Commit graph

3226 commits

Author SHA1 Message Date
Becca Petrin 24ae59b317
correct the okta docs (#8403) 2020-02-21 11:13:42 -08:00
Jim Kalafut 1bc1b45c07
Update identity token docs (#8398)
`client_id` is configurable as of version 1.4.
2020-02-21 10:59:09 -08:00
Jason O'Donnell 587b331d8f
docs: add openldap secret engine (#8388)
* docs: add openldap secret engine

* Update format of types

* Add to sidebars

* Fix formatting
2020-02-21 10:55:15 -05:00
tionebsalocin 5db4f3d55d
[Doc] Fix curl example syntax in the plugins reload backend (#8380)
documentation
2020-02-21 13:01:59 +01:00
Vishal Nayak 348cf9f52f
Seal Migration doc update (#8405) 2020-02-21 06:57:48 -05:00
Daniel Fanara 2980d06e5a
Docs: Add port paramter to MSSQL docs (#8402) 2020-02-21 08:55:21 +01:00
Calvin Leung Huang e9ff1dc23a
website: add alert box for 1.4.0-beta1 (#8400)
* website: add alert box for 1.4.0-beta1

* fix prerelease notification

Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2020-02-20 16:46:31 -08:00
Jeff Escalante bc12855d77
update deps, product downloader (#8404) 2020-02-20 16:15:59 -08:00
Angel Garbarino 971826a646
Add API documentation about the sys/internal/counters endpoints (#8390) 2020-02-19 14:47:53 -07:00
Becca Petrin 13a44b2e0b
Add docs for Kubernetes service discovery feature (#8374)
* add docs for kube service discovery

* give example with env vars only

* improve doc flow

* strip note about active being sometimes applicable
2020-02-19 13:34:18 -08:00
Jim Kalafut c263f7beb1
Update API docs for OIDC form_post mode (#8373) 2020-02-19 09:21:29 -08:00
Markus Nilsson d8ea61f91a
Docs: Fix anchor link to Generating JWTs (#8368) 2020-02-18 13:11:48 +01:00
JulesRenz c54c8c92bd
RSA3072 implementation in transit secrets engine (#8151)
* RSA3072 implementation in transit secrets engine

* moved new KeyType at the end of the list
So already stored keys still work properly

Co-authored-by: Jim Kalafut <jim@kalafut.net>
2020-02-15 14:40:50 -08:00
Gerardo Di Giacomo 8573eefe90
enabling TLS 1.3 support for TCP listeners (#8305)
* adding support for TLS 1.3 for TCP listeners

* removed test as CI uses go 1.12

* removed Cassandra support, added deprecation notice

* re-added TestTCPListener_tls13
2020-02-15 11:40:18 -08:00
Clint 39f1d26902
Docs enforce autoauth token (#8270)
* rename UseAutoAuthForce to ForceAutoAuth, because I think it reads better

* Document 'ForceAuthAuthToken' option for Agent Cache

* Update website/pages/docs/agent/caching/index.mdx

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Add additional tests around use_auto_auth=force and add documentation

* remove note, it's no longer correct

Co-authored-by: Jim Kalafut <jim@kalafut.net>
2020-02-14 15:48:12 -06:00
Clint d3cda0fe2c
Guard against using Raft as a seperate HA Storage (#8239)
* Guard against using Raft as a seperate HA Storage

* Document that Raft cannot be used as a seperate ha_storage backend at this time

* remove duplicate imports from updating with master
2020-02-14 14:25:53 -06:00
Jim Kalafut 0ab4c138c2
Update identity API docs (#8351) 2020-02-13 23:29:32 -08:00
Michael Golowka 635b957e76
Add x509 Client Auth to MongoDB Database Plugin (#8329)
* Mark deprecated plugins as deprecated

* Add redaction capability to database plugins

* Add x509 client auth

* Update vendored files

* Add integration test for x509 client auth

* Remove redaction logic pending further discussion

* Update vendored files

* Minor updates from code review

* Updated docs with x509 client auth

* Roles are required

* Disable x509 test because it doesn't work in CircleCI

* Add timeouts for container lifetime
2020-02-13 15:54:00 -07:00
Michael Golowka ee2843a3b2
Update Oracle DB secrets docs to reflect support for static roles (#8168)
* Fix typos

* Update Oracle DB secrets docs to show support for Static Roles

* Add warning about username case sensitivity

* Remove warning about casing

* Fix typo

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
2020-02-13 15:11:33 -07:00
Jeff Malnick 27ad920399
Add redshift database plugin (#8299)
* feat: add redshift database plugin

* build: update vendored libraries

* docs: add reference doc for redshift variant of the database secrets engine

* feat: set middlewear type name for better metrics naming (#8346)

Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
2020-02-13 09:42:30 -08:00
Darshana Sivakumar ef687a97a6 Adding a new replication metric (WAL GC counter) (#8241)
* Adding a new replication metric (WAL GC counter)

Adding a new line about the vault.replication.wal.gc metric

* Update website/pages/docs/internals/telemetry.mdx

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2020-02-07 23:04:59 -08:00
Jim Kalafut 2ee7b76469
Bundle MongoDB Atlas (#8309) 2020-02-07 14:09:39 -08:00
Michel Vocks 3a4d330f64
Return error when a standby node receives a metrics request (#8280)
* Return error when a standby node receives a metrics request

* fix test

* Add documentation note
2020-02-07 09:30:25 +01:00
Vlad Ungureanu 1081446ac9
Update vault azure api docs (#8276)
By reading the code looks like `subscription_id` and `resource_group_name` are required in the end https://github.com/hashicorp/vault-plugin-auth-azure/blob/master/path_login.go#L192-L194.
2020-02-06 12:51:34 -08:00
Brian Choy 85877e52a4
Fix typo in vault agent injector example docs (#8302)
Fix mispelling of `annotation`.
2020-02-05 15:57:09 -08:00
ncabatoff cfcb9d2218
Update seal migration docs re limitations and different scenarios (#8298) 2020-02-05 15:30:04 -05:00
Dan Lafeir fe80e136da
Add a specific reference to AWS IAM Unique Identifiers (#8209)
* Add specification about AWS IAM Unique Identifiers

We experienced an issue where IAM roles resources were re-provisioned with the same ARNs and no change had been made to our vault role configuration but users lost access with `-method=aws`. It wasn't immediately clear to us how IAM Unique Identifiers where being used to avoid the same situations outlined in the AWS documentation. We eventually concluded that re-provisioning the roles in our auth/aws/auth would fetch the new IAM Unique Identifiers. 

I hope that this small amendment helps people avoid this problem in the future.
2020-02-04 15:31:48 -08:00
Jamie Finnigan fa2544cf5e
fix <name> entity encoding for Secrets Engines Metrics section (#8290) 2020-02-04 15:06:10 -08:00
glerb 4f25ed2b08
Improve clarity of IAM flow explanation (#8275) 2020-02-03 10:14:09 -08:00
ncabatoff 03b14d8a64
Upgrade okta sdk lib (#8143)
Upgrade to new official Okta sdk lib.  Since it requires an API token, use old unofficial okta lib for no-apitoken case. 

Update test to use newer field names.  Remove obsolete test invalidated by #4798.  Properly handle case where an error was expected and didn't occur.
2020-02-03 12:51:10 -05:00
Jeff Escalante 9dd1a863c0
update dependencies (#8271) 2020-01-31 14:27:39 -05:00
Jason O'Donnell 8f2347f93a
docs: update vault k8s to 0.2.0 (#8269)
* doc: update vault-k8s to 0.2.0

* Add debugging note
2020-01-31 11:22:39 -05:00
Daniel Spangenberg 1c1d93a21c
Fix default max_open_connections for db plugins (#8262) 2020-01-30 17:33:04 +01:00
Sarai 74a6d02a89
Fix broken link (#8259)
- https://www.vaultproject.io/api/secret/pki/index.html#create-update-role
- https://www.vaultproject.io/api/secret/pki/index.html#createupdate-role
2020-01-30 08:12:24 -08:00
Raoof Mohammed 0b7afcc728
docs: fix api path for merge entity identity doc (#8258) 2020-01-29 08:56:36 -08:00
Michel Vocks f695eb737b
Add Consul TLS options to access API endpoint (#8253) 2020-01-29 09:44:35 +01:00
Michel Vocks 96a6857f0c
Docs: Add nomad TLS options (#8254) 2020-01-29 09:38:54 +01:00
Chris Hoffman 0ebf3c3e40
fixing static pdf compliance letter (#8248) 2020-01-27 15:40:55 -05:00
Theron Voran 890f4b63a6
Show bound_service_accounts in gce example (#8236)
Shows that the GCP auth option `bound_service_accounts` can be used
for gce-type roles as well as iam.
2020-01-27 11:48:21 -08:00
Daniel Spangenberg eea26c6af1
Clarify the k8s helm run docs (#8235) 2020-01-27 14:54:59 +01:00
Chris Hoffman efb2152759
Adding pricing module note for enterprise features (#8217)
* adding pricing module note for enterprise features

* fixing incorrectly committed go.mod
2020-01-24 19:18:22 -05:00
Becca Petrin fc09eb1e6b
Add Kerberos agent docs (#8220)
* add kerberos agent docs

* use relative doc link
2020-01-24 14:40:41 -08:00
Nicole Forrester 751b3473d0 package: mega nav version bump (#8215) 2020-01-24 14:52:52 -05:00
Nicole Forrester c5cbb43f39 Website: Update diagram images (#8214) 2020-01-24 14:52:26 -05:00
Jeff Escalante e6115388b0 patch docs sidenav to resolve a bug introduced yesterday (#8234) 2020-01-24 14:51:40 -05:00
Chris Hoffman 36f0c05744
updating download page version (#8233) 2020-01-24 09:08:24 -05:00
Aaron Bedra ddf38d8391 Fix example url for sys/wrapping/rewrap (#8222) 2020-01-23 21:09:53 -08:00
Mike Ruth eb592f05fb Update API to include roleset TTL parameter (#8231)
Include documentation on including the TTL parameter for service account key rolesets. [Associated PR](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/54)
2020-01-23 17:54:28 -08:00
Michael Golowka OR 1=1); DROP TABLE users; -- 8a8f9029d6
Update Kubernetes docs to include Kubernetes Auth method (#8046)
* Improve standalone with TLS example

- Documented creating a key & cert for serving Vault endpoints
- Removed unneeded configuration in custom values.yaml
- Updated examples to 1.3.0

* Add 127.0.0.1 to CSR

* Grammar & minor formatting

* Add additional DNS entry for CSR

* Split examples into individual pages

* Add Kubernetes Auth Method example

* Remove old examples file

* Fix rebase fail

* Remove global section of yaml files that aren't needed

* Fix minor typos

* Fix typos that didn't get carried over from previous PR

* Re-copy from previous examples file to resolve rebase issues

* update dependencies

Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2020-01-23 13:14:01 -07:00
Jeff Escalante 25d83349e0 update dependencies (#8221) 2020-01-23 12:44:59 -07:00
Jeff Escalante 3511bf8293 [website] fix a couple broken links (#8190)
* fix a couple broken links

* extra redirect

* another shot at redirects
2020-01-22 12:31:42 -08:00
Jeff Escalante 0062ad382d [website] implement postgres/secrets redirect (#8208)
* add secrets/postgresql redirect

* change name of old path

* ensure deprecated pages are not indexed by search engines

* remove deprecated page from navigation
2020-01-22 12:29:37 -08:00
Jeff Escalante 4f87851926 [website] Link Cleaning (#8205)
* update dependencies

* remove hard-coded vaultproject.io on local links

* remove 'index.html' from internal links

* remove '.html' at end of internal links

* manual review cleanup

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-01-22 12:05:41 -08:00
Clint 3b39b30e12
cleanup formatting on database index doc (#8207) 2020-01-22 09:57:03 -06:00
Calvin Leung Huang ffd90709f3
docs: update entropy augmentation page (#8185)
* docs: update entropy augmentation page

* remove .html extension in links

* remove .html extension in links
2020-01-21 15:05:53 -08:00
Michael Golowka OR 1=1); DROP TABLE users; -- d9ed6b845c
Improve Helm chart example for standalone with TLS configuration (#8022)
* Improve standalone with TLS example

- Documented creating a key & cert for serving Vault endpoints
- Removed unneeded configuration in custom values.yaml
- Updated examples to 1.3.0

* Add 127.0.0.1 to CSR

* Grammar & minor formatting

* Add additional DNS entry for CSR

* Fix typos, formatting, and other minor issues

* Use correct header depth for Helm Configuration

Co-Authored-By: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-01-21 15:44:14 -07:00
Clint b7c2acccd9
Website: Fix configuration links from Helm run docs (#8201) 2020-01-21 13:30:35 -06:00
DDd d1b4082fb3 Fix k8s docs for running standalone (#8199)
* instruction for HA was actually for standalone.
2020-01-21 19:46:33 +01:00
Clint 6b16f7521a
update 'learn about the configuration options' link (#8146) 2020-01-21 12:06:42 -06:00
Mikko Ekström 1f034ee380 Fix typo in YAML markup (#8194) 2020-01-20 16:39:51 +01:00
Jim Kalafut fdb7416b02
Fix typo (#8192)
Fixes #8189
2020-01-18 20:18:57 -08:00
Daniel Spangenberg c64c2bf512
Fix k8s injector examples (#8179) 2020-01-18 14:47:18 +01:00
Jeff Escalante 6b602ea068 update dependencies, patch nextjs config (#8184) 2020-01-17 17:32:35 -08:00
Becca Petrin aebfdc7516
Strip unnecessary payload in AD root cred rotation example (#8160)
* strip unnecessary payload in example

* strip other unnecessary payload
2020-01-17 16:49:36 -08:00
Jeff Escalante df34412570 New Website! (#8154)
* new documentation website

* ci job adjustment

* update to latest version on downloads page

* remove transition-period scripts

* add netlify toml file

* fix docs patch

* fix ci config?

* revert go.mod changes

* a couple last markdown formatting fixes
2020-01-17 16:18:09 -08:00
Michel Vocks 13ebf5460c
Add TLS options per Nomad backend (#8083) 2020-01-15 11:03:38 +01:00
Jason O'Donnell e40bbb0aaf
doc: add extraArgs example to vault-helm (#8149)
* doc: add extraArgs example

* Update website/source/docs/platform/k8s/helm/configuration.html.md

Co-Authored-By: Theron Voran <tvoran@users.noreply.github.com>

* Update website/source/docs/platform/k8s/helm/run.html.md

Co-Authored-By: Theron Voran <tvoran@users.noreply.github.com>

* Update injector installation example

* Update website/source/docs/platform/k8s/helm/configuration.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

* Update website/source/docs/platform/k8s/helm/run.html.md

Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com>

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-01-14 14:14:56 -05:00
Michel Vocks feb5391767
Docs: Add vaul.token.create_root metric (#8089)
* Docs: Add vaul.token.create_root metric

* Update website/source/docs/internals/telemetry.html.md

* Add additional note
2020-01-14 15:47:10 +01:00
Jim Kalafut 154b11bedd
Update Duo docs (#8127) 2020-01-09 15:58:52 -08:00
Mike Green 57a3b72cde Docs: Add note about needing to do plugin reload on each node (#8108)
* Add note about needing to do this on each node

Specifically calling this out will heed off operators doing this on a single node and thinking it is a bug that it didn't propagate to the other nodes, secondaries, etc.

* Updated to reflect not needing to do registration on each
2020-01-08 16:09:41 -08:00
Mike Green 12fba35a7c Update docs to add example of field output for KV get (#8109)
* Add example of field output

Ordering matters here and its a constant question both from customers and new folks. This will help to show the right syntax.

* minor update to spelling and force unit test rerun

* Update example actually in example area

* Clarify last example is only unix example

* removing Unix specific example
2020-01-08 15:58:10 -08:00
Mike Green ba3c4ed9d7 Add reference to answer "where are the metrics listed"? (#8110) 2020-01-08 10:32:09 -08:00
Jeff Mitchell fb9d809d91 Add changes for renewer api/agent behavior to upgrade guide 2020-01-08 12:47:49 -05:00
Jason O'Donnell 038d7bfc86
doc: update vault-helm to 0.3.2 (#8119) 2020-01-08 11:41:26 -05:00
Paul Banks 0b5c7550a6 Fix Headings for Consul Secret Engine (#8107) 2020-01-07 11:46:43 -05:00
Brian Kassouf 0d23c7973b
Update config.rb 2020-01-03 09:25:26 -08:00
Jason O'Donnell 78d47b0fe2
doc: update vault-k8s version (#8085) 2020-01-03 08:55:29 -05:00
Steven Crossan 0d0f5d2e98 Docs: Add a note to the token-parameter (#8086)
Adds a note that the `token` parameter may also be provided via the `CONSUL_HTTP_TOKEN` environment variable.
2020-01-03 10:48:03 +01:00
Marshall Copeland ac0bc52284 typos to email visiblity (#8087)
edited email address so they are visible, removed confusing EMAIL, email text.
2020-01-02 20:17:03 -05:00
Marshall Copeland 4d917fbfdb Update vault partner integration program docs (#8069)
* index.html.md

Vault Integration Program Refresh for CY 2020, major updates edits from Vault PM and Alliance

* fixing formatting and links

* a few more formatting updates

* Patch- Fix Typo

* Hashicorp -> HashiCorp

* embedding images

* remove checkboxes since they do not render correctly

Co-authored-by: Chris Hoffman <99742+chrishoffman@users.noreply.github.com>
Co-authored-by: Chris Griggs <cgriggs@hashicorp.com>
2020-01-02 12:16:35 -05:00
Jim Kalafut 22e948839a
Fix Azure Secrets docs typo 2019-12-19 10:24:37 -08:00
Jason O'Donnell eb7700c88b
doc: fix broken link in injector doc (#8059) 2019-12-19 12:57:24 -05:00
Jason O'Donnell b2f3110e0a
doc: update helm to 0.3.0 (#8057)
* doc: update helm to 0.3.0

* Add data type to extraContainers

* Update examples

* Update image in examples
2019-12-19 12:03:51 -05:00
Clint 1472b7aa6b
Update PKI index: fix typo (#8031)
* Update PKI index: fix typo

Missing a zero here; `4380h` is only 182.5 days

* other 5 year hour typos
2019-12-19 10:26:24 -06:00
Jason O'Donnell 36bf278ef7
doc: add agent inject documentation (#8032)
* Add agent inject documentation

* Update layout

* Fix sidebar title

* Fix format

* Update formating

* Updates

* Convert table to list

* Add remaining doc

* Add note about namespace selector

* Fix page description

* Fix description error, clarify container doc

* Fix typos

* Update website/source/docs/platform/k8s/injector/index.html.md

Co-Authored-By: Clint <catsby@users.noreply.github.com>

* Update website/source/docs/platform/k8s/injector/index.html.md

Co-Authored-By: Clint <catsby@users.noreply.github.com>

* Update website/source/docs/platform/k8s/injector/examples.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/injector/examples.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/injector/index.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/injector/index.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/injector/installation.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update doc from feedback

* Update website/source/docs/platform/k8s/helm/configuration.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/platform/k8s/helm/configuration.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/platform/k8s/helm/configuration.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/platform/k8s/helm/configuration.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/platform/k8s/helm/configuration.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/platform/k8s/helm/configuration.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>
2019-12-18 13:44:14 -05:00
Darshana Sivakumar cfbb755a66 Update telemetry.html.md to add a note on replication metrics (#8036)
Added a note on replication metrics.
2019-12-17 09:20:31 -08:00
Michel Vocks 9cff3fab58
Docs: Add missing KV V2 version argument to API docs (#8018) 2019-12-16 09:35:48 +01:00
Michael Golowka OR 1=1); DROP TABLE users; -- dcfaa7935b
Split helm docs to multiple pages under Helm Chart (#8011)
* Split helm docs to multiple pages under Helm Chart

- Fixed some minor formatting typos
- Added a note at the beginning of most of the pages indicating
incompatibility with helm 3

* Remove duplicate examples
2019-12-13 12:09:34 -07:00
Becca Petrin b0d1455ea3
add sts_region to aws auth api docs (#8001) 2019-12-11 13:45:39 -08:00
ncabatoff 828a345dbc
Update KMIP docs re supported operations. (#8008) 2019-12-11 16:22:25 -05:00
Becca Petrin 38262005dc
Kerberos docs (#7993) 2019-12-11 11:16:36 -08:00
chrismatteson 8dd8ca89b4 Removed typo space (#8007) 2019-12-11 11:01:28 -08:00
ncabatoff fde5e55ce9
Handle otherName SANs in CSRs (#6163)
If a CSR contains a SAN of type otherName, encoded in UTF-8, and the signing role specifies use_csr_sans, the otherName SAN will be included in the signed cert's SAN extension.

Allow single star in allowed_other_sans to match any OtherName.  Update documentation to clarify globbing behaviour.
2019-12-11 10:16:44 -05:00
Calvin Leung Huang 60a054a5eb
docs: add section on upgrading plugins (#7984)
* docs: add section on upgrading plugins

* docs: move plugin upgrade to its own guides page

* docs: reword step 4

* docs: add page to sidebar
2019-12-10 10:15:01 -08:00
Mike Jarmy e42bc0ffc0
Introduce optional service_registration stanza (#7887)
* move ServiceDiscovery into methods

* add ServiceDiscoveryFactory

* add serviceDiscovery field to vault.Core

* refactor ConsulServiceDiscovery into separate struct

* cleanup

* revert accidental change to go.mod

* cleanup

* get rid of un-needed struct tags in vault.CoreConfig

* add service_discovery parser

* add ServiceDiscovery to config

* cleanup

* cleanup

* add test for ConfigServiceDiscovery to Core

* unit testing for config service_discovery stanza

* cleanup

* get rid of un-needed redirect_addr stuff in service_discovery stanza

* improve test suite

* cleanup

* clean up test a bit

* create docs for service_discovery

* check if service_discovery is configured, but storage does not support HA

* tinker with test

* tinker with test

* tweak docs

* move ServiceDiscovery into its own package

* tweak a variable name

* fix comment

* rename service_discovery to service_registration

* tweak service_registration config

* Revert "tweak service_registration config"

This reverts commit 5509920a8ab4c5a216468f262fc07c98121dce35.

* simplify naming

* refactor into ./serviceregistration/consul
2019-12-06 09:46:39 -05:00
Steve Gore f991b92dc3 Fix "does not exists" grammar (#7950)
* Fix "does not exists" grammar

* Fix "does not exists" grammar

* Revert vendor and go.mod
2019-12-03 16:25:09 -06:00
Colton J. McCurdy e4c909fa3e physical/posgresql: add ability to prefer VAULT_PG_CONNECTION_URL envar over config file (#7937)
* physical/posgresql: add ability to use CONNECTION_URL environment variable instead of requiring it to be configured in the Vault config file.

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* storage/postgresql: update configuration documentation for postgresql storage backend to include connection_url configuration via the PG_CONNECTION_URL environment variable

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: add a configuration file and tests for getting the connection_url from the config file or environment

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: update postgresql backend to pull the required connection_url from the PG_CONNECTION_URL environment variable if it exists, otherwise, fallback to using the config file

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: remove configure*.go files and prefer the postgresql*.go files

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: move and simplify connectionURL function

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: update connectionURL test to use an unordered map instead of slice to avoid test flakiness

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* physical/postgresql: update config env to be prefixed with VAULT_ - VAULT_PG_CONNECTION_URL

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* docs/web: update postgresql backend docs to use updated, VAULT_ prefixed config env

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>
2019-12-03 15:48:38 -06:00
Jason O'Donnell a988d0367d
doc: update helm doc to include init/unseal (#7955)
* doc: update helm doc to include init/unseal

* Update website/source/docs/platform/k8s/run.html.md

Co-Authored-By: Clint <catsby@users.noreply.github.com>

* Update website/source/docs/platform/k8s/run.html.md

Co-Authored-By: Clint <catsby@users.noreply.github.com>

* Clarify vault helm default note
2019-12-02 15:51:51 -05:00
Brian Shumate 404b064cce Docs: Update Telemetry (#7959)
- Add wal_loadWAL metric
- Create section for Merkle Tree and WAL metrics
- Remove trailing spaces
2019-12-02 10:55:59 -08:00
Clint 54a8b20875 Remove response code info from non-overview API docs (contd) (#7940)
Continues https://github.com/hashicorp/vault/pull/6459 and cleans up
some spots that should have been deleted, but due to markdown
formatting, weren't rendering anyway.

> Remove response code info from non-overview API docs as it can be
> misinterpreted and is always the same anyways.
2019-12-02 10:07:46 -08:00
Peter Souter 46891998cc Adds new Entropy Augmentation feature (#7935) 2019-12-02 10:04:05 -08:00
Michel Vocks 4221091de8
Docs: Add enable_hostname_label (#7956) 2019-12-02 17:51:02 +01:00
Anoop Vijayan Maniankara 014791c032 Typo fix, getting started guide link (#7954)
The url does not exist, the correct one is updated.
install.html -> index.html
2019-12-02 09:43:15 +01:00
catsby 66bb372fca
fix website formatting 2019-11-26 17:02:10 -06:00
Yong Wen Chua e17f82dec1 Add new fields to K8S Auth Documentation (#7509)
- Added in https://github.com/hashicorp/vault-plugin-auth-kubernetes/pull/70
2019-11-26 16:48:30 -06:00
Andrea Scarpino d9ef12e5f0 Fix typo in the documentation (#7938) 2019-11-26 15:57:51 -06:00
Brian Shumate f8457d4d55 Docs: Secrets engines: KMIP (#7932)
- Streamline flow of introductory paragraph
- Grammar edits
- Remove trailing space
2019-11-25 11:56:08 -05:00
RJ Spiker 1065672b2f bump global-styles to ^2.0.3 (#7838) 2019-11-22 15:38:25 -06:00
Clint e363c3809d
link to template docs from Agent docs (#7876)
* link to template docs from Agent docs

* fix docs link

* fix metadata in template index page

* fix formatting that caused template index to render blank
2019-11-22 11:39:11 -06:00
Jeff Escalante 1c631dd3bb Removed "bundled with" in lockfile (#7921)
...to work around netlify build image bug
2019-11-21 16:22:35 -08:00
Calvin Leung Huang 6550b9969c
docs: add request_timeout to config docs for secrets/ad and auth/ldap backends (#7917) 2019-11-20 13:30:33 -08:00
Chris Hoffman 81fbab2637
updating status of backend to beta (#7916) 2019-11-20 10:07:35 -05:00
Marcus T d61b425aec Misc Documentation Fixes (#7662)
* Update parameter names to match URL placeholders

* Fix incorrect parameter quoting

Without the separated quoting, the entire `ec2_alias (string: "role_id")` string becomes an anchor link.

* Fix default value for userattr

vault/sdk/helper/ldaputil/config.go shows userattr has a default value of "cn"

* Fix default value for url

Documentation says it's required, but vault/sdk/helper/ldaputil/config.go shows that url has a default value.

* Fix default value for url

Documentation says it's required, but vault/sdk/helper/ldaputil/config.go shows that url has a default value.
2019-11-19 16:17:45 -06:00
Jim Kalafut 9384d8ba69
Update JWT docs (#7884) 2019-11-19 13:52:19 -08:00
Yoko b3fb8aa565
Added a cross-referencing link to Learn (#7898) 2019-11-18 15:02:12 -08:00
Dane Harrigan 214b2d13a2 Fix minor typo in website docs (#7882)
The -> They
2019-11-14 13:38:01 -08:00
Brian Kassouf 23a22809fa
Add 1.3.0 upgrade guide (#7881) 2019-11-14 09:10:39 -08:00
Brian Shumate e3e35e7bc4 Typo (#7880) 2019-11-14 08:53:42 -08:00
James Bayer cc282aaa8c added email (#7878) 2019-11-13 16:15:07 -08:00
Jason O'Donnell 68f36d571f
Update vault-helm to 0.2.1 (#7873) 2019-11-13 16:00:50 -05:00
Colton J. McCurdy 3d1b9b4df9 docs/website: fix broken chef-puppet with vault blog link (#7850)
Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>
2019-11-13 08:59:29 +01:00
Colton J. McCurdy 69c03e0dcb [docs/website/dynamic-secrets] - fix typo in multi-line cli command for configuring postgres as a secrets engine (#7842)
* docs/website/secret-mgmt: fix minor typo in cli command for configuring postgres secrets engine

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>

* docs/website/secret-mgmt: fix minor typo in cli command for configuring postgres secrets engine

Signed-off-by: Colton McCurdy <mccurdyc22@gmail.com>
2019-11-13 08:43:00 +01:00
Brian Kassouf afe28f252a
Reindex docs (#7868)
* update reindex docs

* update reindex docs
2019-11-12 11:54:04 -08:00
Mike Jarmy 76dc4b4467
Improve telemetry docs (#7762)
* improve telemetry docs

* improve telemetry docs

* improve telemtry docs

* improve telemetry docs

* improve telemetry docs

* improve telemetry docs

* cleanup

* cleanup

* cleanup

* cleanup

* cleanup

* cleanup

* Edited the note a little bit
2019-11-12 14:47:07 -05:00
Brian Kassouf 7b833aaec8 bump variables to 1.3 2019-11-11 19:33:14 -08:00
Michel Vocks f5719b9fee Docs: Add filtered paths api docs (#7786) 2019-11-11 15:25:48 -08:00
Calvin Leung Huang 58ce4afdaf
docs: add vault debug docs (#7669)
* docs: add vault debug docs

* add note about local-only targets

* add note on OpenBSD and host info

* address feedback
2019-11-11 14:42:10 -08:00
Calvin Leung Huang 9163874c9b
docs: add sys/config/state docs (#7654) 2019-11-11 14:36:09 -08:00
Jim Kalafut 6d3186521a
Fix agent docs typo (#7861) 2019-11-11 13:27:40 -08:00
Calvin Leung Huang 859deacd46
docs: add API docs for sys/leases/tidy (#7781) 2019-11-11 12:35:59 -08:00
Yoko 91daee9dbf
Adding more description (#7841) 2019-11-11 10:01:31 -08:00
Jason O'Donnell 0321d9fb3a
doc: update vault-helm for 0.2.0 (#7759)
* doc: update vault-helm for 0.2.0

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Remove commas from example
2019-11-11 11:07:35 -05:00
Sebastian Gumprich 02c2d85e5e update oidc azure docs to make it readable (#7832) 2019-11-08 11:56:02 -08:00
Jeff Mitchell f2f984557e
Add ability to renew by accessor (#7817)
* Add renewing by accessor

* Add accessor renewing test and fix bug

* Update website docs

* Remove extra newline

* Add command-level test
2019-11-08 11:32:01 -05:00
Calvin Leung Huang 93c01df791
docs: add 1.2.4 upgrade guide (#7839) 2019-11-07 15:28:58 -08:00
Chris Hoffman c92e9036e3
updating community page (#7831) 2019-11-06 22:09:43 -05:00
Chris Hoffman 58789e0436
Revert "updating community page (#7829)" (#7830)
This reverts commit 553bc729c9229fd0736e5fb9a01da7c89a1fa8b8.
2019-11-06 22:07:54 -05:00
Chris Hoffman ecd881c556
updating community page (#7829) 2019-11-06 22:04:41 -05:00
RJ Spiker fd319bba1e website - font and brand update (#7783) 2019-11-06 20:38:25 -05:00
Brian Shumate 8363d9fc1d Clarify language around 472 (#7814)
- use "disaster recovery mode"
- remove trailing spaces
2019-11-06 14:16:39 -08:00
Jeff Mitchell 7c4c53e523
Document secondary activation public key endpoints/params (#7810) 2019-11-06 16:37:46 -05:00
Jim Kalafut 2bd068f0e5
Update Azure storage docs (#7808)
Fixes #7750
2019-11-06 13:24:37 -08:00
Kevin Pruett ef903d4f81 website: Homepage updates, use case pages, navigation changes (#7782)
* website: various updates

* Expose /docs and /intro views using documentation-style
layout for index pages

* Add [Use Case] Secrets Management page

* Add [Use Case] Data Encryption page

* Add [Use Case] Identity Based Access page

* Update redirects file removing `/intro` routes redirecting to
`learn.hashicorp`

* Hide MegaNav on mobile

* website: route /api straight to documentation

* Bybass index page and jump straight to content
2019-11-05 19:54:24 -05:00
Christian Frichot b8ada6b8d9 doc: remove comma from list.html.md (#7766) 2019-11-05 12:10:58 -08:00
JoeStack 704f522d34 Update helm.html.md (#7310)
fixed HA cluster setting
2019-11-05 13:33:06 -05:00
Pascal Enz 33c1b7150f Rabbitmq topic permissions (#7751)
* Upgraded rabbit hole library to 2.0

* Added RabbitMQ topic permission support.

* Updated docs to cover RabbitMQ topic permissions.

* Improved comments and docs as suggested.
2019-10-30 14:19:49 -07:00
Luke Barton f1595835c9 Fix incorrect env vars example (#7755) 2019-10-30 11:43:38 -04:00
ncabatoff 5b8a4ba5b8
Add recovery mode docs. (#7667) 2019-10-29 16:42:47 -04:00
Dilan Bellinghoven 5f8528381c Add TLS server name to Vault stanza of Agent configuration (#7519) 2019-10-29 09:11:01 -04:00
Lexman 28aff44616 adds documentation for entropy augmentation (#7721)
* adds documentation for entorpy augmentation

* adds a link to pkcs11 seal configuration from a mention of it
2019-10-28 15:04:27 -07:00
ekow b62cebd325 Update lease concept to use correct command (#7730)
Updated command to reflect on the one that executes successfully on Vault v1.2.3 with server running in dev mode.
2019-10-28 15:53:12 -04:00
Daniel Lohse de2d3073d7 Allow Raft storage to be configured via env variables (#7745)
* Fix unordered imports

* Allow Raft node ID to be set via the environment variable `VAULT_RAFT_NODE_ID`

* Allow Raft path to be set via the environment variable `VAULT_RAFT_PATH`

* Prioritize the environment when fetching the Raft configuration values

Values in environment variables should override the config as per the
documentation as well as common sense.
2019-10-28 09:43:12 -07:00
Mike Jarmy ee2e3fd75d
add docs for new replication metrics (#7729)
* add docs for new replication metrics

* add docs for new replication metrics
2019-10-25 12:46:56 -04:00
Brian Shumate a83160617e Docs: Add version command (#7719)
* Docs: Add version command

* adding to
2019-10-25 12:25:04 -04:00
spiff efb2751e00 Change "Generate Intermediate" example to exported (#7515)
The example request for "Generate Intermediate" was type "internal", but the example response contained the private key, which "internal" doesn't do. This patch fixes the example request to be type "exported" to match the example response.
2019-10-25 12:21:55 -04:00
Jeff Escalante 00564a77a1 Update ruby dependencies (#7720)
* update ruby dependencies

* add specific version bundler dep

* remove ruby-version

* remove extra gemfile dep
2019-10-24 17:41:40 -04:00
Jeff Mitchell 1a77ce36be
Update transit docs to add aes128/p384/p521 information (#7718) 2019-10-23 10:26:11 -04:00
Clint 245935447b
Vault Agent Template (#7652)
* Vault Agent Template: parse templates  (#7540)

* add template config parsing, but it's wrong b/c it's not using mapstructure

* parsing consul templates in agent config

* add additional test to configuration parsing, to cover basics

* another test fixture, rework simple test into table

* refactor into table test

* rename test

* remove flattenKeys and add other test fixture

* Update command/agent/config/config.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* return the decode error instead of swallowing it

* Update command/agent/config/config_test.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* go mod tidy

* change error checking style

* Add agent template doc

* TemplateServer: render secrets with Consul Template (#7621)

* add template config parsing, but it's wrong b/c it's not using mapstructure

* parsing consul templates in agent config

* add additional test to configuration parsing, to cover basics

* another test fixture, rework simple test into table

* refactor into table test

* rename test

* remove flattenKeys and add other test fixture

* add template package

* WIP: add runner

* fix panic, actually copy templates, etc

* rework how the config.Vault is created and enable reading from the environment

* this was supposed to be a part of the prior commit

* move/add methods to testhelpers for converting some values to pointers

* use new methods in testhelpers

* add an unblock channel to block agent until a template has been rendered

* add note

* unblock if there are no templates

* cleanups

* go mod tidy

* remove dead code

* simple test to starT

* add simple, empty templates test

* Update package doc, error logs, and add missing close() on channel

* update code comment to be clear what I'm referring to

* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only

* Update command/agent.go

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* update with test

* Add README and doc.go to the command/agent directory (#7503)

* Add README and doc.go to the command/agent directory

* Add link to website

* address feedback for agent.go

* updated with feedback from Calvin

* Rework template.Server to export the unblock channel, and remove it from the NewServer function

* apply feedback from Nick

* fix/restructure rendering test

* Add pointerutil package for converting types to their pointers

* Remove pointer helper methods; use sdk/helper/pointerutil instead

* update newRunnerConfig to use pointerutil and empty strings

* only wait for unblock if template server is initialized

* drain the token channel in this test

* conditionally send on channel
2019-10-18 16:21:46 -05:00
vinodmu 474a2a26f3 Update Title for AWS Marketplace (#7683) 2019-10-18 09:52:22 -07:00
DevOps Rob 37a23cfb23 Fixing a typo with the sample payload (#7688)
This typo is related to  https://github.com/hashicorp/vault/issues/7603 .  The typo was causing issues with getting this working correctly when following the guide.  I imagine any other newbie to this plugin will have the same struggle.  I had to delve into the source code to figure it out
2019-10-17 21:47:45 -07:00
Jim Kalafut d129a3881b
Update OIDC provider doc 2019-10-17 16:05:19 -07:00
Jim Kalafut 1f7eab5cdb
Update OIDC provider doc (#7693) 2019-10-17 16:02:21 -07:00
Marcos Nils caaa736f35 Create .bundle and set group when running container (#7684)
If this is not set, `make website` fails due to permission errors in the docker container
Fixes #5589.
2019-10-17 14:17:00 -07:00
Michael Gaffney b48ce3d95f
Docs: add examples for when a seal rewrap is useful (#7689) 2019-10-17 14:01:17 -04:00
Mike Wickett 19b28317a0 website: bump consent manager version (#7677) 2019-10-17 10:59:16 -07:00
Mike Jarmy 9e7beeb56d
Document the Agent request_require_header option (#7678)
* document the require_request_header option in Agent

* document the require_request_header option in Agent

* document the require_request_header option in Agent

* document the require_request_header option in Agent

* minor tweaks to docs
2019-10-17 10:08:59 -04:00
Becca Petrin c1b5ca7d57
Add docs for Active Directory secret check-out (#7664) 2019-10-16 15:41:11 -07:00
Michael Gaffney c9804941a5
Add document for sealwrap/rewrap endpoint (#7676)
* Add documentation for seal wrap re-wrap endpoint

* Update sample response for seal rewrap status

* Updates based on feedback from reviewers
2019-10-16 15:46:43 -04:00
Jeff Malnick cb82f8be10
Add AWS marketplace reference docs (#7673) 2019-10-16 11:20:35 -07:00
Jim Kalafut 40a55e7d22
Add region parameter to AWS agent docs (#7674) 2019-10-16 10:13:23 -07:00
Alberto Alvarez c5b4fbd56f Improve Auto Unseal and awskms Seal documentation (#7575)
* Add further detail on Auto Unseal and awskms Seal documentation

* Move Rekeying to the generic Seal docs
2019-10-16 11:25:41 -04:00
Yoko 17a0b1420c
Adding the known issue section (#7439)
* Adding the known issue section

* incorporated the feedback

* Added the known issue section

* Fixed a typo

* Created upgrade guide for 1.1.2
2019-10-15 12:58:03 -07:00
Jim Kalafut 7e8b9addd0
Update Azure Secrets docs to include group assignment (#7656) 2019-10-15 08:58:22 -07:00
Dom Goodwin ca742e3a25 Update index.html.md (#7660) 2019-10-15 11:48:17 -04:00
Brian Shumate d53f3b7d27 Docs: update Oracle Database Secrets Engine API (#7520)
- Add missing `username` and `password` connection parameters
- Use templated root credential in example connection payload
2019-10-15 11:13:09 -04:00
Brian Shumate ee7e01eac3 Docs: File Audit Device (#7633)
* Docs: File Audit Device

- Add section + note about proper File Audit Device log rotation

* Additional clarification about relevant platforms
2019-10-15 10:20:51 -04:00
Jack Kleeman ffb699e48c Add ability to skip 'LIST ALL' check (#7614)
Currently whenever we start a new C* session in the database plugin, we
run `LIST ALL` to determine whether we are a superuser, or otherwise
have permissions on roles. This is a fairly sensible way of checking
this, except it can be really slow when you have a lot of roles (C*
isn't so good at listing things). It's also really intensive to C* and
leads to a lot of data transfer. We've seen timeout issues when doing
this query, and can of course raise the timeout, but we'd probably
prefer to be able to switch it off.
2019-10-14 16:36:49 -06:00
Yoko dbdf65e5bc
Added links to matching learn guide (#7636) 2019-10-14 10:31:03 -07:00
Jim Kalafut b3d53e4ef2
Fix Azure auth api docs (#7649)
Fixes #7648
2019-10-14 10:12:45 -07:00
kuritonasu f5b7c55532 Minor typo fix (#7631) 2019-10-11 11:12:38 -04:00
ncabatoff cbc00365f5
Revert "Minor typo fix (#7628)" (#7629)
This reverts commit 6093eec62e4b43a1c7e0a20d352756c00271faf0.
2019-10-11 10:52:39 -04:00
kuritonasu 0dcf563e04 Minor typo fix (#7628) 2019-10-11 10:52:07 -04:00
Vlad Fedosov dc3a8c175a New third-party tool added (#7596) 2019-10-09 15:56:34 -04:00
James Stoker 49c9352f75 Add config parameter to Azure storage backend to allow specifying the ARM endpoint to support Azure Stack. (#7567) 2019-10-08 08:51:36 -07:00
Calvin Leung Huang 9622a351ae docs: add sys/pprof API docs (#7562)
* docs: add sys/pprof api docs

* fix header
2019-10-07 11:55:17 -04:00
Calvin Leung Huang dd02d94a41 docs: add sys/host-info API docs (#7563)
* docs: add sys/host-info api docs

* remove extra closing bracket in sample response
2019-10-07 11:54:48 -04:00
Michel Vocks f8c233a63b Docs: Add unauthenticated metrics access docs (#7566) 2019-10-07 11:54:09 -04:00
Aric a2b70c7bc7 Update index.html.md (#7580)
"before storage data at rest" seems like it was intended to read either "before storing data at rest" or "before storage of data at rest".
2019-10-07 11:53:17 -04:00
Brian Shumate 4b5be69252 Docs: update plugin_dir (#7585)
- Add note that plugin_dir value cannot be a symlink
2019-10-07 10:17:12 -04:00
Brian Shumate 41374ecd82 Add note about plugin_directory (#7584)
- Note that plugin_directory cannot be a symbolic link
2019-10-07 09:59:34 -04:00
Jim Kalafut e9560ea13c
Fix transit docs env var typo (#7572)
Fixes #7570
2019-10-04 12:45:02 -07:00
Brian Shumate 77311bf24f Docs: update Transit Secrets Engine Create Key (#7568)
- Use type that supports derivation in sample payload
2019-10-04 10:56:18 -07:00
ncabatoff e7fe4b6d92
Return a useful error on attempts to renew a token via sys/leases/renew (#7298) 2019-10-02 10:55:20 -04:00
Jim Kalafut 9c80c3770a
Fix identity token API docs (#7545) 2019-10-01 16:13:21 -07:00
Vu Pham 2176b5f701 Update oci-object-storage.html.md (#7543) 2019-10-01 16:08:34 -07:00
Jim Kalafut 153c4cc80e
Add 1.2+ role parameters back to JWT API docs (#7544)
This reverts 24c2f8c2ad76, which pulled the parameters while there were
outstanding bugs when using them with JWT auth.
2019-10-01 16:07:52 -07:00
Andy Manoske 6ff745af2c
Update index.html.md (#7506)
Feedback from customers re: audit information to explicitly expose where credential password creation takes place in the source code.
2019-09-26 09:53:07 -07:00
Ivan Kurnosov 1ad67097cd Fixed github-prod path (#7516) 2019-09-26 08:46:41 -04:00
Marc-Aurèle Brothier a9081a94b5 docs: add -verify documentation on operator rekey command (#7190) 2019-09-25 13:57:57 -07:00
Noel Quiles 1c589deef2 Update hashi-docs-sitemap to v0.1.6 (#7413) 2019-09-25 13:38:19 -07:00
Yoko 69795e5018 Fixed the hyperlink typo to blog (#7354) 2019-09-25 13:34:58 -07:00
Brian Shumate 54a45db46d Update sample request (#7431)
- Format curl command to be similar to other sample requests
- Add single quotes to URL for '?' so that example is functional
- Delete trailing space
2019-09-25 13:32:42 -07:00
minitux 88da7ecd82 Fix api auth approle documentation (#7382)
Change policies to token_policies
2019-09-25 13:27:27 -07:00
Vu Pham 2d84a1078f Use snake case for HA example (#7505) 2019-09-23 16:02:08 -07:00
Joel Thompson 551b7a5e5c secret/aws: Support permissions boundaries on iam_user creds (#6786)
* secrets/aws: Support permissions boundaries on iam_user creds

This allows configuring Vault to attach a permissions boundary policy to
IAM users that it creates, configured on a per-Vault-role basis.

* Fix indentation of policy in docs

Use spaces instead of tabs
2019-09-19 16:35:12 -07:00
Yahya 936af3650c [Docs] Fix typo in database sample request (#7492) 2019-09-19 10:14:34 +02:00
Graham Land 73b9e39775 Early indication of storage backend requirements (#7472)
A Vault Enterprise Pro customer in Japan has tried to get Vault DR replication working using Google Cloud Storage.
They were frustrated to learn that GCS may not have support for transactional updates which has resulted in a lot of wasted time.
The complaint was that this was not clear from our documentation.
This note may help customers to understand sooner that not all highly available backends support transactional updates.
2019-09-18 14:19:32 -07:00
Michael Gaffney fdc1274c70
Fix the transit trim key api doc (#7453) 2019-09-18 09:29:58 -04:00
Pavlos Ratis d5d5582b23 add more gcp examples (#6358) 2019-09-17 13:39:00 -07:00
Justin Weissig ec41f0d775 docs: fixed sample json payload parse error (#7484)
Fixed malformed json example (removed extra comma). Here's the payload parse error I was running into with the example.

```
{
  "rotation_period":"12h",
  "verification_ttl":43200,
}
```

Vault does not like this JSON.

```
curl -s \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload-2.json \
    http://127.0.0.1:8200/v1/identity/oidc/key/named-key-001 | jq
{
  "errors": [
    "failed to parse JSON input: invalid character '}' looking for beginning of object key string"
  ]
}
```
2019-09-17 11:42:01 +02:00
Jim Kalafut d9741060d2
Add OCI links to detailed index (#7483) 2019-09-16 16:05:47 -07:00
Becca Petrin d416b5a838
document role aws auth role name casing (#7356) 2019-09-16 11:55:03 -07:00
Jim Kalafut dc18e7d33f
Add Technology Preview disclaimer to Raft docs (#7478) 2019-09-16 08:44:04 -07:00
David Rubin a2a22e6611 Remove vaulted as supported nodejs client (#7404)
Vaulted is no longer maintained according to the readme. 

https://github.com/chiefy/vaulted#vaulted 

"No Longer Being Maintained Use node-vault for future support of Vault features!"
2019-09-13 16:33:15 -07:00
Joel Thompson 8a981004ec Add reading AWS root/config endpoint (#7245) 2019-09-13 10:07:04 -07:00
Michel Vocks f048a7c1be
Fixed wrong API method in API docs for identity token generation (#7462) 2019-09-13 09:08:18 +02:00
Laurent Godet 3de32582ae Fix kv destroy command (#7461) 2019-09-11 15:20:49 +02:00
Austin Heiman c1f41a5e77 document mysql and postgres generated password complexity (#7435) 2019-09-07 09:48:08 -07:00
Jim Kalafut 27377dd612
Document Postgres ha_table parameter (#7444)
Fixes #7416
2019-09-07 08:49:14 -07:00
Jim Kalafut 4859d253d5
Fix Azure auth api docs (#7446)
Fixes #6793, #6785
2019-09-06 15:38:12 -07:00
Yoko 72618cb5cf
Auto-unseal with Azure Key Vault (#7414)
* Added note based on Asana report

* Removed extra space
2019-09-06 15:03:37 -07:00
Jim Kalafut 210d6a4217
Update JWT docs re: host parameter (#7445) 2019-09-06 14:58:14 -07:00
Vu Pham e5f955f9a7 Updated naming for OCI Auth and Object Storage plugins (#7423) 2019-09-05 10:26:05 -07:00
Jim Kalafut 6d4d4b5636
Update docs sidebar for CF and OCI (#7421) 2019-09-04 15:31:21 -07:00
Vu Pham a09d13c54a Added OCI Auth plugin documentation (#7284) 2019-09-04 13:25:08 -07:00
Vu Pham 9c8dc4d179 OCI KMS plugin documentation (#7283) 2019-09-04 13:23:06 -07:00
Vu Pham 3318e883e1 OCI Object Storage documentation (#7282) 2019-09-04 13:22:20 -07:00
Jim Kalafut 7919bfb3de
Fix sidebar order (#7409) 2019-09-03 09:32:44 -07:00
Yoko 17ea1fb294
Fixed typo - --> _ (#7391) 2019-08-29 12:44:31 -07:00
Noelle Daley f1c1d47b34 fix ciphertext typo (#7366) 2019-08-26 19:40:00 -04:00
Becca Petrin 64ecf46fb6
rename pcf to cf maintaining backwards compat (#7346) 2019-08-26 09:55:08 -07:00
Becca Petrin efba500548
describe API calls made by the cf client (#7351) 2019-08-22 11:53:27 -07:00
Jason O'Donnell a23f7e71b6
docs: update vault helm doc (#7348)
* docs: update vault helm doc

* Update wording per review
2019-08-22 13:09:22 -04:00
Jeff Malnick ba4fbd4df8
Allow setting file mode on vault agent sink file (#7275)
* feat: enable setting mode on vault agent sink file

* doc: update vault agent file sink with mode configuration
2019-08-21 20:41:55 -07:00
Michael Gaffney 9da6460f4d
Add docs for Vault Agent Auto-auth Certificate Method (#7344)
Closes #7343
2019-08-21 10:34:26 -04:00
Tommy Murphy fc3f1896ad telemetry: add stackdriver metrics sink (#6957)
* telemetry: add stackdriver metrics sink

* telemetry: stackdriver go mod tidy
2019-08-20 14:47:08 -07:00
Joel Thompson ac18a44fae secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles (#6789)
* secret/aws: Pass policy ARNs to AssumedRole and FederationToken roles

AWS now allows you to pass policy ARNs as well as, and in addition to,
policy documents for AssumeRole and GetFederationToken (see
https://aws.amazon.com/about-aws/whats-new/2019/05/session-permissions/).
Vault already collects policy ARNs for iam_user credential types; now it
will allow policy ARNs for assumed_role and federation_token credential
types and plumb them through to the appropriate AWS calls.

This brings along a minor breaking change. Vault roles of the
federation_token credential type are now required to have either a
policy_document or a policy_arns specified. This was implicit
previously; a missing policy_document would result in a validation error
from the AWS SDK when retrieving credentials. However, it would still
allow creating a role that didn't have a policy_document specified and
then later specifying it, after which retrieving the AWS credentials
would work. Similar workflows in which the Vault role didn't have a
policy_document specified for some period of time, such as deleting the
policy_document and then later adding it back, would also have worked
previously but will now be broken.

The reason for this breaking change is because a credential_type of
federation_token without either a policy_document or policy_arns
specified will return credentials that have equivalent permissions to
the credentials the Vault server itself is using. This is quite
dangerous (e.g., it could allow Vault clients access to retrieve
credentials that could modify Vault's underlying storage) and so should
be discouraged. This scenario is still possible when passing in an
appropriate policy_document or policy_arns parameter, but clients should
be explicitly aware of what they are doing and opt in to it by passing
in the appropriate role parameters.

* Error out on dangerous federation token retrieval

The AWS secrets role code now disallows creation of a dangerous role
configuration; however, pre-existing roles could have existed that would
trigger this now-dangerous code path, so also adding a check for this
configuration at credential retrieval time.

* Run makefmt

* Fix tests

* Fix comments/docs
2019-08-20 12:34:41 -07:00
Jim Kalafut 3ce3e40db7
Update role parameters in JWT API docs (#7328)
This is a temporary revert related to https://github.com/hashicorp/vault-plugin-auth-jwt/issues/66.
Once that change is in a released Vault, this docs change should be reverted back.
2019-08-16 08:09:15 -07:00
Jeff Mitchell 87f649bf99 Prep for 1.2.2 2019-08-14 16:54:16 -04:00
skarsol 073ff32900 Add section for consul 1.4+ (#6366) 2019-08-14 10:19:14 -04:00
Didi Kohen a14b44ee8b Add some more detail for the root generation process (#5720)
* Add some more detail for the root generation process

* Remove mention of old OTP and OTP provided on the start request
2019-08-14 10:16:10 -04:00
IPv4v6 8fe861ec04 add examples for ECC key sizes in documentation (#2952)
* add examples for ECC key sizes in documentation

Signed-off-by: Stefan Pietsch <mail.ipv4v6+gh@gmail.com>

* remove links to Go documentation
2019-08-14 10:08:41 -04:00
Calvin Leung Huang 675593bd18 docs: add 1.2.1 upgrade guide (#7274) 2019-08-14 09:45:09 -04:00
Jim Kalafut 4653861333
Fix PCF API docs field names (#7302) 2019-08-12 10:55:23 -07:00
Michel Boucey badb089ffb Add gothic, a Haskell KVv2 engine API client (#7301) 2019-08-12 13:30:25 -04:00
Jason O'Donnell ac16dec5c4
docs: update k8s helm doc (#7279) 2019-08-08 17:05:01 -04:00
Jeff Mitchell c9d4e83350 Bump some versions to prep 2019-08-05 17:43:12 -04:00
Jason O'Donnell 13ffbcd984
doc: add k8s vault-helm doc (#7193)
* doc: add k8s vault-helm doc

* Replace TODO with security warning

* Add TLS example

* Add production deployment checklist

* Add kube hardening guide

* Fix link to configuration values

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Fix typo in example

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>

* Remove anchors, add tolerations/selector

* Fix rendering of global configuration

* Fix sidebar navigation and update links

* Add sidebar title to run doc

* Add platform index.html

* Add relative links

* Rename file

* Fix titles

* Add syntax highlighting to examples

* Move platforms in navigation bar
2019-08-05 17:15:28 -04:00
ncabatoff 439ea99c83
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true (#7241)
Follow what documentation says we should do if we're a perf standby and perfstandbyok=true, i.e. return 200 instead of 429.
2019-08-05 16:44:41 -04:00
Jim Kalafut 4584c84d79
Add docs for OIDC verbose_oidc_logging (#7236) 2019-08-01 14:41:35 -07:00