Commit graph

466 commits

Author SHA1 Message Date
Jeff Mitchell b940d214bd Merge pull request #568 from ctennis/add_some_s3_info
Make it clear for physical S3 backend we support instance profiles as well.
2015-08-26 09:03:38 -04:00
Jeff Mitchell cc232e6f79 Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell 0b580d0521 Update website documentation for init and rekey with secret_pgp_keys API option 2015-08-25 14:52:13 -07:00
Caleb Tennis 6c30f9a0f9 Make it clear we support instance profiles as well, the existing docs seem to indicate static credentials are required 2015-08-25 06:47:07 -07:00
Armon Dadgar 88a7b57491 Merge pull request #558 from captainill/master
make sure header is below clickable area that hides sidebar
2015-08-21 10:21:40 -07:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 0fa783f850 Update help text for TTL values in generic backend 2015-08-20 17:59:30 -07:00
captainill ad9e00b166 make sure header is below clickable area that hides sidebar 2015-08-20 17:22:48 -07:00
Jeff Mitchell b57ce8e5c2 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
Fixes #528.
2015-08-20 16:41:25 -07:00
Vishal Nayak beca9f1596 Merge pull request #385 from hashicorp/vishal/vault
SSH Secret Backend for Vault
2015-08-20 10:03:15 -07:00
Bernhard K. Weisshuhn 86cde438a5 avoid dashes in generated usernames for cassandra to avoid quoting issues 2015-08-20 11:15:28 +02:00
vishalnayak 76ed3bec74 Vault SSH: 1024 is default key size and removed 4096 2015-08-19 12:51:33 -07:00
vishalnayak 1f5062a6e1 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-19 12:16:37 -07:00
David Winterbottom 9fd6837d7b Fix typo in ACL doc 2015-08-19 07:36:16 +01:00
Armon Dadgar f351cd5ee0 Merge pull request #531 from mfischer-zd/fix_doc_tls
Clarify availability of tls_min_version
2015-08-18 19:01:28 -07:00
vishalnayak b5cda4942b Vault SSH: doc update 2015-08-18 11:50:32 -07:00
vishalnayak b91ebbc6e2 Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak 9db318fc55 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
Michael S. Fischer 0e0cdeed75 Clarify availability of tls_min_version
`tls_min_version` doesn't work in the current Vault release;
make that clear.
2015-08-13 08:35:09 -07:00
vishalnayak 93dfa67039 Merging changes from master 2015-08-12 09:28:16 -07:00
vishalnayak 0abf07cb91 Vault SSH: Website doc v1. Removed path_echo 2015-08-12 09:25:28 -07:00
Erik Kristensen 2233f993ae initial pass at JWT secret backend 2015-08-06 17:49:44 -06:00
Armon Dadgar f58f46c243 Merge pull request #439 from geckoboard/feature-tls-mysql
Using SSL to encrypt connections to MYSQL
2015-08-05 14:52:43 -07:00
Armon Dadgar 4d08cfdf6f Merge pull request #469 from kgutwin/f-config-defaultlease
Add configuration options for default lease duration and max lease duration
2015-08-04 10:06:41 -07:00
Vivien Schilis 9db7426002 Add documentation for the tls_ca_file option 2015-08-04 05:10:33 +00:00
Rusty Ross 719ac6e714 update doc for app-id
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
2015-08-03 09:44:26 -07:00
Armon Dadgar 473668a1a0 Merge pull request #482 from chiefy/master
Adding vaulted nodejs library to libraries section in docs.
2015-07-31 15:13:44 -07:00
Long Nguyen e666b5c624 added golang client 2015-07-31 17:10:38 -04:00
Christopher Najewicz c5c7926af6 Adding vaulted nodejs library to libraries section in docs. 2015-07-31 14:31:26 -04:00
Armon Dadgar 03728af495 Merge pull request #464 from bgirardeau/master
Add Multi-factor authentication with Duo
2015-07-30 17:51:31 -07:00
Bradley Girardeau aa55d36f03 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Karl Gutwin 4bad987e58 PR review updates 2015-07-30 13:21:41 -04:00
Karl Gutwin 151ec72d00 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
Armon Dadgar 1535a21198 Merge pull request #384 from dkaffee92/feature/storage-backend-consul-configuration
allow specifying certificates used to talk to consul for storage backend
2015-07-29 14:41:53 -07:00
Fabian Ruff 41106d9b69 fix doc for pki/revoke API 2015-07-29 14:28:12 +02:00
Kevin Fishner 9fe25414aa update analytics 2015-07-28 16:05:27 -07:00
Bradley Girardeau 112f98d86f mfa: cleanup website documentation 2015-07-28 12:25:01 -07:00
Bradley Girardeau 6c24a000a3 mfa: add website documentation 2015-07-28 11:00:57 -07:00
Daniel Kaffee a6f828ba0a made documentation a bit more clear 2015-07-28 15:50:43 +03:00
Daniel Kaffee 4146be770c refactor code 2015-07-28 14:55:33 +03:00
Armon Dadgar 83729a3bd9 website: fixing details about HA backends 2015-07-24 12:11:45 -07:00
Armon Dadgar 80e59089ba Merge pull request #449 from JustinLaRose/master
Cassandra secret backend doc update for connection config
2015-07-23 13:42:59 -07:00
Armon Dadgar eeb623bca0 Merge pull request #447 from kgutwin/f-tlsvers
Specify Vault listener minimum TLS version
2015-07-23 13:42:42 -07:00
Armon Dadgar 9ec3cefea9 Merge pull request #433 from infame-io/feature/s3_sts
Granting S3 backend temporary access
2015-07-23 13:33:58 -07:00
Karl Gutwin 3a5e036727 Document warning for using lower TLS versions 2015-07-23 11:54:45 -04:00
Lauro Balderas 436dfd464d S3 backend session token documentation updated 2015-07-23 22:53:20 +10:00
Justin LaRose 361f10f79e Cassandra secret backend doc update for connection config - "hosts" instead of "host" 2015-07-23 03:07:29 -04:00
Karl Gutwin 1096f5a53e Avoid unnecessary abbreviation 2015-07-22 23:28:46 -04:00
Karl Gutwin 9c963a0632 TLS minimum version documentation 2015-07-22 23:21:18 -04:00
Armon Dadgar 63fcb61145 Merge pull request #419 from nbrownus/telemetry_names
Disable hostname prefix for runtime telemetry
2015-07-22 15:38:23 -07:00
Armon Dadgar 01147622ce Merge pull request #420 from bgirardeau/master
LDAP Auth - Add per-user policies and option to login with userPrincipalName
2015-07-22 14:35:21 -07:00
Bradley Girardeau e8d26d244b ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Seth Vargo 564f6d3743 Small tutorial fixes and tweaks 2015-07-19 16:52:11 -04:00
Daniel Somerfield 30920dc751 Finished draft of api tutorial and worked it into the flow. 2015-07-19 12:29:06 -07:00
Daniel Somerfield 89e0ed22db More work on apis doc. 2015-07-16 06:29:52 -07:00
Daniel Somerfield 3f45692500 Added start of page in intro that explains / demos the REST apis 2015-07-15 06:28:04 -07:00
Bradley Girardeau 1e1d4ba66d ldap: add documentation for setting policies based on user 2015-07-14 16:13:40 -07:00
Nate Brown 65dc78ba35 Docs for the telemetry object 2015-07-14 15:45:45 -07:00
Bradley Girardeau 0e2edc2378 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Armon Dadgar 3042452def website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar 7be012b8b6 website: help command is now path-help 2015-07-13 20:03:29 +10:00
Armon Dadgar 26937498f6 physical/zk: Fixing node representation. Fixes #416 2015-07-13 19:33:23 +10:00
Armon Dadgar 8dd9478e14 website: fixing documentation errors. Fixes #412 2015-07-13 19:10:44 +10:00
Armon Dadgar 2da54da6ed website: update HA status, discourage ZK 2015-07-13 19:01:32 +10:00
Matt Button 76bc988e50 Remove documentation that was copied from the terraform project 2015-07-12 16:52:24 +00:00
mootpt 872593d1e1 fixed secrets backend url
minor doc fix
2015-07-06 11:11:58 -07:00
mootpt f782e7382e pointed authentication backend to proper location
pointed authentication backend to proper location
2015-07-06 10:42:14 -07:00
Armon Dadgar 70cd3d1206 Merge pull request #400 from hashicorp/f-glob
Change ACL semantics, use explicit glob and deny has highest precedence
2015-07-06 11:15:49 -06:00
Armon Dadgar 768a6e33b0 website: clarify changes in addition to feedback 2015-07-06 11:10:09 -06:00
Armon Dadgar 0be3d419c8 secret/transit: address PR feedback 2015-07-05 19:58:31 -06:00
Armon Dadgar 37b68d6dce website: clarify getting started ACL docs 2015-07-05 18:40:05 -06:00
Armon Dadgar 01b0257c5f website: update for glob matching 2015-07-05 17:43:13 -06:00
Armon Dadgar f4d555a2ba website: document derived keys in secret/transit 2015-07-05 14:47:16 -07:00
Armon Dadgar 0521c6df6c http: support ?standbyok for 200 status on standby. Fixes #389 2015-07-02 17:49:35 -07:00
Bradley Girardeau 42050fe77b ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar 3c58773598 Merge pull request #380 from kgutwin/cert-cli
Enable TLS client cert authentication via the CLI
2015-06-30 11:44:28 -07:00
Armon Dadgar b8f2e8d498 website: document insecure_tls for LDAP backend 2015-06-30 09:42:18 -07:00
Jeff Mitchell 42b90fa9b9 Address some issues from code review.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:27:23 -04:00
Karl Gutwin 70fc49be84 Website docs. 2015-06-30 09:18:39 -04:00
Jeff Mitchell fccbc587c6 A Cassandra secrets backend.
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:04:01 -04:00
Armon Dadgar 3902626163 Merge pull request #310 from jefferai/f-pki
Initial PKI backend implementation
2015-06-21 11:12:22 +01:00
sergiopatino 3e58e8fff2 Fix typo in link to Atlas URL.
Missing a colon after https!
2015-06-21 02:41:26 -07:00
Jeff Mitchell e086879fa3 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell a6fc48b854 A few things:
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00
Armon Dadgar 28ddff305c physical/mysql: cleanup and documentation 2015-06-18 14:31:00 -07:00
Jeff Mitchell 34f495a354 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 15:22:58 -04:00
Armon Dadgar 7e6f44e39e website: document transit upsert behavior 2015-06-17 18:51:58 -07:00
Armon Dadgar 93ee9f6b76 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Jeff Mitchell 49f1fdbdcc Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Armon Dadgar 07df5c251d Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix
Do not output the trailing newline in encoding.
2015-06-15 17:36:01 -07:00
Seth Vargo db178571eb Document longest-prefix match
Fixes https://github.com/hashicorp/vault/issues/331
2015-06-15 14:29:20 -04:00
Ryan Currah c232fee6b3 Do not output the trailing newline in encoding.
Added -n to echo command to prevent newlines from showing up in encoding.
2015-06-13 12:03:57 -04:00
Jeff Mitchell e17ced0d51 Fix a docs-out-of-date bug.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-12 16:33:00 -04:00
Jeff Mitchell db5354823f Fix some out-of-date examples.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:17:05 -04:00
Jeff Mitchell 1513e2baa4 Add acceptance tests
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Jeff Mitchell 0d832de65d Initial PKI backend implementation.
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Justin Campbell 2a1eac837c docs: Fix examples of auth via JSON
For both userpass and LDAP
2015-06-04 10:38:11 -04:00
Justin Campbell d634a92d2a Remove .DS_Store
Already gitignored
2015-06-04 10:17:00 -04:00
Armon Dadgar 66ab2bbf54 Merge pull request #263 from sheldonh/iam-policy
List IAM permissions required by root credentials
2015-06-01 13:16:51 +02:00
Armon Dadgar 98cca9cb18 Merge pull request #261 from jsok/consul-lease
Add ability to configure consul lease durations
2015-06-01 13:04:28 +02:00
Armon Dadgar 82caf31532 Merge pull request #277 from hashicorp/f-rotate
Add support for key rotation
2015-06-01 12:52:32 +02:00
Seth Vargo 507f5b0114 Cleanup style on http index docs 2015-05-31 21:23:44 -07:00
Seth Vargo 4a41d05870 Merge pull request #271 from boncheff/f-doc-update-read-write-example
Update index.html.md
2015-05-31 21:20:34 -07:00
Seth Vargo 090de2c6d3 Merge pull request #279 from whit537/patch-1
Capitalize the first word of a sentence
2015-05-31 15:53:34 -07:00
Seth Vargo 7fd3d50f3e Merge pull request #280 from whit537/patch-2
Put me in charge of dev mode :)
2015-05-31 15:53:24 -07:00
Seth Vargo d90b63a520 Merge pull request #282 from whit537/patch-3
Add a missing word
2015-05-31 15:52:21 -07:00
Seth Vargo 68c9b9dd83 Merge pull request #283 from whit537/patch-4
revisions to Getting Started > Dynamic Secrets
2015-05-31 15:52:08 -07:00
Seth Vargo dba3fde064 Merge pull request #284 from whit537/patch-5
revisions to Getting Started > Built-in Help
2015-05-31 15:51:51 -07:00
Seth Vargo 83ad07bb72 Merge pull request #285 from whit537/patch-6
revisions to Getting Started > Authentication
2015-05-31 15:51:39 -07:00
Seth Vargo 1514dd5a14 Merge pull request #286 from whit537/patch-7
revisions to Getting Started > Access Control Policies
2015-05-31 15:51:08 -07:00
Seth Vargo 105def7354 Merge pull request #287 from whit537/patch-8
revisions to Getting Started > Deploy Vault
2015-05-31 15:50:58 -07:00
Chad Whitacre b83f3f2d02 Provide missing verb 2015-05-31 17:19:34 -04:00
Chad Whitacre e7cc5649dd Fix punctuation
We want an apostrophe (for the contraction, not the possessive), but we don't want an extra period.
2015-05-31 17:00:44 -04:00
Chad Whitacre 2df20f0c8c Remove an errant article 2015-05-31 16:47:15 -04:00
Chad Whitacre 1629f9ac93 Fix number of a noun 2015-05-31 16:42:29 -04:00
Chad Whitacre b1b2a4be7c Fix another broken passive 2015-05-31 16:34:34 -04:00
Chad Whitacre fcc7cbaee5 Fix a broken verb voice 2015-05-31 16:31:10 -04:00
Chad Whitacre 4a4d944bcc Charges don't incur themselves 2015-05-31 16:24:03 -04:00
Chad Whitacre 2ee0e9c51b REMOVE A SINGLE WHITESPACE CHARACTER 2015-05-31 16:21:39 -04:00
Chad Whitacre bd4dce28b5 Remove quotes to match styling elsewhere
Cf. http://vaultproject.io/intro/getting-started/dynamic-secrets.html
2015-05-31 16:20:56 -04:00
Chad Whitacre 11cd9eb6f5 Add a missing word 2015-05-31 16:19:38 -04:00
Chad Whitacre 2e00c9dd27 fix line wrapping
Sorry!
2015-05-31 16:07:50 -04:00
Chad Whitacre 4aee92f5e4 Direct new users over to the getting started guide
I found myself on the dev server reference, when really I was more interested in the getting started guide. This link is intended to help others get back on the right track.
2015-05-31 16:06:58 -04:00
Chad Whitacre ee4b84928e Put me in charge of dev mode :)
- "You" as subject instead of "Vault"
 - give the actual command
 - minor formatting changes
2015-05-31 15:54:32 -04:00
Chad Whitacre 2e8967ce22 Capitalize the first word of a sentence 2015-05-31 14:22:57 -04:00
Armon Dadgar b71226dfd7 website: document key rotation internals 2015-05-29 15:34:29 -07:00
Armon Dadgar 0563ac643e website: document new system APIs 2015-05-29 15:05:05 -07:00
Christian Berg 69e501a2e5 Fix typo 2015-05-29 10:24:29 +02:00
boncheff a1e5330f78 Update index.html.md
Updated the docs to show an example of how to read/write a secret using the HTTP API
2015-05-28 22:28:25 +01:00
Armon Dadgar e72ed2fa87 Merge pull request #269 from sheldonh/getting_started_deploy_consul
Use local Consul instance in deploy walkthrough
2015-05-28 10:06:36 -07:00
Sheldon Hearn 9126cf576f Use local Consul instance in deploy walkthrough
As per hashicorp/vault#217, demo.consul.io prevents sessions from being
created, which means you can't use it as a backend for Vault.
2015-05-28 14:11:34 +02:00
Sheldon Hearn 85fbdae5f5 Mention disable_mlock in deploy walkthrough 2015-05-28 13:24:28 +02:00
Sheldon Hearn 71c462b3b2 Clarify the disable_mlock option 2015-05-28 12:40:56 +02:00
certifiedloud ac4763027b replaced confusing term 'physical' with 'storage'. 2015-05-27 14:44:17 -06:00
Sheldon Hearn 89e7bb2569 Missed a few IAM permissions 2015-05-27 16:42:12 +02:00
Sheldon Hearn 3d2005ea56 List IAM permissions required by root credentials 2015-05-27 16:28:24 +02:00
Jonathan Sokolowski 2b1926f262 website: Update /consul/roles/ parameters 2015-05-27 09:54:15 +10:00
Armon Dadgar 5b587b979d Merge pull request #259 from buth/etcd
etcd non-HA storage backend
2015-05-26 15:07:06 -07:00
Eric Buth e4e4253d65 added etcd as a non-HA storage backend, updated documentation 2015-05-26 13:38:25 -04:00
Ian Unruh 2a6dd3225c Add libraries section to HTTP docs 2015-05-22 14:32:14 -07:00
Ian Unruh bb9f7c47ff Add read field flag to documentation 2015-05-22 11:33:28 -07:00
Armon Dadgar e2ff72795e website: doc cleanup 2015-05-20 17:42:29 -07:00
Armon Dadgar 8c75cc83e3 Merge pull request #242 from jstremick/f-physical-s3-backend
Physical S3 backend implementation
2015-05-20 17:00:44 -07:00
joe miller fd57ca0e39 fix doc example to submit valid json in POST body
I don't know if there is some version of curl that auto-generates json but the example didn't work for me on curl 7.32.0. Submitting the data as JSON works though.
2015-05-20 13:11:54 -07:00
James Stremick 53979d6f30 Physical S3 backend implementation 2015-05-20 10:59:03 -04:00
Aaron Bedra ed9b44bb44 Fix typo in app-id docs 2015-05-20 09:36:54 -05:00
Seth Vargo 05e59edb02 Merge pull request #239 from ijin/patch-1
Document that Vault Server needs to be running for vault help path
2015-05-20 12:28:31 +02:00
Michael H. Oshita e2a923a887 Document that Vault Server needs to be running for vault help path
Confused initial, I tried running `vault help secret` by itself and found out that the server needs to be running to execute this command.

Furthermore, the client needs `VAULT_ADDR` configured (`http://127.0.0.1:8200` in dev mode, since it uses https by default) to interact with the server.
2015-05-20 17:06:59 +09:00
Daniel McCarney c7bf89cf60 Add missing word to storage backend threat model. 2015-05-19 12:11:48 -07:00
Daniel McCarney af1aabe397 Fix "the a lease ID" typo. 2015-05-19 12:07:07 -07:00