luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
8751 commits 1 branch 0 tags 214 MiB
Commit graph

2141 commits

Author SHA1 Message Date
Marien Fressinaud 5f5faec977 [doc] Change auth token in getting-started (#4118) 
In the authentication section of the getting started doc, the token used
to login doesn't match with the one displayed as the command result.

This commit makes sure that both tokens correspond to avoid distracting
newcomers.
 2018-03-13 10:28:09 -04:00
Calvin Leung Huang 3108860d4b
Audit HMAC values on AuthConfig (#4077) 
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs

* docs: Add ttl params to auth enable endpoint

* Rewording of go string to simply string

* Add audit hmac keys as CLI flags on auth/secrets enable

* Fix copypasta mistake

* Add audit hmac keys to auth and secrets list

* Only set config values if they exist

* Fix http sys/auth tests

* More auth plugin_name test fixes

* Pass API values into MountEntry's config when creating auth/secrets mount

* Update usage wording
 2018-03-09 14:32:28 -05:00
Vishal Nayak 527eb418fe
approle: Use TypeCommaStringSlice for BoundCIDRList (#4078) 
* Use TypeCommaStringSlice for Approle bound_cidr_list

* update docs

* Add comments in the test
 2018-03-08 17:49:08 -05:00
Jeff Mitchell 9d2a0dc31f Update text around default policy to make it clear that it is user-modifiable 2018-03-08 15:48:11 -05:00
Jim Kalafut 079de043e3 Fix instruction in installation docs (#4097) 2018-03-08 11:02:04 -05:00
Viacheslav Vasilyev b06c25b552 Fix autoreplacing issue (#4103) 2018-03-08 11:01:46 -05:00
Jeff Escalante 706bb4df4c Some small website fixes (#4087) 
* prepend first instance of 'Vault' with 'HashiCorp'

* update dependencies + middleman-hashicorp
 2018-03-08 10:58:43 -05:00
Aleksandar a8304e5d4d Add the chunk_size optional parameter to gcs storage (#4060) 2018-03-05 08:32:48 -05:00
Mike eb1c2b0732 Correct endpoint's path in Doc (#4074) 
Fix typo in endpoint's path
 2018-03-05 07:41:53 -05:00
Jim Kalafut ef4537e5d4 Change "mount" to "secrets enable" in docs 2018-03-02 12:54:28 -08:00
Calvin Leung Huang e2fb199ce5
Non-HMAC audit values (#4033) 
* Add non-hmac request keys

* Update comment

* Initial audit request keys implementation

* Add audit_non_hmac_response_keys

* Move where req.NonHMACKeys gets set

* Minor refactor

* Add params to auth tune endpoints

* Sync cache on loadCredentials

* Explicitly unset req.NonHMACKeys

* Do not error if entry is nil

* Add tests

* docs: Add params to api sections

* Refactor audit.Backend and Formatter interfaces, update audit broker methods

* Add audit_broker.go

* Fix method call params in audit backends

* Remove fields from logical.Request and logical.Response, pass keys via LogInput

* Use data.GetOk to allow unsetting existing values

* Remove debug lines

* Add test for unsetting values

* Address review feedback

* Initialize values in FormatRequest and FormatResponse using input values

* Update docs

* Use strutil.StrListContains

* Use strutil.StrListContains
 2018-03-02 12:18:39 -05:00
Jeff Mitchell 49068a42be Document primary_email in Okta mfa path 2018-03-02 11:54:21 -05:00
Jeff Mitchell 8fe24dec0a Actually add PingID to the index of API pages 2018-03-02 11:49:48 -05:00
Joel Thompson e4949d644b auth/aws: Allow lists in binds (#3907) 
* auth/aws: Allow lists in binds

In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
 2018-03-02 11:09:14 -05:00
Vishal Nayak 2646ed5e2a
update sys/capabilities docs (#4059) 2018-03-01 11:42:39 -05:00
Jeff Mitchell 5034ae2dcb Add the ability to use multiple paths for capability checking (#3663) 
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).

Fixes #3336

* Added tests

* added 'paths' field

* Update docs

* return error if paths is not supplied
 2018-03-01 11:14:56 -05:00
Andy Manoske 942aa9bbdc
Update index.html.md 
Updated for Unbound
 2018-02-28 16:20:54 -08:00
Jeff Mitchell 20157fd56a Fix broken link on Consul docs 2018-02-26 13:28:15 -05:00
vishalnayak 4b0f27923f ssh: clarify optional behavior of cidr_list 2018-02-24 06:55:55 -05:00
chris trott 78df6a630e Configurable Consul Service Address (#3971) 
* Consul service address is blank

Setting an explicit service address eliminates the ability for Consul
to dynamically decide what it should be based on its translate_wan_addrs
setting.

translate_wan_addrs configures Consul to return its lan address to nodes
in its same datacenter but return its wan address to nodes in foreign
datacenters.

* service_address parameter for Consul storage backend

This parameter allows users to override the use of what Vault knows to
be its HA redirect address.

This option is particularly commpelling because if set to a blank
string, Consul will leverage the node configuration where the service is
registered which includes the `translate_wan_addrs` option. This option
conditionally associates nodes' lan or wan address based on where
requests originate.

* Add TestConsul_ServiceAddress

Ensures that the service_address configuration parameter is setting the
serviceAddress field of ConsulBackend instances properly.

If the "service_address" parameter is not set, the ConsulBackend
serviceAddress field must instantiate as nil to indicate that it can be
ignored.
 2018-02-23 11:15:29 -05:00
Yoko 099d89ff9d
Fixed a broken link (#4032) 2018-02-22 19:43:27 -08:00
Yoko 5389550cdc
Changed the layout category menu (#4007) 
* Changed the layout category menu

* Fixed typos

* Fixed a typo, and removed the duplicated generate-root guide

* Fixed the redirect.txt
 2018-02-22 16:24:01 -08:00
Chris Hoffman a2e816321e
adding LIST for connections in database backend (#4027) 2018-02-22 15:27:33 -05:00
Jeff Mitchell 9c2ad5c4ec Fix formatting on sys/health docs 2018-02-22 10:52:12 -05:00
Jeff Mitchell 2dda3f6363 Make docs around regenerate_key more specific 2018-02-22 09:09:20 -05:00
Calvin Leung Huang a06243bf8d
Add description param on tune endpoints (#4017) 2018-02-21 17:18:05 -05:00
Jeff Mitchell c2ae25d588 Update PKCS11 seal information 2018-02-21 09:05:36 -05:00
Vishal Nayak 45bb1f0adc
Verify DNS SANs if PermittedDNSDomains is set (#3982) 
* Verify DNS SANs if PermittedDNSDomains is set

* Use DNSNames check and not PermittedDNSDomains on leaf certificate

* Document the check

* Add RFC link

* Test for success case

* fix the parameter name

* rename the test

* remove unneeded commented code
 2018-02-16 17:42:29 -05:00
Jeff Mitchell f29bde0052
Support other names in SANs (#3889) 2018-02-16 17:19:34 -05:00
Jeff Mitchell 6f6b4521fa Update website for AWS client max_retries 2018-02-16 11:13:55 -05:00
Jeff Mitchell 857cdaeb2b Add some info about cert reloading behavior on SIGHUP 
CC #3990
 2018-02-15 17:11:48 -05:00
Seth Vargo cd930b1173 Add support for Google Cloud Spanner (#3977) 2018-02-14 20:31:20 -05:00
Jeff Mitchell 35906aaa6c
Add ChaCha20-Poly1305 support to transit (#3975) 2018-02-14 11:59:46 -05:00
Nick 11f197dfa5 Update lease.html.md (#3759) 2018-02-14 09:44:34 -05:00
Brian Shumate e6bf69b96b DOCS: update Telemetry with more coverage (#3968) 
- Add initial secrets engines metrics
- Update metrics types/values
- Update language for auth methods, secrets engines, audit devices
- Add more linking to relevant documentation
 2018-02-14 09:39:51 -05:00
Seth Vargo 602a7c27f8 Fix code in header font size (#3970) 
* Fix code in header font size

This fixes the tiny code font in header names.

* Update _global.scss
 2018-02-13 22:17:51 -05:00
Brian Shumate bbc196a6e5 Clarify with example of file-backend specific metrics (#3913) 2018-02-13 11:04:11 -05:00
George Perez 6e0ff44bfc Update generate-root.html.md (#3894) 
Fix typo: "providers" to "provides"
 2018-02-13 11:03:35 -05:00
Brian Shumate 492b3e2277 DOCS: update Telemetry (#3964) 
- Correct time to millis
- Correct storage backend summaries from # ops to duration of ops
 2018-02-13 10:15:19 -05:00
Paul Stack 3c683dba92 Adding Manta Storage Backend (#3720) 
This PR adds a new Storage Backend for Triton's Object Storage - Manta

```
make testacc TEST=./physical/manta
==> Checking that code complies with gofmt requirements...
==> Checking that build is using go version >= 1.9.1...
go generate
VAULT_ACC=1 go test -tags='vault' ./physical/manta -v  -timeout 45m
=== RUN   TestMantaBackend
--- PASS: TestMantaBackend (61.18s)
PASS
ok  	github.com/hashicorp/vault/physical/manta	61.210s
```

Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store

Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value

The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta
will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value`

The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
 2018-02-12 18:22:41 -05:00
Calvin Leung Huang 60732577f5
CLI Enhancements (#3897) 
* Use Colored UI if stdout is a tty

* Add format options to operator unseal

* Add format test on operator unseal

* Add -no-color output flag, and use BasicUi if no-color flag is provided

* Move seal status formatting logic to OutputSealStatus

* Apply no-color to warnings from DeprecatedCommands as well

* Add OutputWithFormat to support arbitrary data, add format option to auth list

* Add ability to output arbitrary list data on TableFormatter

* Clear up switch logic on format

* Add format option for list-related commands

* Add format option to rest of commands that returns a client API response

* Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead

* Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead

* Remove -no-color flag, use env var exclusively to toggle colored output

* Fix compile

* Remove -no-color flag in main.go

* Add missing FlagSetOutputFormat

* Fix generate-root/decode test

* Migrate init functions to main.go

* Add no-color flag back as hidden

* Handle non-supported data types for TableFormatter.OutputList

* Pull formatting much further up to remove the need to use c.flagFormat (#3950)

* Pull formatting much further up to remove the need to use c.flagFormat

Also remove OutputWithFormat as the logic can cause issues.

* Use const for env var

* Minor updates

* Remove unnecessary check

* Fix SSH output and some tests

* Fix tests

* Make race detector not run on generate root since it kills Travis these days

* Update docs

* Update docs

* Address review feedback

* Handle --format as well as -format
 2018-02-12 18:12:16 -05:00
Joel Thompson c61ac21e6c auth/aws: Improve role tag docs as suggested on mailing list (#3915) 
Fixes the ambiguity called out in
https://groups.google.com/forum/#!msg/vault-tool/X3s7YY0An_w/yH0KFQxlBgAJ
 2018-02-12 17:39:17 -05:00
Jeff Mitchell 4969505c7e
Add transaction-like behavior for Transit persists. (#3959) 2018-02-12 17:27:28 -05:00
Jeff Mitchell db8772f15e Minor website wording updates 2018-02-12 15:28:06 -05:00
Jeff Mitchell 5a047fba68 Document the disable_sealwrap parameter 2018-02-12 15:20:07 -05:00
Jeff Mitchell 6f025fe2ab
Adds the ability to bypass Okta MFA checks. (#3944) 
* Adds the ability to bypass Okta MFA checks.

Unlike before, the administrator opts-in to this behavior, and is
suitably warned.

Fixes #3872
 2018-02-09 17:03:49 -05:00
Vishal Nayak 80ffd07b8b added a flag to make common name optional if desired (#3940) 
* added a flag to make common name optional if desired

* Cover one more case where cn can be empty

* remove skipping when empty; instead check for emptiness before calling validateNames

* Add verification before adding to DNS names to also fix #3918
 2018-02-09 13:42:19 -05:00
alexandrumd 56f0ff4293 Change 'rules' parameter for Policies requests (#3947) 
With Vault Version: 0.9.1, the following is returned when using "rules" for policies operation:
```The following warnings were returned from the Vault server:
* 'rules' is deprecated, please use 'policy' instead```
 2018-02-09 07:43:18 -05:00
Roger Berlind 07f587dd05 Updated replication table (#3929) 2018-02-08 18:11:00 -05:00
Jeff Mitchell 4fbeae77ee
Update relatedtools.html.md 2018-02-08 11:15:47 -05:00
Robert Kreuzer a25986391b Add vaultenv to the list of related tools (#3945) 2018-02-08 10:30:45 -05:00
Chris Hoffman d723479b32
Fixing docs links and adding redirects for new guides (#3939) 
* updating links

* updating links

* updating links

* updating links

* updating links

* adding redirects
 2018-02-07 19:29:07 -05:00
Jed da955a8f1b Lil typo fixes (#3925) 
Read through the initial docs and noticed a few typos
 2018-02-07 09:38:11 -05:00
emily e086429964 fix IAM diagram for GCP auth method docs (#3927) 2018-02-07 09:37:11 -05:00
Andy Manoske 4d33d5fa34
Merge branch 'master' into new-guides 2018-02-06 13:09:22 -08:00
cikenerd e7973773ac Update etcd storage doc (#3753) 2018-02-06 11:00:00 -05:00
Yoko Hyakuna 1b12d74188 Missing * in the command 2018-02-05 16:17:18 -08:00
Jeff Mitchell 4174019efb Add a space before the MFA super 2018-02-05 12:32:25 -05:00
Jeff Mitchell 855d8cb769 Move MFA to deprecated section, mark with a super 2018-02-05 12:32:21 -05:00
Jeff Mitchell 193278f9a4 Minor grammatical update to MFA doc 2018-02-05 12:26:16 -05:00
Jeff Mitchell 8145b0ce0b Mark old MFA as legacy/unsupported in sidebar 2018-02-05 11:47:59 -05:00
Jeff Mitchell 0255d4ca10 Make the MFA support status more clear for the legacy system 2018-02-04 19:25:27 -05:00
Yoko Hyakuna 6883dc32f4 Merge branch 'master' of github.com:hashicorp/vault into new-guides 2018-02-02 09:03:12 -08:00
George Christou c35af6dd01 website: Include fish as a supported shell (#3895) 2018-02-02 10:34:48 -05:00
Yoko 9c93d2761e
Merge branch 'master' into new-guides 2018-02-01 11:55:18 -08:00
Yoko Hyakuna 2d30bef2af Fixed a typo 'on-demand' 2018-02-01 10:00:18 -08:00
Yoko Hyakuna 7a1a19b6d6 Incorporated review comments 2018-02-01 09:50:59 -08:00
Vishal Nayak 01b1b9ff6d
docs/telemetry: remove merge conflict remnant (#3882) 
* remove merge conflict remnant

* s/auth/authentication
 2018-02-01 12:09:58 -05:00
Andy Manoske 505e65d0fe
Merge branch 'master' into new-guides 2018-01-31 17:17:00 -08:00
Brian Shumate a7049247d9 Correct cofiguration option in example (#3879) 2018-01-31 13:41:31 -05:00
Yoko Hyakuna cef6f8a758 Replaced deprecated command 2018-01-31 09:27:14 -08:00
Yoko Hyakuna 9fc56991f0 Replaced the deprecated commands with new ones 2018-01-30 10:46:27 -08:00
Jack Pearkes a2f0f0a8e5 website: add note about the 0.9.2+ CLI changes to reduce confusion (#3868) 
* website: add note about the 0.9.2+ CLI changes to reduce confusion

* website: fix frontmatter for 0.9.3 guide, add to guides index

* website: add overview title to 0.9.3 guide for spacing
 2018-01-30 13:30:47 -05:00
Yoko Hyakuna dded969da6 Merge master 2018-01-30 09:57:30 -08:00
Yoko Hyakuna 470e913af7 resolved the file name conflict 2018-01-29 16:41:44 -08:00
Yoko Hyakuna 1a532cb993 Re-categorized the guides on the navigation 2018-01-26 15:13:15 -08:00
Jeff Mitchell 8f24bdee1f Typo fixes on upgrading page 2018-01-26 16:11:25 -05:00
Jeff Mitchell c6d8222236 Add 0.9.2 upgrade guide 2018-01-26 16:07:41 -05:00
Chris Bartlett c7580b2961 #3850 Fixed documentation for aws/sts ttl (#3851) 2018-01-25 22:20:30 -05:00
Yoko Hyakuna d5262f7896 Fixed typos in the command 2018-01-25 15:07:35 -08:00
Yoko Hyakuna 8a9dc208fb Fixed the sample admin policies 2018-01-24 22:15:40 -08:00
Yoko Hyakuna d8de750f97 Fixed the sample admin policies 2018-01-24 21:21:23 -08:00
Yoko Hyakuna 3e043170a0 Fixed the sample admin policies 2018-01-24 18:10:56 -08:00
Yoko Hyakuna 3fc84bff3a Added policy requirements & scenario diagrams 2018-01-24 16:01:44 -08:00
Andy Manoske 909f0d34fc
Policy Feedback from PM 2018-01-24 11:47:31 -08:00
Yoko Hyakuna d45a247bec Cleaned up the diagram 2018-01-23 16:22:17 -08:00
Yoko Hyakuna 9df839e446 More detailed descriptions were added 2018-01-23 15:43:07 -08:00
Vishal Nayak b9a5a35895 docs: Fix the expected type of metadata (#3835) 2018-01-23 16:30:15 -05:00
Jeff Mitchell 8e8675053b Sync some bits over 2018-01-22 21:44:49 -05:00
Yoko Hyakuna 358f95553c WIP - new guides 2018-01-22 18:14:23 -08:00
Brian Shumate dec64ecfd7 Update API endpoint references for revoke-prefix (#3828) 2018-01-22 18:04:43 -05:00
Yoko Hyakuna df16089491 WIP - Added personas 2018-01-18 17:40:35 -08:00
Yoko Hyakuna ac4bd212fc WIP - new guides 2018-01-17 17:39:21 -08:00
Yoko Hyakuna fd77a55dc1 WIP - new guides 2018-01-16 17:16:20 -08:00
Josh Giles 9c46431b80 Support JSON lists for Okta user groups+policies. (#3801) 
* Support JSON lists for Okta user groups+policies.

Migrate the manually-parsed comma-separated string field types for user
groups and user policies to TypeCommaStringSlice. This means user
endpoints now accept proper lists as input for these fields in addition
to comma-separated string values. The value for reads remains a list.

Update the Okta API documentation for users and groups to reflect that
both user group and user/group policy fields are list-valued.

Update the Okta acceptance tests to cover passing a list value for the
user policy field, and require the OKTA_API_TOKEN env var to be set
(required for the "everyone" policy tests to pass).

* Fix typo, add comma-separated docs.
 2018-01-16 18:20:19 -05:00
Jake Scaltreto 3ad372d65d Fix minor typo in word "certificate" (#3783) 2018-01-15 15:52:41 -05:00
Paweł Słomka b994e83c65 Cleanup of deprecated commands in tests, docs (#3788) 2018-01-15 15:19:28 -05:00
Harrison Brown 6b7f57caab Suggested website copy changes (#3791) 
* Adds comma

* Adds comma

* Suggested copy change
 2018-01-15 14:33:41 -05:00
Vishal Nayak 8ef51c0065
Delete group alias upon group deletion (#3773) 2018-01-11 10:58:05 -05:00
Yoko Hyakuna 588e3bcd2d WIP - New Vault guides 2018-01-10 17:28:00 -08:00
Yoko Hyakuna 6f7ed3016d WIP - New Vault guides 2018-01-10 11:14:59 -08:00
Jeff Mitchell d8009bced1 Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-10 11:15:49 -05:00
Yoko Hyakuna 5e0ac2aee0 WIP - New Vault guides 2018-01-09 15:12:08 -08:00
Yoko Hyakuna f61f32f0c6 WIP - New Vault guides 2018-01-09 15:06:00 -08:00
Laura Uva b242800958 Fixed the link to the section on generating DR operation token for promoting secondary. (#3766) 2018-01-09 10:02:09 -06:00
Brian Shumate fd424c74ba Docs: add DR secondary/active HTTP 472 code (#3748) 2018-01-03 15:07:36 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jon Davies 66e2593ef9 s3.go: Added options to use paths with S3 and the ability to disable SSL (#3730) 2018-01-03 12:11:00 -05:00
Brian Nuszkowski 9c3e96b591 Update '/auth/token/revoke-self' endpoint documentation to reflect the proper response code (#3735) 2018-01-03 12:09:43 -05:00
Didi Kohen 089a0793bd Clarify that keybase is supported only in the CLI (#3744) 2018-01-03 11:18:38 -05:00
dmwilcox 39dd122663 Update docs to reflect ability to load cold CA certs to output full chains. (#3740) 2018-01-03 10:59:18 -05:00
Alexandre Nicastro 19b4062801 docs: fix typo (change 'a' to 'an' - indefinite article) (#3741) 2018-01-03 10:47:15 -05:00
markpaine c50c597b62 Spelling correction. "specifig" -> "specific" (#3739) 2018-01-03 10:38:55 -05:00
markpaine 3c483b3e87 Spelling correction "datatabse" -> "database" (#3738) 2018-01-03 10:38:16 -05:00
Brian Shumate 4a9333b076 Docs: Updated Telemetry documentation (#3722) 2017-12-26 13:51:15 -05:00
Brian Shumate bbf1c67d80 Update backend config docs - addresses #3718 (#3724) 2017-12-26 13:48:45 -05:00
Jeff Mitchell 1a2eba5f87 Port website changes from ent side 2017-12-21 09:00:35 -05:00
Jeff Mitchell 121d5bfeaa Bump vars for 0.9.1 2017-12-21 08:39:41 -05:00
Jeff Mitchell e6d60ee551 Clarify control group APIs are enterprise only. 
Fixes #3702
 2017-12-19 11:00:02 -05:00
Calvin Leung Huang c4e951efb8 Add period and max_ttl to cert role creation (#3642) 2017-12-18 15:29:45 -05:00
Roger Berlind 27cdb42258 Added example for Azure SQL Database (#3700) 2017-12-18 13:55:56 -05:00
Travis Cosgrave cf3e284396 Use Custom Cert Extensions as Cert Auth Constraint (#3634) 2017-12-18 12:53:44 -05:00
Jeff Mitchell 77a7c52392
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
Ernest W. Durbin III 98e04c42d3 Correct documentation for Kubernetes Auth Plugin (#3708) 2017-12-18 12:12:08 -05:00
James Nugent e320d0580a physical/dynamodb: Clarify ha_enabled type (#3703) 
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.

While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
 2017-12-18 09:30:29 -05:00
James Nugent 618b52d72d docs: Add correct method for mlock on systemd (#3704) 
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
 2017-12-18 09:29:37 -05:00
Raja Nadar 446b87ee0e added the missing nonce and type fields (#3694) 2017-12-17 16:26:07 -05:00
Chris Hoffman f6bed8b925 fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Chris Hoffman ef56322369 Merge remote-tracking branch 'oss/master' into f-nomad 
* oss/master:
  Add support for encrypted TLS key files (#3685)
 2017-12-15 19:51:28 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Chris Hoffman c71f596fbd address some feedback 2017-12-15 17:06:56 -05:00
Jeff Mitchell b478ba8bac
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Vishal Nayak 15b3d8738e Transit: backup/restore (#3637) 2017-12-14 12:51:50 -05:00
Brian Shumate d5d265956d Docs: fix typo in libtool ltdl name and link to avoid confusion and note about arch (#3644) 2017-12-11 13:42:19 -05:00
Brian Shumate a8932fbcbd Docs: Update PKI URL config examples to FQDN — addresses #3606 (#3647) 2017-12-11 13:25:59 -05:00
Chris Hoffman 3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Paulo Ribeiro 0ee55dde52 Remove duplicate link in ToC (#3671) 2017-12-11 12:52:58 -05:00
Brian Shumate 07a0d25aeb Docs: Update PKI output examples - addresses #3606 (#3628) 2017-12-11 11:57:07 -05:00
Jeff Mitchell b5d21ebdae
Cross reference pki/cert in a few places. 2017-12-11 11:10:28 -05:00
Brad Sickles 295e11d40d Adding mfa support to okta auth backend. (#3653) 2017-12-07 14:17:42 -05:00
Brian Shumate a0d1092420 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Mohsen 2aa576149c Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Brian Kassouf 34f5d1e637 Remove the note about GKE from the Kubernetes docs (#3658) 2017-12-06 13:38:00 -05:00
Calvin Leung Huang 41f03b466a
Support MongoDB session-wide write concern (#3646) 
* Initial work on write concern support, set for the lifetime of the session

* Add base64 encoded value support, include docs and tests

* Handle error from json.Unmarshal, fix test and docs

* Remove writeConcern struct, move JSON unmarshal to Initialize

* Return error on empty mapping of write_concern into mgo.Safe struct
 2017-12-05 15:31:01 -05:00
Calvin Leung Huang 8f87854b86
Clarify api_addr related errors on VaultPluginTLSProvider (#3620) 
* Mention api_addr on VaultPluginTLSProvider logs, update docs

* Clarify message and mention automatic api_address detection

* Change error message to use api_addr

* Change error messages to use api_addr
 2017-12-05 12:01:35 -05:00
Laura Uva 892a0cb5e0 Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key (#3632) 2017-12-04 12:12:58 -05:00
Brian Shumate 5a9d8c60ac Docs: Update /sys/policies/ re: beta refs to address #3624 (#3629) 2017-12-04 12:10:26 -05:00
Jeff Mitchell e301ebe91b
Update secrets page 
Fixes #3623
 2017-12-04 12:05:34 -05:00
Jeff Mitchell f762d0615e
Remove beta notice 2017-12-04 08:25:16 -08:00
Chris Hoffman b17fb19b52 Expanding on the quick start guide with how to set up an intermediate authority (#3622) 2017-12-04 11:23:58 -05:00
Brian Shumate ac69680d7b Docs: mlock() notes, fixes #3605 (#3614) 2017-12-04 10:56:16 -05:00
crdotson fd2464c410 Fix spelling (#3609) 
changed "aomma" to "comma"
 2017-12-04 10:53:58 -05:00
csawyerYumaed 605efa37e9 update relatedtools, add Goldfish UI. (#3597) 
Add link to Goldfish a  web UI for Vault.
 2017-12-04 10:51:16 -05:00
Paul Pieralde ff2c8d4865 Fix docs for Transit API (#3588) 2017-12-04 10:34:05 -05:00
Jeff Mitchell d81a39ab99 Update cassandra docs with consistency value. 
Fixes #3361
 2017-12-02 14:18:23 -05:00
Marc Sensenich 92f937c021 Remove Trailing White space in Kubernetes Doc (#3360) 
Removed a trailing white space from which caused `Error loading data: Invalid key/value pair ' ': format must be key=value` if copying the example

```
vault write auth/kubernetes/role/demo \
    bound_service_account_names=vault-auth \
    bound_service_account_namespaces=default \
    policies=default \
    ttl=1h
```
 2017-12-02 14:12:39 -05:00
immutability 74bd27bdb5 Missing command for vault PUT operation (#3355) 2017-12-02 13:43:37 -05:00
Jeff Mitchell f79a15ddcd Update some rekey docs 
Fixes #3306
 2017-12-02 13:34:52 -05:00
Nicolas Corrarello 7b14f41872
Fix docs up to current standards 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:53:42 +00:00
Nicolas Corrarello b3799697a2
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello a6d3119e3e
Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Laura Uva 3b5cbe54fd Added clarification to KV documentation about default CLI behavior and how to preserve non-string type values (#3596) 2017-11-27 11:43:49 -05:00
Brian Shumate fa4af18b73 Docs: policy update for multiple policies, fixes #3611 (#3613) 2017-11-27 09:54:38 -05:00
mariachugunova 89a0919250 Fix typo in s3 storage backend docs (#3603) 2017-11-23 13:28:33 -08:00
Vishal Nayak 5f02a64206
docs: encryption/decryption now supports asymmetric keys (#3599) 2017-11-21 12:25:28 -05:00
Jeff Mitchell 422c1898c8 Update upgrade guide with HSM info 2017-11-16 11:04:46 -05:00
Vishal Nayak 00dfc1c4de
Docs: Remove 'none' as algorithm options (#3587) 2017-11-15 09:09:45 -05:00
Jeff Mitchell 141548fb33 Add now-necessary mfa import to sentinel MFA example 2017-11-14 21:42:43 -05:00
Brian Kassouf 85a5a75835
Add token_reviewer_jwt to the kubernetes docs (#3586) 2017-11-14 13:27:09 -08:00
Chris Hoffman b3a7d8ecf3
adding licensing docs (#3585) 2017-11-14 16:15:09 -05:00
Paul Pieralde 8fedef3d99 Docs change for Policy API (#3584) 
vault 0.9.0 deprecated the term `rules` in favor of the
term `policy` in several of the /sys/policy APIs.

The expected return state of 200 SUCCESS_NO_DATA only happens
if the `policy` term is used. A response including the
deprecation notice and a 204 SUCCESS_WITH_DATA status code
is returned when `rules` is applied.
 2017-11-14 14:26:26 -05:00
Vishal Nayak 2b481defe4
Upgrade to 0.9 (#3583) 
* Upgrade to 0.9

* Add link to sidebar

* Remove items that were already in 0.8 upgrade guide
 2017-11-14 13:32:09 -05:00
Vishal Nayak 3c7f194797
Doc: Add groups to identity concepts (#3581) 
* Add groups to the concepts page

* s/pulled-in and pulled-out/synced against

* Remove double spaces
 2017-11-14 13:27:49 -05:00
Seth Vargo 68052f18d0
Flip seal pages upside down to put examples first 2017-11-14 13:12:35 -05:00
Seth Vargo 4efcfe03d1
Add an auto-unseal page to the docs 
This helps with SEO and also is where I'd expect auto unsealing to be referenced.
 2017-11-14 13:12:20 -05:00
Seth Vargo b09d042173
Use super to show enterprise 2017-11-14 13:11:55 -05:00
Jeff Mitchell 8ba71a67e5 Minor website wording updates 2017-11-14 12:34:28 -05:00
Jeff Mitchell 40e3883788 Fix some broken links 2017-11-14 12:32:03 -05:00
Jeff Mitchell 7ac167f8a4 Sync docs 2017-11-14 06:13:11 -05:00
Vishal Nayak 5d976794d4
API refactoring and doc updates (#3577) 
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
 2017-11-13 20:59:42 -05:00
Laura Uva 96e80e38e8 Updated the Replication guide to make it clear that it is focused on Performance Replication. Added a link to our general info page for information on DR Replication. Removed some statements about DR not being available yet. (#3502) 2017-11-13 11:55:04 -05:00
Brian Shumate 697a506b7b DOCS: Update telemetry docs - fixes #3557 (#3571) 2017-11-13 09:58:04 -05:00
Calvin Leung Huang 87feab4492
Docs update related to new top-level config values (#3556) 
* Add new top level config value docs, add VAULT_API_ADDR, purge old references

* Fix indentation

* Update wording on ha.html

* Add section on split data/HA mode

* Fix grammar
 2017-11-10 20:06:07 -05:00
Vishal Nayak 645c068011
transit doc update (#3564) 2017-11-09 16:17:54 -05:00
James Soubry f2a98cc662 Fix curl commands (#3558) 
Curl commands require HCL within JSON to work.
 2017-11-09 10:16:09 -05:00
Calvin Leung Huang b7deec2bec Add docs for /sys/rekey-recovery-key (#3520) 2017-11-08 14:22:30 -05:00
Paul Pieralde 01ff6293e0 Doc fix for Create/Update Token API (#3548) 
`orphan` is intended to be default to False. Docs indicate this
is default to True. Simple change to update the docs only.
 2017-11-07 18:06:44 -05:00
Joel Thompson 2c8cd19e14 auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Chris Hoffman de8c0dce99 minor cleanup 2017-11-06 16:34:20 -05:00
Jonathan Freedman 4109473134 More Mount Conflict Detection (#2919) 2017-11-06 15:29:09 -05:00
Gregory Reshetniak 57c9afa357 added AWS enpoint handling (#3416) 2017-11-06 13:31:38 -05:00
Calvin Leung Huang d7305a4681
Add note on support for using rec keys on /sys/rekey (#3517) 2017-11-06 12:18:15 -05:00
Jason Antman af649c60d0 Add third party tools list to website (#3488) 2017-11-06 12:11:02 -05:00
Jeff Mitchell 17310654a1
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Nicolas Corrarello 5a317a1a32
Updated documentation 2017-11-06 15:13:50 +00:00
Calvin Leung Huang 93917743df
Update SSH list roles docs (#3536) 2017-11-03 18:00:46 -04:00
Vishal Nayak e4e4a7ba67
Capabilities responds considering policies on entities and groups (#3522) 
* Capabilities endpoint will now return considering policies on entities and groups

* refactor the policy derivation into a separate function

* Docs: Update docs to reflect the change in capabilities endpoint
 2017-11-03 11:20:10 -04:00
Vishal Nayak 06923430cc
docs: s/persona/alias (#3529) 2017-11-03 11:17:59 -04:00
Vishal Nayak 52df62d4ff
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend (#3489) 
* encrypt/decrypt/sign/verify RSA

* update path-help and doc

* Fix the bug which was breaking convergent encryption

* support both 2048 and 4096

* update doc to contain both 2048 and 4096

* Add test for encrypt, decrypt and rotate on RSA keys

* Support exporting RSA keys

* Add sign and verify test steps

* Remove 'RSA' from PEM header

* use the default salt length

* Add 'RSA' to PEM header since openssl is expecting that

* export rsa keys as signing-key as well

* Comment the reasoning behind the PEM headers

* remove comment

* update comment

* Parameterize hashing for RSA signing and verification

* Added test steps to check hash algo choice for RSA sign/verify

* fix test by using 'prehashed'
 2017-11-03 10:45:53 -04:00
Vishal Nayak a7acc23034
docs: Add config/ca delete operation (#3525) 2017-11-03 06:19:21 -04:00
Chris Hoffman 3d8d887676
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Nicolas Corrarello d540985926 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Nicolas Corrarello 0fc65cabc7 Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00
Nathan Valentine 0345dca20f Should these names not reference Vault? (#3506) 
Since we are in the Vault docs, should these names not reference Vault instead of Nomad?
 2017-10-30 11:04:38 -05:00
Jeff Mitchell 963f516ac9 Fix C&P in docs. 
Fixes #3454
 2017-10-27 16:43:26 -04:00
Vishal Nayak b16084fdaf aws-ec2: Avoid audit logging of custom nonces (#3381) 2017-10-27 11:23:15 -04:00
smeach c575435040 Updated cli arg to reflect text description (#3487) 2017-10-27 09:44:56 -05:00
AJ Bourg a71add2973 Add a doc for the token helper (#3411) 
* Add token helper docs.

* Update it so the new token helpers page appears in the navigation.
 2017-10-27 09:42:33 -05:00
Christophe Tafani-Dereeper 5ff1485a3e Correct typos in the sys/raw documentation (#3484) 2017-10-24 10:33:57 -04:00
Seth Vargo 83b1eb900a
More naming cleanup 2017-10-24 09:35:03 -04:00
Seth Vargo a07c7d7368
Update guides to use new CLI commands 2017-10-24 09:34:30 -04:00
Seth Vargo 53f26e6bd7
Update getting started walkthrough 2017-10-24 09:34:30 -04:00
Seth Vargo 7463ba73a5
Oops typo 2017-10-24 09:34:30 -04:00
Seth Vargo 6c1411447c
Remove more references to auth backend 2017-10-24 09:34:12 -04:00
Seth Vargo 926ca5c125
Update k8s documentation 2017-10-24 09:34:12 -04:00
Seth Vargo 51a27b758b
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo 2982fdf7ca
Remove ?list examples 
They are documented in the overall API section, but people should get used to seeing LIST as a verb
 2017-10-24 09:32:15 -04:00
Seth Vargo a85d3c6270
Remove smaller font on embedded code snippets 2017-10-24 09:32:15 -04:00
Seth Vargo c5665920f6
Standardize on "auth method" 
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
 2017-10-24 09:32:15 -04:00
Seth Vargo 3bbeace911
Audit backend -> device 2017-10-24 09:30:52 -04:00
Seth Vargo f7310eac04
Add new commands to the sidebar 2017-10-24 09:30:52 -04:00
Seth Vargo aa34fb17c7
Absorb help and read-write into index 2017-10-24 09:30:52 -04:00
Seth Vargo 162c525159
Add "write" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 6fa133852e
Add "unwrap" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4d80ccbb4c
Add "token" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 51e185b9a2
Add "status" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4634949b9b
Add "ssh" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo a106350950
Add "server" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 28fa271c4e
Add "secrets" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo bcf6657e9c
Add "read" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo c743167f4c
Add "policy" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 54f8e0adb2
Update "path-help" documentation 2017-10-24 09:30:51 -04:00
Seth Vargo f48bc06d93
Add "operator" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo a81ff9a97c
Add "login" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 50d6c9a642
Add "list" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 57c0d53121
Add "lease" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo d31bccccdf
Add "delete" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 48e84342c2
Add "auth" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 0fa0a5ca41
Add "audit" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 3c43409e6c
Add "token revoke" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 6d150b5228
Add "token renew" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo cac3515379
Add "token lookup" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo ffe608d535
Add "token create" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 61edbf3325
Add "token capabilities" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 529b9bd224
Add "secrets tune" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 40b8f3c204
Add "secrets move" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo f2bbb3cc18
Add "secrets list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c782b25e7c
Add "secrets enable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 087a87c59e
Add "secrets disable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 6995d1e06b
Add "policy write" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 79b3f7d8fe
Add "policy read" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo e29e78eb7d
Add "policy list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 6522bd12d5
Add "policy fmt" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo b735d70922
Add "policy delete" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c9d74f77e4
Add "operator unseal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo f15eddf299
Add "operator step-down" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c62de019dd
Add "operator seal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c2f31c503a
Add "operator rotate" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 310d4adc87
Add "operator rekey" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 83df4a8c4c
Add "operator key-status" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c35d67c9e3
Add "operator init" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo ed15b273ca
Add "operator generate-root" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo baf2edbc57
Add "lease revoke" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo a1de44f93c
Add "lease renew" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 21e74d73dd
Add "auth tune" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 7d880e3154
Add "auth list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 01780e9b75
Add "auth help" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo e04fb8423a
Add "auth enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 95af51f279
Add "auth disable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 89e23d0e84
Add "audit list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 04ee9ce40a
Add "audit enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo fd2a12bce4
Add "audit disable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 0afff80b5e
Document mount types/values 2017-10-24 09:28:05 -04:00
Seth Vargo 44851f992e
Expand root generation guide with a PGP example 2017-10-24 09:28:05 -04:00
Chris Hoffman e4065e33d2 copying general purpose tools from transit backend to /sys/tools (#3391) 2017-10-20 10:59:17 -04:00
Chris Hoffman df29bc4fc0 updating mssql docs (#3477) 2017-10-19 11:21:29 -04:00
Brian Shumate d150f374fd Match plugin name from releases (#3453) 2017-10-19 11:10:42 -04:00
blazindragon 6c6e2a3baa Correct typo: DELET to DELETE (#3452) 2017-10-13 10:11:04 -04:00
Brian Kassouf fdd76563eb Add a note about the instant client libraries (#3434) 
* Add a note about the instant client libraries

* Update oracle.html.md
 2017-10-12 09:40:06 -04:00
Jeremy Voorhis af24163abd Implement signing of pre-hashed data (#3448) 
Transit backend sign and verify endpoints now support algorithm=none
 2017-10-11 11:48:51 -04:00
Martins Sipenko a2808db1af Fix docs (#3449) 2017-10-11 11:29:26 -04:00
Brendan d5decccbfe Update index.html.md (#3433) 
Fixed typo in json property used to create custom secret_id
 2017-10-11 09:25:43 -04:00
emily cbe41b590f add GCP APIs that need to be enabled to GCP auth docs, small doc fixes (#3446) 2017-10-11 09:18:32 -04:00
Nicolas Corrarello 3380fd647d Adding Nomad docs to the nav. Minor cosmetics fixes 2017-10-06 16:03:06 +01:00
David Dixon cfd27317d8 Small typo corrections for policies doc (#3413) 2017-10-06 09:38:00 -04:00
Nicolas Corrarello d7bb311db3 A few simple fixes for the Github API docs (#3432) 2017-10-06 06:13:47 -04:00
Daniel DeFisher 974332c2c5 upgrade ldap api docs to refrect 0.8.3 change to returned json of policies (#3421) 2017-10-04 15:40:28 -04:00
Jeff Mitchell e3ce60eb1f Allow entering PKI URLs as arrays. (#3409) 
Fixes #3407
 2017-10-03 16:13:57 -04:00
Oluwafemi Sule b6ec6351af fix spellings errors (#3400) 2017-09-29 11:52:42 -04:00
Nicolas Corrarello b207b76f14 Updated API Docs with the Global Token Parameter 2017-09-29 11:23:47 +01:00
Alex Dadgar f56e191020 Fix spelling errors (#3390) 2017-09-28 07:54:40 -04:00
Paulo Ribeiro 43540e9c32 Fix grammatical error (#3395) 
Also changed capitalization for consistency.
 2017-09-28 06:28:48 -04:00
Brian Kassouf b1db3765ca Kubernetes Docs Update (#3386) 
* Update Kubnernetes Docs

* Add a note about alpha clusters on GKE

* Fix JSON formatting

* Update kubernetes.html.md

* Fix a few review comments
 2017-09-27 14:02:18 -07:00
Vishal Nayak abcf4b3bb2 docs: Added certificate deletion operation API (#3385) 2017-09-26 20:28:52 -04:00
Jeff Mitchell 17a15cd594 Add option to disable client certificate requesting. (#3373) 
Fixes #3372
 2017-09-25 14:41:46 -04:00
Nicolas Corrarello 2b4561dccb Adding Nomad Secret Backend API documentation 2017-09-21 09:18:35 -05:00
Nicolas Corrarello 5178e5f5f2 Adding Nomad secret backend documentation 2017-09-20 17:31:28 -05:00
Dave Pedu 19e4d8b6c3 Spelling fix (#3351) 2017-09-19 15:25:39 -04:00
Brian Kassouf 9b0d594d02 Kubernetes auth (#3350) 
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a9427bcde7e73cea41dea19d0922f94789.

* Update the vendored directory
 2017-09-19 09:27:26 -05:00
Calvin Leung Huang d4a5362835 Clarify backup data that is being stored (#3345) 2017-09-19 07:44:34 -05:00
emily ed3d75d0b1 Add GCE docs for GCP Auth Backend (#3341) 2017-09-19 07:44:05 -05:00
Bruno Miguel Custódio 2abddb248e Fix a few quirks in the GCP auth backend's docs. (#3322) 2017-09-19 07:41:41 -05:00
Vishal Nayak e99640f462 Add 'pid_file' config option (#3321) 
* add pid_file config option

* address review feedback

* address review comments
 2017-09-16 17:09:37 -04:00
Laura Uva 8529972bfb Updated https://www.vaultproject.io/api/system/replication-dr.html#generate-dr-secondary-token to be a POST rather than GET. This was reported by a customer and I confirmed that this should be a logical.UpdateOperation rather than ReadOperation (24f2b961fd/vault/replication_api.go (L121)). (#3342) 2017-09-15 16:19:16 -04:00
Chris Hoffman 1029ad3b33 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman a2d2f1a543 Adding support for base_url for Okta api (#3316) 
* Adding support for base_url for Okta api

* addressing feedback suggestions, bringing back optional group query

* updating docs

* cleaning up the login method

* clear out production flag if base_url is set

* docs updates

* docs updates
 2017-09-15 00:27:45 -04:00
Chris Hoffman 9d73c81f38 Disable the sys/raw endpoint by default (#3329) 
* disable raw endpoint by default

* adding docs

* config option raw -> raw_storage_endpoint

* docs updates

* adding listing on raw endpoint

* reworking tests for enabled raw endpoints

* root protecting base raw endpoint
 2017-09-15 00:21:35 -04:00
Chris Hoffman 2e60b20eae update enterprise urls /docs/vault-enterprise -> /docs/enterprise (#3333) 2017-09-13 15:37:40 -04:00
Paul Pieralde 2c640950e0 Fixed docs to reflect correct HTTP method for /sys/config/auditing endpoing (#3331) 
Updated documentation to reflect "Read Single Audit Request Header" endpoint is GET-based.
 2017-09-13 11:59:27 -07:00
Jeff Mitchell cb6ac1e926 Change behavior of TTL in sign-intermediate (#3325) 
* Fix using wrong public key in sign-self-issued

* Change behavior of TTL in sign-intermediate

This allows signing CA certs with an expiration past the signer's
NotAfter.

It also change sign-self-issued to replace the Issuer, since it's
potentially RFC legal but stacks won't validate it.

Ref: https://groups.google.com/d/msg/vault-tool/giP69-n2o20/FfhRpW1vAQAJ
 2017-09-13 11:42:45 -04:00
Chris Hoffman cfa74e6a95 remove token header from login samples (#3320) 2017-09-11 18:14:05 -04:00
Bruno Miguel Custódio 886a0acee6 Fix navigation and prameters in the 'gcp' auth backend docs. (#3317) 2017-09-11 15:26:24 -04:00
Jose Diaz-Gonzalez 12cde76112 fix: add missing comma to payload (#3308) 2017-09-11 12:03:43 -04:00
Dan Urson 57a7002210 Update AWS CloudHSM comparison. (#3311) 
* Update AWS CloudHSM comparison.

* Update hsm.html.md

* Update hsm.html.md
 2017-09-10 12:54:05 -04:00
Calvin Leung Huang c747caac2a Fix cassandra tests, explicitly set cluster port if provided (#3296) 
* Fix cassandra tests, explicitly set cluster port if provided

* Update cassandra.yml test-fixture

* Add port as part of the config option, fix tests

* Remove hostport splitting in cassandraConnectionProducer.createSession

* Include port in API docs
 2017-09-07 23:04:40 -04:00
Adam Duke a3f97c5e3e fix typo in policies documentation (#3302) 2017-09-07 11:55:24 -04:00
Paul Pieralde 567f2ce1f1 Fix docs for Certificate authentication (#3301) 
Fix discrepencies in the documentation for TLS Certificate
authentication. The Delete CRL method has a misleading title and
description.
 2017-09-07 10:28:14 -04:00
Paul Pieralde 25976b340e Fixed small typo in RabbitMQ secret backend. (#3300) 
Fixed `name` param for the Delete Role API in the RabbitMQ secret backend.
 2017-09-07 10:00:32 -04:00
Jeff Mitchell 44bf03e3b6 Fix compile after dep update 2017-09-05 18:18:34 -04:00
Eugene Bekker e85e22b00e Fixing the response sample for reading a plugin (#3278) 
The plugin config data properties are returned immediately within the response's `data` object.
 2017-09-01 08:34:54 -04:00
Jeff Mitchell 9578361513 Massive update to response-wrapping concept page 2017-09-01 08:32:55 -04:00
Jeff Mitchell abb2ab2918 Add pki/root/sign-self-issued. (#3274) 
* Add pki/root/sign-self-issued.

This is useful for root CA rolling, and is also suitably dangerous.

Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.

* Add tests
 2017-08-31 23:07:15 -04:00
Calvin Leung Huang 6f417d39da Normalize plugin_name option for mount and enable-auth (#3202) 2017-08-31 12:16:59 -04:00
Chris Hoffman 194491759d Updating Okta lib for credential backend (#3245) 
* migrating to chrismalek/oktasdk-go Okta library

* updating path docs

* updating bool reference from config
 2017-08-30 22:37:21 -04:00
Jeff Mitchell 8acef196a8 Add 'discard' target to file audit backend (#3262) 
Fixes #seth
 2017-08-30 19:16:47 -04:00
Joel Thompson caf90f58d8 auth/aws: Allow wildcard in bound_iam_principal_id (#3213) 2017-08-30 17:51:48 -04:00
stephan stachurski e396d87bc5 add support to use application default credentials to gcs storage backend (#3257) 2017-08-30 15:42:02 -04:00
Seth Vargo 9f80099fae
Remove fake news about custom plugins 
This also adds a redirect from the old page to the new one
 2017-08-30 12:57:45 -04:00
Christopher Pauley eccbb21ce8 stdout support for file backend via logger (#3235) 2017-08-29 14:51:16 -04:00
djboris9 21a15204bd Fix API/AUTH/AppRole doc issue concerning bound_cidr_list (#3205) 
This patch fixes a little documentation issue.
bind_cidr_list doesn't exist as parameter to AppRole creation. It should be "bound_cidr_list".
In "path-help" it is documented correctly.
 2017-08-29 12:37:20 -04:00
Hamza Tümtürk 525c124d69 Add missing code ending to Sample Payload (#3239) 2017-08-25 12:34:12 -04:00
Jon Benson d88aefc64f Fix typo (#3237) 2017-08-25 09:51:33 -04:00
Brian Kassouf 23089dafbc Add basic autocompletion (#3223) 
* Add basic autocompletion

* Add autocomplete to some common commands

* Autocomplete the generate-root flags

* Add information about autocomplete to the docs
 2017-08-24 15:23:40 -07:00
Chris Hoffman bf9658ec61 fix docs formatting 2017-08-24 11:23:26 -04:00
Serg 66b178f969 Update index.html.md (#3233) 2017-08-24 10:08:35 -04:00
Chris Hoffman 27598ce960 Add GET variant on LIST endpoints (#3232) 2017-08-23 17:59:22 -04:00
Seth Vargo ec9e187ce4 Thread stderr through too (#3211) 
* Thread stderr through too

* Small docs typo
 2017-08-21 17:23:29 -04:00
Seth Vargo 1f45a6c96e Addd more SSH CA troubleshooting (#3201) 
* Add notes about pty and other permit-* extensions

* Update troubleshooting

* Add an example of JSON for sign

* Fix a bug about what keys to push up
 2017-08-21 17:22:54 -04:00
Yaroslav Lukyanov da19d2941f add new php client to the doc (#3206) 2017-08-21 13:07:03 -04:00
Calvin Leung Huang 73fd103456 Update gcp auth backend docs (#3209) 
* Update gcp auth backend docs

* Minor formatting and wording fixes

* Minor formatting fixes
 2017-08-18 16:25:52 -04:00
Paulo Ribeiro ba98b60e41 Fix typo in AppRole API page (#3207) 2017-08-18 10:46:29 -04:00
Chris Maki 7b5978634f Update policies.html.md 
Using the latest vault release, I was getting the following error when the policy used `write`:

Error: Error making API request.

URL: PUT http://0.0.0.0:8200/v1/sys/policy/secret
Code: 400. Errors:

* Failed to parse policy: path "secret/*": invalid capability 'write'

I think `create` is the correct new Capability.
 2017-08-17 12:26:29 -07:00
Seth Vargo b4bec62d47
Typo fix 2017-08-16 18:38:35 -04:00
Seth Vargo 7b1e013511
Refactor SSH CA backend docs 2017-08-16 18:38:35 -04:00
Brian Kassouf 406396603a Fix a few links (#3188) 2017-08-16 10:27:12 -07:00
Jeff Mitchell bbcbe1f6d5 Fix ping docs location 2017-08-16 12:57:31 -04:00
Jeff Mitchell 411419cbf8 plugins/backend/reload -> plugins/reload/backend (#3186) 2017-08-16 12:40:38 -04:00
Calvin Leung Huang ae75e39c44 Fix plugin docs (#3185) 
* Fix plugin docs

* Add plugin_name to auth endpoint
 2017-08-16 12:36:46 -04:00
Jeff Mitchell 4dc55474e6 Remove erroneous flag from hmac docs 2017-08-16 11:27:39 -04:00
Jeff Mitchell c34a5b2e93 * Add ability to specify a plugin dir in dev mode (#3184) 
* Change (with backwards compatibility) sha_256 to sha256 for plugin
registration
 2017-08-16 11:17:50 -04:00
emily 31a994e452 Initial GCP auth backend documentation (#3167) 2017-08-15 22:03:04 -04:00
Jeff Mitchell 0c2c078e48 Add PingID MFA docs (#3182) 2017-08-15 22:01:34 -04:00
Brian Kassouf 89b81bcb4c Oracle plugin docs (#3131) 
* Add oracle database docs

* Add oracle database docs

* Fix commas in json output

* Update oracle.html.md
 2017-08-15 17:24:01 -07:00
Jeff Mitchell 340fe4e609 Add permitted dns domains to pki (#3164) 2017-08-15 16:10:36 -04:00
Jeff Mitchell e4eb6e9020 Make PKI root generation idempotent-ish and add delete endpoint. (#3165) 2017-08-15 14:00:40 -04:00
Andy Manoske bc7d77c83f Update index.html.md 
Updated replication docs for DR
 2017-08-14 19:02:02 -07:00
Johan Haals d25bc60feb Update libraries (#3160) 
* Remove vault-java which has better alternatives.
* Add ansible-vault, a zero dependency
[lookup-plugin](http://docs.ansible.com/ansible/latest/playbooks_lookups.html) for ansible
 2017-08-14 20:28:11 -04:00
Jeff Mitchell 035d37cd36 Fix hanadb link 2017-08-14 13:04:26 -04:00
vishalnayak 09d0a894d7 docs: Fix the default value for 'generate_signing_key' 2017-08-14 12:39:11 -04:00
Tony Cai 07160ed814 Add missing link to sidebar menu (#3153) 
* Add missing link to sidebar menu

* Add missing link to sidebar menu
 2017-08-14 12:33:47 -04:00
Jeff Mitchell ce73c26b0d Add note about turning off core dumps into production hardening guide 2017-08-14 12:29:54 -04:00
Lucas Vasconcelos Santana ea2d4c7d55 add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Lucas Vasconcelos Santana 914fab79ce add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Seth Vargo 8ee362744b Break SSH types into their own pages (#3157) 
@jefferai and I discussed this on Friday. With three fully-documented
SSH backends, the page is lengthy, ungreppable, and intimidating. This
commit separates the SSH backends into their own pages with as little
text changes as possible.
 2017-08-14 10:49:41 -04:00
Seth Vargo 0274a0f639 Rename database plugins for SEO (#3156) 
When we "nest" like this, it's important to use a common suffix,
"Database Secret Backend" in this case, so that the SEO minions can
properly group search results for end users.
 2017-08-14 10:46:39 -04:00
Tony Cai 1b6991c8f3 Removed unused parameter from docs (#3152) 
According to #3116, it seems like this parameter isn't used. I couldn't trigger any differences by playing around with transit signing function, and could not find anything in the source code that actually parses this param. Presumably, it is unused?
 2017-08-11 20:57:06 -04:00
Jeff Mitchell 75bc43e961 Update github comment 2017-08-11 17:03:18 -04:00
Jeff Mitchell d477b9455e Fix broken url in replication performance docs 2017-08-11 16:03:05 -04:00
Seth Vargo d931a2fa85 Remove references to VSI (#3143) 
Andy approved
 2017-08-10 20:47:59 -04:00
Issac 07dc10cdc8 Add TLS config to skeleton plugin (#3137) 2017-08-09 11:41:17 -07:00
vishalnayak c88db7b185 docs: Add API section for MFA docs 2017-08-09 13:26:29 -04:00
vishalnayak 0a0e697e05 docs: fix broken link 2017-08-09 13:17:56 -04:00
vishalnayak 254c1b6ae0 docs: Added identity concepts 2017-08-09 13:08:05 -04:00
vishalnayak 9844475b64 docs: Add X-Vault-MFA to the list of env vars 2017-08-09 11:31:30 -04:00
Chris Hoffman e3e5be4617 API Docs updates (#3135) 2017-08-09 11:22:19 -04:00
Jeff Mitchell d8a3bccb43 Fix cassandra doc link 2017-08-09 10:32:03 -04:00
Calvin Leung Huang f80addc563 docs: Fix errors on plugin backends guide (#3134) 
* docs: Fix path on sample command in plugin backend guide

* Fix grammar on intro

* Fix ref links in plugin guide
 2017-08-09 10:28:13 -04:00
Vishal Nayak 6d6e84f804 docs: MFA usage details (#3133) 2017-08-08 23:48:31 -04:00
Jeff Mitchell 5cb3a79568 Add an extra sentence to the github warning 2017-08-08 21:10:15 -04:00
Vishal Nayak 9410ec2c6d docs: API docs for TOTP, Okta and Duo MFA (#3129) 
* docs: API docs for TOTP, Okta and Duo MFA

* docs: List types in the MFA main page
 2017-08-08 20:20:37 -04:00
Jeff Mitchell 12982ab207 Add 0.8 guide (#3130) 2017-08-08 16:32:27 -04:00
Calvin Leung Huang 95af5bf6c7 Add plugin backends docs (#3125) 
* Add docs on plugins/backend/reload, add plugin backend guide

* Fix docs headers

* Fix API endpoint description

* Update plugin guide and internals pages
 2017-08-08 12:39:19 -04:00
Chris Hoffman 191d48f848 API Docs updates (#3101) 2017-08-08 12:28:17 -04:00
Jeff Mitchell accba5287c Add a note about GitHub auth backend security 2017-08-08 10:26:05 -04:00
Jeff Mitchell 118dea1ad8 Fix replication guide with new paths 2017-08-07 11:52:29 -04:00
Matthew Irish 53ef0156da update dr replication docs with the promotion response (#3124) 2017-08-07 09:59:46 -05:00
Aaron Salvo ad1d74cae0 Set allowed headers via API instead of defaulting to wildcard. (#3023) 2017-08-07 10:03:30 -04:00
Seth Vargo 3fb75beb59 Fix formatting in mfa docs (#3122) 2017-08-07 09:55:17 -04:00
Paulo Ribeiro 1e3c74862e Fix minor grammatical error (#3110) 2017-08-04 11:08:49 -04:00
Vishal Nayak 26ee120ca4 docs: MFA API (#3109) 2017-08-03 23:32:22 -04:00
Jeff Mitchell 65d7face69 Merge branch 'master-oss' into issue-2241 2017-08-03 07:41:34 -04:00
Gobin Sougrakpam 8e01c994bf tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Calvin Leung Huang db9d9e6415 Store original request path in WrapInfo (#3100) 
* Store original request path in WrapInfo as CreationPath

* Add wrapping_token_creation_path to CLI output

* Add CreationPath to AuditResponseWrapInfo

* Fix tests

* Add and fix tests, update API docs with new sample responses
 2017-08-02 18:28:58 -04:00
Jeff Mitchell 7e3ff5e56c Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Seth Vargo b45b378d49 Remove people from community section (#3099) 
* Remove people from community section

This is going to be replaced with dynamic content from our CMS in the
future, but we agreed to remove it in the interim.

* Update deploy process
 2017-08-02 17:57:19 -04:00
Minkyu Kim 68fd01e3fc Fix outdated documentation about AWS STS credentials (#3093) (#3094) 2017-08-02 11:18:35 -04:00
Jay Crumb c775cac148 Fix typo in rekey documentation (#3039) 2017-08-01 10:27:06 -04:00
Jeff Mitchell 4885b3e502 Use RemoteCredProvider instead of EC2RoleProvider (#2983) 2017-07-31 18:27:16 -04:00
Jeff Mitchell d0f329e124 Add leader cluster address to status/leader output. (#3061) 
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.

Fixes #3042
 2017-07-31 18:25:27 -04:00
Brian Rodgers d8e47e6f79 docs: Added text to clarify that root does not refer to AWS root creds (#2950) 2017-07-31 17:31:44 -04:00