018-03-19 19:44:07 -04:00
Yoko 4a25c18134
Transit rewrap (#4091) 
* Adding new guides

* Replaced backend with engine

* Grammar for the encryption guide

* Grammar and Markdown style for the Transite Rewrap guide

See
https://github.com/hashicorp/engineering-docs/blob/master/writing/markdown.md
for notes on numbered Markdown lists.

* grammar and wording updates for ref arch guide

* Updating replication diagram

* Removing multi-tenant pattern guide

* Added a note 'Enterprise Only'

* Removing multi-tenant pattern guide

* Modified the topic order

* Grammar and Markdown formatting

* Grammar, Markdown syntax, and phrasing

* Grammar and Markdown syntax

* Replaced 'backend' with appropriate terms

* Added a note clarifying that replication is an enterprise-only feature

* Updated the diagram & added additional resource links

* update some grammar and ordering

* Removed the inaccurate text in index for EaaS
 2018-03-19 14:56:45 -07:00
Jacob Crowther 35ccbe504c Add Cryptr to related tools (#4126) 2018-03-19 14:46:54 -04:00
Jeff Mitchell 3a5e1792c0 Update path-help to make clear you shouldn't put things in the URL. 
Remove from website docs as those have been long deprecated.
 2018-03-19 11:50:16 -04:00
vishalnayak fe0a077e17 s/Methods/Method 2018-03-18 15:46:57 -04:00
Joel Thompson 3e2006eb13 Allow non-prefix-matched IAM role and instance profile ARNs in AWS auth backend (#4071) 
* Update aws auth docs with new semantics

Moving away from implicitly globbed bound_iam_role_arn and
bound_iam_instance_profile_arn variables to make them explicit

* Refactor tests to reduce duplication

auth/aws EC2 login tests had the same flow duplicated a few times, so
refactoring to reduce duplication

* Add tests for aws auth explicit wildcard constraints

* Remove implicit prefix matching from AWS auth backend

In the aws auth backend, bound_iam_role_arn and
bound_iam_instance_profile_arn were ALWAYS prefix matched, and there was
no way to opt out of this implicit prefix matching. This now makes the
implicit prefix matching an explicit opt-in feature by requiring users
to specify a * at the end of an ARN if they want the prefix matching.
 2018-03-17 21:24:49 -04:00
Roger Berlind 753f8a8545 Fixed broken k8s TokenReview API link (#4144) 2018-03-17 21:23:41 -04:00
Jeff Mitchell 3d44060b5f Update interactive tutorial commands 2018-03-16 15:03:51 -04:00
immutability 04d1202426 Plugins need setcap too for syscall mlock (#4138) 2018-03-16 06:05:01 -07:00
Yoko 2752855faa Fixed the hyperlink (#4140) 2018-03-15 19:24:26 -07:00
Yoko fb8d1566e6
updating the AppRole diagram (#4139) 
Fixing the build error
 2018-03-15 18:23:25 -07:00
Yoko 3a72bcc4ae
Approle diagram (#4132) 
* Updates requested by the SE team

* Added links to AppRole blog and webinar

* Updated diagram

* Updated diagram
 2018-03-15 17:16:59 -07:00
Joel Thompson 39dc981301 auth/aws: Allow binding by EC2 instance IDs (#3816) 
* auth/aws: Allow binding by EC2 instance IDs

This allows specifying a list of EC2 instance IDs that are allowed to
bind to the role. To keep style formatting with the other bindings, this
is still called bound_ec2_instance_id rather than bound_ec2_instance_ids
as I intend to convert the other bindings to accept lists as well (where
it makes sense) and keeping them with singular names would be the
easiest for backwards compatibility.

Partially fixes #3797
 2018-03-15 09:19:28 -07:00
Brian Nuszkowski 76be90f384 Add PKCS1v15 as a RSA signature and verification option on the Transit secret engine (#4018) 
Option to specify the RSA signature type, in specific add support for PKCS1v15
 2018-03-15 09:17:02 -07:00
Jeff Mitchell 59b3e28151 Make the API docs around ed25519 more clear about what derivation means for this key type 2018-03-15 11:59:50 -04:00
Jim Kalafut 3f1ed4eb0d Fix description of parameter value globbing (#4131) 2018-03-14 17:03:00 -04:00
Edward Z. Yang ac98730578 Vault user needed to use STS Federation Tokens (#4108) 
If you try to use role authorization to get an STS token, you'll get this error:

* Error generating STS keys: AccessDenied: Cannot call GetFederationToken with session credentials
 2018-03-14 10:24:29 -04:00
Malte a0776eb703 Fix typo in recommended vault auth iam policy (#4128) 
The resource arn for the `sts:AssumeRole` action is missing a `:` for the region and therefore invalid.
 2018-03-14 03:45:21 -04:00
Joel Thompson 5c788e8642 docs: Alphabetize CLI commands (#4127) 
status was appearing after token when it should be before
 2018-03-14 01:44:41 -04:00
Brian Shumate bbd4d7ab4c Docs: grammatical clarification around community supported note (#4122) 2018-03-13 10:32:28 -04:00
Marien Fressinaud 5f5faec977 [doc] Change auth token in getting-started (#4118) 
In the authentication section of the getting started doc, the token used
to login doesn't match with the one displayed as the command result.

This commit makes sure that both tokens correspond to avoid distracting
newcomers.
 2018-03-13 10:28:09 -04:00
Calvin Leung Huang 3108860d4b
Audit HMAC values on AuthConfig (#4077) 
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs

* docs: Add ttl params to auth enable endpoint

* Rewording of go string to simply string

* Add audit hmac keys as CLI flags on auth/secrets enable

* Fix copypasta mistake

* Add audit hmac keys to auth and secrets list

* Only set config values if they exist

* Fix http sys/auth tests

* More auth plugin_name test fixes

* Pass API values into MountEntry's config when creating auth/secrets mount

* Update usage wording
 2018-03-09 14:32:28 -05:00
Alvin Huang ce7d62e125 bump middleman-hashicorp container to 0.3.32 (#4117) 2018-03-09 13:06:58 -05:00
Vishal Nayak 527eb418fe
approle: Use TypeCommaStringSlice for BoundCIDRList (#4078) 
* Use TypeCommaStringSlice for Approle bound_cidr_list

* update docs

* Add comments in the test
 2018-03-08 17:49:08 -05:00
Jeff Mitchell 9d2a0dc31f Update text around default policy to make it clear that it is user-modifiable 2018-03-08 15:48:11 -05:00
Jim Kalafut 079de043e3 Fix instruction in installation docs (#4097) 2018-03-08 11:02:04 -05:00
Viacheslav Vasilyev b06c25b552 Fix autoreplacing issue (#4103) 2018-03-08 11:01:46 -05:00
Jeff Escalante 706bb4df4c Some small website fixes (#4087) 
* prepend first instance of 'Vault' with 'HashiCorp'

* update dependencies + middleman-hashicorp
 2018-03-08 10:58:43 -05:00
Aleksandar a8304e5d4d Add the chunk_size optional parameter to gcs storage (#4060) 2018-03-05 08:32:48 -05:00
Mike eb1c2b0732 Correct endpoint's path in Doc (#4074) 
Fix typo in endpoint's path
 2018-03-05 07:41:53 -05:00
Jim Kalafut ef4537e5d4 Change "mount" to "secrets enable" in docs 2018-03-02 12:54:28 -08:00
Calvin Leung Huang e2fb199ce5
Non-HMAC audit values (#4033) 
* Add non-hmac request keys

* Update comment

* Initial audit request keys implementation

* Add audit_non_hmac_response_keys

* Move where req.NonHMACKeys gets set

* Minor refactor

* Add params to auth tune endpoints

* Sync cache on loadCredentials

* Explicitly unset req.NonHMACKeys

* Do not error if entry is nil

* Add tests

* docs: Add params to api sections

* Refactor audit.Backend and Formatter interfaces, update audit broker methods

* Add audit_broker.go

* Fix method call params in audit backends

* Remove fields from logical.Request and logical.Response, pass keys via LogInput

* Use data.GetOk to allow unsetting existing values

* Remove debug lines

* Add test for unsetting values

* Address review feedback

* Initialize values in FormatRequest and FormatResponse using input values

* Update docs

* Use strutil.StrListContains

* Use strutil.StrListContains
 2018-03-02 12:18:39 -05:00
Jeff Mitchell 49068a42be Document primary_email in Okta mfa path 2018-03-02 11:54:21 -05:00
Jeff Mitchell 8fe24dec0a Actually add PingID to the index of API pages 2018-03-02 11:49:48 -05:00
Joel Thompson e4949d644b auth/aws: Allow lists in binds (#3907) 
* auth/aws: Allow lists in binds

In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
 2018-03-02 11:09:14 -05:00
Vishal Nayak 2646ed5e2a
update sys/capabilities docs (#4059) 2018-03-01 11:42:39 -05:00
Jeff Mitchell 5034ae2dcb Add the ability to use multiple paths for capability checking (#3663) 
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).

Fixes #3336

* Added tests

* added 'paths' field

* Update docs

* return error if paths is not supplied
 2018-03-01 11:14:56 -05:00
Andy Manoske 942aa9bbdc
Update index.html.md 
Updated for Unbound
 2018-02-28 16:20:54 -08:00