Dmitriy Gromov
4abca91d66
Renamed sts duration to ttl and added STS permissions note.
2016-01-21 14:28:34 -05:00
Dmitriy Gromov
0b5e35c8cd
documenting the new aws/sts endpoint
2016-01-21 14:05:10 -05:00
Devin Christensen
06641570c7
Remove DDL statements from the code
2016-01-20 18:52:49 -07:00
Devin Christensen
fc94487f55
Add support for PostgreSQL as a physical backend
2016-01-19 17:00:09 -07:00
Jeff Mitchell
973c888833
RootGeneration->GenerateRoot
2016-01-19 18:28:10 -05:00
Jeff Mitchell
3b994dbc7f
Add the ability to generate root tokens via unseal keys.
2016-01-19 18:28:10 -05:00
Jorge Ferreira
306c63b1be
/encryption key/master key/
2016-01-19 15:42:50 +00:00
Jeff Mitchell
1001566a26
Keep ordering consistent in config doc, and put HA backends first
2016-01-14 13:55:53 -05:00
Seth Vargo
e40c77ff27
Use HTTPS + www where appropriate
2016-01-14 13:42:47 -05:00
Jeff Mitchell
d949043cac
Merge pull request #914 from hashicorp/acl-rework
...
More granular ACL capabilities
2016-01-12 21:11:52 -05:00
Ziyi, LIU
5204da4edd
Fix typo
...
Change "...implements is own login endpoint..." to "...implements its own login endpoint..."
2016-01-12 22:22:13 +08:00
Jeff Mitchell
e815db8756
Update audit sys docs
2016-01-11 19:08:23 -05:00
Eric Kidd
69434fd13e
etcd: Allow disabling sync for load balanced etcd
...
Some etcd configurations (such as that provided by compose.io) place the
etcd cluster behind multiple load balancers or proxies. In this
configuration, calling Sync (or AutoSync) on the etcd client will
replace the load balancer addresses with the underlying etcd server
address.
This will cause the etcd client to bypass the load balancers, and may
cause the connection to fail completely if the etcd servers are
protected by a firewall.
This patch provides a "sync" option for the etcd backend, which defaults
to the current behavior, but which can be used to turn off of sync.
This corresponds to etcdctl's --no-sync option.
2016-01-11 13:56:58 -05:00
Eric Kidd
ebabcd857a
etcd: Document existing username and password options
...
These options were present in the source code, but not in the
documentation. They're needed to connect to some hosted etcd services.
2016-01-11 11:30:51 -05:00
Jeff Mitchell
4f4ddbf017
Create more granular ACL capabilities.
...
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.
Fixes #724 (and others).
2016-01-08 13:05:14 -05:00
Paul Seiffert
3a0ea3bcaa
Add documentation for the DynamoDB backend
2016-01-08 17:34:31 +01:00
Jeff Mitchell
a094eedce2
Add rekey nonce/backup.
2016-01-06 09:54:35 -05:00
Jeff Mitchell
d4bc51751e
Fix typo in docs
2016-01-05 11:45:23 -05:00
Jeff Mitchell
e54edd54ac
Update documentation with policy fetching information.
2016-01-05 11:26:19 -05:00
kenjones-cisco
496e9962d0
Fixes mis-placed html tag
2015-12-31 10:37:01 -05:00
Jeff Mitchell
a7a02b3043
Cert documentation fix.
...
Fixes #899
2015-12-30 16:44:24 -05:00
Jeff Mitchell
6cdb8aeb4f
Merge branch 'master' into f-disable-tls
2015-12-29 12:59:02 -05:00
Jeff Mitchell
41d6e0e085
Merge pull request #882 from hashicorp/clarify-physical-support
...
Clarify stance on physical backend support
2015-12-29 11:40:23 -06:00
bashtoni
8248d15a5b
Doc grammar fix
2015-12-22 21:27:08 +00:00
Jeff Mitchell
dca0e72f10
Clarify stance on physical backend support
2015-12-22 10:50:31 -05:00
kenjones
c02013f631
add missing html tag
2015-12-20 14:20:30 -05:00
Jeff Mitchell
8bba9497ac
Some copyediting/simplifying of the Consul page
2015-12-18 10:07:40 -05:00
kenjones
0d74de9da4
Update secret backend Consul documentation
...
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
2015-12-18 09:44:31 -05:00
Jeff Mitchell
1261791e6f
Update etcd config docs with new options in 0.4.
...
Ping #780
2015-12-17 10:34:41 -05:00
Terry Corley
d6884b85e1
Change API endpoint path for app-id
...
The /login path was confusing because its not relative and not consistent with other documentation. Other documentation (e.g., username and password at https://www.vaultproject.io/docs/auth/userpass.html ) uses relative path.
2015-12-15 12:45:04 -06:00
Jeff Mitchell
db7a2083bf
Allow setting the advertise address via an environment variable.
...
Fixes #581
2015-12-14 21:22:55 -05:00
Jeff Mitchell
ff9745bb00
Update Changelog and documentation with separate-HA-backend info.
2015-12-14 21:04:58 -05:00
Jeff Mitchell
7dca03eb3f
Update documentation with Consul backend token_type
parameter.
...
Fixes #854
2015-12-14 20:54:13 -05:00
Johan Haals
fce85c12e2
Add vault-java to libraries
...
vault-java implements the basic HTTP API, more endpoints are in the
pipeline
2015-12-14 19:04:05 +01:00
Jeff Mitchell
e25b3ad344
Update documentation to be consistent with return codes
...
Fixes #831
2015-12-10 10:26:40 -05:00
Jeff Mitchell
448efd56fa
Merge branch 'master' into pki-csrs
2015-12-08 10:57:53 -05:00
Jeff Mitchell
902b7b0589
Add a warning about consistency of IAM credentials as a stop-gap.
...
Ping #687
2015-12-08 10:56:34 -05:00
Jeff Mitchell
eee8386ea9
Add info about cert backend not checking CRL revocation.
2015-12-05 15:12:43 -05:00
Jeff Mitchell
bf0909a892
Tab -> space doc fix
2015-12-05 15:04:54 -05:00
Jeff Mitchell
1dbfcc3b45
Merge branch 'master' into pki-csrs
2015-12-03 15:23:08 -05:00
Jeff Mitchell
3bdbd66f7d
Remove datacenter from Consul configuration, as it cannot actually do
...
anything
Fixes #816
2015-12-03 15:16:37 -05:00
Jeff Mitchell
4eec9d69e8
Change allowed_base_domain to allowed_domains and allow_base_domain to
...
allow_bare_domains, for comma-separated multi-domain support.
2015-11-30 23:49:11 -05:00
Jeff Mitchell
b6c49ddf01
Remove token display names from input options as there isn't a viable
...
use-case for it at the moment
2015-11-30 18:07:42 -05:00
Armon Dadgar
60ad2e0bbd
website: updating documentation
2015-11-25 12:23:56 -08:00
Jeff Mitchell
d461929c1d
Documentation update
2015-11-20 13:13:57 -05:00
Jeff Mitchell
22a6d6fa22
Merge branch 'master' into pki-csrs
2015-11-20 12:48:38 -05:00
Jeff Mitchell
25e359084c
Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up
2015-11-19 17:14:22 -05:00
Jeff Mitchell
af3d6ced8e
Update validator function for URIs. Change example of entering a CA to a
...
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
2015-11-19 11:35:17 -05:00
Jeff Mitchell
71f9ea8561
Make it clear that generating/setting a CA cert will overwrite what's
...
there.
2015-11-19 09:51:18 -05:00
Jeff Mitchell
a95228e4ee
Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint.
2015-11-19 09:51:18 -05:00
Jeff Mitchell
c461652b40
Address some feedback from review
2015-11-19 09:51:18 -05:00
Jeff Mitchell
ed62afec14
Large documentation updates, remove the pathlength path in favor of
...
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
2015-11-19 09:51:18 -05:00
Jeff Mitchell
ea676ad4cc
Add tests for intermediate signing and CRL, and fix a couple things
...
Completes extra functionality.
2015-11-19 09:51:17 -05:00
Jeff Mitchell
1c7157e632
Reintroduce the ability to look up obfuscated values in the audit log
...
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).
In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)
Fixes #784
2015-11-18 20:26:03 -05:00
Jeff Mitchell
45e7e61d71
Update audit documentation around what hash is used
2015-11-18 10:42:42 -05:00
Jeff Mitchell
1a45696208
Add no-default-policy flag and API parameter to allow exclusion of the
...
default policy from a token create command.
2015-11-09 17:30:50 -05:00
Jeff Mitchell
10913e2e6b
Update cert documentation to note requiring sudo access.
2015-11-06 16:09:42 -05:00
Jeff Mitchell
ffa879d6e2
Update S3 docs
2015-11-06 09:26:09 -05:00
Jeff Mitchell
08dbc70c9f
Switch etcd default port to 2379, in line with 2.x.
...
Fixes #753
2015-11-05 09:47:50 -05:00
Sander van Harmelen
4ad533a5ba
Add a line to the documentation to describe the new feature
2015-11-04 15:36:24 +01:00
Jeff Mitchell
a4322afedb
Merge pull request #746 from hashicorp/issue-677
...
Add a PermitPool to physical and consul/inmem
2015-11-03 15:26:58 -05:00
Jeff Mitchell
7f44a1b812
Add configuration parameter for max parallel connections to Consul
2015-11-03 15:26:07 -05:00
Jeff Mitchell
73e3aa1d64
Add create-orphan to documentation
2015-11-03 15:15:33 -05:00
Jeff Mitchell
d3f7546602
Fix trailing whitespace complaints
2015-11-03 10:52:20 -05:00
Jeff Mitchell
f0a25ed581
Clarify that CRLs are not fetched by Vault
2015-11-03 10:52:20 -05:00
Jeff Mitchell
154fc24777
Address first round of feedback from review
2015-11-03 10:52:20 -05:00
Jeff Mitchell
59cc61cc79
Add documentation for CRLs and some minor cleanup.
2015-11-03 10:52:20 -05:00
Jeff Mitchell
e2d4a5fe0f
Documentation update around path/key name encryption.
...
Make it clear that path/key names in generic are not encrypted.
Fixes #697
2015-10-29 11:21:40 -04:00
Jeff Mitchell
c1d8b97342
Add reset support to the unseal command.
...
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.
Fixes #695
2015-10-28 15:59:39 -04:00
Jeff Mitchell
57290b6d92
Minor format fix in environment documentation
2015-10-28 09:56:28 -04:00
Jason Antman
c7ff26b650
add documentation for GitHub Auth Backend 'ttl' and 'max_ttl' parameters
2015-10-23 09:30:48 -04:00
Jason Antman
b27e80d090
add GitHub Enterprise base_url to docs
...
In https://github.com/hashicorp/vault/issues/716 @jefferai confirmed that the GitHub Auth Backend supports GitHub enterprise using an undocumented ``base_url`` parameter. This adds that parameter to the relevant documentation page.
2015-10-23 09:18:07 -04:00
Jeff Mitchell
0168ce491b
Update token documentation to better explain token durations
2015-10-22 13:02:37 -04:00
Jeff Mitchell
189b72c3ba
Document the renew-self call
2015-10-21 10:53:20 -04:00
Jeff Mitchell
bc40e652bf
Remove revoke-self from sys API documentation as it's in the token-store instead
2015-10-21 10:46:41 -04:00
Jeff Mitchell
9f0b1547bb
Allow disabling the physical storage cache with 'disable_cache'.
...
Fixes #674 .
2015-10-12 13:00:32 -04:00
Seth Vargo
50f720bc06
Remove tabs from terminal output
...
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
2015-10-12 12:10:22 -04:00
vishalnayak
644a655920
mysql: made max_open_connections configurable
2015-10-01 21:15:56 -04:00
vishalnayak
2051101c43
postgresql: Configurable max open connections to the database
2015-10-01 20:11:24 -04:00
Colin Rymer
e2b157aa79
Remove redundant wording for SSH OTP introduction.
2015-09-30 10:58:44 -04:00
Jeff Mitchell
62ac518ae7
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 10:41:21 -04:00
Jeff Mitchell
af27a99bb7
Remove JWT for the 0.3 release; it needs a lot of rework.
2015-09-24 16:23:44 -04:00
Jeff Mitchell
e38c21e0ca
Documentation fix for global TTLs
2015-09-24 12:17:26 -04:00
Jeff Mitchell
8fa7d3bd0b
Add revoke-self to docs
2015-09-24 12:05:00 -04:00
Dominic Luechinger
89511e6977
Fixes docs for new JWT secret backend
2015-09-24 16:47:17 +02:00
Spencer Herzberg
54c62fe5aa
docs: pg username not prefixed with vault-
...
due to
05fa4a4a48
,
vault no longer prefixes the username with `vault-`
2015-09-22 10:14:47 -05:00
Jeff Mitchell
a5f52f43b1
Minor doc update to SSH
2015-09-21 16:26:07 -04:00
Jeff Mitchell
29c722dbb6
Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values
2015-09-21 16:14:30 -04:00
Jeff Mitchell
3eb38d19ba
Update transit backend documentation, and also return the min decryption
...
value in a read operation on the key.
2015-09-21 16:13:43 -04:00
Jeff Mitchell
ca33cd8423
Add API endpoint documentation to cubbyhole
2015-09-21 16:13:36 -04:00
Jeff Mitchell
273f13fb41
Add API endpoint documentation to generic
2015-09-21 16:13:29 -04:00
Jeff Mitchell
59ba17c601
Add clarity to the lease concepts document.
2015-09-21 08:56:26 -04:00
Jeff Mitchell
801e531364
Enhance transit backend:
...
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
2015-09-18 14:41:05 -04:00
Jeff Mitchell
8f79e8be82
Add revoke-self endpoint.
...
Fixes #620 .
2015-09-17 13:22:30 -04:00
Jeff Mitchell
538852d6d6
Add documentation for cubbyhole
2015-09-15 13:50:37 -04:00
vishalnayak
142cb563a6
Improve documentation of token renewal
2015-09-11 21:08:32 -04:00
Jeff Mitchell
ace611d56d
Address items from feedback. Make MountConfig use values rather than
...
pointers and change how config is read to compensate.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
Jeff Mitchell
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
f4239556d2
Merge pull request #508 from mfischer-zd/webdoc_environment
...
docs: Document environment variables
2015-09-09 11:29:10 -04:00
Michael S. Fischer
24a5127fab
docs: Document environment variables
2015-09-08 11:59:58 -07:00
Brian Lalor
2ae48fa586
Remove unused param to 'vault write aws/roles/deploy'
...
The name is taken from the path, not the request body. Having the duplicate key is confusing.
2015-09-06 06:57:39 -04:00
Armon Dadgar
4eaacaf546
Merge pull request #590 from MarkVLK/patch-1
...
Update mysql docs markdown to fix grammar error
2015-09-04 19:13:50 -07:00
MarkVLK
fae51d605f
Update transit docs markdown to add missing word
...
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
2015-09-04 17:11:34 -07:00
MarkVLK
cd292d5372
Update mysql docs markdown to fix grammar error
...
Changed "... used to **generated** those credentials" to "... used to **generate** those credentials."
2015-09-04 17:05:45 -07:00
Seth Vargo
6f248425a6
Update documentation around cookies
2015-09-03 10:36:59 -04:00
Vishal Nayak
d4609dea28
Merge pull request #578 from hashicorp/exclude-cidr-list
...
Vault SSH: Added exclude_cidr_list option to role
2015-08-28 07:59:46 -04:00
vishalnayak
b12a2f0013
Vault SSH: Added exclude_cidr_list option to role
2015-08-27 23:19:55 -04:00
Jeff Mitchell
a4fc4a8e90
Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470 .
2015-08-27 12:24:37 -07:00
vishalnayak
fbff20d9ab
Vault SSH: Docs for default CIDR value
2015-08-27 13:10:15 -04:00
vishalnayak
702a869010
Vault SSH: Provide key option specifications for dynamic keys
2015-08-27 11:41:29 -04:00
Jeff Mitchell
8669a87fdd
When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes.
2015-08-26 07:59:50 -07:00
Jeff Mitchell
b940d214bd
Merge pull request #568 from ctennis/add_some_s3_info
...
Make it clear for physical S3 backend we support instance profiles as well.
2015-08-26 09:03:38 -04:00
Jeff Mitchell
cc232e6f79
Address comments from review.
2015-08-25 15:33:58 -07:00
Jeff Mitchell
0b580d0521
Update website documentation for init and rekey with secret_pgp_keys API option
2015-08-25 14:52:13 -07:00
Caleb Tennis
6c30f9a0f9
Make it clear we support instance profiles as well, the existing docs seem to indicate static credentials are required
2015-08-25 06:47:07 -07:00
Jeff Mitchell
ea9fbb90bc
Rejig Lease terminology internally; also, put a few JSON names back to their original values
2015-08-20 22:27:01 -07:00
Jeff Mitchell
0fa783f850
Update help text for TTL values in generic backend
2015-08-20 17:59:30 -07:00
Jeff Mitchell
b57ce8e5c2
Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4.
...
Fixes #528 .
2015-08-20 16:41:25 -07:00
Vishal Nayak
beca9f1596
Merge pull request #385 from hashicorp/vishal/vault
...
SSH Secret Backend for Vault
2015-08-20 10:03:15 -07:00
Bernhard K. Weisshuhn
86cde438a5
avoid dashes in generated usernames for cassandra to avoid quoting issues
2015-08-20 11:15:28 +02:00
vishalnayak
76ed3bec74
Vault SSH: 1024 is default key size and removed 4096
2015-08-19 12:51:33 -07:00
vishalnayak
1f5062a6e1
Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault
2015-08-19 12:16:37 -07:00
Armon Dadgar
f351cd5ee0
Merge pull request #531 from mfischer-zd/fix_doc_tls
...
Clarify availability of tls_min_version
2015-08-18 19:01:28 -07:00
vishalnayak
b5cda4942b
Vault SSH: doc update
2015-08-18 11:50:32 -07:00
vishalnayak
b91ebbc6e2
Vault SSH: Documentation update and minor refactoring changes.
2015-08-17 18:22:03 -07:00
vishalnayak
9db318fc55
Vault SSH: Website page for SSH backend
2015-08-14 12:41:26 -07:00
Michael S. Fischer
0e0cdeed75
Clarify availability of tls_min_version
...
`tls_min_version` doesn't work in the current Vault release;
make that clear.
2015-08-13 08:35:09 -07:00
vishalnayak
93dfa67039
Merging changes from master
2015-08-12 09:28:16 -07:00
vishalnayak
0abf07cb91
Vault SSH: Website doc v1. Removed path_echo
2015-08-12 09:25:28 -07:00
Erik Kristensen
2233f993ae
initial pass at JWT secret backend
2015-08-06 17:49:44 -06:00
Armon Dadgar
f58f46c243
Merge pull request #439 from geckoboard/feature-tls-mysql
...
Using SSL to encrypt connections to MYSQL
2015-08-05 14:52:43 -07:00
Armon Dadgar
4d08cfdf6f
Merge pull request #469 from kgutwin/f-config-defaultlease
...
Add configuration options for default lease duration and max lease duration
2015-08-04 10:06:41 -07:00
Vivien Schilis
9db7426002
Add documentation for the tls_ca_file option
2015-08-04 05:10:33 +00:00
Rusty Ross
719ac6e714
update doc for app-id
...
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
2015-08-03 09:44:26 -07:00
Armon Dadgar
473668a1a0
Merge pull request #482 from chiefy/master
...
Adding vaulted nodejs library to libraries section in docs.
2015-07-31 15:13:44 -07:00
Long Nguyen
e666b5c624
added golang client
2015-07-31 17:10:38 -04:00
Christopher Najewicz
c5c7926af6
Adding vaulted nodejs library to libraries section in docs.
2015-07-31 14:31:26 -04:00
Armon Dadgar
03728af495
Merge pull request #464 from bgirardeau/master
...
Add Multi-factor authentication with Duo
2015-07-30 17:51:31 -07:00
Bradley Girardeau
aa55d36f03
Clean up naming and add documentation
2015-07-30 17:36:40 -07:00
Karl Gutwin
4bad987e58
PR review updates
2015-07-30 13:21:41 -04:00
Karl Gutwin
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
Armon Dadgar
1535a21198
Merge pull request #384 from dkaffee92/feature/storage-backend-consul-configuration
...
allow specifying certificates used to talk to consul for storage backend
2015-07-29 14:41:53 -07:00
Fabian Ruff
41106d9b69
fix doc for pki/revoke API
2015-07-29 14:28:12 +02:00
Bradley Girardeau
112f98d86f
mfa: cleanup website documentation
2015-07-28 12:25:01 -07:00
Bradley Girardeau
6c24a000a3
mfa: add website documentation
2015-07-28 11:00:57 -07:00
Daniel Kaffee
a6f828ba0a
made documentation a bit more clear
2015-07-28 15:50:43 +03:00
Daniel Kaffee
4146be770c
refactor code
2015-07-28 14:55:33 +03:00
Armon Dadgar
83729a3bd9
website: fixing details about HA backends
2015-07-24 12:11:45 -07:00
Armon Dadgar
80e59089ba
Merge pull request #449 from JustinLaRose/master
...
Cassandra secret backend doc update for connection config
2015-07-23 13:42:59 -07:00
Armon Dadgar
eeb623bca0
Merge pull request #447 from kgutwin/f-tlsvers
...
Specify Vault listener minimum TLS version
2015-07-23 13:42:42 -07:00
Armon Dadgar
9ec3cefea9
Merge pull request #433 from infame-io/feature/s3_sts
...
Granting S3 backend temporary access
2015-07-23 13:33:58 -07:00
Karl Gutwin
3a5e036727
Document warning for using lower TLS versions
2015-07-23 11:54:45 -04:00
Lauro Balderas
436dfd464d
S3 backend session token documentation updated
2015-07-23 22:53:20 +10:00
Justin LaRose
361f10f79e
Cassandra secret backend doc update for connection config - "hosts" instead of "host"
2015-07-23 03:07:29 -04:00
Karl Gutwin
1096f5a53e
Avoid unnecessary abbreviation
2015-07-22 23:28:46 -04:00
Karl Gutwin
9c963a0632
TLS minimum version documentation
2015-07-22 23:21:18 -04:00
Armon Dadgar
63fcb61145
Merge pull request #419 from nbrownus/telemetry_names
...
Disable hostname prefix for runtime telemetry
2015-07-22 15:38:23 -07:00
Bradley Girardeau
e8d26d244b
ldap: change setting user policies to setting user groups
2015-07-20 11:33:39 -07:00
Bradley Girardeau
1e1d4ba66d
ldap: add documentation for setting policies based on user
2015-07-14 16:13:40 -07:00
Nate Brown
65dc78ba35
Docs for the telemetry object
2015-07-14 15:45:45 -07:00
Bradley Girardeau
0e2edc2378
ldap: add ability to login with a userPrincipalName (user@upndomain)
2015-07-14 15:37:46 -07:00
Armon Dadgar
3042452def
website: fixing lots of references to vault help
2015-07-13 20:12:09 +10:00
Armon Dadgar
7be012b8b6
website: help command is now path-help
2015-07-13 20:03:29 +10:00
Armon Dadgar
26937498f6
physical/zk: Fixing node representation. Fixes #416
2015-07-13 19:33:23 +10:00
Armon Dadgar
8dd9478e14
website: fixing documentation errors. Fixes #412
2015-07-13 19:10:44 +10:00
Armon Dadgar
2da54da6ed
website: update HA status, discourage ZK
2015-07-13 19:01:32 +10:00
Matt Button
76bc988e50
Remove documentation that was copied from the terraform project
2015-07-12 16:52:24 +00:00
mootpt
872593d1e1
fixed secrets backend url
...
minor doc fix
2015-07-06 11:11:58 -07:00
mootpt
f782e7382e
pointed authentication backend to proper location
...
pointed authentication backend to proper location
2015-07-06 10:42:14 -07:00
Armon Dadgar
70cd3d1206
Merge pull request #400 from hashicorp/f-glob
...
Change ACL semantics, use explicit glob and deny has highest precedence
2015-07-06 11:15:49 -06:00
Armon Dadgar
768a6e33b0
website: clarify changes in addition to feedback
2015-07-06 11:10:09 -06:00
Armon Dadgar
0be3d419c8
secret/transit: address PR feedback
2015-07-05 19:58:31 -06:00
Armon Dadgar
01b0257c5f
website: update for glob matching
2015-07-05 17:43:13 -06:00
Armon Dadgar
f4d555a2ba
website: document derived keys in secret/transit
2015-07-05 14:47:16 -07:00
Armon Dadgar
0521c6df6c
http: support ?standbyok for 200 status on standby. Fixes #389
2015-07-02 17:49:35 -07:00
Bradley Girardeau
42050fe77b
ldap: add starttls support and option to specificy ca certificate
2015-07-02 15:49:51 -07:00
Armon Dadgar
3c58773598
Merge pull request #380 from kgutwin/cert-cli
...
Enable TLS client cert authentication via the CLI
2015-06-30 11:44:28 -07:00
Armon Dadgar
b8f2e8d498
website: document insecure_tls for LDAP backend
2015-06-30 09:42:18 -07:00
Jeff Mitchell
42b90fa9b9
Address some issues from code review.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:27:23 -04:00
Karl Gutwin
70fc49be84
Website docs.
2015-06-30 09:18:39 -04:00
Jeff Mitchell
fccbc587c6
A Cassandra secrets backend.
...
Supports creation and deletion of users in Cassandra using flexible CQL queries.
TLS, including client authentication, is supported.
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-30 09:04:01 -04:00
Jeff Mitchell
e086879fa3
Merge remote-tracking branch 'upstream/master' into f-pki
2015-06-19 13:01:26 -04:00
Jeff Mitchell
a6fc48b854
A few things:
...
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-19 12:48:18 -04:00
Armon Dadgar
28ddff305c
physical/mysql: cleanup and documentation
2015-06-18 14:31:00 -07:00
Jeff Mitchell
34f495a354
Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-18 15:22:58 -04:00
Armon Dadgar
7e6f44e39e
website: document transit upsert behavior
2015-06-17 18:51:58 -07:00
Armon Dadgar
93ee9f6b76
website: update the transit documentation
2015-06-17 18:45:29 -07:00
Jeff Mitchell
49f1fdbdcc
Merge branch 'master' into f-pki
2015-06-16 13:43:25 -04:00
Armon Dadgar
07df5c251d
Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix
...
Do not output the trailing newline in encoding.
2015-06-15 17:36:01 -07:00
Seth Vargo
db178571eb
Document longest-prefix match
...
Fixes https://github.com/hashicorp/vault/issues/331
2015-06-15 14:29:20 -04:00
Ryan Currah
c232fee6b3
Do not output the trailing newline in encoding.
...
Added -n to echo command to prevent newlines from showing up in encoding.
2015-06-13 12:03:57 -04:00
Jeff Mitchell
e17ced0d51
Fix a docs-out-of-date bug.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-12 16:33:00 -04:00
Jeff Mitchell
db5354823f
Fix some out-of-date examples.
...
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-11 21:17:05 -04:00
Jeff Mitchell
1513e2baa4
Add acceptance tests
...
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling
Also, fix a bug when trying to get code signing certificates.
Not tested:
* Revocation (I believe this is impossible with the current testing framework)
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Jeff Mitchell
0d832de65d
Initial PKI backend implementation.
...
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint
Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
2015-06-08 00:06:09 -04:00
Justin Campbell
2a1eac837c
docs: Fix examples of auth via JSON
...
For both userpass and LDAP
2015-06-04 10:38:11 -04:00
Armon Dadgar
66ab2bbf54
Merge pull request #263 from sheldonh/iam-policy
...
List IAM permissions required by root credentials
2015-06-01 13:16:51 +02:00
Armon Dadgar
98cca9cb18
Merge pull request #261 from jsok/consul-lease
...
Add ability to configure consul lease durations
2015-06-01 13:04:28 +02:00
Armon Dadgar
82caf31532
Merge pull request #277 from hashicorp/f-rotate
...
Add support for key rotation
2015-06-01 12:52:32 +02:00