luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
9,153 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

2355 Commits

Author SHA1 Message Date
Andy Manoske 8b9160035c
Delete partnerships.html.erb 2018-09-26 19:14:06 -07:00
Andy Manoske ece77e4789
Update guides.erb 2018-09-26 19:12:03 -07:00
Andy Manoske 367d75c089
Create index.html.md 2018-09-26 19:06:22 -07:00
Andy Manoske d63e66a902
Update partnerships.html.erb 2018-09-26 18:56:48 -07:00
Jim Kalafut 462dc06a88 operator migrate docs (#5400) 
* operator migrate docs

* Address feedback

* Fix title
 2018-09-26 10:55:04 -07:00
Joel Thompson 2dc468f4d1 auth/aws: Make identity alias configurable (#5247) 
* auth/aws: Make identity alias configurable

This is inspired by #4178, though not quite exactly what is requested
there. Rather than just use RoleSessionName as the Identity alias, the
full ARN is uses as the Alias. This mitigates against concerns that an
AWS role with an insufficiently secured trust policy could allow an
attacker to generate arbitrary RoleSessionNames in AssumeRole calls to
impersonate anybody in the Identity store that had an alias set up.
By using the full ARN, the owner of the identity store has to explicitly
trust specific AWS roles in specific AWS accounts to generate an
appropriate RoleSessionName to map back to an identity.

Fixes #4178

* Respond to PR feedback

* Remove CreateOperation

Response to PR feedback
 2018-09-26 08:27:12 -07:00
Joel Thompson 5e6f8904d8 Add AWS Secret Engine Root Credential Rotation (#5140) 
* Add AWS Secret Engine Root Credential Rotation

This allows the AWS Secret Engine to rotate its credentials used to
access AWS. This will only work when the AWS Secret Engine has been
provided explicit IAM credentials via the config/root endpoint, and
further, when the IAM credentials provided are the only access key on
the IAM user associated wtih the access key (because AWS allows a
maximum of 2 access keys per user).

Fixes #4385

* Add test for AWS root credential rotation

Also fix a typo in the root credential rotation code

* Add docs for AWS root rotation

* Add locks around reading and writing config/root

And wire the backend up in a bunch of places so the config can get the
lock

* Respond to PR feedback

* Fix casing in error messages

* Fix merge errors

* Fix locking bugs
 2018-09-26 07:10:00 -07:00
Clint fec3b70374
Allow force restore for Transit Key Restores (#5382) 
* Add test file for testing path_restore in Transit backend. Fails because 'force' is not implemented yet

* initial implementation of 'force', to force restore of existing transit key atomically
 2018-09-25 15:20:59 -05:00
Vishal Nayak 68a496dde4
Support operating on entities and groups by their names (#5355) 
* Support operating on entities and groups by their names

* address review feedback
 2018-09-25 12:28:28 -07:00
Becca Petrin b427a23bbb
update ffi (#5395) 2018-09-25 11:26:58 -07:00
emily b37b8b7edf Docs PR for GCP secrets backend access token changes (#5366) 
* initial docs pass

* fix docs
 2018-09-21 10:31:49 -07:00
Brian Shumate b43c52d89b Add Enterprise Replication metrics (#3981) 2018-09-21 12:01:44 -04:00
Brian Shumate 25d6d03222 Docs: update policy read API output to address #5298 (#5299) 2018-09-21 10:52:46 -04:00
Brian Shumate 7d692ee614 Update screenshot (#5378) 
- Use a Vault dashboard example (previous example was for Consul)
- Rename image file
 2018-09-21 09:53:49 -04:00
Roman Iuvshyn 0832153f7d fixes file path option in samples (#5377) 
fixes file path option in samples
 2018-09-20 15:55:20 -07:00
Yoko 3600f3dfa5
[Guide] Tokens & Leases guide **Correction** (#5375) 
* Added Azure Key Vault

* Corrected the info about orphan token creation
 2018-09-20 13:58:29 -07:00
Calvin Leung Huang 189b893b35
Add ability to provide env vars to plugins (#5359) 
* Add ability to provide env vars to plugins

* Update docs

* Update docs with examples

* Refactor TestAddTestPlugin, remove TestAddTestPluginTempDir
 2018-09-20 10:50:29 -07:00
Brian Shumate 74ec835b3b Docs: update Tidy API (#5374) 
- Add a sample response to /auth/token/tidy API docs
- Document /auth/approle/tidy/secret-id API docs
 2018-09-20 13:25:33 -04:00
Laura Gjerman-Uva 6fcf6ea6fe Add -dr-token flag to commands to generate OTP and decode with OTP (required on DR secondary as of 0.11) (#5368) 2018-09-20 09:19:01 -07:00
Richard Lane 43837ecdf1 Documentation correction - update list identity whitelist sample request (#5369) 
Path was incorrectly referencing the roletag-blacklist

Updated the sample to match the correct path
 2018-09-19 21:21:57 -07:00
Becca Petrin d05484b586
AliCloud Secrets Docs (#5351) 2018-09-19 08:42:59 -07:00
Jeff Mitchell 43aebacfa8 Fix default_max_request_duration HCL name and update docs (#5321) 
* Fix default_max_request_duration HCL name and update docs

* Update tcp.html.md
 2018-09-18 14:30:21 -07:00
Yoko 512b64ad77
[Guide] Secure Introduction - Update (#5323) 
* Adding Vault Agent to the Secure Intro guide

* Incorporated the feedback

* Deleted extra spaces

* methods -> approaches
 2018-09-14 13:51:23 -07:00
Yoko 2cc8610abb
[Guide] Namespaces policy (#5296) 
* Added policy info

* Fixed the API URL

* Added webinar recording as a reference material
 2018-09-14 11:23:46 -07:00
Evan Grim 7f5c193ace Fix small grammatical error in plugin docs (#5334) 2018-09-13 14:23:24 -07:00
Yoko 04a0dd6d0e
ACL Policy Templating -> ACL Policy Path Templating (#5330) 2018-09-12 16:14:31 -07:00
Clint 5f5af90dfe
Update AWS auth backend iam_request_headers to be TypeHeader (#5320) 
Update AWS Auth backend to use TypeHeader for iam request headers

- Remove parseIamRequestHeaders function and test, no longer needed with new TypeHeader
- Update AWS auth login docs
 2018-09-12 16:16:16 -05:00
Becca Petrin b2ff87c9c2
Poll for new creds in the AWS auth agent (#5300) 2018-09-12 13:30:57 -07:00
Brian Shumate 168b956fbb Docs: clarify max_ttl in Database Secrets Create (#5311) 
- Clarify max_ttl on Database Secrets Create API
- Crosslink to TTL general case docs
 2018-09-11 19:55:15 -04:00
Jeremy Gerson 7c51265de9 Update pki-engine.html.md (#5322) 2018-09-11 19:49:31 -04:00
Yoko 7683aa3e57
[Guide] Performance Standby Nodes (#5272) 
* Performance Standby Nodes guide

* Added a link in the Vault HA guide

* Added links

* Clarified the node selection info

* Incorporated feedback

* Added 'when the Enterprise license includes this feature'

* Fixed the label: server 8 -> VM8

* Incorporated the feedback
 2018-09-11 15:22:36 -07:00
Jeff Mitchell d96d10957c Update some text around encrypting with agent 2018-09-11 15:05:44 -04:00
Becca Petrin 625592c5e6
update to match aws (#5315) 2018-09-11 11:10:50 -07:00
Brian Shumate 67bd5e460b Docs: namespaces edit lookup subcommand text (#5310) 
* Docs: namespaces edit lookup subcommand text

* precise
 2018-09-10 11:56:01 -04:00
Jeff Mitchell f61a3709ee Finish updating jwt auth docs 2018-09-10 11:46:50 -04:00
mg db56672529 resolve incorrect scope (#5307) 
https://github.com/terraform-providers/terraform-provider-azurerm/issues/943

> Turns out the problem is that the scope was invalid. There was a missing s on resourceGroup. The error message though is absolutely awful for detecting that.
 2018-09-07 16:56:02 -07:00
Joakim Bakke Hellum 6331f8bdf3 Fix typos in Azure Secrets Engine docs (#5295) 2018-09-06 15:31:19 -07:00
Geoff Meakin 3085c53ffe Update relatedtools.html.md (#5287) 
Add ansible-modules-hashivault to the list of third-party tools
 2018-09-06 08:37:03 -07:00
Andy Manoske 79f707edd2
Create partnerships.html.erb 2018-09-05 17:06:49 -07:00
Andy Manoske c97428a0cb
Update community.html.erb 2018-09-05 16:44:46 -07:00
Jeff Mitchell c28ed23972
Allow most parts of Vault's logging to have its level changed on-the-fly (#5280) 
* Allow most parts of Vault's logging to have its level changed on-the-fly

* Use a const for not set
 2018-09-05 15:52:54 -04:00
Steven Black 0a482e9bd2 Fix misspelling (#5279) 2018-09-05 15:40:01 -04:00
Jeff Mitchell cdd08cba58 Bump for release 2018-09-05 13:17:37 -04:00
Brian Shumate 76293834cc Update terminology (#5225) 
- Change "key ring" references to "key" to match Transit API docs
 2018-09-05 12:05:02 -04:00
Becca Petrin 7e0e49656a Add AliCloud auth to the Vault Agent (#5179) 2018-09-05 11:56:30 -04:00
Seth Vargo 81e9efb658 Fix resource binding examples (#5273) 2018-09-05 11:55:45 -04:00
Dan Brown 19406ecd32 EA validation of material against Vault 0.11 (#5276) 
* Validate RA against Vault 0.11

* Validate DG against Vault 0.11
 2018-09-05 11:55:27 -04:00
Jeff Mitchell c9b06f3b62
Remove certificates from store if tidying revoked certificates (#5231) 
This will cause them to be removed even if they have not expired yet,
whereas before it would simply leave them in the store until they were
expired, but remove from revocation info.
 2018-09-05 11:47:27 -04:00
RobinsonWM cf525cb934 Documentation: Corrected typo in CLI init doc (#5269) 2018-09-04 15:44:41 -06:00
Jeff Mitchell 761f06d3a3
Update index.html.md 2018-09-04 12:15:05 -04:00
Dan Brown d7d6c295b4 Update Azure VM sizes in Reference Architecture (#5251) 2018-09-03 20:24:27 -07:00
Yoko 0da1c762cb
[Guide] Updates on Namespaces guide (#5243) 
* Added 'Additional Discussion' section

* s/at the root/in the root namespace/

* one more place that I said 'at the root' - fixed
 2018-08-31 18:24:07 -07:00
Chris Hoffman 218ca527be
adding known issue 2018-08-31 17:29:21 -04:00
Yoko 5cfc84238d
Fixed the incomplete sentense (#5240) 2018-08-31 11:37:28 -07:00
Yoko c52f3c5a24
[Guide] ACL Templating (#5226) 
* WIP - ACL Templating

* WIP

* WIP - ACL Templating

* WIP

* Updated

* ACL Policy Templating guide

* Updated to use kv-v2 instead of kv

* Fixed the incomplete sentense and cleaned it up a little

* WIP Formatting and grammar

* Minor fixes
 2018-08-31 09:06:43 -07:00
Chris Hoffman 3f56e989a3
adding known issues section 2018-08-30 19:09:30 -04:00
Yoko 2e7e2778e1
[Guide] Update for Vault HA (0.11) (#5104) 
* For 0.11 - Performance Nodes

* Added the doc link

* Performance Node -> Performance Standby Nodes

* Updated to say 'most read-only requests'
 2018-08-30 14:45:34 -07:00
Andy Manoske e8ef5afb5f
namespace docs updates 
Post-launch clarifications on namespace docs
 2018-08-30 14:20:14 -07:00
Yoko cc8eceb849
[Guide] Fixed the reported issue (#5230) 
* Fixed the message

* Fixed the message
 2018-08-30 09:45:18 -07:00
Jeff Mitchell b1f462d7f9 Fix up sidebar JWT description 2018-08-30 12:00:20 -04:00
Jeff Mitchell 5da6fc2f77 Remove some confusing language on perf standby page 2018-08-29 19:51:23 -04:00
Brian Shumate eeb3b71fc0 Minor edits (#5221) 
- Correct typo
- Remove trailing spaces
 2018-08-29 12:01:33 -04:00
Chris Hoffman 774359f3b5
adding namespaces example 2018-08-29 11:26:23 -04:00
Jeff Mitchell 24946fe43e
Add namespace/mfa docs (#5215) 2018-08-28 15:33:34 -07:00
Jeff Mitchell b509ea4926 Make the usernames match in all examples in userpass 2018-08-28 18:33:00 -04:00
Brian Kassouf 85f06f7e88
Add Performance Standby Docs (#5214) 
* Add Performance Standby Docs

* Review updates
 2018-08-28 12:48:02 -07:00
Frederic Hemberger d343f00b64 Fix ssh command in example (#5209) 2018-08-28 12:34:48 -07:00
Jeff Mitchell 5cf0e3e87e
Update API section index file with fixes, updates, and namespace info. (#5213) 2018-08-28 12:33:19 -07:00
Chris Hoffman 4b87a0fd2c
remove beta language 2018-08-28 14:00:55 -04:00
Yoko d28e993e1b
Added Deployment Guide in the index (#5211) 2018-08-28 10:55:30 -07:00
Jeff Mitchell d56682ee9d Update upgrade guide 2018-08-28 12:17:43 -04:00
Jeff Mitchell d986c8813b Update upgrade guide for 0.11.0 2018-08-28 12:12:40 -04:00
Jeff Mitchell 2a8e510a27 Document disable_performance_standby 2018-08-28 12:09:13 -04:00
Chris Hoffman c81efa0fa2
fixing link 2018-08-28 07:19:35 -04:00
Dan Brown 9954bddcf0 Add Deployment Guide, links and reformat Ref Arch (#5041) 
* Add Deployment Guide, links and reformat Ref Arch

* Improve systemd service file and links
 2018-08-28 04:53:36 -06:00
Jeff Mitchell efadc93c4a Update version numbers 2018-08-28 02:41:24 -04:00
Jim Kalafut abe86a48f4 Fix Azure Secrets API example 2018-08-27 20:44:00 -06:00
Austin Workman e8991e8fe9 Adding documentation clarifying oracle plugin setup and requirements (#5183) 2018-08-25 12:27:13 -07:00
Becca Petrin 55b3dfbcc0
use ldaps in docs (#5180) 2018-08-24 10:36:20 -07:00
Laura Gjerman-Uva 70bf87c25b Update ad/creds/:rolename endpoint to include the table with method/path for consistency/clarity. Also, remove payload.json from example, since this endpoint doesn't take a payload. (#5172) 2018-08-24 09:19:51 -07:00
Chris Hoffman e6abba9558
Revert "Add Configuration Builder and Better Download page" (#5171) 2018-08-23 19:34:50 -04:00
Jim Kalafut 7eb0403ad2
Fix Azure Secrets docs error 2018-08-23 14:27:47 -07:00
Joshua Ogle 6819af20b5
Merge branch 'master' into oss-download-config-path 2018-08-23 14:01:39 -06:00
Jeff Mitchell ba0d029247
Restricts ACL templating to paths but allows failures (#5167) 
When a templating failure happens, we now simply ignore that path,
rather than fail all access to all policies
 2018-08-23 12:15:02 -04:00
Chris Hoffman d736324b50 Docs: ACL Templating (#5159) 2018-08-23 10:05:44 -04:00
Jim Kalafut 18b21275d9 Fix docs typos (#5158) 2018-08-22 18:26:48 -04:00
Greg Oledzki d5a3010498 Update delete.html.md (#5155) 
Minor typo in `delete` command docs
 2018-08-22 11:26:21 -07:00
Becca Petrin fb6a06a3fe
Alibaba auth docs (#5132) 2018-08-22 10:23:33 -07:00
Chris Hoffman 52af323257
fixing feature name 2018-08-22 11:41:28 -04:00
Chris Hoffman b1c5e1f91c
fixing feature name 2018-08-22 11:40:48 -04:00
Hugo Wood 203269a5d4 JWT/OIDC documentation fixes (#5157) 
* Fix argument name in JWT/OIDC login CLI example

* Fix groups_claim documented as required when creating roles for JWT/OIDC
 2018-08-22 10:44:08 -04:00
Stenio Ferreira 8dfedb2693 Fixed a typo in the Namespaces guide (#5151) 2018-08-21 13:33:40 -07:00
Jeff Mitchell e58a8a63a7
Add the ability to specify token CIDR restrictions on secret IDs. (#5136) 
Fixes #5034
 2018-08-21 11:54:04 -04:00
Jeff Mitchell 051bb9fc13
Two PKI improvements: (#5134) 
* Disallow adding CA's serial to revocation list
* Allow disabling revocation list generation. This returns an empty (but
signed) list, but does not affect tracking of revocations so turning it
back on will populate the list properly.
 2018-08-21 11:20:57 -04:00
Gerardo Rodriguez 43c733b460 Edit, missing "to" (#5147) 2018-08-21 11:09:41 -04:00
Chris Hoffman 4d574c1d6c
adding namespace docs (#5133) 2018-08-17 12:17:11 -04:00
Chris Hoffman d25b7fa477
Add additional clarification 2018-08-17 08:55:49 -04:00
Raja Nadar 797141f8ae vaultsharp - multi platform capabilities (#5127) 2018-08-17 08:47:16 -04:00
Yoko 56636735bc [Guide] Multi-Tenant Pattern with ACL Namespaces (0.11) (#5103) 
* WIP - ACL Namespace

* WIP - ACL Namepaces

* WIP

* WIP

* WIP

* WIP

* WIP

* Added UI screenshots

* Added summary at the end

* Added the Web UI steps in Step 5

* Update multi-tenant.html.md

Updated text to ensure that we use the final "ship" name of namespaces (namespaces vs. ACL Namespaces) and introduced some industry-specific terminology (highlighting this is about Secure Multi-Tenancy)
 2018-08-16 16:51:53 -07:00
Andy Manoske 50edc43df0
Merge pull request #5112 from hashicorp/namespaces-docs 
Merge for Beta Launch
 2018-08-16 15:36:43 -07:00