luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
7559 commits 1 branch 0 tags 214 MiB
Commit graph

1809 commits

Author SHA1 Message Date
Yoko Hyakuna 3e043170a0 Fixed the sample admin policies 2018-01-24 18:10:56 -08:00
Yoko Hyakuna 3fc84bff3a Added policy requirements & scenario diagrams 2018-01-24 16:01:44 -08:00
Andy Manoske 909f0d34fc
Policy Feedback from PM 2018-01-24 11:47:31 -08:00
Yoko Hyakuna d45a247bec Cleaned up the diagram 2018-01-23 16:22:17 -08:00
Yoko Hyakuna 9df839e446 More detailed descriptions were added 2018-01-23 15:43:07 -08:00
Vishal Nayak b9a5a35895 docs: Fix the expected type of metadata (#3835) 2018-01-23 16:30:15 -05:00
Jeff Mitchell 8e8675053b Sync some bits over 2018-01-22 21:44:49 -05:00
Yoko Hyakuna 358f95553c WIP - new guides 2018-01-22 18:14:23 -08:00
Brian Shumate dec64ecfd7 Update API endpoint references for revoke-prefix (#3828) 2018-01-22 18:04:43 -05:00
Yoko Hyakuna df16089491 WIP - Added personas 2018-01-18 17:40:35 -08:00
Yoko Hyakuna ac4bd212fc WIP - new guides 2018-01-17 17:39:21 -08:00
Yoko Hyakuna fd77a55dc1 WIP - new guides 2018-01-16 17:16:20 -08:00
Josh Giles 9c46431b80 Support JSON lists for Okta user groups+policies. (#3801) 
* Support JSON lists for Okta user groups+policies.

Migrate the manually-parsed comma-separated string field types for user
groups and user policies to TypeCommaStringSlice. This means user
endpoints now accept proper lists as input for these fields in addition
to comma-separated string values. The value for reads remains a list.

Update the Okta API documentation for users and groups to reflect that
both user group and user/group policy fields are list-valued.

Update the Okta acceptance tests to cover passing a list value for the
user policy field, and require the OKTA_API_TOKEN env var to be set
(required for the "everyone" policy tests to pass).

* Fix typo, add comma-separated docs.
 2018-01-16 18:20:19 -05:00
Jake Scaltreto 3ad372d65d Fix minor typo in word "certificate" (#3783) 2018-01-15 15:52:41 -05:00
Paweł Słomka b994e83c65 Cleanup of deprecated commands in tests, docs (#3788) 2018-01-15 15:19:28 -05:00
Harrison Brown 6b7f57caab Suggested website copy changes (#3791) 
* Adds comma

* Adds comma

* Suggested copy change
 2018-01-15 14:33:41 -05:00
Vishal Nayak 8ef51c0065
Delete group alias upon group deletion (#3773) 2018-01-11 10:58:05 -05:00
Yoko Hyakuna 588e3bcd2d WIP - New Vault guides 2018-01-10 17:28:00 -08:00
Yoko Hyakuna 6f7ed3016d WIP - New Vault guides 2018-01-10 11:14:59 -08:00
Jeff Mitchell d8009bced1 Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-10 11:15:49 -05:00
Yoko Hyakuna 5e0ac2aee0 WIP - New Vault guides 2018-01-09 15:12:08 -08:00
Yoko Hyakuna f61f32f0c6 WIP - New Vault guides 2018-01-09 15:06:00 -08:00
Laura Uva b242800958 Fixed the link to the section on generating DR operation token for promoting secondary. (#3766) 2018-01-09 10:02:09 -06:00
Brian Shumate fd424c74ba Docs: add DR secondary/active HTTP 472 code (#3748) 2018-01-03 15:07:36 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jon Davies 66e2593ef9 s3.go: Added options to use paths with S3 and the ability to disable SSL (#3730) 2018-01-03 12:11:00 -05:00
Brian Nuszkowski 9c3e96b591 Update '/auth/token/revoke-self' endpoint documentation to reflect the proper response code (#3735) 2018-01-03 12:09:43 -05:00
Didi Kohen 089a0793bd Clarify that keybase is supported only in the CLI (#3744) 2018-01-03 11:18:38 -05:00
dmwilcox 39dd122663 Update docs to reflect ability to load cold CA certs to output full chains. (#3740) 2018-01-03 10:59:18 -05:00
Alexandre Nicastro 19b4062801 docs: fix typo (change 'a' to 'an' - indefinite article) (#3741) 2018-01-03 10:47:15 -05:00
markpaine c50c597b62 Spelling correction. "specifig" -> "specific" (#3739) 2018-01-03 10:38:55 -05:00
markpaine 3c483b3e87 Spelling correction "datatabse" -> "database" (#3738) 2018-01-03 10:38:16 -05:00
Brian Shumate 4a9333b076 Docs: Updated Telemetry documentation (#3722) 2017-12-26 13:51:15 -05:00
Brian Shumate bbf1c67d80 Update backend config docs - addresses #3718 (#3724) 2017-12-26 13:48:45 -05:00
Jeff Mitchell 1a2eba5f87 Port website changes from ent side 2017-12-21 09:00:35 -05:00
Jeff Mitchell 121d5bfeaa Bump vars for 0.9.1 2017-12-21 08:39:41 -05:00
Jeff Mitchell e6d60ee551 Clarify control group APIs are enterprise only. 
Fixes #3702
 2017-12-19 11:00:02 -05:00
Calvin Leung Huang c4e951efb8 Add period and max_ttl to cert role creation (#3642) 2017-12-18 15:29:45 -05:00
Roger Berlind 27cdb42258 Added example for Azure SQL Database (#3700) 2017-12-18 13:55:56 -05:00
Travis Cosgrave cf3e284396 Use Custom Cert Extensions as Cert Auth Constraint (#3634) 2017-12-18 12:53:44 -05:00
Jeff Mitchell 77a7c52392
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
Ernest W. Durbin III 98e04c42d3 Correct documentation for Kubernetes Auth Plugin (#3708) 2017-12-18 12:12:08 -05:00
James Nugent e320d0580a physical/dynamodb: Clarify ha_enabled type (#3703) 
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.

While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
 2017-12-18 09:30:29 -05:00
James Nugent 618b52d72d docs: Add correct method for mlock on systemd (#3704) 
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
 2017-12-18 09:29:37 -05:00
Raja Nadar 446b87ee0e added the missing nonce and type fields (#3694) 2017-12-17 16:26:07 -05:00
Chris Hoffman f6bed8b925 fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Chris Hoffman ef56322369 Merge remote-tracking branch 'oss/master' into f-nomad 
* oss/master:
  Add support for encrypted TLS key files (#3685)
 2017-12-15 19:51:28 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Chris Hoffman c71f596fbd address some feedback 2017-12-15 17:06:56 -05:00
Jeff Mitchell b478ba8bac
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Vishal Nayak 15b3d8738e Transit: backup/restore (#3637) 2017-12-14 12:51:50 -05:00
Brian Shumate d5d265956d Docs: fix typo in libtool ltdl name and link to avoid confusion and note about arch (#3644) 2017-12-11 13:42:19 -05:00
Brian Shumate a8932fbcbd Docs: Update PKI URL config examples to FQDN — addresses #3606 (#3647) 2017-12-11 13:25:59 -05:00
Chris Hoffman 3b0ba609b2
Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Paulo Ribeiro 0ee55dde52 Remove duplicate link in ToC (#3671) 2017-12-11 12:52:58 -05:00
Brian Shumate 07a0d25aeb Docs: Update PKI output examples - addresses #3606 (#3628) 2017-12-11 11:57:07 -05:00
Jeff Mitchell b5d21ebdae
Cross reference pki/cert in a few places. 2017-12-11 11:10:28 -05:00
Brad Sickles 295e11d40d Adding mfa support to okta auth backend. (#3653) 2017-12-07 14:17:42 -05:00
Brian Shumate a0d1092420 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Mohsen 2aa576149c Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Brian Kassouf 34f5d1e637 Remove the note about GKE from the Kubernetes docs (#3658) 2017-12-06 13:38:00 -05:00
Calvin Leung Huang 41f03b466a
Support MongoDB session-wide write concern (#3646) 
* Initial work on write concern support, set for the lifetime of the session

* Add base64 encoded value support, include docs and tests

* Handle error from json.Unmarshal, fix test and docs

* Remove writeConcern struct, move JSON unmarshal to Initialize

* Return error on empty mapping of write_concern into mgo.Safe struct
 2017-12-05 15:31:01 -05:00
Calvin Leung Huang 8f87854b86
Clarify api_addr related errors on VaultPluginTLSProvider (#3620) 
* Mention api_addr on VaultPluginTLSProvider logs, update docs

* Clarify message and mention automatic api_address detection

* Change error message to use api_addr

* Change error messages to use api_addr
 2017-12-05 12:01:35 -05:00
Laura Uva 892a0cb5e0 Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key (#3632) 2017-12-04 12:12:58 -05:00
Brian Shumate 5a9d8c60ac Docs: Update /sys/policies/ re: beta refs to address #3624 (#3629) 2017-12-04 12:10:26 -05:00
Jeff Mitchell e301ebe91b
Update secrets page 
Fixes #3623
 2017-12-04 12:05:34 -05:00
Jeff Mitchell f762d0615e
Remove beta notice 2017-12-04 08:25:16 -08:00
Chris Hoffman b17fb19b52 Expanding on the quick start guide with how to set up an intermediate authority (#3622) 2017-12-04 11:23:58 -05:00
Brian Shumate ac69680d7b Docs: mlock() notes, fixes #3605 (#3614) 2017-12-04 10:56:16 -05:00
crdotson fd2464c410 Fix spelling (#3609) 
changed "aomma" to "comma"
 2017-12-04 10:53:58 -05:00
csawyerYumaed 605efa37e9 update relatedtools, add Goldfish UI. (#3597) 
Add link to Goldfish a  web UI for Vault.
 2017-12-04 10:51:16 -05:00
Paul Pieralde ff2c8d4865 Fix docs for Transit API (#3588) 2017-12-04 10:34:05 -05:00
Jeff Mitchell d81a39ab99 Update cassandra docs with consistency value. 
Fixes #3361
 2017-12-02 14:18:23 -05:00
Marc Sensenich 92f937c021 Remove Trailing White space in Kubernetes Doc (#3360) 
Removed a trailing white space from which caused `Error loading data: Invalid key/value pair ' ': format must be key=value` if copying the example

```
vault write auth/kubernetes/role/demo \
    bound_service_account_names=vault-auth \
    bound_service_account_namespaces=default \
    policies=default \
    ttl=1h
```
 2017-12-02 14:12:39 -05:00
immutability 74bd27bdb5 Missing command for vault PUT operation (#3355) 2017-12-02 13:43:37 -05:00
Jeff Mitchell f79a15ddcd Update some rekey docs 
Fixes #3306
 2017-12-02 13:34:52 -05:00
Nicolas Corrarello 7b14f41872
Fix docs up to current standards 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:53:42 +00:00
Nicolas Corrarello b3799697a2
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello a6d3119e3e
Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Laura Uva 3b5cbe54fd Added clarification to KV documentation about default CLI behavior and how to preserve non-string type values (#3596) 2017-11-27 11:43:49 -05:00
Brian Shumate fa4af18b73 Docs: policy update for multiple policies, fixes #3611 (#3613) 2017-11-27 09:54:38 -05:00
mariachugunova 89a0919250 Fix typo in s3 storage backend docs (#3603) 2017-11-23 13:28:33 -08:00
Vishal Nayak 5f02a64206
docs: encryption/decryption now supports asymmetric keys (#3599) 2017-11-21 12:25:28 -05:00
Jeff Mitchell 422c1898c8 Update upgrade guide with HSM info 2017-11-16 11:04:46 -05:00
Vishal Nayak 00dfc1c4de
Docs: Remove 'none' as algorithm options (#3587) 2017-11-15 09:09:45 -05:00
Jeff Mitchell 141548fb33 Add now-necessary mfa import to sentinel MFA example 2017-11-14 21:42:43 -05:00
Brian Kassouf 85a5a75835
Add token_reviewer_jwt to the kubernetes docs (#3586) 2017-11-14 13:27:09 -08:00
Chris Hoffman b3a7d8ecf3
adding licensing docs (#3585) 2017-11-14 16:15:09 -05:00
Paul Pieralde 8fedef3d99 Docs change for Policy API (#3584) 
vault 0.9.0 deprecated the term `rules` in favor of the
term `policy` in several of the /sys/policy APIs.

The expected return state of 200 SUCCESS_NO_DATA only happens
if the `policy` term is used. A response including the
deprecation notice and a 204 SUCCESS_WITH_DATA status code
is returned when `rules` is applied.
 2017-11-14 14:26:26 -05:00
Vishal Nayak 2b481defe4
Upgrade to 0.9 (#3583) 
* Upgrade to 0.9

* Add link to sidebar

* Remove items that were already in 0.8 upgrade guide
 2017-11-14 13:32:09 -05:00
Vishal Nayak 3c7f194797
Doc: Add groups to identity concepts (#3581) 
* Add groups to the concepts page

* s/pulled-in and pulled-out/synced against

* Remove double spaces
 2017-11-14 13:27:49 -05:00
Seth Vargo 68052f18d0
Flip seal pages upside down to put examples first 2017-11-14 13:12:35 -05:00
Seth Vargo 4efcfe03d1
Add an auto-unseal page to the docs 
This helps with SEO and also is where I'd expect auto unsealing to be referenced.
 2017-11-14 13:12:20 -05:00
Seth Vargo b09d042173
Use super to show enterprise 2017-11-14 13:11:55 -05:00
Jeff Mitchell 8ba71a67e5 Minor website wording updates 2017-11-14 12:34:28 -05:00
Jeff Mitchell 40e3883788 Fix some broken links 2017-11-14 12:32:03 -05:00
Jeff Mitchell 7ac167f8a4 Sync docs 2017-11-14 06:13:11 -05:00
Vishal Nayak 5d976794d4
API refactoring and doc updates (#3577) 
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
 2017-11-13 20:59:42 -05:00
Laura Uva 96e80e38e8 Updated the Replication guide to make it clear that it is focused on Performance Replication. Added a link to our general info page for information on DR Replication. Removed some statements about DR not being available yet. (#3502) 2017-11-13 11:55:04 -05:00
Brian Shumate 697a506b7b DOCS: Update telemetry docs - fixes #3557 (#3571) 2017-11-13 09:58:04 -05:00
Calvin Leung Huang 87feab4492
Docs update related to new top-level config values (#3556) 
* Add new top level config value docs, add VAULT_API_ADDR, purge old references

* Fix indentation

* Update wording on ha.html

* Add section on split data/HA mode

* Fix grammar
 2017-11-10 20:06:07 -05:00
Vishal Nayak 645c068011
transit doc update (#3564) 2017-11-09 16:17:54 -05:00
James Soubry f2a98cc662 Fix curl commands (#3558) 
Curl commands require HCL within JSON to work.
 2017-11-09 10:16:09 -05:00
Calvin Leung Huang b7deec2bec Add docs for /sys/rekey-recovery-key (#3520) 2017-11-08 14:22:30 -05:00
Paul Pieralde 01ff6293e0 Doc fix for Create/Update Token API (#3548) 
`orphan` is intended to be default to False. Docs indicate this
is default to True. Simple change to update the docs only.
 2017-11-07 18:06:44 -05:00
Joel Thompson 2c8cd19e14 auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Chris Hoffman de8c0dce99 minor cleanup 2017-11-06 16:34:20 -05:00
Jonathan Freedman 4109473134 More Mount Conflict Detection (#2919) 2017-11-06 15:29:09 -05:00
Gregory Reshetniak 57c9afa357 added AWS enpoint handling (#3416) 2017-11-06 13:31:38 -05:00
Calvin Leung Huang d7305a4681
Add note on support for using rec keys on /sys/rekey (#3517) 2017-11-06 12:18:15 -05:00
Jason Antman af649c60d0 Add third party tools list to website (#3488) 2017-11-06 12:11:02 -05:00
Jeff Mitchell 17310654a1
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Nicolas Corrarello 5a317a1a32
Updated documentation 2017-11-06 15:13:50 +00:00
Calvin Leung Huang 93917743df
Update SSH list roles docs (#3536) 2017-11-03 18:00:46 -04:00
Vishal Nayak e4e4a7ba67
Capabilities responds considering policies on entities and groups (#3522) 
* Capabilities endpoint will now return considering policies on entities and groups

* refactor the policy derivation into a separate function

* Docs: Update docs to reflect the change in capabilities endpoint
 2017-11-03 11:20:10 -04:00
Vishal Nayak 06923430cc
docs: s/persona/alias (#3529) 2017-11-03 11:17:59 -04:00
Vishal Nayak 52df62d4ff
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend (#3489) 
* encrypt/decrypt/sign/verify RSA

* update path-help and doc

* Fix the bug which was breaking convergent encryption

* support both 2048 and 4096

* update doc to contain both 2048 and 4096

* Add test for encrypt, decrypt and rotate on RSA keys

* Support exporting RSA keys

* Add sign and verify test steps

* Remove 'RSA' from PEM header

* use the default salt length

* Add 'RSA' to PEM header since openssl is expecting that

* export rsa keys as signing-key as well

* Comment the reasoning behind the PEM headers

* remove comment

* update comment

* Parameterize hashing for RSA signing and verification

* Added test steps to check hash algo choice for RSA sign/verify

* fix test by using 'prehashed'
 2017-11-03 10:45:53 -04:00
Vishal Nayak a7acc23034
docs: Add config/ca delete operation (#3525) 2017-11-03 06:19:21 -04:00
Chris Hoffman 3d8d887676
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Nicolas Corrarello d540985926 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Nicolas Corrarello 0fc65cabc7 Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00
Nathan Valentine 0345dca20f Should these names not reference Vault? (#3506) 
Since we are in the Vault docs, should these names not reference Vault instead of Nomad?
 2017-10-30 11:04:38 -05:00
Jeff Mitchell 963f516ac9 Fix C&P in docs. 
Fixes #3454
 2017-10-27 16:43:26 -04:00
Vishal Nayak b16084fdaf aws-ec2: Avoid audit logging of custom nonces (#3381) 2017-10-27 11:23:15 -04:00
smeach c575435040 Updated cli arg to reflect text description (#3487) 2017-10-27 09:44:56 -05:00
AJ Bourg a71add2973 Add a doc for the token helper (#3411) 
* Add token helper docs.

* Update it so the new token helpers page appears in the navigation.
 2017-10-27 09:42:33 -05:00
Christophe Tafani-Dereeper 5ff1485a3e Correct typos in the sys/raw documentation (#3484) 2017-10-24 10:33:57 -04:00
Seth Vargo 83b1eb900a
More naming cleanup 2017-10-24 09:35:03 -04:00
Seth Vargo a07c7d7368
Update guides to use new CLI commands 2017-10-24 09:34:30 -04:00
Seth Vargo 53f26e6bd7
Update getting started walkthrough 2017-10-24 09:34:30 -04:00
Seth Vargo 7463ba73a5
Oops typo 2017-10-24 09:34:30 -04:00
Seth Vargo 6c1411447c
Remove more references to auth backend 2017-10-24 09:34:12 -04:00
Seth Vargo 926ca5c125
Update k8s documentation 2017-10-24 09:34:12 -04:00
Seth Vargo 51a27b758b
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo 2982fdf7ca
Remove ?list examples 
They are documented in the overall API section, but people should get used to seeing LIST as a verb
 2017-10-24 09:32:15 -04:00
Seth Vargo a85d3c6270
Remove smaller font on embedded code snippets 2017-10-24 09:32:15 -04:00
Seth Vargo c5665920f6
Standardize on "auth method" 
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
 2017-10-24 09:32:15 -04:00
Seth Vargo 3bbeace911
Audit backend -> device 2017-10-24 09:30:52 -04:00
Seth Vargo f7310eac04
Add new commands to the sidebar 2017-10-24 09:30:52 -04:00
Seth Vargo aa34fb17c7
Absorb help and read-write into index 2017-10-24 09:30:52 -04:00
Seth Vargo 162c525159
Add "write" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 6fa133852e
Add "unwrap" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4d80ccbb4c
Add "token" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 51e185b9a2
Add "status" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4634949b9b
Add "ssh" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo a106350950
Add "server" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 28fa271c4e
Add "secrets" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo bcf6657e9c
Add "read" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo c743167f4c
Add "policy" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 54f8e0adb2
Update "path-help" documentation 2017-10-24 09:30:51 -04:00