3704751a8f
Improve sts header parsing ( #3013 )
2017-07-18 09:51:45 -04:00
2ddbc4a939
Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT ( #3022 )
2017-07-18 09:48:31 -04:00
22bb35b020
doc fix
2017-07-18 04:55:00 -04:00
d82f231753
Update configuration.html.md ( #3029 )
2017-07-17 14:37:32 -04:00
4387871bca
Add max_parallel to mssql and postgresql ( #3026 )
...
For storage backends, set max open connections to value of max_parallel.
2017-07-17 13:04:49 -04:00
ce1808f77d
Update Policies and Auth concepts pages ( #3011 )
2017-07-14 11:15:22 -04:00
8903f68bf6
Reformat some wrapping docs
2017-07-13 19:02:15 -04:00
f3f4452334
Revert "Remove wrapping/wrap from default policy and add a note about guarantees ( #2957 )" ( #3008 )
...
This reverts commit b2d2459711d9cb7552daf1cc2330c07d31ef4f51.
2017-07-13 18:47:29 -04:00
2c6b7db279
Remove wrapping/wrap from default policy and add a note about guarantees ( #2957 )
2017-07-13 15:29:04 -07:00
07088fe8a0
Added HANA database plugin ( #2811 )
...
* Added HANA dynamic secret backend
* Added acceptance tests for HANA secret backend
* Add HANA backend as a logical backend to server
* Added documentation to HANA secret backend
* Added vendored libraries
* Go fmt
* Migrate hana credential creation to plugin
* Removed deprecated hana logical backend
* Migrated documentation for HANA database plugin
* Updated HANA DB plugin to use role name in credential generation
* Update HANA plugin tests
* If env vars are not configured, tests will skip rather than succeed
* Fixed some improperly named string variables
* Removed unused import
* Import SAP hdb driver
2017-07-07 13:11:23 -07:00
40b365ae61
DOCS: Update API docs for /sys/generate-root ( #2978 )
...
- Fix invalid JSON example
2017-07-07 08:25:32 -04:00
23ff17c769
Allow Okta auth backend to specify TTL and max TTL values ( #2915 )
2017-07-05 09:42:37 -04:00
7394214b94
Don't indicate signed data can be returned as hex.
...
Fixes #2953
2017-07-04 15:06:50 -04:00
5ae38eb745
Added documentation for working with MySQL wildcards in GRANT ( #2963 )
2017-07-04 13:59:08 -04:00
5fb9c73e1d
DOCS: fix typo ( #2965 )
2017-07-03 12:40:31 -04:00
711d6e6569
[docs] Add requirements for hsm. ( #2941 )
2017-07-01 21:21:51 +01:00
4ae3e1295a
[docs] production hardening typo
2017-06-30 15:18:17 -07:00
00e2213790
Add rekeying guide & move guides to top-level ( #2935 )
2017-06-29 14:43:43 +01:00
45c7bc718f
Add the option to specify a specific key id format that is generated … ( #2888 )
2017-06-29 04:05:06 +01:00
7a8b16f441
Docs: Expand Telemetry documentation ( #2860 )
2017-06-29 04:02:48 +01:00
0631c02558
Typo fix in vault enterprise/replication docs. ( #2932 )
2017-06-29 04:01:32 +01:00
cb7e3051c0
Merge pull request #2914 from hashicorp/sethvargo/ec2authimage
...
Add diagram for EC2 Auth flow
2017-06-28 07:31:37 +08:00
872e9ba8fb
Merge pull request #2925 from hashicorp/docs-harden
...
website: Add more hardening tips
2017-06-27 11:22:46 -07:00
7d59190129
Clarify Vault server
2017-06-27 22:38:16 +08:00
ca966b6e79
Re-org and move text around in list instead
2017-06-27 22:38:16 +08:00
16149fbbf2
Capitalize C
2017-06-27 22:38:16 +08:00
436d656a32
Add diagram for EC2 Auth flow
2017-06-27 22:38:16 +08:00
7b0402ea6f
Update middleman-hashicorp to 0.3.28 for mega nav fixes ( #2924 )
2017-06-27 12:04:04 +01:00
4cd3a56b8b
adding link to security model
2017-06-26 17:43:04 -07:00
fb8b737ae8
website: Add more hardening tips
2017-06-26 14:00:36 -07:00
9e09899c69
Small typo fix ( #2921 )
2017-06-26 10:08:18 -04:00
e28244cb8b
[docs]: Fix typo in hardening guide.
2017-06-22 22:20:17 -07:00
e184c3fa0d
Merge pull request #2898 from hashicorp/docs-prod-hard
...
website: adding production hardening guide
2017-06-22 15:05:35 -07:00
a576feeb1d
Fix a typo in the telemetry documentation ( #2910 )
2017-06-22 20:12:28 +01:00
a40d24772e
Make recommendation vs requirement more clear
2017-06-22 11:02:18 -07:00
82f28aecbb
update news section with vault update and webinar update ( #2904 )
2017-06-22 17:07:36 +01:00
266f55c5d9
Copy changes
2017-06-21 09:55:00 -07:00
9ae6004dbe
website copy updates
2017-06-20 21:21:04 -07:00
10a56c7ceb
website: adding production hardening guide
2017-06-20 17:44:54 -07:00
40ef2e5c85
More cleanup
...
Ping #2894
2017-06-20 10:46:24 -04:00
9edbf1c8d1
Clarify/fix some configuration info.
...
Fixes #2894
2017-06-20 10:12:59 -04:00
8f1f9d5522
Add ACL info to Consul configuration page
2017-06-19 19:39:52 -04:00
1e3e83f7b0
Add Zyborg.Vault PowerShell module to libs list ( #2869 )
2017-06-17 11:24:13 -04:00
db4e1b4a99
CouchDB physical backend ( #2880 )
2017-06-17 11:22:10 -04:00
cf7d56e8f3
Fix up CORS.
...
Ref #2021
2017-06-17 01:26:25 -04:00
0303f51b68
Cors headers ( #2021 )
2017-06-17 00:04:55 -04:00
33ca94773f
Add DogStatsD metrics output. ( #2883 )
...
Fixes #2490
2017-06-16 23:51:46 -04:00
0ea8f17357
Add some warnings to the upgrade guide
2017-06-16 13:23:22 -04:00
a50ce54603
doc: add radius to MFA backend docs
2017-06-15 18:31:53 -04:00
df229f5255
Fix typo in transit docs
2017-06-14 11:49:12 -04:00
789247d922
Add callouts for deprecations and beta ( #2854 )
...
This makes the sidebar emphasize the deprecated database backends more.
2017-06-14 16:11:16 +01:00
3309496916
Clean up extra word in docs ( #2847 )
2017-06-12 13:08:54 -04:00
7038348b6d
Adding some visual separation for parameters ( #2841 )
...
Currently on the Documentation pages when parameters are listed, there is no visual separation between the parameter names, flags, and descriptions. This should make it a bit easier for humans to read.
2017-06-12 06:59:38 -04:00
8b3657d840
Add note about lowercasing usernames to userpass docs
2017-06-08 09:41:01 -04:00
8e0ac2dbb0
[docs] Add notes about deprecated database backends. ( #2835 )
2017-06-07 23:45:01 -07:00
d26bb4f2fb
[docs] Fix Mongodb link in sidebar.
2017-06-07 20:36:36 -07:00
00ab0d713f
Update packer and makefile
2017-06-07 16:00:30 -04:00
b8bc3d101b
Bump versions
2017-06-07 15:23:51 -04:00
8d58b43906
update database interface in the docs
2017-06-07 11:20:13 -07:00
f6d48312d8
Add new transit features to documentation
2017-06-07 13:00:14 -04:00
4a934915d7
Resolve AWS IAM unique IDs ( #2814 )
2017-06-07 10:27:11 -04:00
4f3fb87b9d
Docs typo fixes ( #2830 )
...
* Fix passing payload.json file to curl
* Correct API endpoint
2017-06-07 10:02:58 -04:00
7437ada31c
Check if there's a bound iam arn when renewing ( #2819 )
...
Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN. However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.
This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.
Fixes #2781
2017-06-06 22:35:12 -04:00
cff022a65c
update middleman version from 24 to 26 ( #2824 )
2017-06-06 22:33:26 -04:00
606fe393be
Use the role name in the db username ( #2812 )
2017-06-06 09:49:49 -04:00
789d7ab4e0
Minor typos & wordsmithing for clarity ( #2807 )
2017-06-05 09:32:09 -07:00
dad291c93c
Add plugin_directory to configuration page ( #2801 )
...
Fixes #2795
2017-06-03 08:11:03 -04:00
88118dce0f
Add max_parallel parameter to MySQL backend. ( #2760 )
...
* Add max_parallel parameter to MySQL backend.
This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".
This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.
* Fix a typo in mysql storage readme
2017-06-01 15:20:32 -07:00
2ba85b49c7
Adding auth/aws-ec2 redirect to new docs location
2017-06-01 11:18:19 -04:00
128907172f
doc: leases are generated only for dynamic secrets ( #2772 )
...
* doc: leases are generated only for dynamic secrets
* Address review feedback
2017-05-31 09:47:17 -04:00
58b68dc35e
doc: PKI API table of contents ( #2756 )
...
* Add a table of contents for api/secret/pki
* Fix the read certificate link
2017-05-23 09:19:47 -04:00
7d4fb9c8e4
Update news section with March 22 webinar video ( #2663 )
2017-05-22 20:19:52 -04:00
6a39ccc8d6
Remove comment about a non-existent validation section
...
Fixes #2524
2017-05-22 12:37:51 -04:00
9bbeff3f44
doc: Fix the sample input value for cache_size
2017-05-19 12:32:44 -04:00
57461e3556
Fix revoke-secondary API addr
2017-05-19 00:53:49 -04:00
f9a71de87a
Update plugins.html.md ( #2744 )
...
Minor typo and spellcheck update
2017-05-18 14:06:44 -04:00
f3f6b02682
Fix `X-Vault-AWS-IAM-Server-ID` example ( #2728 )
2017-05-15 09:06:45 -04:00
3a354343af
Update install.html.md
...
Updates list of commands with the output of 0.6.4. Missing commands list, unwrap, capabilities, generate-root
2017-05-12 14:13:06 -06:00
774c70e1e2
Update aws.html.md ( #2715 )
2017-05-12 12:10:11 -04:00
06472d8ceb
Merge pull request #2718 from hashicorp/doc-updates
...
Add plugin level docs for what statements are supported and how they …
2017-05-12 08:12:27 -07:00
9fd39a0681
Mongodb plugin ( #2698 )
...
* WIP on mongodb plugin
* Add mongodb plugin
* Add tests
* Update mongodb.CreateUser() comment
* Update docs
* Add missing docs
* Fix mongodb docs
* Minor comment and test updates
* Fix imports
* Fix dockertest import
* Set c.Initialized at the end, check for empty CreationStmts first on CreateUser
* Remove Initialized check on Connection()
* Add back Initialized check
* Update docs
* Move connProducer and credsProducer into pkg for mongodb and cassandra
* Chage parseMongoURL to be a private func
* Default to admin if no db is provided in creation_statements
* Update comments and docs
2017-05-11 17:38:54 -04:00
3407a033ba
Update the S3 storage backend docs to reflect capabilities.
2017-05-11 14:30:05 -07:00
1460c2fcc7
Add plugin level docs for what statements are supported and how they should be formatted
2017-05-11 11:59:58 -07:00
08f3b08bbd
adding leases documentation redirects ( #2707 )
2017-05-10 09:43:09 -04:00
4cd50fd822
Updating key export documentation for transit ( #2706 )
2017-05-10 09:27:03 -04:00
ab7d91a506
[docs] Update glossary for auth backend terminology. ( #2703 )
2017-05-09 22:17:32 -04:00
a7a5337cbc
Update builder, allow disabling redirects
2017-05-09 17:00:34 -04:00
3e16f02d4b
Add project-side redirects
2017-05-09 16:07:55 -04:00
de8bbed321
Header Type Typo ( #2695 )
...
Header 'Update Key Configuration' should be a H2 not a H4.
2017-05-09 09:57:23 -04:00
7068292252
Update/clarify docs on generic backend ttl.
...
Ping #2697
2017-05-09 09:56:11 -04:00
7763b15493
Bump versions
2017-05-08 16:19:41 -04:00
f1fb1e50a5
Prep for 0.7.1
2017-05-05 11:46:43 -04:00
61f115ba81
Update postgresql.html.md
2017-05-04 17:56:09 -07:00
20cc43bf18
Update mysql-maria.html.md
2017-05-04 17:55:50 -07:00
913a112681
Update mssql.html.md
2017-05-04 17:55:30 -07:00
16e6f9640d
Few docs updates
2017-05-04 14:07:12 -07:00
c0ce0ae499
Merge branch 'database-refactor' of github.com:hashicorp/vault into database-refactor
2017-05-04 16:46:47 -04:00
b49993f81f
Update mssql docs
2017-05-04 16:46:34 -04:00
3c41bdfa16
update docs
2017-05-04 13:38:49 -07:00
7dcec6e68f
Merge remote-tracking branch 'oss/master' into database-refactor
2017-05-04 12:40:00 -07:00
82b58d5b9c
Update docs and return a better error message
2017-05-04 11:45:27 -07:00
4c0e3c5d2f
Implemented TOTP Secret Backend ( #2492 )
...
* Initialized basic outline of TOTP backend using Postgresql backend as template
* Updated TOTP backend.go's structure and help string
* Updated TOTP path_roles.go's structure and help strings
* Updated TOTP path_role_create.go's structure and help strings
* Fixed typo in path_roles.go
* Fixed errors in path_role_create.go and path_roles.go
* Added TOTP secret backend information to cli commands
* Fixed build errors in path_roles.go and path_role_create.go
* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords
* Initialized TOTP test file based on structure of postgresql test file
* Added enforcement of input values
* Added otp library to vendor folder
* Added test steps and cleaned up errors
* Modified read credential test step, not working yet
* Use of vendored package not allowed - Test error
* Removed vendor files for TOTP library
* Revert "Removed vendor files for TOTP library"
This reverts commit fcd030994bc1741dbf490f3995944e091b11da61.
* Hopefully fixed vendor folder issue with TOTP Library
* Added additional tests for TOTP backend
* Cleaned up comments in TOTP backend_test.go
* Added default values of period, algorithm and digits to field schema
* Changed account_name and issuer fields to optional
* Removed MD5 as a hash algorithm option
* Implemented requested pull request changes
* Added ability to validate TOTP codes
* Added ability to have a key generated
* Added skew, qr size and key size parameters
* Reset vendor.json prior to merge
* Readded otp and barcode libraries to vendor.json
* Modified help strings for path_role_create.go
* Fixed test issue in testAccStepReadRole
* Cleaned up error formatting, variable names and path names. Also added some additional documentation
* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes
* Added ability to pass in TOTP urls
* Added additional tests for TOTP server functions
* Removed unused QRSize, URL and Generate members of keyEntry struct
* Removed unnecessary urlstring variable from pathKeyCreate
* Added website documentation for TOTP secret backend
* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.
* Updated website documentation and added QR example
* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests
* Updated API documentation to inlude to exported variable and qr size option
* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 10:49:42 -07:00
5ee0d696d4
Merge remote-tracking branch 'oss/master' into database-refactor
2017-05-04 10:45:18 -07:00
29bfc0a0d4
PR comments
2017-05-04 10:41:59 -07:00
3d9cf89ad6
Add the ability to view and list of leases metadata ( #2650 )
2017-05-03 22:03:42 -04:00
ce391ca425
add new mysql plugin names and fix grammar
2017-05-03 18:41:39 -07:00
bf29861d49
Add the plugins catalog API docs
2017-05-03 11:43:24 -07:00
e92818e0ae
Upate links in docs
2017-05-03 10:25:12 -07:00
dbb5b38e0d
Add API docs
2017-05-03 02:13:07 -07:00
63de72c10f
Add custom plugins docs page
2017-05-03 00:01:28 -07:00
50ac77be51
Update docs for the database backend and it's plugins
2017-05-02 22:24:31 -07:00
b60ff2048d
Update docs and add cassandra as a builtin plugin
2017-05-02 17:04:49 -07:00
20994c1247
Fix wording in docs
2017-05-02 16:20:07 -07:00
712cacaf4d
Add website skeleton
2017-05-02 16:26:32 -04:00
df325288ac
fix format for secret/pki ( #2668 )
2017-05-02 07:52:55 -04:00
ca7ff89bcb
Fix documentation
2017-05-02 02:22:06 -07:00
f17c50108f
Add plugins interal page to the sidebar:
2017-05-02 02:00:04 -07:00
a963097747
Add internals doc for plugins
2017-05-02 01:59:36 -07:00
44e1c64cfd
Add UI docs ( #2664 )
2017-05-01 17:36:37 -04:00
5630b0ad4b
Changing the ttl value in the Generate IAM with STS sample to a valid value ( #2665 )
2017-05-01 14:41:49 -04:00
403efeb5ae
Add globbing support to the PKI backend's allowed_domains list ( #2517 )
2017-05-01 10:40:18 -04:00
30b71cbbac
Add constraints on the Common Name for certificate-based authentication ( #2595 )
...
* Refactor to consolidate constraints on the matching chain
* Add CN prefix/suffix constraint
* Maintain backwards compatibility (pick a random cert if multiple match)
* Vendor go-glob
* Replace cn_prefix/suffix with required_name/globbing
Move all the new tests to acceptance-capable tests instead of embedding in the CRL test
* Allow authenticating against a single cert
* Add new params to documentation
* Add CLI support for new param
* Refactor for style
* Support multiple (ORed) name patterns
* Rename required_names to allowed_names
* Update docs for parameter rename
* Use the new TypeCommaStringSlice
2017-04-30 11:37:10 -04:00
73867dab92
Add local flag to docs for API endpoints. ( #2625 )
2017-04-28 14:33:27 -04:00
d0d448cfbe
Added required header ( #2656 )
2017-04-28 08:56:14 -04:00
90a442ec92
Fix links on Consul storage backend page ( #2652 )
2017-04-28 07:48:23 -04:00
1a60fede58
Updating revoke/renew to prefer PUT method ( #2646 )
2017-04-27 10:47:43 -04:00
d9e639ece2
Fix types of listener options, currently they're all strings
2017-04-25 11:20:48 -04:00
7b21562f07
Make sidebar a bit wider on smaller screens ( #2638 )
2017-04-24 15:39:58 -04:00
e06a78a474
Create unified aws auth backend ( #2441 )
...
* Rename builtin/credential/aws-ec2 to aws
The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.
* Expand aws-ec2 backend to more generic aws
This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.
* Add missing aws auth handler to CLI
This was omitted from the previous commit
* aws auth backend general variable name cleanup
Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.
* Update docs for the aws auth backend
* Refactor aws bind validation
* Fix env var override in aws backend test
Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.
* Update docs on use of IAM authentication profile
AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.
* Fix typo in aws auth cli help
* Respond to PR feedback
* More PR feedback
* Respond to additional PR feedback
* Address more feedback on aws auth PR
* Make aws auth_type immutable per role
* Address more aws auth PR feedback
* Address more iam auth PR feedback
* Rename aws-ec2.html.md to aws.html.md
Per PR feedback, to go along with new backend name.
* Add MountType to logical.Request
* Make default aws auth_type dependent upon MountType
When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.
* Pass MountPoint and MountType back up to the core
Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
2017-04-24 15:15:50 -04:00
8c75c2611a
Remove mention of Darwin mlock support from docs. ( #2624 )
2017-04-22 16:56:01 -04:00
82e9b089be
[docs] Fix typo in Transit API docs.
2017-04-20 15:18:55 -07:00
960fdb6a8a
Added documentation for listing roles in the Consul secret backend ( #2619 )
2017-04-20 07:44:25 -04:00
f3be8927db
Fixing typo in Transit API rewrap section ( #2617 )
2017-04-19 09:29:33 -07:00
74d78f247c
Add api documentation for unauthenticated SSH CA public key retrieval ( #2616 )
2017-04-19 11:30:24 -04:00
4995c69763
Update sign-verbatim to correctly set generate_lease ( #2593 )
2017-04-18 15:54:31 -04:00
a051ec1b59
Use service bind for searching LDAP groups ( #2534 )
...
Fixes #2387
2017-04-18 15:52:05 -04:00
f4cd8c5200
Merge pull request #2607 from hashicorp/b-grammar
...
Fix sentence - remove "and"
2017-04-18 15:50:56 -04:00
563ad2175f
Update index.html.md
2017-04-18 15:50:44 -04:00
490b98ee93
Update logos
2017-04-18 14:17:56 -04:00
73950e8fb1
Fix sentence - remove "and"
2017-04-17 19:35:04 -07:00
d5f5ecf0ab
Remove allow_token_displayname from docs as we don't support that any longer
2017-04-17 17:25:44 -04:00
f14fd329fd
Add more info to STS TTL to website
2017-04-17 17:19:13 -04:00
c98de70310
Update revoke.html.md ( #2604 )
...
Changed param's description verb from renew to revoke, to match the page context.
2017-04-17 12:40:24 -04:00
ce58bfa88f
Update SSH docs to indicate deprecation of dynamic key type
2017-04-17 11:11:05 -04:00
b6758b7ea9
Update 404.html.md ( #2594 )
2017-04-14 12:19:15 -04:00
c2407eab5a
Add some extra documentation around ssh-keygen -L to see signed cert
...
info.
Ping #2569
2017-04-13 15:23:27 -04:00
3c7a69b119
minor docs update
2017-04-10 09:46:25 -04:00
9136952055
Update AES-GCM verification text
2017-04-07 14:35:29 -04:00
2117dfd717
implement a no_store option for pki roles ( #2565 )
2017-04-07 11:25:47 -07:00
e0d00fdf7b
Remove superfluous/misleading comments around some listener options
2017-04-07 14:23:56 -04:00
f805618a2c
Update SSH CA documentation
...
Fixes #2551
Fixes #2569
2017-04-07 11:59:25 -04:00
53e1bd02a1
Add press-kit
2017-04-06 18:43:55 -04:00
4ac4b92cbb
Import fonts
2017-04-06 18:42:09 -04:00
6883eebbd9
Add press kit, hashicorp logo
2017-04-06 18:28:26 -04:00
d39ca0be68
Remove "these are denoted below" w.r.t. SIGHUP
...
SIGHUP support is denoted in the sections/options that support actions on SIGHUP, so with the new docs layout it's confusing to have the old statement in there. Remove in favor of the inline comments.
Fixes #2572
2017-04-06 16:08:58 -04:00
3322f637ac
add mssql physical backend ( #2546 )
2017-04-06 09:33:49 -04:00
d2afabe4f6
Ldap auth doc fix ( #2568 )
...
* Move url parameter to the next line and fix a typo
* Add userdn paramater to the Scenario 1.
Without userdn set Vault can't search with error like
Code: 400. Errors:
* LDAP search failed for detecting user: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
''
2017-04-05 08:29:38 -07:00
76c74a3995
[docs] Add header to fix formatting.
2017-04-05 10:35:59 +10:00
1884845525
[docs] Adding missing guide from index page.
...
Also, make guide titles consistent with sidebar.
2017-04-05 10:22:20 +10:00
04bbc50ccb
Add back lost Postgres creation sql for storage backend
2017-04-04 12:30:07 -04:00
de3d2438b7
Fixed an example on aws backend documentation about an iam profile. ( #2522 )
2017-04-04 09:03:27 -07:00
a4ceaf0035
Etcd DNS discovery ( #2521 )
...
* etcd: Add discovery_srv option
2017-04-04 08:50:44 -07:00
9ec414016d
Update SSH docs to note that host key verification is not performed.
2017-04-03 10:43:41 -04:00
917158a510
Fix typo ( #2558 )
2017-04-03 05:46:40 -07:00
75e531e8aa
fix typo in pki api doc
2017-04-02 17:02:11 -04:00
a6156d8e79
Quote dynamodb's ha_enabled property ( #2547 )
...
With `ha_enabled = true` vault crashes with the following error:
```
error parsing 'storage': storage.dynamodb: At 17:16: root.ha_enabled: unknown type for string *ast.LiteralType
```
This seems related to https://github.com/hashicorp/vault/issues/1559
2017-03-30 14:09:47 -07:00
b5ab4745fc
Update helpers
2017-03-29 21:39:48 -04:00
8bcb3bda9c
Remove commented colors
2017-03-29 19:08:09 -04:00
c600a426d8
Add new colored header styles
2017-03-29 19:04:39 -04:00
1cfd0e94b3
docs: aws-ec2: link sts configuration from cross account access
2017-03-28 14:34:21 -07:00
383a4cacaa
Re-add FOUT
2017-03-26 17:07:29 -04:00
4fb3f7f32a
Remove dependency on bootstrap
...
This greatly reduces our javascript footprint
2017-03-26 16:58:16 -04:00
dd44ad7b85
Remove pry
2017-03-26 16:08:16 -04:00
5b0acbfeba
Cleanup CSS
2017-03-26 16:04:21 -04:00
4ef8ce1198
Add permitPool support to S3 ( #2466 )
2017-03-26 14:32:26 -04:00
85acdb7f5e
fix typo in ssh api documentation ( #2529 )
2017-03-23 23:48:26 -07:00
9f6dea5ffd
remove sidebar include in sass ( #2516 )
2017-03-21 13:08:27 -05:00
f6fba9bb3c
replication is an enterprise-only feature ( #2514 )
2017-03-21 13:30:27 -04:00
04d8f3a34d
Fix AWS-EC2 sts/certificate typo
...
Fixes #2512
2017-03-21 13:29:40 -04:00
efa2a280aa
website: update docs to clearly link to enterprise version
2017-03-21 08:41:39 -07:00
c41ee12c38
website: latest news section ( #2506 )
...
* website: add latest news section which includes vault webinar details
* small padding tweak
2017-03-20 18:23:46 -04:00
0f1b9499c0
Nevermind... meganav uses it
2017-03-20 01:51:57 -04:00
2357039044
Fix typo
2017-03-20 01:50:45 -04:00
f30f6f489f
Do not require bootstrap
2017-03-20 01:50:40 -04:00
d3da5b231b
Link to index.html pages
2017-03-20 01:37:22 -04:00
3a4e14cfe6
Remove quotes from meta descriptions
...
SEO stops at that quote, so many of our pages have a description of
"the".
2017-03-20 01:35:21 -04:00
166e0b4ef4
Use inline svgs
2017-03-20 01:27:23 -04:00
f2355301c3
Upgrade to latest middleman-hashicorp
2017-03-20 01:27:23 -04:00
cb1a2cb361
Migrate to middleman-hashicorp sidebar
2017-03-20 01:27:23 -04:00
45a5982a6f
Remove unused javascript
...
It looks like these came over from Nomad(?), but we do not use them
anywhere. This saves about 4kb on the compressed javascript, so it's a
big savings. Also, it causes namespace conflicts.
2017-03-20 01:27:23 -04:00
b9b68ca5e8
docs: Elaborate the steps for SSH CA backend with 'sshd_config' changes ( #2507 )
2017-03-19 18:52:15 -04:00
985b283b08
Ensure description
2017-03-17 23:14:36 -04:00
b5e49af2d8
website: turbolinks + ember = ❤ ( #2504 )
...
* move application.js to head
* move ember app to separate file and exclude from turbolinks
2017-03-17 16:05:59 -05:00
5437cf2e51
Add note about prefix/suffix globbing on policy parameters
2017-03-17 13:53:41 -07:00
6d83640c85
Add API to sidebar
2017-03-17 15:44:09 -04:00
21ecbda1f4
Update titles
2017-03-17 14:37:01 -04:00
6931bbd091
Links
2017-03-17 14:27:32 -04:00
66321cdb76
Space out downloads links a bit
2017-03-17 14:07:39 -04:00
d4390d103e
/docs/http -> /api
2017-03-17 14:06:03 -04:00
d2e9e0b873
Merge branch 'master-oss' into pr-2495
2017-03-17 13:40:58 -04:00
a38b55385a
Update replication guide and add to sidebar
2017-03-17 12:38:19 -04:00
6109dcf7d7
Fix broken GCS account link
2017-03-17 12:12:28 -04:00
9bfcc0be94
Fix misspelling of website link
2017-03-17 12:07:37 -04:00
05e8b1861f
Formatting
2017-03-16 12:06:15 -07:00
0f845ef67d
Use relative links
2017-03-16 12:04:36 -07:00
bfa7fe9a3e
Fix sentence
2017-03-16 12:04:14 -07:00
5c1f017274
Reformat replication API
2017-03-16 11:57:06 -07:00
037700b86e
Update PKI backend API docs
2017-03-16 11:26:09 -07:00
b340d9ff8c
Fix formatting in SSH
2017-03-16 11:25:59 -07:00
faef58b355
Fix Cassandra text
2017-03-16 11:25:37 -07:00
9934b66fe0
Add new SSH field
2017-03-16 09:48:45 -07:00
e86465c13b
Add SSH
2017-03-16 09:47:08 -07:00
e473ee99a8
Fix TODOs
2017-03-16 09:47:08 -07:00
b078963ab2
Hide auth backends for now
...
The migration is getting too large, so we'll tackle this move in another
PR
2017-03-16 09:47:08 -07:00
3fd0bd36cc
Break out API documentation for secret backends
2017-03-16 09:47:06 -07:00
19b2b049c3
Redo docs for system backend
...
This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.
2017-03-16 09:46:49 -07:00
a80e0695be
Update middleman version
2017-03-16 09:46:48 -07:00
db4f689009
Do not have a large margin
2017-03-16 09:46:48 -07:00
cd4bcc9c00
Allow nested code in li to receive new highlighting
2017-03-16 09:46:48 -07:00
849f57e73a
Update layouts and assets for consistency
2017-03-16 09:46:47 -07:00
dce031bec2
Bump for 0.7 release
2017-03-16 11:41:50 -04:00
95df7beed9
Adding allow_user_key_ids field to SSH role config ( #2494 )
...
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name. Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
2017-03-16 08:45:11 -04:00
2b98f004ac
Fix layout for replication
2017-03-16 06:50:33 -04:00
12e5132779
Allow roles to specify whether CSR SANs should be used instead of ( #2489 )
...
request values. Fix up some documentation.
Fixes #2451
Fixes #2488
2017-03-15 14:38:18 -04:00
8aa7f120b0
Vault_Enterprise_WWW ( #2327 )
2017-03-15 14:31:14 -04:00
584aedad04
Add upgrade to 0.7 page
2017-03-15 12:34:11 -04:00
4bc3abd152
Remove superfluous argument from SSH CA docs
2017-03-14 10:21:48 -04:00
7d59d7d3ac
Reads on ssh/config/ca return the public keys
...
If configured/generated.
2017-03-14 10:21:48 -04:00
830de2dbbd
If generating an SSH CA signing key - return the public part
...
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
2017-03-14 10:21:48 -04:00
ab56fdbebf
Clarify cluster_addr and cluster_address
2017-03-14 10:17:58 -04:00
4fa4034d50
Minor doc updates
2017-03-14 10:11:47 -04:00
285bdf0a6f
docs: clarify 'storage' and 'ha_storage' requirements ( #2471 )
2017-03-11 09:43:14 -05:00
220beb2cde
doc: ssh allowed_users update ( #2462 )
...
* doc: ssh allowed_users update
* added some more context in default_user field
2017-03-09 10:34:55 -05:00
431070f828
doc: ssh markdown alignments
2017-03-08 21:58:12 -05:00
012c8f6c2f
remove offset from footer
2017-03-08 17:36:59 -08:00
52b3d7beb5
Re apply offset change after rebase
2017-03-08 17:34:57 -08:00
2c3736bbe2
website: add squashed mega-nav work
2017-03-08 17:27:31 -08:00
f18318f6dd
Move upgrade into guides ( #2460 )
...
* Move upgrades to guides
* Make root token copy-pastable
2017-03-08 17:33:58 -05:00
aa6346a8f6
Use htmlcompat in middleman-hashicorp
2017-03-08 14:14:52 -08:00
d9c10960b7
Update license
2017-03-08 11:38:38 -08:00
7cd31072c2
Update license
2017-03-08 11:36:25 -08:00
2204e50f53
Delete config.ru
2017-03-08 11:28:43 -08:00
23c0c47ff5
Update favicons, container, turbolinks
2017-03-08 11:07:20 -08:00
49189e76f2
Fix website command
2017-03-08 09:47:16 -08:00
d26d87f4a8
Remove Vagrantfile
2017-03-08 09:35:34 -08:00
4d133b8423
Minor doc updates
2017-03-08 10:25:57 -05:00
5d760d4090
Add option to require valid client certificates ( #2457 )
2017-03-08 10:21:31 -05:00
f03d500808
Add option to disable caching per-backend. ( #2455 )
2017-03-08 09:20:09 -05:00
b11f92ba5a
Rename physical backend to storage and alias old value ( #2456 )
2017-03-08 09:17:00 -05:00
624c6eab20
Separate backend configurations into their own pages ( #2454 )
...
* Clean vertical lines
* Make sidebar slightly larger on bigger displays
* Separate backend configurations into their own pages
2017-03-07 21:47:23 -05:00
f0ad367b8c
Do not print header or footer
2017-03-06 16:11:06 -05:00
a109e18661
Underline in black
2017-03-06 16:11:06 -05:00
1f7bdbf966
Fix http layout
2017-03-06 16:11:05 -05:00
93357d7519
Move install guides into docs layout
2017-03-06 16:11:05 -05:00
751a2bff1d
Update upgrade guides
2017-03-06 16:11:05 -05:00
2b371e1189
Tabs to spaces
2017-03-06 16:11:04 -05:00
5be9c0e33a
Add syntax highlighting
2017-03-06 16:11:04 -05:00
839fd199f3
Clean up scss
2017-03-06 16:11:04 -05:00
8706a16800
Do not show "Edit this Page" in dev either
2017-03-06 16:11:04 -05:00
7228475bc4
Use × instead of "X"
2017-03-06 16:11:03 -05:00
9ae2b0838f
Remove empty scss file
2017-03-06 16:11:03 -05:00
4d6fe20bec
Remove displaying-bnr
...
This is not used anywhere
2017-03-06 16:11:03 -05:00
a7f6b3b7f1
Unify layout partials
2017-03-06 16:11:02 -05:00
412aad7c6e
Updated doc to match real output ( #2443 )
...
Regards hashicorp/vault#2116
2017-03-06 10:39:34 -05:00
9d8dad3269
Switch to new container-based build ( #2436 )
2017-03-03 11:26:26 -05:00
491a56fe9f
AppRole: Support restricted use tokens ( #2435 )
...
* approle: added token_num_uses to the role
* approle: added RUD tests for token_num_uses on role
* approle: doc: added token_num_uses
2017-03-03 09:31:20 -05:00
5ea7b4436c
Website update typography ( #2429 )
2017-03-02 17:10:33 -05:00
76bec343f4
Some minor ssh docs updating
2017-03-02 16:47:21 -05:00
70bfdb5ae9
Changes from code review
2017-03-02 14:36:13 -05:00
36b3d89604
Allow internal generation of the signing SSH key pair
2017-03-02 14:36:13 -05:00
3795d2ea64
Rework ssh ca ( #2419 )
...
* docs: input format for default_critical_options and default_extensions
* s/sshca/ssh
* Added default_critical_options and default_extensions to the read endpoint of role
* Change default time return value to 0
2017-03-01 15:50:23 -05:00
ff1ff02bd7
Changes from code review
...
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
2017-03-01 15:19:18 -05:00
099d561b20
Add ability to create SSH certificates
2017-03-01 15:19:18 -05:00
3855021b40
Re-enable soft purging, stale-if-error
2017-03-01 12:38:40 -05:00
5e1e314bf9
Cache for a longer time on Fastly ( #2417 )
2017-02-28 16:54:51 -05:00
7012d63a28
Update policies doc with allowed/denied params and min/max wrapping ttl info
2017-02-27 15:17:19 -05:00
184b47e20c
Add a TTL to the dynamodb lock implementation. ( #2141 )
2017-02-27 14:30:34 -05:00
1518d626e3
docs: update sys heal status codes
2017-02-26 15:20:23 -05:00
e13fc759d8
Update sys-health.html.md
...
typo
2017-02-26 15:20:23 -05:00
b762c43fe2
Aws Ec2 additional binds for SubnetID, VpcID and Region ( #2407 )
...
* awsec2: Added bound_region
* awsec2: Added bound_subnet_id and bound_vpc_id
* Add bound_subnet_id and bound_vpc_id to docs
* Remove fmt.Printf
* Added crud test for aws ec2 role
* Address review feedback
2017-02-24 14:19:10 -05:00
c6f138bb9a
PKI: Role switch to control lease generation ( #2403 )
...
* pki: Make generation of leases optional
* pki: add tests for upgrading generate_lease
* pki: add tests for leased and non-leased certs
* docs++ pki generate_lease
* Generate lease is applicable for both issuing and signing
* pki: fix tests
* Address review feedback
* Address review feedback
2017-02-24 12:12:40 -05:00
3ddffbe574
awsec2: markdown text alignment
2017-02-23 14:52:38 -05:00
f992103615
Merge branch 'master' into acl-parameters-permission
2017-02-21 14:46:06 -08:00
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
0c39b613c8
Port some replication bits to OSS ( #2386 )
2017-02-16 15:15:02 -05:00
0044ea8917
Update hsm.html.md ( #2381 )
2017-02-16 07:25:22 -05:00
817bec0955
Add Organization support to PKI backend. ( #2380 )
...
Fixes #2369
2017-02-16 01:04:29 -05:00
51f7114648
Merge branch 'master-oss' into acl-parameters-permission
2017-02-15 20:37:58 -05:00
e2de7ec7fe
Edit to the language of the description of disable_mlock on the configuration documentation page. Previous wording could lead to confusion as to the recommended setting of the disable_mlock option. ( #2377 )
2017-02-15 11:09:27 -05:00
b86e9bc09f
aws-ec2 auth: fix docs ( #2375 )
2017-02-15 06:29:27 -05:00
ca06bc0b53
audit: support a configurable prefix string to write before each message ( #2359 )
...
A static token at the beginning of a log line can help systems parse
logs better. For example, rsyslog and syslog-ng will recognize the
'@cee: ' prefix and will parse the rest of the line as a valid json message.
This is useful in environments where there is a mix of structured and
unstructured logs.
2017-02-10 16:56:28 -08:00
2a79627a2e
Update libraries.html.md ( #2360 )
2017-02-10 09:39:18 -08:00
65b274299f
docs: transit parameter is actually deletion_allowed ( #2356 )
2017-02-09 15:10:28 -05:00
12ba3f7640
Cache assets longer
2017-02-09 14:39:12 -05:00
231238a6f8
Change cache to 4h
2017-02-09 14:37:12 -05:00
72db329d67
Add support for backup/multiple LDAP URLs. ( #2350 )
2017-02-08 14:59:24 -08:00
d5b1cc7ebe
Add correct output to unmount documentation ( #2352 )
...
Simply adding the actual output of: 'vault unmount generic/'
2017-02-08 10:40:56 -05:00
2fd59ad308
Merge branch 'master-oss' into acl-parameters-permission
2017-02-08 01:59:52 -05:00
f9c67273f3
Add audited headers to sidebar
2017-02-07 17:02:14 -05:00
6612744576
Add Okta docs to sidebar
2017-02-07 16:57:28 -05:00
Joel Thompson