Commit graph

3113 commits

Author SHA1 Message Date
Jim Kalafut 9384d8ba69
Update JWT docs (#7884) 2019-11-19 13:52:19 -08:00
Yoko b3fb8aa565
Added a cross-referencing link to Learn (#7898) 2019-11-18 15:02:12 -08:00
Dane Harrigan 214b2d13a2 Fix minor typo in website docs (#7882)
The -> They
2019-11-14 13:38:01 -08:00
Brian Kassouf 23a22809fa
Add 1.3.0 upgrade guide (#7881) 2019-11-14 09:10:39 -08:00
Brian Shumate e3e35e7bc4 Typo (#7880) 2019-11-14 08:53:42 -08:00
James Bayer cc282aaa8c added email (#7878) 2019-11-13 16:15:07 -08:00
Jason O'Donnell 68f36d571f
Update vault-helm to 0.2.1 (#7873) 2019-11-13 16:00:50 -05:00
Colton J. McCurdy 3d1b9b4df9 docs/website: fix broken chef-puppet with vault blog link (#7850)
Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>
2019-11-13 08:59:29 +01:00
Colton J. McCurdy 69c03e0dcb [docs/website/dynamic-secrets] - fix typo in multi-line cli command for configuring postgres as a secrets engine (#7842)
* docs/website/secret-mgmt: fix minor typo in cli command for configuring postgres secrets engine

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* docs/website/secret-mgmt: fix minor typo in cli command for configuring postgres secrets engine

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>
2019-11-13 08:43:00 +01:00
Brian Kassouf afe28f252a
Reindex docs (#7868)
* update reindex docs

* update reindex docs
2019-11-12 11:54:04 -08:00
Mike Jarmy 76dc4b4467
Improve telemetry docs (#7762)
* improve telemetry docs

* improve telemetry docs

* improve telemtry docs

* improve telemetry docs

* improve telemetry docs

* improve telemetry docs

* cleanup

* cleanup

* cleanup

* cleanup

* cleanup

* cleanup

* Edited the note a little bit
2019-11-12 14:47:07 -05:00
Brian Kassouf 7b833aaec8 bump variables to 1.3 2019-11-11 19:33:14 -08:00
Michel Vocks f5719b9fee Docs: Add filtered paths api docs (#7786) 2019-11-11 15:25:48 -08:00
Calvin Leung Huang 58ce4afdaf
docs: add vault debug docs (#7669)
* docs: add vault debug docs

* add note about local-only targets

* add note on OpenBSD and host info

* address feedback
2019-11-11 14:42:10 -08:00
Calvin Leung Huang 9163874c9b
docs: add sys/config/state docs (#7654) 2019-11-11 14:36:09 -08:00
Jim Kalafut 6d3186521a
Fix agent docs typo (#7861) 2019-11-11 13:27:40 -08:00
Calvin Leung Huang 859deacd46
docs: add API docs for sys/leases/tidy (#7781) 2019-11-11 12:35:59 -08:00
Yoko 91daee9dbf
Adding more description (#7841) 2019-11-11 10:01:31 -08:00
Jason O'Donnell 0321d9fb3a
doc: update vault-helm for 0.2.0 (#7759)
* doc: update vault-helm for 0.2.0

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Remove commas from example
2019-11-11 11:07:35 -05:00
Sebastian Gumprich 02c2d85e5e update oidc azure docs to make it readable (#7832) 2019-11-08 11:56:02 -08:00
Jeff Mitchell f2f984557e
Add ability to renew by accessor (#7817)
* Add renewing by accessor

* Add accessor renewing test and fix bug

* Update website docs

* Remove extra newline

* Add command-level test
2019-11-08 11:32:01 -05:00
Calvin Leung Huang 93c01df791
docs: add 1.2.4 upgrade guide (#7839) 2019-11-07 15:28:58 -08:00
Chris Hoffman c92e9036e3
updating community page (#7831) 2019-11-06 22:09:43 -05:00
Chris Hoffman 58789e0436
Revert "updating community page (#7829)" (#7830)
This reverts commit 553bc729c9229fd0736e5fb9a01da7c89a1fa8b8.
2019-11-06 22:07:54 -05:00
Chris Hoffman ecd881c556
updating community page (#7829) 2019-11-06 22:04:41 -05:00
RJ Spiker fd319bba1e website - font and brand update (#7783) 2019-11-06 20:38:25 -05:00
Brian Shumate 8363d9fc1d Clarify language around 472 (#7814)
- use "disaster recovery mode"
- remove trailing spaces
2019-11-06 14:16:39 -08:00
Jeff Mitchell 7c4c53e523
Document secondary activation public key endpoints/params (#7810) 2019-11-06 16:37:46 -05:00
Jim Kalafut 2bd068f0e5
Update Azure storage docs (#7808)
Fixes #7750
2019-11-06 13:24:37 -08:00
Kevin Pruett ef903d4f81 website: Homepage updates, use case pages, navigation changes (#7782)
* website: various updates

* Expose /docs and /intro views using documentation-style
layout for index pages

* Add [Use Case] Secrets Management page

* Add [Use Case] Data Encryption page

* Add [Use Case] Identity Based Access page

* Update redirects file removing `/intro` routes redirecting to
`learn.hashicorp`

* Hide MegaNav on mobile

* website: route /api straight to documentation

* Bybass index page and jump straight to content
2019-11-05 19:54:24 -05:00
Christian Frichot b8ada6b8d9 doc: remove comma from list.html.md (#7766) 2019-11-05 12:10:58 -08:00
JoeStack 704f522d34 Update helm.html.md (#7310)
fixed HA cluster setting
2019-11-05 13:33:06 -05:00
Pascal Enz 33c1b7150f Rabbitmq topic permissions (#7751)
* Upgraded rabbit hole library to 2.0

* Added RabbitMQ topic permission support.

* Updated docs to cover RabbitMQ topic permissions.

* Improved comments and docs as suggested.
2019-10-30 14:19:49 -07:00
Luke Barton f1595835c9 Fix incorrect env vars example (#7755) 2019-10-30 11:43:38 -04:00
ncabatoff 5b8a4ba5b8
Add recovery mode docs. (#7667) 2019-10-29 16:42:47 -04:00
Dilan Bellinghoven 5f8528381c Add TLS server name to Vault stanza of Agent configuration (#7519) 2019-10-29 09:11:01 -04:00
Lexman 28aff44616 adds documentation for entropy augmentation (#7721)
* adds documentation for entorpy augmentation

* adds a link to pkcs11 seal configuration from a mention of it
2019-10-28 15:04:27 -07:00
ekow b62cebd325 Update lease concept to use correct command (#7730)
Updated command to reflect on the one that executes successfully on Vault v1.2.3 with server running in dev mode.
2019-10-28 15:53:12 -04:00
Daniel Lohse de2d3073d7 Allow Raft storage to be configured via env variables (#7745)
* Fix unordered imports

* Allow Raft node ID to be set via the environment variable `VAULT_RAFT_NODE_ID`

* Allow Raft path to be set via the environment variable `VAULT_RAFT_PATH`

* Prioritize the environment when fetching the Raft configuration values

Values in environment variables should override the config as per the
documentation as well as common sense.
2019-10-28 09:43:12 -07:00
Mike Jarmy ee2e3fd75d
add docs for new replication metrics (#7729)
* add docs for new replication metrics

* add docs for new replication metrics
2019-10-25 12:46:56 -04:00
Brian Shumate a83160617e Docs: Add version command (#7719)
* Docs: Add version command

* adding to
2019-10-25 12:25:04 -04:00
spiff efb2751e00 Change "Generate Intermediate" example to exported (#7515)
The example request for "Generate Intermediate" was type "internal", but the example response contained the private key, which "internal" doesn't do. This patch fixes the example request to be type "exported" to match the example response.
2019-10-25 12:21:55 -04:00
Jeff Escalante 00564a77a1 Update ruby dependencies (#7720)
* update ruby dependencies

* add specific version bundler dep

* remove ruby-version

* remove extra gemfile dep
2019-10-24 17:41:40 -04:00
Jeff Mitchell 1a77ce36be
Update transit docs to add aes128/p384/p521 information (#7718) 2019-10-23 10:26:11 -04:00
Clint 245935447b
Vault Agent Template (#7652)
* Vault Agent Template: parse templates  (#7540)

* add template config parsing, but it's wrong b/c it's not using mapstructure

* parsing consul templates in agent config

* add additional test to configuration parsing, to cover basics

* another test fixture, rework simple test into table

* refactor into table test

* rename test

* remove flattenKeys and add other test fixture

* Update command/agent/config/config.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* return the decode error instead of swallowing it

* Update command/agent/config/config_test.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* go mod tidy

* change error checking style

* Add agent template doc

* TemplateServer: render secrets with Consul Template (#7621)

* add template config parsing, but it's wrong b/c it's not using mapstructure

* parsing consul templates in agent config

* add additional test to configuration parsing, to cover basics

* another test fixture, rework simple test into table

* refactor into table test

* rename test

* remove flattenKeys and add other test fixture

* add template package

* WIP: add runner

* fix panic, actually copy templates, etc

* rework how the config.Vault is created and enable reading from the environment

* this was supposed to be a part of the prior commit

* move/add methods to testhelpers for converting some values to pointers

* use new methods in testhelpers

* add an unblock channel to block agent until a template has been rendered

* add note

* unblock if there are no templates

* cleanups

* go mod tidy

* remove dead code

* simple test to starT

* add simple, empty templates test

* Update package doc, error logs, and add missing close() on channel

* update code comment to be clear what I'm referring to

* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only

* Update command/agent.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* update with test

* Add README and doc.go to the command/agent directory (#7503)

* Add README and doc.go to the command/agent directory

* Add link to website

* address feedback for agent.go

* updated with feedback from Calvin

* Rework template.Server to export the unblock channel, and remove it from the NewServer function

* apply feedback from Nick

* fix/restructure rendering test

* Add pointerutil package for converting types to their pointers

* Remove pointer helper methods; use sdk/helper/pointerutil instead

* update newRunnerConfig to use pointerutil and empty strings

* only wait for unblock if template server is initialized

* drain the token channel in this test

* conditionally send on channel
2019-10-18 16:21:46 -05:00
vinodmu 474a2a26f3 Update Title for AWS Marketplace (#7683) 2019-10-18 09:52:22 -07:00
DevOps Rob 37a23cfb23 Fixing a typo with the sample payload (#7688)
This typo is related to  https://github.com/hashicorp/vault/issues/7603 .  The typo was causing issues with getting this working correctly when following the guide.  I imagine any other newbie to this plugin will have the same struggle.  I had to delve into the source code to figure it out
2019-10-17 21:47:45 -07:00
Jim Kalafut d129a3881b
Update OIDC provider doc 2019-10-17 16:05:19 -07:00
Jim Kalafut 1f7eab5cdb
Update OIDC provider doc (#7693) 2019-10-17 16:02:21 -07:00
Marcos Nils caaa736f35 Create .bundle and set group when running container (#7684)
If this is not set, `make website` fails due to permission errors in the docker container
Fixes #5589.
2019-10-17 14:17:00 -07:00
Michael Gaffney b48ce3d95f
Docs: add examples for when a seal rewrap is useful (#7689) 2019-10-17 14:01:17 -04:00
Mike Wickett 19b28317a0 website: bump consent manager version (#7677) 2019-10-17 10:59:16 -07:00
Mike Jarmy 9e7beeb56d
Document the Agent request_require_header option (#7678)
* document the require_request_header option in Agent

* document the require_request_header option in Agent

* document the require_request_header option in Agent

* document the require_request_header option in Agent

* minor tweaks to docs
2019-10-17 10:08:59 -04:00
Becca Petrin c1b5ca7d57
Add docs for Active Directory secret check-out (#7664) 2019-10-16 15:41:11 -07:00
Michael Gaffney c9804941a5
Add document for sealwrap/rewrap endpoint (#7676)
* Add documentation for seal wrap re-wrap endpoint

* Update sample response for seal rewrap status

* Updates based on feedback from reviewers
2019-10-16 15:46:43 -04:00
Jeff Malnick cb82f8be10
Add AWS marketplace reference docs (#7673) 2019-10-16 11:20:35 -07:00
Jim Kalafut 40a55e7d22
Add region parameter to AWS agent docs (#7674) 2019-10-16 10:13:23 -07:00
Alberto Alvarez c5b4fbd56f Improve Auto Unseal and awskms Seal documentation (#7575)
* Add further detail on Auto Unseal and awskms Seal documentation

* Move Rekeying to the generic Seal docs
2019-10-16 11:25:41 -04:00
Yoko 17a0b1420c
Adding the known issue section (#7439)
* Adding the known issue section

* incorporated the feedback

* Added the known issue section

* Fixed a typo

* Created upgrade guide for 1.1.2
2019-10-15 12:58:03 -07:00
Jim Kalafut 7e8b9addd0
Update Azure Secrets docs to include group assignment (#7656) 2019-10-15 08:58:22 -07:00
Dom Goodwin ca742e3a25 Update index.html.md (#7660) 2019-10-15 11:48:17 -04:00
Brian Shumate d53f3b7d27 Docs: update Oracle Database Secrets Engine API (#7520)
- Add missing `username` and `password` connection parameters
- Use templated root credential in example connection payload
2019-10-15 11:13:09 -04:00
Brian Shumate ee7e01eac3 Docs: File Audit Device (#7633)
* Docs: File Audit Device

- Add section + note about proper File Audit Device log rotation

* Additional clarification about relevant platforms
2019-10-15 10:20:51 -04:00
Jack Kleeman ffb699e48c Add ability to skip 'LIST ALL' check (#7614)
Currently whenever we start a new C* session in the database plugin, we
run `LIST ALL` to determine whether we are a superuser, or otherwise
have permissions on roles. This is a fairly sensible way of checking
this, except it can be really slow when you have a lot of roles (C*
isn't so good at listing things). It's also really intensive to C* and
leads to a lot of data transfer. We've seen timeout issues when doing
this query, and can of course raise the timeout, but we'd probably
prefer to be able to switch it off.
2019-10-14 16:36:49 -06:00
Yoko dbdf65e5bc
Added links to matching learn guide (#7636) 2019-10-14 10:31:03 -07:00
Jim Kalafut b3d53e4ef2
Fix Azure auth api docs (#7649)
Fixes #7648
2019-10-14 10:12:45 -07:00
kuritonasu f5b7c55532 Minor typo fix (#7631) 2019-10-11 11:12:38 -04:00
ncabatoff cbc00365f5
Revert "Minor typo fix (#7628)" (#7629)
This reverts commit 6093eec62e4b43a1c7e0a20d352756c00271faf0.
2019-10-11 10:52:39 -04:00
kuritonasu 0dcf563e04 Minor typo fix (#7628) 2019-10-11 10:52:07 -04:00
Vlad Fedosov dc3a8c175a New third-party tool added (#7596) 2019-10-09 15:56:34 -04:00
James Stoker 49c9352f75 Add config parameter to Azure storage backend to allow specifying the ARM endpoint to support Azure Stack. (#7567) 2019-10-08 08:51:36 -07:00
Calvin Leung Huang 9622a351ae docs: add sys/pprof API docs (#7562)
* docs: add sys/pprof api docs

* fix header
2019-10-07 11:55:17 -04:00
Calvin Leung Huang dd02d94a41 docs: add sys/host-info API docs (#7563)
* docs: add sys/host-info api docs

* remove extra closing bracket in sample response
2019-10-07 11:54:48 -04:00
Michel Vocks f8c233a63b Docs: Add unauthenticated metrics access docs (#7566) 2019-10-07 11:54:09 -04:00
Aric a2b70c7bc7 Update index.html.md (#7580)
"before storage data at rest" seems like it was intended to read either "before storing data at rest" or "before storage of data at rest".
2019-10-07 11:53:17 -04:00
Brian Shumate 4b5be69252 Docs: update plugin_dir (#7585)
- Add note that plugin_dir value cannot be a symlink
2019-10-07 10:17:12 -04:00
Brian Shumate 41374ecd82 Add note about plugin_directory (#7584)
- Note that plugin_directory cannot be a symbolic link
2019-10-07 09:59:34 -04:00
Jim Kalafut e9560ea13c
Fix transit docs env var typo (#7572)
Fixes #7570
2019-10-04 12:45:02 -07:00
Brian Shumate 77311bf24f Docs: update Transit Secrets Engine Create Key (#7568)
- Use type that supports derivation in sample payload
2019-10-04 10:56:18 -07:00
ncabatoff e7fe4b6d92
Return a useful error on attempts to renew a token via sys/leases/renew (#7298) 2019-10-02 10:55:20 -04:00
Jim Kalafut 9c80c3770a
Fix identity token API docs (#7545) 2019-10-01 16:13:21 -07:00
Vu Pham 2176b5f701 Update oci-object-storage.html.md (#7543) 2019-10-01 16:08:34 -07:00
Jim Kalafut 153c4cc80e
Add 1.2+ role parameters back to JWT API docs (#7544)
This reverts 24c2f8c2ad76, which pulled the parameters while there were
outstanding bugs when using them with JWT auth.
2019-10-01 16:07:52 -07:00
Andy Manoske 6ff745af2c
Update index.html.md (#7506)
Feedback from customers re: audit information to explicitly expose where credential password creation takes place in the source code.
2019-09-26 09:53:07 -07:00
Ivan Kurnosov 1ad67097cd Fixed github-prod path (#7516) 2019-09-26 08:46:41 -04:00
Marc-Aurèle Brothier a9081a94b5 docs: add -verify documentation on operator rekey command (#7190) 2019-09-25 13:57:57 -07:00
Noel Quiles 1c589deef2 Update hashi-docs-sitemap to v0.1.6 (#7413) 2019-09-25 13:38:19 -07:00
Yoko 69795e5018 Fixed the hyperlink typo to blog (#7354) 2019-09-25 13:34:58 -07:00
Brian Shumate 54a45db46d Update sample request (#7431)
- Format curl command to be similar to other sample requests
- Add single quotes to URL for '?' so that example is functional
- Delete trailing space
2019-09-25 13:32:42 -07:00
minitux 88da7ecd82 Fix api auth approle documentation (#7382)
Change policies to token_policies
2019-09-25 13:27:27 -07:00
Vu Pham 2d84a1078f Use snake case for HA example (#7505) 2019-09-23 16:02:08 -07:00
Joel Thompson 551b7a5e5c secret/aws: Support permissions boundaries on iam_user creds (#6786)
* secrets/aws: Support permissions boundaries on iam_user creds

This allows configuring Vault to attach a permissions boundary policy to
IAM users that it creates, configured on a per-Vault-role basis.

* Fix indentation of policy in docs

Use spaces instead of tabs
2019-09-19 16:35:12 -07:00
Yahya 936af3650c [Docs] Fix typo in database sample request (#7492) 2019-09-19 10:14:34 +02:00
Graham Land 73b9e39775 Early indication of storage backend requirements (#7472)
A Vault Enterprise Pro customer in Japan has tried to get Vault DR replication working using Google Cloud Storage.
They were frustrated to learn that GCS may not have support for transactional updates which has resulted in a lot of wasted time.
The complaint was that this was not clear from our documentation.
This note may help customers to understand sooner that not all highly available backends support transactional updates.
2019-09-18 14:19:32 -07:00
Michael Gaffney fdc1274c70
Fix the transit trim key api doc (#7453) 2019-09-18 09:29:58 -04:00
Pavlos Ratis d5d5582b23 add more gcp examples (#6358) 2019-09-17 13:39:00 -07:00
Justin Weissig ec41f0d775 docs: fixed sample json payload parse error (#7484)
Fixed malformed json example (removed extra comma). Here's the payload parse error I was running into with the example.

```
{
  "rotation_period":"12h",
  "verification_ttl":43200,
}
```

Vault does not like this JSON.

```
curl -s \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload-2.json \
    http://127.0.0.1:8200/v1/identity/oidc/key/named-key-001 | jq
{
  "errors": [
    "failed to parse JSON input: invalid character '}' looking for beginning of object key string"
  ]
}
```
2019-09-17 11:42:01 +02:00
Jim Kalafut d9741060d2
Add OCI links to detailed index (#7483) 2019-09-16 16:05:47 -07:00
Becca Petrin d416b5a838
document role aws auth role name casing (#7356) 2019-09-16 11:55:03 -07:00
Jim Kalafut dc18e7d33f
Add Technology Preview disclaimer to Raft docs (#7478) 2019-09-16 08:44:04 -07:00
David Rubin a2a22e6611 Remove vaulted as supported nodejs client (#7404)
Vaulted is no longer maintained according to the readme. 

https://github.com/chiefy/vaulted#vaulted 

"No Longer Being Maintained Use node-vault for future support of Vault features!"
2019-09-13 16:33:15 -07:00
Joel Thompson 8a981004ec Add reading AWS root/config endpoint (#7245) 2019-09-13 10:07:04 -07:00
Michel Vocks f048a7c1be
Fixed wrong API method in API docs for identity token generation (#7462) 2019-09-13 09:08:18 +02:00
Laurent Godet 3de32582ae Fix kv destroy command (#7461) 2019-09-11 15:20:49 +02:00
Austin Heiman c1f41a5e77 document mysql and postgres generated password complexity (#7435) 2019-09-07 09:48:08 -07:00
Jim Kalafut 27377dd612
Document Postgres ha_table parameter (#7444)
Fixes #7416
2019-09-07 08:49:14 -07:00
Jim Kalafut 4859d253d5
Fix Azure auth api docs (#7446)
Fixes #6793, #6785
2019-09-06 15:38:12 -07:00
Yoko 72618cb5cf
Auto-unseal with Azure Key Vault (#7414)
* Added note based on Asana report

* Removed extra space
2019-09-06 15:03:37 -07:00
Jim Kalafut 210d6a4217
Update JWT docs re: host parameter (#7445) 2019-09-06 14:58:14 -07:00
Vu Pham e5f955f9a7 Updated naming for OCI Auth and Object Storage plugins (#7423) 2019-09-05 10:26:05 -07:00
Jim Kalafut 6d4d4b5636
Update docs sidebar for CF and OCI (#7421) 2019-09-04 15:31:21 -07:00
Vu Pham a09d13c54a Added OCI Auth plugin documentation (#7284) 2019-09-04 13:25:08 -07:00
Vu Pham 9c8dc4d179 OCI KMS plugin documentation (#7283) 2019-09-04 13:23:06 -07:00
Vu Pham 3318e883e1 OCI Object Storage documentation (#7282) 2019-09-04 13:22:20 -07:00
Jim Kalafut 7919bfb3de
Fix sidebar order (#7409) 2019-09-03 09:32:44 -07:00
Yoko 17ea1fb294
Fixed typo - --> _ (#7391) 2019-08-29 12:44:31 -07:00
Noelle Daley f1c1d47b34 fix ciphertext typo (#7366) 2019-08-26 19:40:00 -04:00
Becca Petrin 64ecf46fb6
rename pcf to cf maintaining backwards compat (#7346) 2019-08-26 09:55:08 -07:00
Becca Petrin efba500548
describe API calls made by the cf client (#7351) 2019-08-22 11:53:27 -07:00
Jason O'Donnell a23f7e71b6
docs: update vault helm doc (#7348)
* docs: update vault helm doc

* Update wording per review
2019-08-22 13:09:22 -04:00
Jeff Malnick ba4fbd4df8
Allow setting file mode on vault agent sink file (#7275)
* feat: enable setting mode on vault agent sink file

* doc: update vault agent file sink with mode configuration
2019-08-21 20:41:55 -07:00
Michael Gaffney 9da6460f4d
Add docs for Vault Agent Auto-auth Certificate Method (#7344)
Closes #7343
2019-08-21 10:34:26 -04:00
Tommy Murphy fc3f1896ad telemetry: add stackdriver metrics sink (#6957)
* telemetry: add stackdriver metrics sink

* telemetry: stackdriver go mod tidy
2019-08-20 14:47:08 -07:00
Joel Thompson ac18a44fae secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles (#6789)
* secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles

AWS now allows you to pass policy ARNs as well as, and in addition to,
policy documents for AssumeRole and GetFederationToken (see
https://aws.amazon.com/about-aws/whats-new/2019/05/session-permissions/).
Vault already collects policy ARNs for iam_user credential types; now it
will allow policy ARNs for assumed_role and federation_token credential
types and plumb them through to the appropriate AWS calls.

This brings along a minor breaking change. Vault roles of the
federation_token credential type are now required to have either a
policy_document or a policy_arns specified. This was implicit
previously; a missing policy_document would result in a validation error
from the AWS SDK when retrieving credentials. However, it would still
allow creating a role that didn't have a policy_document specified and
then later specifying it, after which retrieving the AWS credentials
would work. Similar workflows in which the Vault role didn't have a
policy_document specified for some period of time, such as deleting the
policy_document and then later adding it back, would also have worked
previously but will now be broken.

The reason for this breaking change is because a credential_type of
federation_token without either a policy_document or policy_arns
specified will return credentials that have equivalent permissions to
the credentials the Vault server itself is using. This is quite
dangerous (e.g., it could allow Vault clients access to retrieve
credentials that could modify Vault's underlying storage) and so should
be discouraged. This scenario is still possible when passing in an
appropriate policy_document or policy_arns parameter, but clients should
be explicitly aware of what they are doing and opt in to it by passing
in the appropriate role parameters.

* Error out on dangerous federation token retrieval

The AWS secrets role code now disallows creation of a dangerous role
configuration; however, pre-existing roles could have existed that would
trigger this now-dangerous code path, so also adding a check for this
configuration at credential retrieval time.

* Run makefmt

* Fix tests

* Fix comments/docs
2019-08-20 12:34:41 -07:00
Jim Kalafut 3ce3e40db7
Update role parameters in JWT API docs (#7328)
This is a temporary revert related to https://github.com/hashicorp/vault-plugin-auth-jwt/issues/66.
Once that change is in a released Vault, this docs change should be reverted back.
2019-08-16 08:09:15 -07:00
Jeff Mitchell 87f649bf99 Prep for 1.2.2 2019-08-14 16:54:16 -04:00
skarsol 073ff32900 Add section for consul 1.4+ (#6366) 2019-08-14 10:19:14 -04:00
Didi Kohen a14b44ee8b Add some more detail for the root generation process (#5720)
* Add some more detail for the root generation process

* Remove mention of old OTP and OTP provided on the start request
2019-08-14 10:16:10 -04:00
IPv4v6 8fe861ec04 add examples for ECC key sizes in documentation (#2952)
* add examples for ECC key sizes in documentation

Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>

* remove links to Go documentation
2019-08-14 10:08:41 -04:00
Calvin Leung Huang 675593bd18 docs: add 1.2.1 upgrade guide (#7274) 2019-08-14 09:45:09 -04:00
Jim Kalafut 4653861333
Fix PCF API docs field names (#7302) 2019-08-12 10:55:23 -07:00
Michel Boucey badb089ffb Add gothic, a Haskell KVv2 engine API client (#7301) 2019-08-12 13:30:25 -04:00
Jason O'Donnell ac16dec5c4
docs: update k8s helm doc (#7279) 2019-08-08 17:05:01 -04:00
Jeff Mitchell c9d4e83350 Bump some versions to prep 2019-08-05 17:43:12 -04:00
Jason O'Donnell 13ffbcd984
doc: add k8s vault-helm doc (#7193)
* doc: add k8s vault-helm doc

* Replace TODO with security warning

* Add TLS example

* Add production deployment checklist

* Add kube hardening guide

* Fix link to configuration values

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Fix typo in example

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Remove anchors, add tolerations/selector

* Fix rendering of global configuration

* Fix sidebar navigation and update links

* Add sidebar title to run doc

* Add platform index.html

* Add relative links

* Rename file

* Fix titles

* Add syntax highlighting to examples

* Move platforms in navigation bar
2019-08-05 17:15:28 -04:00
ncabatoff 439ea99c83
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true (#7241)
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true, i.e. return 200 instead of 429.
2019-08-05 16:44:41 -04:00
Jim Kalafut 4584c84d79
Add docs for OIDC verbose_oidc_logging (#7236) 2019-08-01 14:41:35 -07:00
Jeff Mitchell a9ba15a075
Add AppRole upgrade issue to upgrade guide for 1.2.0 (#7234) 2019-08-01 11:50:43 -04:00
Jim Kalafut beea6358f3
Fix GCP docs formatting (#7120) 2019-08-01 08:00:42 -07:00
Andre Hilsendeger 8f8af53394 docs: add connection options for MySQL storage backend (#7171) 2019-08-01 08:00:00 -07:00
Eko Simanjuntak a6b45bd2df fixing typo on chiphertext prefix (#7189) 2019-08-01 07:41:52 -07:00
Paul Banks 2c62c96fee Fix JSON example syntax in identity docs (#7227) 2019-07-31 15:23:00 -07:00
Becca Petrin 5c9228a021
Fix tag (#7221)
* fix tag

* Update index.html.md.erb
2019-07-30 15:51:31 -07:00
Becca Petrin 0b31996aa7
improve tls cert docs (#7132) 2019-07-30 13:57:36 -07:00
Jeff Mitchell 20aeba2fbe Fix PCF location in sidebar 2019-07-30 16:12:55 -04:00
Calvin Leung Huang 1eb7e3cd43 docs: add kmip docs/api to the sidebar (#7218) 2019-07-30 15:59:07 -04:00
Calvin Leung Huang d9ec7ea38c docs: add pcf docs/api to sidebar (#7219) 2019-07-30 15:58:51 -04:00
Jeff Mitchell fc79848856
Add token helper partial and pull into auth docs (#7220) 2019-07-30 15:58:32 -04:00
Jeff Mitchell e118b41d09 Fix yml exception in PCF docs 2019-07-30 15:02:53 -04:00
Jeff Mitchell 01987f972c Add 1.2.0 upgrade guide 2019-07-30 12:37:45 -04:00
Jeff Mitchell 1d75ace163 Update files for release 2019-07-30 00:23:20 -04:00
Björn Wenzel f4334ec824 Vault-CRD to synchronize Secrets with Kubernetes (#7105) 2019-07-29 11:04:42 +02:00
Jim Kalafut e3484526b8
Update identity token docs (#7195) 2019-07-26 09:59:38 -07:00
Jeff Mitchell 4c77d69fff Prep for rc1 release 2019-07-25 13:08:49 -04:00
Michel Vocks 524d101008 Added s3 storage path parameter (#7157) 2019-07-24 12:48:26 -04:00
Jonathan Sokolowski 325c06b2cc Add -dev-no-store-token to vault server command (#7104)
When starting a vault dev server the token helper is invoked to store
the dev root token.
This option gives the user the ability to not store the token.

Storing the token can be undesirable in certain circumstances
(e.g.  running local tests) as the user's existing vault token is
clobbered without warning.

Fixes #1861
2019-07-24 12:41:07 -04:00
Jim Kalafut 62e2aeb952
Rename entity group membership template parameters (#7099) 2019-07-19 10:08:47 -07:00
Mike Jarmy 0d4ae949a8
Add 'log-format' CLI flag, along with associated config flag, for 'vault server' command. (#6840)
* Read config before creating logger when booting vault server

* Allow for specifying log output in JSON format in a config file, via a 'log_level' flag

* Create parser for log format flag

* Allow for specifying log format in a config file, via a 'log_format' flag. Also, get rid of 'log_json' flag.

* Add 'log-format' command line flag

* Update documentation to include description of log_format setting

* Tweak comment for VAULT_LOG_FORMAT environment variable

* add test for ParseEnvLogFormat()

* clarify how log format is set

* fix typos in documentation
2019-07-18 15:59:27 -04:00
Jason O'Donnell be2e98a1f3
doc: Add default SSL note to PG storage (#7125) 2019-07-18 14:37:24 -04:00
Calvin Leung Huang ce829655a1
docs: update kmip scope delete api section (#7140)
* docs: update kmip scope delete api section

* fix wording in force param

* update scope delete example
2019-07-18 11:25:01 -07:00
Calvin Leung Huang f6d57042a1
docs: update kmip scope delete api section (#7127) 2019-07-16 14:05:48 -07:00
Martin Lee 6e672d398e Explain the dev server mounts a KV store (#7083)
Resolves #7081
2019-07-08 08:56:39 -07:00
Tim Arenz 54aaf8a87d Update tokens.html.md (#6697)
Fixing miner typo by adding dot.
2019-07-05 15:39:16 -07:00
Brian Shumate 39676b0b74 Update API docs for Create Token — resolves #7053 (#7056)
- Update sample `payload.json`
- Update sample response
2019-07-05 15:38:37 -07:00
Justin Weissig a5e762d36a docs: spelling (#6838)
Fixed minor spelling error: sychronized/synchronized.
2019-07-05 15:36:58 -07:00
Brian Shumate c041e7134c Update Cert Auth Login API docs — resolves #7039 (#7058)
- Add `--cert` and `--key` options to `curl` example so that it is
  clearer that the certificate and key must also be passed in
2019-07-05 15:36:20 -07:00
Daniel Mangum 3a6d8dbdd1 plugin docs: update example code snippet with correct imports and link to developing plugin backends tutorial (#6843)
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
2019-07-05 15:35:36 -07:00
Clint 28447e00a3 Combined Database backend: Add Static Account support to MySQL (#6970)
* temp support for mysql+static accounts

* remove create/update database user for static accounts

* update tests after create/delete removed

* small cleanups

* update postgresql setcredentials test

* temp support for mysql+static accounts

* Add Static Account support to MySQL

* add note that MySQL supports static roles

* remove code comment

* tidy up tests

* Update plugins/database/mysql/mysql_test.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update plugins/database/mysql/mysql.go

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* update what password we test

* refactor CreateUser and SetCredentials to use a common helper

* add close statements for statements in loops

* remove some redundant checks in the mysql test

* use root rotation statements as default for static accounts

* missed a file save
2019-07-05 14:52:56 -04:00
Michel Vocks 524c7517e9
Add namespace config option to agent auto-auth config (#6988)
* Added namespace option to vault agent auto-auth method

* Implemented review feedback
2019-07-03 09:33:20 +02:00
Garrett T 8fc4a63796 Set MaxIdleConns to reduce connection churn (postgresql physical) (#6967)
* Set MaxIdleConns to reduce connection churn (postgresql physical)

* Make new  "max_idle_connection" config option for physical postgresql

* Add docs for "max_idle_connections" for postgresql storage

* Add minimum version to docs for max_idle_connections
2019-07-02 15:03:56 -07:00
Michael Gaffney 4044cff8f2
Merge branch 'master' into mgaffney/kv-delete-version-after 2019-07-02 17:27:36 -04:00
emily 333d0425b9 fix permissions in GCP auth docs (#7035) 2019-07-01 15:13:36 -07:00
Jason O'Donnell 20e485a9d3
Add leeway parameters to JWT auth doc (#6947)
* Add leeway parameters to JWT auth doc

* Clarify leeway doc

* Apply suggestions from code review

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* Add note about only being applicable to JWT

* Update for negative values
2019-07-01 10:12:53 -04:00
Michel Vocks 2b5aca4300
Token identity support (#6267)
* Implemented token backend support for identity

* Fixed tests

* Refactored a few checks for the token entity overwrite. Fixed tests.

* Moved entity alias check up so that the entity and entity alias is only created when it has been specified in allowed_entity_aliases list

* go mod vendor

* Added glob pattern

* Optimized allowed entity alias check

* Added test for asterisk only

* Changed to glob pattern anywhere

* Changed response code in case of failure. Changed globbing pattern check. Added docs.

* Added missing token role get parameter. Added more samples

* Fixed failing tests

* Corrected some cosmetical review points

* Changed response code for invalid provided entity alias

* Fixed minor things

* Fixed failing test
2019-07-01 11:39:54 +02:00
Mike Ruth ee705088be Include Daytona as a third party tool (#6999)
* Include Daytona as third party tool

This is to include [Cruise's Daytona](https://github.com/cruise-automation/daytona) to the list of third party tools.
2019-06-30 20:49:11 -04:00
Vishal Nayak 2fcac90052
Raft Docs (#6966)
* Raft configuration doc

* API docs

* join sample

* Fix the Join API

* Add snapshot-force

* Update sys/storage subsection

* Use actual certs in examples

* Add sample configuration response

* Fix link

* remove TLS config options
2019-06-28 14:09:14 -04:00
Calvin Leung Huang 21059820d2
KMIP docs (#6969)
* docs: add docs/secrets/kmip

* Add KMIP API docs.

* small typo fix

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/api/secret/kmip/index.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* format tables in api docs

* fix table formatting

* Fix wording.

* Remove references to tls_max_path_length.
2019-06-28 11:05:00 -07:00
Michael Gaffney 3b12c58e33
docs: Add delete-version-after to kv command line docs 2019-06-28 13:36:07 -04:00
Michael Gaffney 9366f95816 Remove delete-version-after from kv put and undelete subcommands
Removes the optional parameter "delete-version-after" from the following
CLI subcommands:

- kv put
- kv undelete
- kv rollback
2019-06-27 14:17:46 -04:00
Michael Gaffney 42324c22ff Add delete-version-after to kv CLI subcommands
Adds a new optional parameter "delete-version-after" to the following
CLI subcommands:

- kv metadata put
- kv put
- kv undelete
- kv rollback
2019-06-27 14:17:46 -04:00
Thomas Kula be998aeeac Cert auth method examples need to use https (#6961)
In order to present a client certificate to use the certificate
auth method, you must use https.
2019-06-27 11:04:09 -04:00
Lexman a4ba0e22ac Identity tokens documentation (#6971) 2019-06-26 07:31:10 -07:00
Jim Kalafut 4066a1d09c
Correct API docs examples (#6963) 2019-06-24 07:39:34 -07:00
Clint 4b00597609
Combined Database backend: remove create/delete support (#6951)
* remove create/update database user for static accounts

* update tests after create/delete removed

* small cleanups

* update postgresql setcredentials test
2019-06-23 15:58:07 -05:00
Jim Kalafut c7283f99ed
Update JWT tips (#6955) 2019-06-21 14:50:12 -07:00
Jim Kalafut 1074b5046f
Minor clean up JWT provider docs (#6952) 2019-06-21 11:49:08 -07:00
Anner J. Bonilla c98caa2cd7 update azure instructions (#6858)
Update instructions in regards to azure AD Authentication and OIDC
2019-06-21 11:28:12 -07:00
Jeff Escalante 7e7deeaa15 Add lockfile for website (#6940)
* add package-lock

* update package lock
2019-06-20 17:53:12 -04:00
Becca Petrin cd0f2ec5f6
Merge pull request #6913 from hashicorp/pcf-docs
PCF documentation
2019-06-20 09:28:06 -07:00
Aaron Bedra db25895001 Adds libvault to list of client libraries (#6890) 2019-06-20 08:01:12 -07:00
Brian Shumate 630de4d1ae Switch to simpler 'configured' (#6892) 2019-06-20 08:00:12 -07:00
Clint b55303eddb
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk

* fix issue of storing pointers and now copy

* update to use copy structure

* Remove file, put Item struct def. into other file

* add link

* clean up docs

* refactor internal data structure to hide heap method implementations. Other cleanup after feedback

* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods

* updates after feedback

* refactoring/renaming

* guard against pushing a nil item

* minor updates after feedback

* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC

* Initial Combined database backend implementation of static accounts and automatic rotation

* vendor updates

* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation

* add lock and setup of rotation queue

* vendor the queue

* rebase on new method signature of queue

* remove mongo tests for now

* update default role sql

* gofmt after rebase

* cleanup after rebasing to remove checks for ErrNotFound error

* rebase cdcr-priority-queue

* vendor dependencies with 'go mod vendor'

* website database docs for Static Role support

* document the rotate-role API endpoint

* postgres specific static role docs

* use constants for paths

* updates from review

* remove dead code

* combine and clarify error message for older plugins

* Update builtin/logical/database/backend.go

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* cleanups from feedback

* code and comment cleanups

* move db.RLock higher to protect db.GenerateCredentials call

* Return output with WALID if we failed to delete the WAL

* Update builtin/logical/database/path_creds_create.go

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* updates after running 'make fmt'

* update after running 'make proto'

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* update comment and remove and rearrange some dead code

* Update website/source/api/secret/databases/index.html.md

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* cleanups after review

* Update sdk/database/dbplugin/grpc_transport.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* code cleanup after feedback

* remove PasswordLastSet; it's not used

* document GenerateCredentials and SetCredentials

* Update builtin/logical/database/path_rotate_credentials.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* wrap pop and popbykey in backend methods to protect against nil cred rotation queue

* use strings.HasPrefix instead of direct equality check for path

* Forgot to commit this

* updates after feedback

* re-purpose an outdated test to now check that static and dynamic roles cannot share a name

* check for unique name across dynamic and static roles

* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials

* remove commented out code

* refactor to have loadstaticwals filter out wals for roles that no longer exist

* return error if nil input given

* add nil check for input into setStaticAccount

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* add constant for queue tick time in seconds, used for comparrison in updates

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Jim Kalafut <jim@kalafut.net>

* code cleanup after review

* remove misplaced code comment

* remove commented out code

* create a queue in the Factory method, even if it's never used

* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type

* document new method

* move rotation things into a specific file

* rename test file and consolidate some static account tests

* Update builtin/logical/database/path_roles.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update builtin/logical/database/rotation.go

Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>

* update code comments, method names, and move more methods into rotation.go

* update comments to be capitalized

* remove the item from the queue before we try to destroy it

* findStaticWAL returns an error

* use lowercase keys when encoding WAL entries

* small cleanups

* remove vestigial static account check

* remove redundant DeleteWAL call in populate queue

* if we error on loading role, push back to queue with 10 second backoff

* poll in initqueue to make sure the backend is setup and can write/delete data

* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false

* add code comments on read-only loop

* code comment updates

* re-push if error returned from find static wal

* add locksutil and acquire locks when pop'ing from the queue

* grab exclusive locks for updating static roles

* Add SetCredentials and GenerateCredentials stubs to mockPlugin

* add a switch in initQueue to listen for cancelation

* remove guard on zero time, it should have no affect

* create a new context in Factory to pass on and use for closing the backend queue

* restore master copy of vendor dir
2019-06-19 14:45:39 -05:00
Becca Petrin 35faaef504 update field name to change from pr feedback 2019-06-19 09:54:18 -07:00
Alvin Huang 168a7ab1d5 pin github and netlify providers and fix config 2019-06-19 10:45:35 -04:00
Yoko ba82b04b15
Added a note about JWT (#6899) 2019-06-18 12:36:51 -07:00
Becca Petrin 57b2fbbd78 add to sidebar 2019-06-18 11:08:38 -07:00
Becca Petrin 7be6286966 fix typo 2019-06-18 09:32:14 -07:00
Becca Petrin 3fc63eb9d5 add api docs 2019-06-17 16:56:14 -07:00
Becca Petrin cd1b53b350 add agent docs 2019-06-17 15:24:10 -07:00
Becca Petrin 30d7f742b3 fix more typos 2019-06-17 15:09:43 -07:00
Becca Petrin 1ca20773c2 fix typos 2019-06-17 15:08:37 -07:00
Becca Petrin a420b966bb add docs 2019-06-17 15:00:30 -07:00
Becca Petrin ca165ffdef add es docs to sidebars 2019-06-17 12:05:57 -07:00
Becca Petrin 7927cc3a43
Update elasticdb.html.md 2019-06-17 11:24:42 -07:00
Becca Petrin 17a682da40 Merge branch 'opensource-master' into add-elasticsearch-auth 2019-06-17 11:12:51 -07:00
Becca Petrin fd2e859617 update doc to 7.1.1 2019-06-17 11:12:16 -07:00
Frederic Hemberger 8c5476fb0c Website(api/secret/identity): Fix whitespace in JSON examples (#6889) 2019-06-16 09:26:37 -04:00
Jason O'Donnell d2e620ae70
Fix multiline jwt config setup example (#6873) 2019-06-12 13:34:26 -04:00
Yoko 2b81ea64c3
Adding vault kv command doc (#6845)
* Adding vault kv command doc

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/destroy.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/destroy.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/undelete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>
2019-06-10 10:41:55 -07:00
Yoko daebe65d1c
upgrade guide warning about downgrading (#6836)
* upgrade guide warning about downgrading

* Changed the wording
2019-06-10 09:54:21 -07:00
Becca Petrin 5b9d49fc2d add elasticsearch database engine 2019-06-10 09:19:11 -07:00
Justin Weissig 0ae53eb5aa docs: minor fixes to improve sentence flow (#6839) 2019-06-06 08:25:59 -07:00
Lexman 9aa4662cec transit cache is an Interface implemented by wrapped versions of sync… (#6225)
* transit cache is an Interface implemented by wrapped versions of syncmap and golang-lru

* transit cache is an Interface implemented by wrapped versions of syncmap and golang-lru

* changed some import paths to point to sdk

* Apply suggestions from code review

Co-Authored-By: Lexman42 <Lexman42@users.noreply.github.com>

* updates docs with information on transit/cache-config endpoint

* updates vendored files

* fixes policy tests to actually use a cache where expected and renames the struct and storage path used for cache configurations to be more generic

* updates document links

* fixed a typo in a documentation link

* changes cache_size to just size for the cache-config endpoint
2019-06-04 15:40:56 -07:00
Justin Weissig fb75728c71 docs: minor spelling fix (#6818)
Fixed spelling: PostgresSQL/PostgreSQL.
2019-06-04 02:28:44 -05:00
Martin Lee 07978c08d6 Update pki-engine docs (#6238)
The user needs to set a decent TTL for the intermediate cert, otherwise all certs issued will be valid only for 30 minutes max.
2019-06-03 15:45:11 -05:00
Justin Weissig ff3e23e050 docs: fixed typos (#6809)
Fixed two typos: lifecyle + specfied.
2019-05-31 14:33:13 -05:00
Martin Lee b7dadc11e6 Add hard-won practical knowledge to the Okta notes (#6808) 2019-05-31 11:44:59 -05:00
Jim Kalafut 8f1eeda737
Fix OIDC API examples (#6803)
Fixes #6684
2019-05-30 21:50:34 -05:00
benz0 2e6686cc18 Explain owner role requirement (#6801) 2019-05-30 21:25:30 -05:00
Justin Weissig 3fc537da0b docs: spelling (#6799)
Fixed spelling: Specifiy/Specify.
2019-05-30 21:20:57 -05:00
Justin Weissig 7643eda03f docs: wording (#6798)
Fixed minor sentence flow: an sealed state -> a sealed state.
2019-05-29 19:13:13 -05:00
Justin Weissig 2d727a5640 docs: wording (#6746)
* docs: wording

Fixed wording: "lets create an"/"lets create a"

* Update website/source/docs/secrets/nomad/index.html.md

Co-Authored-By: Jeff Mitchell <jeffrey.mitchell@gmail.com>
2019-05-24 15:44:09 -04:00
Brian Shumate 543e149b8c Docs: Minor updates to PKI Secrets Engine (#6778)
* Docs: Minor updates to PKI Secrets Engine

- Update `ttl` and `max-lease-ttl` values from _43800_ which
  appears to be a typo, to _4380_; this helps avoid warnings
  like: "The expiration time for the signed certificate is
  after the CA's expiration time. If the new certificate is
  not treated as a root, validation paths with the
  certificate past the issuing CA's expiration time will
  fail." when following the Quick Start and using the tuned
  Root CA TTL of 8760h
- Change _my-role_ role name to _example-dot-com_ in **Setup**
  to help reduce confusion and match what is used in
  **Quick Start**

* ttl changes
2019-05-24 15:39:56 -04:00
Srikanth Venkatesh d08edf7483 Typo in concepts/policy-syntax (#6782) 2019-05-24 15:39:11 -04:00
Srikanth Venkatesh b9f67e5622 Fixed typo in documentation on vault internals/architecture (#6781) 2019-05-23 21:58:31 -07:00
nathan r. hruby 0762d9c6eb
fix indeting for mount options (#6780) 2019-05-23 19:09:52 -07:00
Joel Thompson 4e2ad1e568 docs: Fix Markdown formatting error in AWS Auth (#6745) 2019-05-15 21:12:08 -07:00
Jim Kalafut 1c507e3367
Update OIDC Provider Setup docs (#6739) 2019-05-15 11:57:18 -07:00
Justin Weissig e57866d558 docs: fixed typo (#6732)
Fixed typo: follwing/following.
2019-05-15 10:30:18 +02:00
Jeff Mitchell 4e83328aaf Fix recovery key backup path documentation 2019-05-14 10:58:19 -04:00
Rich FitzJohn 9b123dd352 Add link to R client on libraries list (#6722) 2019-05-13 16:14:49 -04:00
Justin Weissig cf3954f580 docs: fixed typo (#6721)
Fixed typo: appropiate/appropriate
2019-05-13 07:50:29 -04:00
Lexman b2850ac624
http timeout values are configurable (#6666)
* http timeout fields are configurable

* move return statement for server config tests outside of range loop

* adds documentation for configurable listener http_* values

* fixed some formatting for the docs markdown
2019-05-10 10:41:42 -07:00
bjorndolk e8f10814b6 Added HA backend for postgres based on dynamodb model (#5731)
Add optional HA support for postgres backend if Postgres version >= 9.5.
2019-05-10 12:48:42 -04:00
Jim Kalafut 826653e7f5
JWKS docs (#6645) 2019-05-09 13:32:50 -07:00
Justin Weissig 7bd9665a46 docs: better sentence flow (#6705)
Fixed for sentence flow: "When you bring up your server back up" to "When you bring your server back up".
2019-05-09 06:24:06 -04:00
Peter Souter 6623478406 Adds docs for session_token for awskms (#6691) 2019-05-07 08:27:06 -07:00
Mark Gritter 4b2193333a
Correct type for tls_skip_verify
Parses as boolean but needs to be represented as a string in configuration.
2019-05-06 16:02:36 -05:00
Travis Cosgrave 236d7c5e52 Add certificate auto-auth method to vault agent (#6652)
* adding auto auth for cert auth methods

* Adding Docs for Cert Auto-auth method

* fixes errors in docs

* wrong documentation title

* repariting a few typos in the docs and being very clear about where the certificates should be configured

* clarifying the name parameter documentation

* Fixes gofmt issues in command/agent.go

* Fix typo in docs

* Add nil check to Config for cert auto-auth and add test with and without a specified name
2019-05-06 10:39:27 -04:00
Justin Weissig 96ffab761e Fixed Typos (#6686)
Fixed typos: enviroment/environment x3.
2019-05-06 07:24:37 -04:00
Mark Gritter 91ed2c98a8
fix typo 2019-05-03 17:21:58 -05:00
Justin Weissig c18bf7709a Fixed Typo (#6678)
Fixed typo: telemtery/telemetry
2019-05-03 09:09:25 -07:00
Justin Weissig 15d8df84a0 Fixed Typo (#6672)
Fixed typo: overwritting/overwriting.
2019-05-02 11:59:01 -04:00
Russ Parsloe 86f39accf9 azurekeyvault doc fixed typos (#6663) 2019-05-01 13:37:01 -07:00
Justin Weissig 8d676312ee
Fixed Typo
Fixed typo: recomended/recommended.
2019-05-01 00:24:59 -07:00
Hugues Malphettes 520677fa9e [Doc]: PKI Fix allowed_uri_sans spelling mistake (#6660)
The doc of the PKI Role sample response currently reads:

`"allow_uri_sans": ["example.com","spiffe://*"],`

It should read:

  `"allowed_uri_sans": ["example.com","spiffe://*"],`
2019-04-30 17:48:51 -07:00
Justin Weissig e42e6d4ee3 Fixed Type (#6649)
Fixed typo. Changed procede to proceed.
2019-04-29 14:06:31 -07:00
Justin Weissig e2a0026964 Fixed Typo (#6650)
Fixed spelling: accesing/accessing.
2019-04-29 14:06:00 -07:00
Becca Petrin ba37546c08
Merge pull request #6642 from hashicorp/update-ad-docs
Update Active Directory secrets engine docs with new field
2019-04-29 13:48:09 -07:00
Becca Petrin e724d2f332 changes from feedback 2019-04-26 16:31:11 -07:00