ed62afec14
Large documentation updates, remove the pathlength path in favor of
...
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
2015-11-19 09:51:18 -05:00
ea676ad4cc
Add tests for intermediate signing and CRL, and fix a couple things
...
Completes extra functionality.
2015-11-19 09:51:17 -05:00
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
45e7e61d71
Update audit documentation around what hash is used
2015-11-18 10:42:42 -05:00
28ae7b2466
edit this page
2015-11-09 21:10:49 -08:00
d931c62d94
sidebar
2015-11-09 21:08:05 -08:00
2af4092734
redesign header bulk
2015-11-09 20:58:06 -08:00
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
10913e2e6b
Update cert documentation to note requiring sudo access.
2015-11-06 16:09:42 -05:00
ffa879d6e2
Update S3 docs
2015-11-06 09:26:09 -05:00
08dbc70c9f
Switch etcd default port to 2379, in line with 2.x.
...
Fixes #753
2015-11-05 09:47:50 -05:00
4ad533a5ba
Add a line to the documentation to describe the new feature
2015-11-04 15:36:24 +01:00
a4322afedb
Merge pull request #746 from hashicorp/issue-677
...
Add a PermitPool to physical and consul/inmem
2015-11-03 15:26:58 -05:00
7f44a1b812
Add configuration parameter for max parallel connections to Consul
2015-11-03 15:26:07 -05:00
73e3aa1d64
Add create-orphan to documentation
2015-11-03 15:15:33 -05:00
d3f7546602
Fix trailing whitespace complaints
2015-11-03 10:52:20 -05:00
f0a25ed581
Clarify that CRLs are not fetched by Vault
2015-11-03 10:52:20 -05:00
154fc24777
Address first round of feedback from review
2015-11-03 10:52:20 -05:00
59cc61cc79
Add documentation for CRLs and some minor cleanup.
2015-11-03 10:52:20 -05:00
ffa196da0e
Note that the dev server does not fork
...
Fixes #710 .
2015-10-30 12:47:56 -04:00
f83eba4666
Force a trailing slash
2015-10-29 16:21:39 -04:00
e2d4a5fe0f
Documentation update around path/key name encryption.
...
Make it clear that path/key names in generic are not encrypted.
Fixes #697
2015-10-29 11:21:40 -04:00
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
57290b6d92
Minor format fix in environment documentation
2015-10-28 09:56:28 -04:00
b057645d73
Use vendored fastly logo
2015-10-26 12:13:03 -04:00
a710a80252
Use releases for releases
2015-10-26 00:06:17 -04:00
c7ff26b650
add documentation for GitHub Auth Backend 'ttl' and 'max_ttl' parameters
2015-10-23 09:30:48 -04:00
b27e80d090
add GitHub Enterprise base_url to docs
...
In https://github.com/hashicorp/vault/issues/716 @jefferai confirmed that the GitHub Auth Backend supports GitHub enterprise using an undocumented ``base_url`` parameter. This adds that parameter to the relevant documentation page.
2015-10-23 09:18:07 -04:00
d4a8c08feb
fix typo in first-secret.html.md
2015-10-22 12:04:22 -06:00
0168ce491b
Update token documentation to better explain token durations
2015-10-22 13:02:37 -04:00
189b72c3ba
Document the renew-self call
2015-10-21 10:53:20 -04:00
bc40e652bf
Remove revoke-self from sys API documentation as it's in the token-store instead
2015-10-21 10:46:41 -04:00
1d29ae940a
Minor grammar fix.
2015-10-20 13:42:46 -07:00
9f0b1547bb
Allow disabling the physical storage cache with 'disable_cache'.
...
Fixes #674 .
2015-10-12 13:00:32 -04:00
44706da08c
Merge pull request #691 from hashicorp/sethvargo/tabs_spaces_oh_my
...
Remove tabs from terminal output
2015-10-12 12:39:44 -04:00
50f720bc06
Remove tabs from terminal output
...
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
2015-10-12 12:10:22 -04:00
55c26a909e
Documentation updates to remove lease id and duration from generic
...
backend example.
2015-10-12 10:01:15 -04:00
ad09203343
use github_url to generate edit_this_page link
2015-10-07 17:39:08 -04:00
bf464b9a4b
Merge pull request #661 from hashicorp/maxopenconns
...
Parameterize max open connections in postgresql and mysql backends
2015-10-03 16:55:20 -04:00
c9213a809d
update acl example
...
Without `auth/token/lookup-self` read access you are unable to
authenticate. Update example to work as well as use new command output.
2015-10-02 09:06:42 -06:00
644a655920
mysql: made max_open_connections configurable
2015-10-01 21:15:56 -04:00
2051101c43
postgresql: Configurable max open connections to the database
2015-10-01 20:11:24 -04:00
e2b157aa79
Remove redundant wording for SSH OTP introduction.
2015-09-30 10:58:44 -04:00
f711393de6
Merge pull request #649 from ipoval/master
...
[code-gardening] fix typo in the documentation
2015-09-29 19:01:58 -07:00
c3569bae5e
Fixed gravatar hash
2015-09-29 14:12:58 -04:00
0bced67170
[code-gardening] fix typo in the documentation
2015-09-28 19:34:57 -07:00
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
a0290f69df
Add 'edit this page' link to footer
2015-09-24 14:10:32 -07:00
af27a99bb7
Remove JWT for the 0.3 release; it needs a lot of rework.
2015-09-24 16:23:44 -04:00
e38c21e0ca
Documentation fix for global TTLs
2015-09-24 12:17:26 -04:00
8fa7d3bd0b
Add revoke-self to docs
2015-09-24 12:05:00 -04:00
89511e6977
Fixes docs for new JWT secret backend
2015-09-24 16:47:17 +02:00
54c62fe5aa
docs: pg username not prefixed with vault-
...
due to
05fa4a4a48
2015-09-22 10:14:47 -05:00
a5f52f43b1
Minor doc update to SSH
2015-09-21 16:26:07 -04:00
29c722dbb6
Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values
2015-09-21 16:14:30 -04:00
3eb38d19ba
Update transit backend documentation, and also return the min decryption
...
value in a read operation on the key.
2015-09-21 16:13:43 -04:00
ca33cd8423
Add API endpoint documentation to cubbyhole
2015-09-21 16:13:36 -04:00
273f13fb41
Add API endpoint documentation to generic
2015-09-21 16:13:29 -04:00
59ba17c601
Add clarity to the lease concepts document.
2015-09-21 08:56:26 -04:00
801e531364
Enhance transit backend:
...
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
2015-09-18 14:41:05 -04:00
8f79e8be82
Add revoke-self endpoint.
...
Fixes #620 .
2015-09-17 13:22:30 -04:00
dff6e468f9
Grammar fix
2015-09-15 15:53:27 -04:00
538852d6d6
Add documentation for cubbyhole
2015-09-15 13:50:37 -04:00
142cb563a6
Improve documentation of token renewal
2015-09-11 21:08:32 -04:00
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
f4239556d2
Merge pull request #508 from mfischer-zd/webdoc_environment
...
docs: Document environment variables
2015-09-09 11:29:10 -04:00
1a8bcfe18d
Merge pull request #592 from blalor/patch-1
...
Remove unused param to 'vault write aws/roles/deploy'
2015-09-09 11:28:15 -04:00
24a5127fab
docs: Document environment variables
2015-09-08 11:59:58 -07:00
4e3e9c38a2
Typo fix
2015-09-08 02:43:01 +02:00
2ae48fa586
Remove unused param to 'vault write aws/roles/deploy'
...
The name is taken from the path, not the request body. Having the duplicate key is confusing.
2015-09-06 06:57:39 -04:00
4eaacaf546
Merge pull request #590 from MarkVLK/patch-1
...
Update mysql docs markdown to fix grammar error
2015-09-04 19:13:50 -07:00
fae51d605f
Update transit docs markdown to add missing word
...
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
2015-09-04 17:11:34 -07:00
cd292d5372
Update mysql docs markdown to fix grammar error
...
Changed "... used to **generated** those credentials" to "... used to **generate** those credentials."
2015-09-04 17:05:45 -07:00
6f248425a6
Update documentation around cookies
2015-09-03 10:36:59 -04:00
d4609dea28
Merge pull request #578 from hashicorp/exclude-cidr-list
...
Vault SSH: Added exclude_cidr_list option to role
2015-08-28 07:59:46 -04:00
b12a2f0013
Vault SSH: Added exclude_cidr_list option to role
2015-08-27 23:19:55 -04:00
a4fc4a8e90
Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470 .
2015-08-27 12:24:37 -07:00
fbff20d9ab
Vault SSH: Docs for default CIDR value
2015-08-27 13:10:15 -04:00
702a869010
Vault SSH: Provide key option specifications for dynamic keys
2015-08-27 11:41:29 -04:00
8669a87fdd
When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes.
2015-08-26 07:59:50 -07:00
b940d214bd
Merge pull request #568 from ctennis/add_some_s3_info
...
Make it clear for physical S3 backend we support instance profiles as well.
2015-08-26 09:03:38 -04:00
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
0b580d0521
Update website documentation for init and rekey with secret_pgp_keys API option
2015-08-25 14:52:13 -07:00
6c30f9a0f9
Make it clear we support instance profiles as well, the existing docs seem to indicate static credentials are required
2015-08-25 06:47:07 -07:00
88a7b57491
Merge pull request #558 from captainill/master
...
make sure header is below clickable area that hides sidebar
2015-08-21 10:21:40 -07:00
ea9fbb90bc
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-20 22:27:01 -07:00
0fa783f850
Update help text for TTL values in generic backend
2015-08-20 17:59:30 -07:00
ad9e00b166
make sure header is below clickable area that hides sidebar
2015-08-20 17:22:48 -07:00
b57ce8e5c2
Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
...
Fixes #528 .
2015-08-20 16:41:25 -07:00
beca9f1596
Merge pull request #385 from hashicorp/vishal/vault
...
SSH Secret Backend for Vault
2015-08-20 10:03:15 -07:00
86cde438a5
avoid dashes in generated usernames for cassandra to avoid quoting issues
2015-08-20 11:15:28 +02:00
76ed3bec74
Vault SSH: 1024 is default key size and removed 4096
2015-08-19 12:51:33 -07:00
1f5062a6e1
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-19 12:16:37 -07:00
9fd6837d7b
Fix typo in ACL doc
2015-08-19 07:36:16 +01:00
f351cd5ee0
Merge pull request #531 from mfischer-zd/fix_doc_tls
...
Clarify availability of tls_min_version
2015-08-18 19:01:28 -07:00
b5cda4942b
Vault SSH: doc update
2015-08-18 11:50:32 -07:00
b91ebbc6e2
Vault SSH: Documentation update and minor refactoring changes.
2015-08-17 18:22:03 -07:00
9db318fc55
Vault SSH: Website page for SSH backend
2015-08-14 12:41:26 -07:00
Jeff Mitchell