luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
8251 commits 1 branch 0 tags 214 MiB
Commit graph

8251 commits

This branch
This branch
All branches
Author SHA1 Message Date
Becca Petrin 44678e9ada
Fix possible nil pointer on mapping method (#4609) 2018-05-22 12:10:36 -07:00
Yoko 11646db916
Seal Wrap / FIPS 140-2 Compliance guide (#4558) 
* WIP - Seal Wrap guide

* WIP: Seal Wrap guide

* Added a brief description about the Seal Wrap guide

* Incorporated feedbacks

* Updated FIPS language

Technically everything looks great. I've updated some of the language here as "compliance" could be interpreted to mean that golang's crypto and xcrypto libraries have been certified compliant with FIPS. Unfortunately they have not, and Leidos' cert is only about how Vault can operate in tandem with FIPS-certified modules.

It's a very specific update, but it's an important one for some VE customers.

Looks great - thanks!

* Removed 'Compliance' from title

* typo fix
 2018-05-22 11:23:11 -07:00
Jeff Mitchell d60360ddbe Add instructions for both kvv1 and kvv2 to getting started policies info 2018-05-22 14:07:12 -04:00
Yoko d88e4d5019
Mount Filters guide (#4536) 
* WIP: Mount filter guide

* WIP

* Mount filter guide for CLI, API, and UI

* updated the next step

* Updated the verification steps

* Added a note about the unseal key on secondaries

* Added more details

* Added a reference to mount filter guide

* Added a note about generating a new root token

* Added a note about local secret engine
 2018-05-22 08:57:36 -07:00
Jeff Mitchell bc50ec113a changelog++ 2018-05-22 10:39:24 -04:00
Chris Hoffman 3db5a6adaa
updating link 2018-05-22 10:00:20 -04:00
Dan Brown 013e4e4d81 Fix typo (#4607) 2018-05-22 08:30:13 -04:00
Jeff Mitchell 3caf193707 Failure to provide correct key shares isn't an internal error, it's a 
user error
 2018-05-21 21:06:38 -04:00
Jeff Mitchell 0b4ead52a0 Don't allow providing original key shares once we've moved on to verification 2018-05-21 21:02:45 -04:00
Jeff Mitchell 4464c3a65f Fix introduced bug in refactor 2018-05-21 20:54:20 -04:00
Becca Petrin 4c1d8013f3
move fields and field parsing to helper (#4603) 2018-05-21 17:04:26 -07:00
Jeff Mitchell f22c0c92e6 Address feedback 2018-05-21 18:25:58 -04:00
Jeff Mitchell 7e7163f826 Factor out a bunch of shared code 2018-05-21 17:46:32 -04:00
Chris Hoffman ae43f2c25e
adding options information to mount endpoint (#4606) 2018-05-21 16:39:43 -04:00
Jeff Mitchell 3e0dbc5ea7 Remove dupe website text 2018-05-21 16:30:45 -04:00
Jeff Mitchell 8ad0bbbc44 Address feedback 2018-05-21 16:13:38 -04:00
Jeff Mitchell 62f46c5411 Fix tests 2018-05-21 15:29:41 -04:00
madalynrose 7ec2cb5f37
Update CHANGELOG.md 2018-05-21 14:54:05 -04:00
Jeff Mitchell 6adbe7780e Fix review feedback update 2018-05-21 14:51:05 -04:00
madalynrose e42a99ced3
update hmac form and component to use 'algorithm' instead of 'hash-algorithm' (#4604) 2018-05-21 14:50:54 -04:00
Becca Petrin fb04064967
Restrict userpass logins & tokens by CIDR (#4557) 2018-05-21 11:47:28 -07:00
Jeff Mitchell 462afbd0b9 Address review feedback 2018-05-21 14:47:00 -04:00
Brian Kassouf bc4372741f
Don't reload singleton mounts (#4593) 2018-05-21 11:05:04 -07:00
Jeff Mitchell 9255cc84da Add updated go-retryablehttp 2018-05-21 13:39:45 -04:00
Jeff Mitchell 27ab8d1a20 Add verification documentation 2018-05-21 12:00:36 -04:00
Jeff Mitchell d0402f5084 changelog++ 2018-05-21 09:21:24 -04:00
Jeff Mitchell c737778c8d Make description of prehashed a bit more friendly 2018-05-21 09:08:22 -04:00
Jeff Mitchell c55a2ec486 Finish api tests for verification 2018-05-20 19:01:24 -04:00
Jeff Mitchell e07fd14eb7 More work on recovery test 2018-05-20 18:42:14 -04:00
Jeff Mitchell acce3997a8 Start of seal improvements for testing 2018-05-20 17:49:37 -04:00
Jeff Mitchell cd70d1ca92 Refactor test to add recovery support 2018-05-20 17:38:04 -04:00
Jeff Mitchell 6340add8c1 Finish non-recovery test 2018-05-20 02:42:15 -04:00
Jeff Mitchell b5868a1de7 Add some more test structure and update test 2018-05-20 00:02:45 -04:00
Jeff Mitchell 72af2d49f9 Update rekey methods to indicate proper error codes in responses 2018-05-19 23:43:48 -04:00
Jeff Mitchell e1339af520 Fix existing tests 2018-05-19 22:04:45 -04:00
Jeff Mitchell a9fb7da890 WIP 2018-05-19 21:31:45 -04:00
Jeff Mitchell a9d8be3c4d WIP 2018-05-19 21:31:45 -04:00
Jeff Mitchell cec2123a98 changelog++ 2018-05-19 13:25:27 -04:00
Jeff Mitchell 72200603c6
Fix role writing not allowing key_type of any (#4596) 
Fixes #4595
 2018-05-19 10:24:43 -07:00
Jeff Mitchell 3a568b6175 Update key_type parameter description 2018-05-19 12:20:37 -04:00
Jeff Mitchell 701275aa21 Bump travis go version 2018-05-19 12:07:13 -04:00
Kevin Paulisse 6d93ea4d77 Docs: Clarify that revoking token revokes dynamic secrets (#4592) 2018-05-18 23:27:53 -07:00
Jeff Mitchell 0e627dc4c6 Update issue templates 2018-05-18 17:49:30 -04:00
Jeff Mitchell 9653b539a6 Update issue templates 2018-05-18 17:46:31 -04:00
Jeff Mitchell 84e1c87d3c Update issue templates 2018-05-18 17:20:36 -04:00
Jeff Mitchell c03d80e81d changelog++ 2018-05-18 16:35:01 -04:00
Jeff Mitchell 6b345ccdef
Use copystructure when assigning allowed/denied params from nil check (#4585) 
Fixes #4582
 2018-05-18 13:33:49 -07:00
Calvin Leung Huang 90d305a322
Optimize revokeSalted by not calling view.List twice (#4465) 
* Optimize revokeSalted by not calling view.List twice

* Minor comment update

* Do not go through the orphaning dance if we are revoking the entire tree

* Update comment
 2018-05-18 12:14:42 -07:00
Calvin Leung Huang 95958dd9f9
Use a token store with an initialized exp mananger in TestTokenStore_RevokeSelf (#4590) 2018-05-18 12:13:37 -07:00
Jeff Mitchell 484b32d3da Update go-retryablehttp de 2018-05-18 15:11:44 -04:00