Joel Thompson
0941c7a24a
Make AWS credential types more explicit ( #4360 )
...
* Make AWS credential types more explicit
The AWS secret engine had a lot of confusing overloading with role
paramemters and how they mapped to each of the three credential types
supported. This now adds parameters to remove the overloading while
maintaining backwards compatibility.
With the change, it also becomes easier to add other feature requests.
Attaching multiple managed policies to IAM users and adding a policy
document to STS AssumedRole credentials is now also supported.
Fixes #4229
Fixes #3751
Fixes #2817
* Add missing write action to STS endpoint
* Allow unsetting policy_document with empty string
This allows unsetting the policy_document by passing in an empty string.
Previously, it would fail because the empty string isn't a valid JSON
document.
* Respond to some PR feedback
* Refactor and simplify role reading/upgrading
This gets rid of the duplicated role upgrade code between both role
reading and role writing by handling the upgrade all in the role
reading.
* Eliminate duplicated AWS secret test code
The testAccStepReadUser and testAccStepReadSTS were virtually identical,
so they are consolidated into a single method with the path passed in.
* Switch to use AWS ARN parser
2018-08-16 06:38:13 -04:00
Jim Kalafut
92f0e1a39e
Revert "Add ttl parameter to pki api docs ( #5063 )"
...
This reverts commit 7824826ca72c503677559cf9e5c1a7193433b34a.
2018-08-13 09:34:05 -07:00
Jim Kalafut
7b7f1cc7ff
Add ttl parameter to pki api docs ( #5063 )
2018-08-08 09:12:14 -07:00
Jeff Escalante
2a21e85580
html syntax corrections ( #5009 )
2018-08-07 10:34:35 -07:00
Olivier Lemasle
fcb82c2444
Fix two errors in docs ( #5042 )
...
Two small errors in documentation
2018-08-03 14:26:46 -07:00
Raja Nadar
56fcd2e7b3
.net 2.0 standard leap ( #5019 )
...
2.0 is more conducive for consumers
2018-08-01 08:57:49 -04:00
Sean Malloy
7e9ec5afb4
Fix GCP auth docs typo ( #5017 )
...
The bound_bound_service_accounts parameter does not exist. The correct
spelling is bound_service_accounts.
2018-07-31 10:57:34 -04:00
Chris Hoffman
083157cb24
adding environment to azure auth docs ( #5004 )
2018-07-27 08:33:20 -04:00
Chris Hoffman
d02284657e
adding missing properties ( #5003 )
2018-07-27 08:19:12 -04:00
Chris Hoffman
b37c05cf64
updating azure auth plugin and docs ( #4975 )
2018-07-23 10:00:44 -04:00
Tomohisa Oda
9ff2081e8b
add sequelize-vault to third-party tools ( #4945 )
2018-07-17 21:45:37 -07:00
dmicanzerofox
a3d067c00b
PKI Tidy Revocation List optionally Tidy Revoked Certs that are Unexpired ( #4916 )
2018-07-13 09:32:32 -04:00
Seth Vargo
a379989da4
Update GCP docs ( #4898 )
...
* Consistently use "Google Cloud" where appropriate
* Update GCP docs
This updates the GCP docs to use the new updated fields that will be
present in the next release of the plugin as well as fixes up some
inconsistencies between the GCP docs and other auth method
documentation.
2018-07-11 15:52:22 -04:00
Jeff Mitchell
2322eabc68
Add jwt auth docs ( #4891 )
2018-07-11 15:08:49 -04:00
Jeff Mitchell
935c045cfa
Fix permitted dns domain handling ( #4905 )
...
It should not require a period to indicate subdomains being allowed
Fixes #4863
2018-07-11 12:44:49 -04:00
Seth Vargo
408fc1eac0
Properly capitalize H in GitHub ( #4889 )
...
It's really bothering me, sorry.
2018-07-10 08:11:03 -07:00
Jeff Mitchell
bfb7ba3843
Remove vault.rocks from some that were missed
2018-07-10 10:47:30 -04:00
Jeff Mitchell
8f45bc69ba
Fix tuning visibility in CLI ( #4827 )
...
The API elides the value if it's empty, but empty has meaning. This adds
"hidden" as an option which is fundamentally identical to the default.
2018-07-02 12:13:25 -04:00
Chris Hoffman
6f5b8c0e6f
adding sample request to key status api docs ( #4853 )
2018-06-29 09:17:51 -04:00
Becca Petrin
73cbbe2a9f
Add bound cidrs to tokens in AppRole ( #4680 )
2018-06-19 22:57:11 -04:00
Becca Petrin
d9ac83569b
clarify aws role tag doc ( #4797 )
2018-06-19 15:59:57 -07:00
Becca Petrin
71977637d4
Update Active Directory secret engine docs ( #4788 )
...
* active directory rotate root docs
* update doc
2018-06-19 09:11:46 -07:00
Jeff Mitchell
cffb1183a8
Database updates ( #4787 )
...
* Database updates
* Add create/update distinction for connection config
* Add create/update distinction for role config
* Add db name and revocation statements to leases to give revocation a
shot at working if the role has been deleted
Fixes #3544
Fixes #4782
* Add create/update info to docs
2018-06-19 11:24:28 -04:00
Mr Talbot
5551a63221
pki: add ext_key_usage to mirror key_usage and add to sign-verbatim ( #4777 )
...
* pki: add ext_key_usage parameter to role
* pki: add key_usage and ext_key_usage parameter to sign-verbatim
* pki: cleanup code as per comments
2018-06-15 18:20:43 -04:00
Jeff Mitchell
91ca3d4b7f
Add URI SANs ( #4767 )
2018-06-15 15:32:25 -04:00
Jeff Mitchell
43d9ae5c0a
Update index.html.md
...
Fixes #4763
2018-06-14 10:19:38 -04:00
Brian Kassouf
1b77db5138
Update replication status ( #4761 )
...
* Update replication-performance.html.md
* Update replication-dr.html.md
* Update replication.html.md
* Update replication-dr.html.md
* Update replication-dr.html.md
* Update replication-performance.html.md
* Update replication.html.md
2018-06-13 16:43:39 -07:00
Eli Oxman
68ce3bed34
Add async python client to docs ( #4698 )
2018-06-05 10:23:56 -04:00
Becca Petrin
9228659c5c
add formatter to ad docs ( #4653 )
2018-05-29 16:47:46 -07:00
Jeff Mitchell
bde0bda710
Merge pull request #4600 from hashicorp/rekey-verification
...
Rekey verification, allowing new key shares to be confirmed before committing the new key.
2018-05-29 15:00:07 -04:00
Becca Petrin
606889f005
Docs for the upcoming Active Directory secrets engine ( #4612 )
2018-05-29 08:49:09 -07:00
Jeff Mitchell
bd0ac25eb9
Merge branch 'master' into rekey-verification
2018-05-29 10:19:57 -04:00
Becca Petrin
12976bf60e
add userpass note on bound cidrs ( #4610 )
2018-05-25 14:35:09 -04:00
Jeff Mitchell
52cb8234a6
Changelogify and fix some minor website bits
2018-05-25 10:39:23 -04:00
Nicholas Jackson
17460461a0
Breakout parameters for x.509 certificate login ( #4463 )
2018-05-25 10:34:46 -04:00
nelson
196d054f70
Update kv-v2.html.md ( #4614 )
...
correct the payload format for "Configure the KV Engine" and "Update Metadata"
2018-05-24 12:44:44 -04:00
Chris Hoffman
d066c4a2a8
remove incorrect parameter
2018-05-23 08:58:27 -04:00
Jeff Mitchell
635fd18bf6
Minor website doc updates
2018-05-22 15:12:12 -04:00
Chris Hoffman
ae43f2c25e
adding options information to mount endpoint ( #4606 )
2018-05-21 16:39:43 -04:00
Jeff Mitchell
3e0dbc5ea7
Remove dupe website text
2018-05-21 16:30:45 -04:00
Jeff Mitchell
8ad0bbbc44
Address feedback
2018-05-21 16:13:38 -04:00
Jeff Mitchell
27ab8d1a20
Add verification documentation
2018-05-21 12:00:36 -04:00
Jeff Mitchell
c737778c8d
Make description of prehashed a bit more friendly
2018-05-21 09:08:22 -04:00
Jeff Mitchell
3a568b6175
Update key_type parameter description
2018-05-19 12:20:37 -04:00
Kevin Paulisse
6d93ea4d77
Docs: Clarify that revoking token revokes dynamic secrets ( #4592 )
2018-05-18 23:27:53 -07:00
Jeff Mitchell
5a35dac726
Add missing drsecondarycode to health API docs
2018-05-18 12:39:13 -04:00
Jeff Mitchell
30dc66221c
Flip documented resolve_aws_unique_id value
...
Fixes #4583
2018-05-18 12:05:52 -04:00
Jim Kalafut
5dcfc63ee6
Fix GCP API parameter docs
2018-05-17 08:54:25 -07:00
Andrew Slattery
3bd38517eb
Update KV response code ( #4568 )
...
Creating/Updating a secret in KV-V2 produces a status code `200` with a response body of `application/json`, whereas the previous documentation notated a `204 (empty body)` expected response code.
2018-05-17 08:46:19 -07:00
Jeff Mitchell
ec876c21b3
Update website ldap url text
2018-05-16 11:58:10 -04:00
Seth Vargo
a4fa046730
Update GCP secrets to be example-driven ( #4539 )
...
👍
2018-05-10 16:58:22 -04:00
Becca Petrin
76c717b081
Restrict cert auth by CIDR ( #4478 )
2018-05-09 15:39:55 -07:00
Jeff Mitchell
274732733e
Clarify that rotate requires sudo
2018-05-09 10:19:35 -04:00
Jacob Friedman
67b8d3dc40
Changed DR docs page to fix generating secondary DR token ( #4521 )
...
The docs for how to create secondary DR tokens were incorrect, which caused issues at a customer. I fixed the documentation with the proper syntax and formatting, which I copied from the perf replication docs (after changing endpoints). Can someone take a quick look for me?
2018-05-08 13:35:48 -07:00
vishalnayak
f95a913bd5
docs: s/entity/group-alias
2018-05-08 16:32:35 -04:00
Jeff
9b9be9622a
Typo ( #4505 )
2018-05-03 13:37:44 -07:00
Laura Uva
cef1b3b75c
Payload key should be dr_operation_token ( #4498 )
2018-05-02 18:35:51 -07:00
Nándor István Krácser
9cf56fe0df
Fix mapping read paths ( #4448 )
2018-04-25 09:22:30 -04:00
vishalnayak
94f28e3c24
Merge branch 'master-oss' into approle-local-secretid
2018-04-24 16:17:56 -04:00
Brian Shumate
c35fe4e6f0
Update curl commands / replace invalid '--payload' flag ( #4440 )
2018-04-24 11:20:29 -04:00
vishalnayak
6b7a042003
error on enable_local_secret_ids update after role creation
2018-04-23 17:05:53 -04:00
vishalnayak
97d146ca69
update docs
2018-04-23 16:54:23 -04:00
Jeff Mitchell
6d95b4d266
Add the ability to restrict token usage by IP. Add to token roles. ( #4412 )
...
Fixes #815
2018-04-21 10:49:16 -04:00
vishalnayak
da1d68969c
docs: update accessor lookup response
2018-04-17 11:52:58 -04:00
vishalnayak
6e827d2b27
docs: update token lookup response
2018-04-17 11:40:00 -04:00
Sohex
efd0023d89
Update index.html.md ( #4372 )
...
Remove duplicate of max_ttl description from end of period description under create role parameters.
2018-04-17 11:05:50 -04:00
Calvin Leung Huang
7ba953b969
Add docs for internal UI mounts endpoint ( #4369 )
...
* Add docs for internal UI mounts endpoint
* Update description section
2018-04-16 12:13:58 -04:00
Jeff Mitchell
530121c655
Add ability to disable an entity ( #4353 )
2018-04-13 21:49:40 -04:00
Jeff Mitchell
99cf5c6054
Fix token store role documentation around explicit max ttl
2018-04-13 09:59:12 -04:00
Brian Kassouf
a8b8ca136e
KV: Update 'versioned' naming to 'v2' ( #4293 )
...
* Update 'versioned' naming to 'v2'
* Make sure options are set
* Fix description of auth flag
* Review feedback
2018-04-09 09:39:32 -07:00
Chris Hoffman
f6a3a76f25
Docs for configuration UI headers ( #4313 )
...
* adding /sys/config/ui headers
* adding /sys/config/ui headers
2018-04-09 12:21:02 -04:00
Chris Hoffman
19f9f6ee89
Root Credential Rotation Docs ( #4312 )
...
* updating root credential docs
* more docs updates
* more docs updates
2018-04-09 12:20:29 -04:00
Matthew Irish
cff34e983f
UI - pki updates ( #4291 )
...
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
2018-04-08 21:09:29 -05:00
Brian Kassouf
62ce5ec91d
Versioned K/V docs ( #4259 )
...
* Work on kv docs
* Add more kv docs
* Update kv docs
* More docs updates
* address some review coments
2018-04-03 23:22:41 -07:00
Jeff Mitchell
f5ba4796f5
Case insensitive behavior for LDAP ( #4238 )
2018-04-03 09:52:43 -04:00
Vishal Nayak
96fc0c2509
Update group alias by ID ( #4237 )
...
* update group alias by id
* update docs
2018-04-02 10:42:01 -04:00
Vishal Nayak
ab3579aeb6
add entity merge API to docs ( #4234 )
2018-04-01 12:59:57 -04:00
Jeff Mitchell
2f90e0c2e1
Merge branch 'master-oss' into 0.10-beta
2018-03-27 12:40:30 -04:00
Yoko
d03056eed3
Update Github auth method API reference ( #4202 )
...
* Update Github auth method API reference
* Replaced vault.rocks in API
2018-03-26 16:56:14 -07:00
Seth Vargo
0b827774ae
Drop vault.rocks ( #4186 )
2018-03-23 11:41:51 -04:00
Chris Hoffman
b7ef4a3a6f
adding Azure docs ( #4185 )
...
Adding Azure Auth Method docs
2018-03-22 18:28:42 -04:00
Brian Kassouf
ad383e911f
Update kv backend and add some docs ( #4182 )
...
* Add kv backend
* Move kv in apha order
* Update kv backend and add some docs
2018-03-21 23:10:05 -04:00
Calvin Leung Huang
25792df5a9
Passthrough request headers ( #4172 )
...
* Add passthrough request headers for secret/auth mounts
* Update comments
* Fix SyncCache deletion of passthrough_request_headers
* Remove debug line
* Case-insensitive header comparison
* Remove unnecessary allocation
* Short-circuit filteredPassthroughHeaders if there's nothing to filter
* Add whitelistedHeaders list
* Update router logic after merge
* Add whitelist test
* Add lowercase x-vault-kv-client to whitelist
* Add back const
* Refactor whitelist logic
2018-03-21 19:56:47 -04:00
emily
f9b6f4b1c5
Docs for Vault GCP secrets plugin ( #4159 )
2018-03-21 15:02:38 -04:00
Brian Shumate
1fcf0c6a38
Docs: update formatting / heading ( #4175 )
...
- Correct Generate Disaster Recovery Operation Token heading level
- Tighten up formatting/trailing spaces
2018-03-21 10:14:52 -04:00
Josh Soref
73b1fde82f
Spelling ( #4119 )
2018-03-20 14:54:10 -04:00
Jason Martin
b3e5ec865d
README Spelling error ( #4165 )
2018-03-20 11:45:56 -04:00
Jeff Mitchell
9d030aaf37
Note that you can set a CA chain when using set-signed.
...
Fixes #2246
2018-03-19 19:44:07 -04:00
Jacob Crowther
35ccbe504c
Add Cryptr to related tools ( #4126 )
2018-03-19 14:46:54 -04:00
Jeff Mitchell
3a5e1792c0
Update path-help to make clear you shouldn't put things in the URL.
...
Remove from website docs as those have been long deprecated.
2018-03-19 11:50:16 -04:00
Joel Thompson
3e2006eb13
Allow non-prefix-matched IAM role and instance profile ARNs in AWS auth backend ( #4071 )
...
* Update aws auth docs with new semantics
Moving away from implicitly globbed bound_iam_role_arn and
bound_iam_instance_profile_arn variables to make them explicit
* Refactor tests to reduce duplication
auth/aws EC2 login tests had the same flow duplicated a few times, so
refactoring to reduce duplication
* Add tests for aws auth explicit wildcard constraints
* Remove implicit prefix matching from AWS auth backend
In the aws auth backend, bound_iam_role_arn and
bound_iam_instance_profile_arn were ALWAYS prefix matched, and there was
no way to opt out of this implicit prefix matching. This now makes the
implicit prefix matching an explicit opt-in feature by requiring users
to specify a * at the end of an ARN if they want the prefix matching.
2018-03-17 21:24:49 -04:00
Joel Thompson
39dc981301
auth/aws: Allow binding by EC2 instance IDs ( #3816 )
...
* auth/aws: Allow binding by EC2 instance IDs
This allows specifying a list of EC2 instance IDs that are allowed to
bind to the role. To keep style formatting with the other bindings, this
is still called bound_ec2_instance_id rather than bound_ec2_instance_ids
as I intend to convert the other bindings to accept lists as well (where
it makes sense) and keeping them with singular names would be the
easiest for backwards compatibility.
Partially fixes #3797
2018-03-15 09:19:28 -07:00
Brian Nuszkowski
76be90f384
Add PKCS1v15 as a RSA signature and verification option on the Transit secret engine ( #4018 )
...
Option to specify the RSA signature type, in specific add support for PKCS1v15
2018-03-15 09:17:02 -07:00
Jeff Mitchell
59b3e28151
Make the API docs around ed25519 more clear about what derivation means for this key type
2018-03-15 11:59:50 -04:00
Calvin Leung Huang
3108860d4b
Audit HMAC values on AuthConfig ( #4077 )
...
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs
* docs: Add ttl params to auth enable endpoint
* Rewording of go string to simply string
* Add audit hmac keys as CLI flags on auth/secrets enable
* Fix copypasta mistake
* Add audit hmac keys to auth and secrets list
* Only set config values if they exist
* Fix http sys/auth tests
* More auth plugin_name test fixes
* Pass API values into MountEntry's config when creating auth/secrets mount
* Update usage wording
2018-03-09 14:32:28 -05:00
Vishal Nayak
527eb418fe
approle: Use TypeCommaStringSlice for BoundCIDRList ( #4078 )
...
* Use TypeCommaStringSlice for Approle bound_cidr_list
* update docs
* Add comments in the test
2018-03-08 17:49:08 -05:00
Calvin Leung Huang
e2fb199ce5
Non-HMAC audit values ( #4033 )
...
* Add non-hmac request keys
* Update comment
* Initial audit request keys implementation
* Add audit_non_hmac_response_keys
* Move where req.NonHMACKeys gets set
* Minor refactor
* Add params to auth tune endpoints
* Sync cache on loadCredentials
* Explicitly unset req.NonHMACKeys
* Do not error if entry is nil
* Add tests
* docs: Add params to api sections
* Refactor audit.Backend and Formatter interfaces, update audit broker methods
* Add audit_broker.go
* Fix method call params in audit backends
* Remove fields from logical.Request and logical.Response, pass keys via LogInput
* Use data.GetOk to allow unsetting existing values
* Remove debug lines
* Add test for unsetting values
* Address review feedback
* Initialize values in FormatRequest and FormatResponse using input values
* Update docs
* Use strutil.StrListContains
* Use strutil.StrListContains
2018-03-02 12:18:39 -05:00
Jeff Mitchell
49068a42be
Document primary_email in Okta mfa path
2018-03-02 11:54:21 -05:00
Jeff Mitchell
8fe24dec0a
Actually add PingID to the index of API pages
2018-03-02 11:49:48 -05:00
Joel Thompson
e4949d644b
auth/aws: Allow lists in binds ( #3907 )
...
* auth/aws: Allow lists in binds
In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
2018-03-02 11:09:14 -05:00
Vishal Nayak
2646ed5e2a
update sys/capabilities docs ( #4059 )
2018-03-01 11:42:39 -05:00
Jeff Mitchell
5034ae2dcb
Add the ability to use multiple paths for capability checking ( #3663 )
...
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).
Fixes #3336
* Added tests
* added 'paths' field
* Update docs
* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
vishalnayak
4b0f27923f
ssh: clarify optional behavior of cidr_list
2018-02-24 06:55:55 -05:00
Chris Hoffman
a2e816321e
adding LIST for connections in database backend ( #4027 )
2018-02-22 15:27:33 -05:00
Jeff Mitchell
9c2ad5c4ec
Fix formatting on sys/health docs
2018-02-22 10:52:12 -05:00
Calvin Leung Huang
a06243bf8d
Add description param on tune endpoints ( #4017 )
2018-02-21 17:18:05 -05:00
Vishal Nayak
45bb1f0adc
Verify DNS SANs if PermittedDNSDomains is set ( #3982 )
...
* Verify DNS SANs if PermittedDNSDomains is set
* Use DNSNames check and not PermittedDNSDomains on leaf certificate
* Document the check
* Add RFC link
* Test for success case
* fix the parameter name
* rename the test
* remove unneeded commented code
2018-02-16 17:42:29 -05:00
Jeff Mitchell
f29bde0052
Support other names in SANs ( #3889 )
2018-02-16 17:19:34 -05:00
Jeff Mitchell
6f6b4521fa
Update website for AWS client max_retries
2018-02-16 11:13:55 -05:00
Jeff Mitchell
35906aaa6c
Add ChaCha20-Poly1305 support to transit ( #3975 )
2018-02-14 11:59:46 -05:00
Joel Thompson
c61ac21e6c
auth/aws: Improve role tag docs as suggested on mailing list ( #3915 )
...
Fixes the ambiguity called out in
https://groups.google.com/forum/#!msg/vault-tool/X3s7YY0An_w/yH0KFQxlBgAJ
2018-02-12 17:39:17 -05:00
Jeff Mitchell
6f025fe2ab
Adds the ability to bypass Okta MFA checks. ( #3944 )
...
* Adds the ability to bypass Okta MFA checks.
Unlike before, the administrator opts-in to this behavior, and is
suitably warned.
Fixes #3872
2018-02-09 17:03:49 -05:00
Vishal Nayak
80ffd07b8b
added a flag to make common name optional if desired ( #3940 )
...
* added a flag to make common name optional if desired
* Cover one more case where cn can be empty
* remove skipping when empty; instead check for emptiness before calling validateNames
* Add verification before adding to DNS names to also fix #3918
2018-02-09 13:42:19 -05:00
Jeff Mitchell
4fbeae77ee
Update relatedtools.html.md
2018-02-08 11:15:47 -05:00
Robert Kreuzer
a25986391b
Add vaultenv to the list of related tools ( #3945 )
2018-02-08 10:30:45 -05:00
Vishal Nayak
b9a5a35895
docs: Fix the expected type of metadata ( #3835 )
2018-01-23 16:30:15 -05:00
Jeff Mitchell
8e8675053b
Sync some bits over
2018-01-22 21:44:49 -05:00
Brian Shumate
dec64ecfd7
Update API endpoint references for revoke-prefix ( #3828 )
2018-01-22 18:04:43 -05:00
Josh Giles
9c46431b80
Support JSON lists for Okta user groups+policies. ( #3801 )
...
* Support JSON lists for Okta user groups+policies.
Migrate the manually-parsed comma-separated string field types for user
groups and user policies to TypeCommaStringSlice. This means user
endpoints now accept proper lists as input for these fields in addition
to comma-separated string values. The value for reads remains a list.
Update the Okta API documentation for users and groups to reflect that
both user group and user/group policy fields are list-valued.
Update the Okta acceptance tests to cover passing a list value for the
user policy field, and require the OKTA_API_TOKEN env var to be set
(required for the "everyone" policy tests to pass).
* Fix typo, add comma-separated docs.
2018-01-16 18:20:19 -05:00
Jake Scaltreto
3ad372d65d
Fix minor typo in word "certificate" ( #3783 )
2018-01-15 15:52:41 -05:00
Jeff Mitchell
d8009bced1
Merge branch 'master-oss' into sethvargo/cli-magic
2018-01-10 11:15:49 -05:00
Laura Uva
b242800958
Fixed the link to the section on generating DR operation token for promoting secondary. ( #3766 )
2018-01-09 10:02:09 -06:00
Brian Shumate
fd424c74ba
Docs: add DR secondary/active HTTP 472 code ( #3748 )
2018-01-03 15:07:36 -05:00
Jeff Mitchell
d1803098ae
Merge branch 'master-oss' into sethvargo/cli-magic
2018-01-03 14:02:31 -05:00
Brian Nuszkowski
9c3e96b591
Update '/auth/token/revoke-self' endpoint documentation to reflect the proper response code ( #3735 )
2018-01-03 12:09:43 -05:00
dmwilcox
39dd122663
Update docs to reflect ability to load cold CA certs to output full chains. ( #3740 )
2018-01-03 10:59:18 -05:00
markpaine
c50c597b62
Spelling correction. "specifig" -> "specific" ( #3739 )
2018-01-03 10:38:55 -05:00
markpaine
3c483b3e87
Spelling correction "datatabse" -> "database" ( #3738 )
2018-01-03 10:38:16 -05:00
Jeff Mitchell
e6d60ee551
Clarify control group APIs are enterprise only.
...
Fixes #3702
2017-12-19 11:00:02 -05:00
Calvin Leung Huang
c4e951efb8
Add period and max_ttl to cert role creation ( #3642 )
2017-12-18 15:29:45 -05:00
Travis Cosgrave
cf3e284396
Use Custom Cert Extensions as Cert Auth Constraint ( #3634 )
2017-12-18 12:53:44 -05:00
Jeff Mitchell
77a7c52392
Merge branch 'master' into f-nomad
2017-12-18 12:23:39 -05:00
Ernest W. Durbin III
98e04c42d3
Correct documentation for Kubernetes Auth Plugin ( #3708 )
2017-12-18 12:12:08 -05:00
Raja Nadar
446b87ee0e
added the missing nonce and type fields ( #3694 )
2017-12-17 16:26:07 -05:00
Chris Hoffman
f6bed8b925
fixing up config to allow environment vars supported by api client
2017-12-17 09:10:56 -05:00
Chris Hoffman
c71f596fbd
address some feedback
2017-12-15 17:06:56 -05:00
Jeff Mitchell
b478ba8bac
Merge branch 'master' into f-nomad
2017-12-14 16:44:28 -05:00
Vishal Nayak
15b3d8738e
Transit: backup/restore ( #3637 )
2017-12-14 12:51:50 -05:00
Chris Hoffman
3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice ( #3621 )
2017-12-11 13:13:35 -05:00
Paulo Ribeiro
0ee55dde52
Remove duplicate link in ToC ( #3671 )
2017-12-11 12:52:58 -05:00
Jeff Mitchell
b5d21ebdae
Cross reference pki/cert in a few places.
2017-12-11 11:10:28 -05:00
Mohsen
2aa576149c
Small typo relating to no_store in pki secret backend ( #3662 )
...
* Removed typo :)
* Corrected typo in the website related to no_store
2017-12-07 10:40:21 -05:00
Calvin Leung Huang
41f03b466a
Support MongoDB session-wide write concern ( #3646 )
...
* Initial work on write concern support, set for the lifetime of the session
* Add base64 encoded value support, include docs and tests
* Handle error from json.Unmarshal, fix test and docs
* Remove writeConcern struct, move JSON unmarshal to Initialize
* Return error on empty mapping of write_concern into mgo.Safe struct
2017-12-05 15:31:01 -05:00
Laura Uva
892a0cb5e0
Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key ( #3632 )
2017-12-04 12:12:58 -05:00
Brian Shumate
5a9d8c60ac
Docs: Update /sys/policies/ re: beta refs to address #3624 ( #3629 )
2017-12-04 12:10:26 -05:00
Jeff Mitchell
f762d0615e
Remove beta notice
2017-12-04 08:25:16 -08:00
crdotson
fd2464c410
Fix spelling ( #3609 )
...
changed "aomma" to "comma"
2017-12-04 10:53:58 -05:00
csawyerYumaed
605efa37e9
update relatedtools, add Goldfish UI. ( #3597 )
...
Add link to Goldfish a web UI for Vault.
2017-12-04 10:51:16 -05:00
Paul Pieralde
ff2c8d4865
Fix docs for Transit API ( #3588 )
2017-12-04 10:34:05 -05:00
Jeff Mitchell
d81a39ab99
Update cassandra docs with consistency value.
...
Fixes #3361
2017-12-02 14:18:23 -05:00
Nicolas Corrarello
7b14f41872
Fix docs up to current standards
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 16:53:42 +00:00
Nicolas Corrarello
b3799697a2
Rename policy into policies
2017-11-29 16:31:17 +00:00
Nicolas Corrarello
a6d3119e3e
Pull master into f-nomad
...
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:56:37 +00:00
Vishal Nayak
5f02a64206
docs: encryption/decryption now supports asymmetric keys ( #3599 )
2017-11-21 12:25:28 -05:00
Vishal Nayak
00dfc1c4de
Docs: Remove 'none' as algorithm options ( #3587 )
2017-11-15 09:09:45 -05:00
Brian Kassouf
85a5a75835
Add token_reviewer_jwt to the kubernetes docs ( #3586 )
2017-11-14 13:27:09 -08:00
Chris Hoffman
b3a7d8ecf3
adding licensing docs ( #3585 )
2017-11-14 16:15:09 -05:00
Paul Pieralde
8fedef3d99
Docs change for Policy API ( #3584 )
...
vault 0.9.0 deprecated the term `rules` in favor of the
term `policy` in several of the /sys/policy APIs.
The expected return state of 200 SUCCESS_NO_DATA only happens
if the `policy` term is used. A response including the
deprecation notice and a 204 SUCCESS_WITH_DATA status code
is returned when `rules` is applied.
2017-11-14 14:26:26 -05:00
Jeff Mitchell
7ac167f8a4
Sync docs
2017-11-14 06:13:11 -05:00
Vishal Nayak
5d976794d4
API refactoring and doc updates ( #3577 )
...
* Doc updates and API refactoring
* fix tests
* change metadata fieldtype to TypeKVPairs
* Give example for TypeKVPairs in CLI for metadata
* Update API docs examples to reflect the native expected value for TypeKVPairs
* Don't mention comma separation in the docs for TypeCommaStringSlice
* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias
* Address review feedback
* Fix formatting
* fix sidebar links
2017-11-13 20:59:42 -05:00
Vishal Nayak
645c068011
transit doc update ( #3564 )
2017-11-09 16:17:54 -05:00
Calvin Leung Huang
b7deec2bec
Add docs for /sys/rekey-recovery-key ( #3520 )
2017-11-08 14:22:30 -05:00
Paul Pieralde
01ff6293e0
Doc fix for Create/Update Token API ( #3548 )
...
`orphan` is intended to be default to False. Docs indicate this
is default to True. Simple change to update the docs only.
2017-11-07 18:06:44 -05:00
Joel Thompson
2c8cd19e14
auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive ( #3291 )
2017-11-06 17:12:07 -05:00
Chris Hoffman
de8c0dce99
minor cleanup
2017-11-06 16:34:20 -05:00
Gregory Reshetniak
57c9afa357
added AWS enpoint handling ( #3416 )
2017-11-06 13:31:38 -05:00
Calvin Leung Huang
d7305a4681
Add note on support for using rec keys on /sys/rekey ( #3517 )
2017-11-06 12:18:15 -05:00
Jeff Mitchell
17310654a1
Add PKCS8 marshaling to PKI ( #3518 )
2017-11-06 12:05:07 -05:00
Nicolas Corrarello
5a317a1a32
Updated documentation
2017-11-06 15:13:50 +00:00
Calvin Leung Huang
93917743df
Update SSH list roles docs ( #3536 )
2017-11-03 18:00:46 -04:00
Vishal Nayak
e4e4a7ba67
Capabilities responds considering policies on entities and groups ( #3522 )
...
* Capabilities endpoint will now return considering policies on entities and groups
* refactor the policy derivation into a separate function
* Docs: Update docs to reflect the change in capabilities endpoint
2017-11-03 11:20:10 -04:00
Vishal Nayak
06923430cc
docs: s/persona/alias ( #3529 )
2017-11-03 11:17:59 -04:00
Vishal Nayak
52df62d4ff
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend ( #3489 )
...
* encrypt/decrypt/sign/verify RSA
* update path-help and doc
* Fix the bug which was breaking convergent encryption
* support both 2048 and 4096
* update doc to contain both 2048 and 4096
* Add test for encrypt, decrypt and rotate on RSA keys
* Support exporting RSA keys
* Add sign and verify test steps
* Remove 'RSA' from PEM header
* use the default salt length
* Add 'RSA' to PEM header since openssl is expecting that
* export rsa keys as signing-key as well
* Comment the reasoning behind the PEM headers
* remove comment
* update comment
* Parameterize hashing for RSA signing and verification
* Added test steps to check hash algo choice for RSA sign/verify
* fix test by using 'prehashed'
2017-11-03 10:45:53 -04:00
Vishal Nayak
a7acc23034
docs: Add config/ca delete operation ( #3525 )
2017-11-03 06:19:21 -04:00
Nicolas Corrarello
d540985926
Unifying Storage and API path in role
2017-10-31 21:06:10 +00:00
Jeff Mitchell
963f516ac9
Fix C&P in docs.
...
Fixes #3454
2017-10-27 16:43:26 -04:00
Christophe Tafani-Dereeper
5ff1485a3e
Correct typos in the sys/raw documentation ( #3484 )
2017-10-24 10:33:57 -04:00
Seth Vargo
83b1eb900a
More naming cleanup
2017-10-24 09:35:03 -04:00
Seth Vargo
7463ba73a5
Oops typo
2017-10-24 09:34:30 -04:00
Seth Vargo
926ca5c125
Update k8s documentation
2017-10-24 09:34:12 -04:00
Seth Vargo
51a27b758b
Resolve the most painful merge conflict known on earth
2017-10-24 09:34:12 -04:00
Seth Vargo
2982fdf7ca
Remove ?list examples
...
They are documented in the overall API section, but people should get used to seeing LIST as a verb
2017-10-24 09:32:15 -04:00
Seth Vargo
c5665920f6
Standardize on "auth method"
...
This removes all references I could find to:
- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend
in favor of the unified:
- auth method
2017-10-24 09:32:15 -04:00
Seth Vargo
0afff80b5e
Document mount types/values
2017-10-24 09:28:05 -04:00
Chris Hoffman
e4065e33d2
copying general purpose tools from transit backend to /sys/tools ( #3391 )
2017-10-20 10:59:17 -04:00
blazindragon
6c6e2a3baa
Correct typo: DELET to DELETE ( #3452 )
2017-10-13 10:11:04 -04:00
Jeremy Voorhis
af24163abd
Implement signing of pre-hashed data ( #3448 )
...
Transit backend sign and verify endpoints now support algorithm=none
2017-10-11 11:48:51 -04:00
Martins Sipenko
a2808db1af
Fix docs ( #3449 )
2017-10-11 11:29:26 -04:00
Brendan
d5decccbfe
Update index.html.md ( #3433 )
...
Fixed typo in json property used to create custom secret_id
2017-10-11 09:25:43 -04:00
emily
cbe41b590f
add GCP APIs that need to be enabled to GCP auth docs, small doc fixes ( #3446 )
2017-10-11 09:18:32 -04:00
Nicolas Corrarello
d7bb311db3
A few simple fixes for the Github API docs ( #3432 )
2017-10-06 06:13:47 -04:00
Daniel DeFisher
974332c2c5
upgrade ldap api docs to refrect 0.8.3 change to returned json of policies ( #3421 )
2017-10-04 15:40:28 -04:00
Jeff Mitchell
e3ce60eb1f
Allow entering PKI URLs as arrays. ( #3409 )
...
Fixes #3407
2017-10-03 16:13:57 -04:00
Nicolas Corrarello
b207b76f14
Updated API Docs with the Global Token Parameter
2017-09-29 11:23:47 +01:00
Alex Dadgar
f56e191020
Fix spelling errors ( #3390 )
2017-09-28 07:54:40 -04:00
Paulo Ribeiro
43540e9c32
Fix grammatical error ( #3395 )
...
Also changed capitalization for consistency.
2017-09-28 06:28:48 -04:00
Brian Kassouf
b1db3765ca
Kubernetes Docs Update ( #3386 )
...
* Update Kubnernetes Docs
* Add a note about alpha clusters on GKE
* Fix JSON formatting
* Update kubernetes.html.md
* Fix a few review comments
2017-09-27 14:02:18 -07:00
Vishal Nayak
abcf4b3bb2
docs: Added certificate deletion operation API ( #3385 )
2017-09-26 20:28:52 -04:00
Nicolas Corrarello
2b4561dccb
Adding Nomad Secret Backend API documentation
2017-09-21 09:18:35 -05:00
Brian Kassouf
9b0d594d02
Kubernetes auth ( #3350 )
...
* Import the kubernetes credential backend
* Add kubernetes docs
* Escape * characters
* Revert "Import the kubernetes credential backend"
This reverts commit f12627a9427bcde7e73cea41dea19d0922f94789.
* Update the vendored directory
2017-09-19 09:27:26 -05:00