luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
4895 commits 1 branch 0 tags 214 MiB
Commit graph

1034 commits

Author SHA1 Message Date
Laura Bennett 9fc5a37e84 address feedback 2016-10-09 22:23:30 -04:00
Laura Bennett 1b8d12fe82 changes for 'mode' 2016-10-08 19:52:49 -04:00
Laura Bennett 39e7732473 website documentation update 2016-10-07 15:48:29 -04:00
Jeff Mitchell d580bb1c27 Update upgrade guide 2016-10-05 14:10:27 -04:00
Jeff Mitchell 7f9a88d8db Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
Jeff Mitchell 6b0f886756 Update website with breaking change information 2016-10-04 22:35:56 -04:00
Vishal Nayak 661a8a4734 Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature 
aws-ec2-auth using identity doc and RSA digest
 2016-10-04 15:45:12 -04:00
vishalnayak 0f8c132ede Minor doc updates 2016-10-04 15:46:09 -04:00
vishalnayak 59475d7f14 Address review feedback 2016-10-04 15:05:44 -04:00
Vishal Nayak 4141b632fa Merge pull request #1957 from hashicorp/website-list-userpass 
Added user listing endpoint to userpass docs
 2016-10-04 14:10:49 -04:00
vishalnayak 348a09e05f Add only relevant certificates 2016-10-03 20:34:28 -04:00
vishalnayak dbd364453e aws-ec2 config endpoints support type option to distinguish certs 2016-10-03 20:25:07 -04:00
Matthew Irish 61975f4265 add documentation for cluster_name and link atlas listener docs 2016-10-03 15:04:33 -05:00
Matthew Irish 34a6abcbb6 document the atlas listener 2016-10-03 10:41:50 -05:00
Jeff Mitchell 2c85fdfeb9 Switch default case of disable cluster. (#1959) 2016-10-02 14:54:01 -04:00
vishalnayak aef1a88de4 Added docs for reading and deleting username 2016-09-30 16:13:57 -04:00
vishalnayak 2ad698ec0b Added user listing endpoint to userpass docs 2016-09-30 15:47:33 -04:00
Jeff Mitchell 606d717ad9 Update changelog and website for GH-1958 2016-09-30 15:08:38 -04:00
Jeff Mitchell 4a505bfa3e Update text around cubbyhole/response 2016-09-29 17:44:15 -04:00
Chris Stevens 7a8fcfcf55 Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection" 
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.

The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
 2016-09-29 14:05:47 -05:00
Vishal Nayak 4c74b646fe Merge pull request #1947 from hashicorp/secret-id-lookup-delete 
Introduce lookup and destroy endpoints for secret IDs and its accessors
 2016-09-29 10:19:54 -04:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
vishalnayak 34e76f8b41 Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
Michael S. Fischer 2dd1f584e6 Update documentation for required AWS API permissions 
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
 2016-09-28 16:50:20 -07:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
vishalnayak a9976dca1c Remove a mistyped character 2016-09-28 18:30:49 -04:00
Vishal Nayak 69c57f843d Merge pull request #1943 from hashicorp/iam-bounds-prefix 
Check for prefix match instead of exact match for IAM bound parameters
 2016-09-28 18:11:53 -04:00
vishalnayak e01f99f042 Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
Vishal Nayak ba5da65163 Merge pull request #1940 from chrishoffman/consul-doc 
Small consul doc fix
 2016-09-28 15:48:45 -04:00
Vishal Nayak 4a30a6b4f8 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn 
Proper naming for bound_iam_instance_profile_arn
 2016-09-28 15:34:56 -04:00
Chris Hoffman 8c755bfe92 Small consul doc fix 2016-09-28 15:11:39 -04:00
Laura Bennett 010293ccc3 Merge pull request #1931 from hashicorp/cass-consistency 
Adding consistency into cassandra
 2016-09-27 21:12:02 -04:00
Chris Hoffman d235acf809 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett 883b5db420 typo correction 2016-09-27 16:38:27 -04:00
Laura Bennett 648a71fa11 updates to the documents 2016-09-27 16:36:20 -04:00
Jeff Mitchell 96afb1d27a Update getting started docs since root can no longer be used from github 2016-09-26 13:09:26 -04:00
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
Jeff Mitchell f8e3cf4591 Add information about accessors to the token concepts page. 
Fixes #1918
 2016-09-26 10:18:38 -04:00
vishalnayak d080107a87 Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
John c39eeecaea tip to override VAULT_ADDR in getting started guide (#1915) 2016-09-23 19:34:07 -04:00
vishalnayak 2d4bfeff49 Update website for bound_iam_instance_profile_arn 2016-09-23 11:23:59 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
Jeff Mitchell 226ef5d78c Make HA in etcd off by default. (#1909) 
Fixes #1908

(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
 2016-09-21 14:01:36 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell 982f151722 Update docs to reflect that there is more than one constraint for EC2 now 2016-09-20 16:11:32 -04:00
Chris Hoffman 5c241d31e7 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Carlo Cabanilla f6239cf0c0 fix shell quoting (#1904) 
$() doesnt get evaluated in single quotes, so you need to break out of it first
 2016-09-19 17:11:16 -04:00
Jeff Mitchell 7f3041d6a5 Fix formatting 2016-09-19 13:00:50 -04:00
Jeff Mitchell 85c51fd861 Update website docs to indicate sudo being required for auth/audit 
endpoints.
 2016-09-19 12:10:08 -04:00
Jeff Mitchell f7b3937c77 Fix website display of tune paths 2016-09-16 12:03:50 -04:00
Vishal Nayak 61664bc653 Merge pull request #1886 from hashicorp/approle-upgrade-notes 
upgrade notes entry for approle constraint and warning on role read
 2016-09-15 12:14:01 -04:00
Vishal Nayak 4f33e8d713 Merge pull request #1892 from hashicorp/role-tag-defaults 
Specify that role tags are not tied to an instance by default
 2016-09-15 12:04:41 -04:00
vishalnayak 9bca127631 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak 2639ca4d4f Address review feedback 2016-09-14 16:06:38 -04:00
vishalnayak dcddaa8094 Address review feedback 2016-09-14 15:13:54 -04:00
vishalnayak d5cc763b8d Clarify that tags can be used on all instances that satisfies constraints 2016-09-14 14:55:09 -04:00
vishalnayak 03fc7b517f Specify that role tags are not tied to an instance by default 2016-09-14 14:49:18 -04:00
vishalnayak 53c919b1d0 Generate the nonce by default 2016-09-14 14:28:02 -04:00
Jeff Mitchell 722e26f27a Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
vishalnayak 99a2655d8e upgrade notes entry for approle constraint and warning on role read 2016-09-13 17:44:07 -04:00
Jeff Mitchell bc3cce7d2d Add 0.6.2 page to sidebar 2016-09-13 16:49:54 -04:00
vishalnayak bef9c2ee61 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00
Jeff Mitchell 888e833aae Remove old text from upgrade notes, as changes were made 2016-09-13 11:51:46 -04:00
sashman c01bf6cb1b Update libraries.html.md (#1879) 2016-09-13 09:23:46 -04:00
AJ Bourg b524e43f15 Small change: Fix permission vault requires. 
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
 2016-09-12 14:38:10 -06:00
Michael Warkentin 14f2a673e2 Out of date code 
Looks like the `500` is now a `405`:

```
$ vault read aws/config/root
Error reading aws/config/root: Error making API request.

URL: GET http://127.0.0.1:8200/v1/aws/config/root
Code: 405. Errors:

* 1 error(s) occurred:

* unsupported operation
```
 2016-09-12 15:58:25 -04:00
Raja Nadar d8b1ab05dd doc: change invalid otp response code to 400 (#1863) 
invalid otp response code is 400 bad request.
 2016-09-08 11:13:13 -04:00
Raja Nadar b06167c748 doc: fixing field name to security_token (#1850) 
response field is security_token, not secret_token.
 2016-09-03 22:40:57 -04:00
vishalnayak 5bd665a842 Update atlas listener factory to use version with pre-release info. 2016-09-01 17:21:11 -04:00
vishalnayak 9c78c58948 Remove the string 'Vault' from version information 2016-09-01 14:54:04 -04:00
khanklatt 242105a0ad Correcting typo on "mechanisms" (#1822) 2016-09-01 09:53:20 -04:00
Raja Nadar 7bd0edee4b doc: add keys_base64 to response json (#1824) 
add the missing fields in json response for initializing vault.
keys_base64
 2016-09-01 09:40:40 -04:00
Raja Nadar f6cfc1c7ad doc: add missing version and cluster fields (#1826) 
adding the missing "version" field in json response.
also adding a new response when the unseal completes, and 2 more fields are returned. (cluster..)
 2016-09-01 09:39:26 -04:00
Raja Nadar 97e5a02692 doc: add missing token field to generate-root apis (#1828) 
the response is missing the encoded token field for a couple of apis.
 2016-09-01 09:39:00 -04:00
Andrew Backhouse 2f35789e71 Update index.html.md (#1819) 
Corrected a minor spelling error.
 2016-08-31 10:02:43 -04:00
Jeff Mitchell 222adbdb61 Fix headers in aws-ec2 doc. 2016-08-30 11:53:21 -04:00
Jeff Mitchell 93b5b2a2c0 Update website with POST STS path 2016-08-30 10:37:55 -04:00
Raja Nadar 5172cdab3f doc: remove duplicate aws-ec2 menu item 
the auth backends menu had a duplicate entry for aws-ec2 auth.
removed the dup one.
 2016-08-30 00:59:44 -07:00
Raja Nadar 1ae71ce7db add missing field keys_base64 to rekey operation 
fixing the json response blob in the documentation
 2016-08-28 17:38:10 -07:00
Jeff Mitchell d9c46aadc2 update docs 2016-08-26 17:52:42 -04:00
Jeff Mitchell 2f5876dfe9 Use key derivation for convergent nonce. (#1794) 
Use key derivation for convergent nonce.

Fixes #1792
 2016-08-26 14:11:03 -04:00
Jeff Mitchell 2ce4397deb Plumb through the ability to set the storage read cache size. (#1784) 
Plumb through the ability to set the storage read cache size.

Fixes #1772
 2016-08-26 10:27:06 -04:00
Jeff Mitchell aa5daadd67 Don't duplicate building info 2016-08-25 13:00:26 -04:00
Jeff Mitchell 9fee9ce8ff Don't allow tokens in paths. (#1783) 2016-08-24 15:59:43 -04:00
Adam Greene 66d3117cad fix aws-ec2 formatting around ttl (#1770) 2016-08-23 16:07:57 -04:00
Karl Falconer 6cbae1388e [Documentation] AppRole /login is unauthenticated (#1771) 2016-08-23 16:03:36 -04:00
Jeff Mitchell c64dba556c Swap push/pull. 2016-08-22 19:34:53 -04:00
Eric Peterson 6db65c317e Fix grammar (#1759) 2016-08-22 12:17:48 -04:00
Eric Peterson 9bd1a95850 Fix spelling (#1758) 2016-08-22 11:56:37 -04:00
S 7395fb02bc Update tokens.html.md 
Bullet points at the end were off (probably due to some line wrapping settings somewhere)
 2016-08-22 10:47:11 -04:00
Jeff Mitchell 3320aeb4f6 Update upgrade guide 2016-08-22 09:33:36 -04:00
Jeff Mitchell 48eac5434b Bump version 2016-08-22 09:19:13 -04:00
vishalnayak dfe73733d5 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell 865ca94032 Initial fixups, not yet done 2016-08-20 22:39:41 -04:00
Jeff Mitchell 0029559ab0 Update location of LDAP docs in upgrade guide. 
Fixes #1656
 2016-08-19 10:31:31 -04:00
Jeff Mitchell c349e697f5 Change uninit/sealed status codes from health endpoint 2016-08-18 12:10:23 -04:00
Martin Forssen a617ff0f93 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role> 
This parameter was not documented
 2016-08-18 13:16:58 +02:00
Brian Shumate a941dbdd76 Add a bit of clarification 2016-08-17 16:07:30 -04:00
Jeff Mitchell 734e80ca56 Add permit pool to dynamodb 2016-08-15 19:45:06 -04:00
Matt Hurne 56252fb637 AppRole documentation tweaks (#1735) 
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
 2016-08-15 16:12:08 -04:00