Commit graph

572 commits

Author SHA1 Message Date
Sebastien Rosset fd209183d1
Update upgrade-to-1.3.10.mdx (#12341)
The upgrade guide indicates the upgrade path between two identical versions (1.3.10). Presumably you meant compared to 1.3.9?
2022-01-28 09:27:23 -08:00
Austin Gebauer 17b2e0d259
auth/oidc: Documentation updates for Azure AD applications (#13819) 2022-01-28 08:34:36 -08:00
Steven Clark 69ac11a564
Documentation updates for new keys for PKCS#11 unsealing (#13814)
* Document new force_rw_session parameter within pkcs11 seals

* documentation for key_id and hmac_key_id fields

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/configuration/seal/pkcs11.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: rculpepper <rculpepper@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-01-28 11:25:02 -05:00
mickael-hc 45875e2e9d
docs: add cluster-to-cluster communications to external threat overview (#13805) 2022-01-28 10:15:22 -05:00
Scott Miller 86175b2e82
Add notes on the PKI cert generation forwarding regression (#13815)
* Add notes on the PKI cert generation forwarding regression

* content

* typo

* iterate

* extra space
2022-01-27 16:36:50 -06:00
Scott Miller 743b0e1905
Clarify that backend authors can specify that all or no values are sealwrapped (#13813)
* Clarify that backend authors can specify that all or no values are sealwrapped rather than the vague statement that all values _may_ be seal wrapped

* typo
2022-01-27 15:30:55 -06:00
Rosemary Wang e1165737dc
Update CSI provider installation on OpenShift (#13763)
Include recommendation to use Vault agent injector on OpenShift
instead of CSI due to production security constraints.
Additional instructions included for testing and development
clusters.
2022-01-26 07:44:15 -08:00
mickael-hc 3a1a8c4cbf
Fix limits docs to reflect listener variable name (#13776) 2022-01-25 16:45:56 -05:00
Loann Le 02074f40e7
added missing title (#13775) 2022-01-25 10:19:10 -08:00
Caleb Lemoine f03a176ac3
docs: add vault-plugin-secrets-jenkins to plugin portal page (#13531)
Signed-off-by: circa10a <caleblemoine@gmail.com>
2022-01-24 19:36:42 -08:00
Theron Voran a0ccdfcdb1
docs/k8s: Updates for vault-k8s 0.14.2 and vault-helm 0.19.0 (#13748)
Updated vault and chart versions, and some formatting from the
pre-commit hook. Also updated chart values.
2022-01-24 15:25:52 -08:00
James Bayer 2d3db5ce78
Updated spelling (#13751) 2022-01-24 14:38:13 -08:00
Loann Le 5bc0c1b3c0
fixed typo (#13740) 2022-01-21 11:12:01 -08:00
Mike Green 364d7a9be1
Add algo signer to support openssl as of recent (#12438)
"algorithm_signer": "rsa-sha2-256"
to prevent /var/log/auth.log `userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]` due to vault defaulting to ssh-rsa which is insecure
2022-01-19 15:37:00 -08:00
Calvin Leung Huang bd25ed1294
docs: add known issues section to 1.9.x upgrade guide (#13662)
* docs: add known issues section to 1.9.x upgrade guide

* minor rephrasing on oidc known issue

* use relative references for URLs

* Update website/content/docs/upgrading/upgrade-to-1.9.x.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* update known issues section for id token

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-01-19 11:21:10 -08:00
Jason O'Donnell 17ca494be3
docs/oracle: fix typo in connection_url example (#13708) 2022-01-19 11:59:30 -05:00
Tony Pulickal 908a1c1178
Update http requests API link to versioned docs (#13692) 2022-01-18 14:16:02 -05:00
Tero Saarni e2b17ca96b
auth/kubernetes: support for dynamically reloading short-lived tokens (#13595)
* auth/kubernetes: support for short-lived tokens

* Uplift new version of Kubernetes auth plugin that does not store the
  service account token persistently to Vault storage.

* Update the documentation to recommend local token again when running
  Vault inside cluster.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* Added changelog entry

Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* clarification to changelog entry, executed go mod tidy

* clarifications and added targeted release version
2022-01-14 19:55:15 -08:00
Jason O'Donnell 33b9db2d26
docs: update oracle tls examples (#13659)
* docs: update oracle tls examples

* Add warnings

* Add notes

* Add missing note
2022-01-14 10:03:58 -05:00
Austin Gebauer 691e440fac
auth/azure: Documents config env vars and fixes resource used in examples (#13641) 2022-01-13 10:41:40 -08:00
Austin Gebauer e5dd039c4f
secrets/keymgmt: Adds documentation for using Azure Private Link (#13640) 2022-01-13 10:41:05 -08:00
Loann Le 492eb0a2d6
Vault documentation: updated client count FAQ (#13633)
* include nomad vault question

* added link
2022-01-13 08:56:58 -08:00
Chris Capurso d52d69e4bb
Add HTTP PATCH support for KV key metadata (#13215)
* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* add kv metadata patch command

* add changelog entry

* success tests for kv metadata patch flags

* add more kv metadata patch flags tests

* add kv metadata patch cas warning test

* add kv-v2 key metadata patch API docs

* add kv metadata patch to docs

* prevent unintentional field overwriting in kv metadata put cmd

* like create/update ops, prevent patch to paths ending in /

* fix kv metadata patch cmd in docs

* fix flag defaults for kv metadata put

* go get vault-plugin-secrets-kv@vault-4290-patch-metadata

* fix TestKvMetadataPatchCommand_Flags test

* doc fixes

* go get vault-plugin-secrets-kv@master; go mod tidy
2022-01-12 12:05:27 -05:00
Nick Cabatoff 150b1ac67a
Clarify the distinction between token and identity policies. (#13614) 2022-01-11 09:01:43 -05:00
Nick Cabatoff 3828d4bf9d
Note that api_addr and cluster_addr can use go-sockaddr templates. (#13592) 2022-01-10 09:06:30 -05:00
Saru Thuraiman e3426c238f
Add missing word "database" in docs (#13571)
* Update README.md

Add missing word database

* Update what-is-vault.mdx

Add missing "database" keyword.

* Update README.md

* Update what-is-vault.mdx

* Update website/content/docs/what-is-vault.mdx

* Update website/content/docs/what-is-vault.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-01-07 09:21:37 -08:00
Jason O'Donnell 1cc5e8d44d
docs: fix typo in azure auth debug log mode (#13593) 2022-01-07 11:33:53 -05:00
mickael-hc 82e6f2bbd2
docs: update GitHub auth method docs and security model (#13572)
Provide changes based on recent audit feedback: describe risks of third party authentication systems and plugins.
2022-01-05 09:23:55 -08:00
Dave D'Amico 1b538e584b
corrected name and added link (#13562) 2022-01-04 14:29:59 -08:00
raakatz 86ac6c2996
Fix a sentence in architecture.mdx (#13539)
The words "can be" were missing
2022-01-03 16:38:39 -08:00
Loann Le e5999bba62
Vault documentation: fixed broken links (#13553)
* fixed broken links

* Update ha.mdx

removed extra slash
2022-01-03 13:53:10 -08:00
Tim Peoples 26c46f0b45
Update docs to reflect new plugin behavior. (#13543)
* Update docs to reflect that TLS connection state is now available to plugins

* Fix typo (D'oh!)
2022-01-03 11:54:12 -08:00
Pascal Reeb 48dbe28b24
fix(docs-k8s-helm): changed server's podAntiAffinity labelSelector example to match helm default values (#13140) 2022-01-03 11:13:54 -08:00
VAL ee5f26e18f
Update example code links, remove unneeded comments (#13491) 2021-12-22 09:33:12 -08:00
Jose Diaz-Gonzalez b56f708ef3
docs: add a note regarding the backend => storage config key aliasing (#13451)
* docs: add a note regarding the backend => storage config key aliasing

This was missing from upgrade docs and implemented in #2456.

* Update website/content/docs/upgrading/upgrade-to-0.7.0.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-22 09:24:55 -08:00
Meggie 78b0284f78
Adding upgrade note about 1.7.8 go version (#13475)
* Adding upgrade note about 1.7.8 go version

* Adding version bump while I'm at it
2021-12-21 17:49:41 -05:00
firingLi 0446e14d02
add tencentCloud Secrets&Auth Plugins (#13415)
* add tencentCloud plugin

* add tencentCloud plugin

* add tencentCloud plugin
2021-12-20 17:00:27 -08:00
Vasilii Angapov f94d0dd44f
Fix typo in policies.mdx (#13345)
Fix typo in Kubernetes policy example which prevents example from working.
2021-12-20 11:25:50 -08:00
Meggie 834ad52d68
Upgrade guidance updates from VLT-172 (#13327)
* Upgrade guidance updates from VLT-172

Trying to clarify some upgrade questions. Learn update to follow in
separate PR.

* Apply suggestions from code review

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-12-20 13:46:57 -05:00
Tom b2c473edbd
adjustemnt of options order (#12804)
Co-authored-by: tograla <tograla@gmail.com>
2021-12-17 16:22:52 -08:00
Carlos Cisneros, Jr fbd0cf82d9
Update index.mdx (#10873)
* Update index.mdx

Fixed typo in Setup section of the Secrets Engine documentation.

* Update index.mdx

Remove line 112.
2021-12-17 16:09:38 -08:00
Kaue Doretto Grecchi 2cc4ec2487
add entity-alias parameter description (#13339)
This page is missing the `entity-alias` parameter description, available in the `vault token create --help` command
2021-12-17 15:23:47 -08:00
Noel Quiles 9a9608a11d
website: Update text (#13441) 2021-12-16 12:35:55 -05:00
Pratyoy Mukhopadhyay a9301012fc
Update docs with new images (#13454)
* Update docs with new images

* Update website/content/docs/concepts/identity.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Remove extraneous Github mention

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-15 20:10:05 -08:00
Jason Peng 0bd6f5392c
Update openshift.mdx (#13372)
Consul Openshift is supported since Consul 1.9 as per https://www.hashicorp.com/blog/introducing-openshift-support-for-consul-on-kubernetes. Please verify.
2021-12-15 13:07:30 -08:00
Yoko Hyakuna cbdea53dd7
Add paths filter doc (#13435)
* Add paths filter doc

* Add a description about the screenshot

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/enterprise/replication.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Remove extra sentense

* Update the diagram

* Update the diagram

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-14 17:19:31 -08:00
Jason O'Donnell 9674a75a4d
auth/azure: add note about debug env (#13405)
* auth/azure: add note about debug env

* Update azure.mdx

* Update azure.mdx
2021-12-13 14:16:45 -05:00
divyapola5 3488948ccd
CLI changes for new mount tune config parameter allowed_managed_keys (#13255)
* CLI changes for new mount tune config parameter allowed_managed_keys

* Correct allowed_managed_keys description in auth and secrets

* Documentation update for secrets and removed changes for auth

* Add changelog and remove documentation changes for auth

* removed changelog

* Correct the field description
2021-12-10 11:08:28 -06:00
hghaf099 65845c7531
VAULT-1564 report in-flight requests (#13024)
* VAULT-1564 report in-flight requests

* adding a changelog

* Changing some variable names and fixing comments

* minor style change

* adding unauthenticated support for in-flight-req

* adding documentation for the listener.profiling stanza

* adding an atomic counter for the inflight requests
addressing comments

* addressing comments

* logging completed requests

* fixing a test

* providing log_requests_info as a config option to determine at which level requests should be logged

* removing a member and a method from the StatusHeaderResponseWriter struct

* adding api docks

* revert changes in NewHTTPResponseWriter

* Fix logging invalid log_requests_info value

* Addressing comments

* Fixing a test

* use an tomic value for logRequestsInfo, and moving the CreateClientID function to Core

* fixing go.sum

* minor refactoring

* protecting InFlightRequests from data race

* another try on fixing a data race

* another try to fix a data race

* addressing comments

* fixing couple of tests

* changing log_requests_info to log_requests_level

* minor style change

* fixing a test

* removing the lock in InFlightRequests

* use single-argument form for interface assertion

* adding doc for the new configuration paramter

* adding the new doc to the nav data file

* minor fix
2021-12-08 17:34:42 -05:00
Pratyoy Mukhopadhyay c97c8687f4
[VAULT-3252] Add entity-alias behavior change to docs (#13370)
* Add entity-alias behavior change to docs

* Add upgrade note about entity-alias mapping change

* Rename 1.7-9 upgrade pages, shuffle upgrade note position

* Update website/content/partials/entity-alias-mapping.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Add incorrect policy issue to the docs

* Add example about entity-alias restriction

Co-authored-by: Meggie <meggie@hashicorp.com>
2021-12-08 13:52:51 -08:00
Tom Proctor be07a202d9
Docs to clarify k8s auth options with short-lived tokens (#13275)
* Rework 1.21 content into one heading and add note at top
* Add notes about extended k8s token duration
* Add example of ClusterRoleBinding for using client JWTs
2021-12-08 18:20:24 +00:00
Mike Green 05da506dea
clarify more sink options (#12586) 2021-12-07 12:16:14 -08:00
Calvin Leung Huang 0c5662770d
docs: update custom database sample code (#13211) 2021-12-07 11:10:02 -08:00
mickael-hc 36207b5668
docs: winsvc update recommendations (#13280) 2021-12-07 10:35:13 -08:00
Loann Le 8f7dd0c291
modifed note (#13351) 2021-12-07 08:46:46 -08:00
Steven Clark 94e6a688ff
Add kms_library configuration stanza (#13352)
- Add the kms_library configuration stanza to Vault's command/server
 - Provide validation of keys and general configuration.
 - Add initial kms_library configuration documentation
 - Attempt at startup to verify we can read the configured HSM Library
 - Hook in KmsLibrary config into the Validate to detect typo/unused keys
2021-12-07 09:58:23 -05:00
Harsimran Singh Maan 7178e2c4be
Fix typo (#13355) 2021-12-06 17:23:03 -08:00
Heather Simon 04d634d9d2 Merge branch 'main' of https://github.com/hashicorp/vault 2021-12-06 10:09:49 -08:00
Noel Prince b4d86a13c1
improve "x_forwarded_for_hop_skips" example (#12463)
Currently the example given results in 2.3.4.5 if it is indexed from other side. This new example prevents confusion because it is now clear which side x_forwarded_for_hop_skips is indexing from
2021-12-06 10:56:51 -05:00
Heather Simon f44dbce609 Typo fix in 1.9 Release Notes
Fixes a typo in "Vault Agent improvements"
2021-12-03 14:02:16 -08:00
Loann Le 21b01b71a6
Vault documentation: updated client count FAQ document (#13330)
* modified based on feedback

* Update faq.mdx

fixed text
2021-12-02 11:21:56 -08:00
Jim Kalafut 9ed05c3ff5
Fix doc build (#13329)
path-help.mdx is now the reference for help.
2021-12-02 08:31:56 -08:00
Jim Kalafut f0f4c2886a
Unhide or remove docs sidebar elements (#13198)
A few sidebar elements are hidden for unknown reasons. If we have a
reason to keep them hidden (vs deleting the element and associated docs),
maybe we could add `"_comment":"Hidden because ..."` to them.

A few other elements were definitely obsolete so I've removed them.
2021-12-01 16:58:28 -08:00
Rowan Smith a78721dbfe
update custom headers to mention 1.9 is required (#13155)
* update custom headers to mention 1.9 is required

Per https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#190-rc1 the custom response headers are a new feature introduced in 1.9, meaning we should explicitly call out this version requirement in documentation, otherwise users of earlier versions of Vault will unable to use the functionality and may consider it a bug.

* Update website/content/docs/configuration/listener/tcp.mdx

reads better, agreed

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-12-01 10:48:06 -08:00
Nick Cabatoff a47a2c9fc4
Add "operator members" command to list nodes in the cluster. (#13292) 2021-11-30 14:49:58 -05:00
Nicola Kabar b5f1027d07
docs: added minor recommendation for k8s agent annotations (#13239)
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-11-29 14:57:19 -08:00
Mike 4fd241c3d3
Fix case typo in docs (#13259) 2021-11-29 15:55:46 -05:00
Yoko Hyakuna 6ea0df030e
Update Vault Agent intro (#13267)
* Update Vault Agent intro

* Update website/content/docs/agent/index.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/agent/index.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-24 12:41:11 -08:00
Scott Miller f1b18bd990
Don't claim that Vault obfuscates the environment variable for sensitive values, this doesn't work at least in recent version of Go, as Go makes a copy of the environment, so we're only modifying that one, and not the one visible to the rest of the system (#13252) 2021-11-24 11:50:34 -06:00
akshya96 3c6f68f9c4
Docs/custom metadata updates (#13244)
* adding custom_metadata read and update changes

* adding custom metadata changes
2021-11-23 09:40:44 -08:00
Nick Cabatoff 0082cc4a5b
Correct flag name: -dev-kv-v1, not dev-kv-1. (#13250) 2021-11-23 12:17:51 -05:00
Austin Gebauer d5f4fbecc1
identity/oidc: optional nonce parameter for authorize request (#13231) 2021-11-22 09:42:22 -08:00
Loann Le 10d146125a
Updates to 1.9 documentation (#13228)
* incorporated feedback

* fixed link

* fixed link again

* found another error
2021-11-19 12:46:47 -08:00
Theron Voran 79ec6b7f3d
docs: updated for vault-k8s 0.14.1 vault-helm 0.18.0 (#13199)
* version bumps

* updated chart options
2021-11-18 18:08:35 -08:00
Gary Frederick 9622e36b82
Docs deprecate token issuer validation (#13019)
* change default vaule for disable_iss_validation to be true

* mark as deprecated | remove issuer from sample

* deprecation section

* additional informaiton about when fields will be removed

* additional deprecation note under csi provider

* punctuation

* make the deprecation note more noticable

* missing issuer sentence | remove whitespace

* Update website/content/docs/platform/k8s/csi/index.mdx

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* cleanup

* additional deprecation comments

* fix discovery link

* highlight

* no need to configure the issuer

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2021-11-18 15:16:54 -08:00
John-Michael Faircloth 73d3204b8f
OIDC: add note on PKCE support for code flow (#13206)
* OIDC: add note on PKCE support for code flow

* add changelog

* remove changelong
2021-11-18 13:46:34 -06:00
Loann Le 4127092fdd
fixed errors in file (#13205) 2021-11-18 10:50:26 -08:00
Martin Hristov c933664eeb
docs: fixing the injector.webhookAnnotations annotation (#13181) 2021-11-17 18:19:33 -08:00
Loann Le 42abf7ed2e
Updated Vault 1.9 documentation (#13194)
* post 1-9 doc changes

* fixed endpoint sample

* Update website/content/docs/release-notes/1.9.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-11-17 14:23:48 -08:00
VAL f6d8904540
Use new auth modules + Login method in Go client docs (#13189) 2021-11-17 11:52:38 -08:00
Meggie 5af1db7992
Removing draft note (#13187) 2021-11-17 13:22:55 -05:00
Austin Gebauer a01e1a4101
docs/identity: fix template parameter for groups (#13176) 2021-11-17 08:25:37 -08:00
Tom Proctor 46adcccfea
Website docs for Vault EKM provider for MS SQL (#13175) 2021-11-17 13:46:07 +00:00
Austin Gebauer b73815f966
identity/oidc: Adds section to 1.9 upgrade guide for ACL policy requirements (#13154) 2021-11-16 11:27:31 -08:00
Austin Gebauer d75db00dcb
Adds documentation for GCP Cloud KMS support in key management secrets engine (#13153) 2021-11-16 11:27:08 -08:00
Loann Le 764c10ded7
[Doc Assembly Branch] Vault 1.9 release (#12944)
* new document for feature deprecation notice

* fixed errors

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>

* Update website/content/docs/feature-deprecation-notice.mdx

Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>

* Update feature-deprecation-notice.mdx

* added new faq page

* added content for faq

* updated faq page based on aarti's feedback

* added client count faq

* fixed a broken link

* added links

* fixed spacing issue

* added new release notes page

* edited the client count faq

* edited the feature deprecation faq

* edited the featue deprecation notice and plans

* edited the release notes

* added new oidc provider doc

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* incorporated feedback

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* changed mnt_acc to mount_accessor

* rewritting content

* added doc link

* fixed link error

* fixed spacing error

* incorporate additional feedback

* more feedback

* incorporated more feedback

* fixed headings

* fixed a heading

* incorproate changes

* incorporate feedback

* modified RN based on feedback

* Update website/content/docs/concepts/oidc-provider.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* updated final release notes

* updated image

* fixed link

* added a new hyperlink to the etcd document

* add and modify notes; update scope template

* break identity docs into separate pages

* fix nav for identity token

* fix nav links; add links on overview

* use real example IDs

* fix typos

* incorporated additional feedback

Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>
2021-11-15 18:02:36 -08:00
Rémi Lapeyre 677e2a1ca5
Fix some typos (#12289) 2021-11-15 14:52:04 -05:00
Yoko Hyakuna ff145d3a4f
Fix out-dated hyperlink (#13145) 2021-11-15 09:53:49 -08:00
Hridoy Roy 1279413ea2
Docs Updates for Client Counting non-entity tokens (#13134)
* some client count docs updates

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: swayne275 <swayne275@gmail.com>

* remove full link path

* more path shortening for urls

Co-authored-by: swayne275 <swayne275@gmail.com>
2021-11-12 13:12:23 -08:00
Hridoy Roy 1fc0a699d9
Docs for counting non-entity tokens in the Activity Log (#13007)
* docs for counting tokens without entities

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: swayne275 <swayne275@gmail.com>

* remove parens in docs

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* update documentation to be consistent with the non-entity token terminology

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/docs/concepts/client-count.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* add line about client ids to the api docs

* syntax and grammar

Co-authored-by: swayne275 <swayne275@gmail.com>
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-12 09:59:50 -08:00
swayne275 12faa5227b
define batch token interaction with lease count quota (#13127) 2021-11-11 16:09:44 -07:00
Loann Le 6a5fc75ff5
fixed link error (#13103) 2021-11-10 09:38:02 -08:00
swayne275 0604c12f27
Namespace API Lock docs (#13064)
* add api lock doc

* add docs nav data

* Update website/content/api-docs/system/namespaces.mdx

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>

* update command doc

* clarify locked http status code

* add example exempt path

* further exempt clarification

* link api locked response

* add x-vault-namespace api example

* Update website/content/docs/concepts/namespace-api-lock.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* review suggestions

* few other small tweaks

Co-authored-by: Chris Capurso <christopher.capurso@gmail.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-11-09 15:43:17 -07:00
Daniel Nathan Gray 26711ab017
Documentation consistency GPG keys are PGP keys. (#13073)
* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: GPG keys are PGP keys

* Consistency: s/GPG/PGP keys, use GPG's proper name

* Use GPG's proper name GnuPG

* Use GPG's proper name GnuPG

* Consistency: GPG keys are PGP keys

* Fix typo
2021-11-08 10:04:59 -08:00
Meggie bb6ba32f65
Add note that monitor command may truncate logs (#13079)
* Add note that monitor command may truncate logs

* Apply suggestions from code review

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-11-08 12:52:42 -05:00
Jason O'Donnell 16bc065c48
secrets/azure: add doc for rotate-root and AAD migration (#13066)
* secrets/azure: add doc for rotate-root and AAD migration

* Formatting

* Fix bad link, update warnings
2021-11-05 13:04:25 -04:00
castironclay c2e7aca9ca
Address algorithm not supported (#12852)
error seen on host /var/log/auth.log:
  userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]
2021-11-04 18:07:46 -04:00
Loann Le a6432ca770
added new code samples (#13030) 2021-11-03 10:10:28 -07:00
Nick Cabatoff ddf89f2708
Add more detail to recovery mode docs. (#12984) 2021-11-03 10:22:00 -04:00
Gary Frederick f16f3efed5
add missing back tick (#12941) 2021-11-02 14:06:17 -07:00
akshya96 8b89a14f13
Local auth mount documentation (#12970)
* adding documentation changes

* adding requested changes

* adding suggested changes
2021-11-02 13:23:29 -07:00
Theron Voran 3277b8441e
docs: agent cache config requirements (#13006)
Added a note that agent cache requires at least one listener or template
to be defined in the config, and a couple spelling corrections.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2021-11-02 11:29:40 -07:00
Victor Rodriguez f6e35369f0
VAULT-444: Add PKI tidy-status endpoint. (#12885)
VAULT-444: Add PKI tidy-status endpoint.

Add metrics so that the PKI tidy status can be monitored using telemetry as well.

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2021-11-02 11:12:49 -04:00
Alexander Scheel ecfc679283
TLS Documentation Changes (#12940)
* Add note to TLS cipher suite configuration

Ordering is no longer respected and the tls_max_version flag must be
used for this list to be relevant (as TLSv1.3 will ignore the cipher
suite list entirely).

See blog post linked in the docs for more information.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Note that server cipher suite flag is ignored

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add upgrade note about TLS cipher suites

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2021-11-01 18:14:41 -04:00
Meggie 7ca83828c4
Note on pending etcd v2 API deprecation (#12935)
* Note on pending etcd v2 API deprecation

* Updating etcd guidance to include migration
2021-11-01 11:46:28 -04:00
Yoko Hyakuna a681b363ca
Fix reported error (#12973) 2021-10-29 17:05:24 -07:00
Jim Kalafut ee6b81eb43
Add known issue about MSSQL panic (#12961) 2021-10-28 14:46:14 -07:00
Alexander Scheel 5579394b48
go-kms-wrapping update for Azure Key Vault's Managed HSM offering (#12934)
* Update to hashicorp/go-kms-wrapping@v0.6.8

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation around Managed HSM KeyVault

This introduces the "resource" config parameter and the
AZURE_AD_RESOURCE environment variable from the updated go-kms-wrapping
dependency.

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry for g-k-w changes

Includes changes from @stevendpclark.

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com>
2021-10-27 12:07:18 -04:00
Chris Capurso 7dcae18641
Update kv custom metadata docs (#12920)
* fix json code block in kv api docs

* add custom_metadata to GET, PUT, PATCH in kv api docs

* add custom_metadata to get, put, and patch in kv CLI docs
2021-10-26 15:41:40 -04:00
Guillaume b9b7f5a9a3
Added support for a LDAP user search filter. Documentation, tests and UI included (#11000) 2021-10-26 10:39:12 -07:00
Chris Capurso 509eabbff6
add custom-metadata flag docs for 'vault kv metadata put' cmd (#12729) 2021-10-25 14:08:48 -04:00
Tom Proctor 9ad06611a4
agent: Docs for auto-auth and limited-use tokens (#12918)
There are a number of auth methods that support creating tokens with a limited number of uses. However, Vault Agent doesn't track the uses remaining for its auto-auth token, so it may result in flaky permission denied responses if that limit is hit and Vault Agent remains unaware.
2021-10-25 18:25:24 +01:00
Theron Voran 96c49ee528
docs: updates for vault-k8s and vault-helm (#12901)
Documentation updates for vault-k8s 0.14.0 and vault-helm 0.17.0
releases.
2021-10-22 14:26:13 -07:00
Chris Capurso 9c8fe62818
add patch section to kv-v2 api and CLI docs (#12689)
* add data patch section to kv-v2 api docs

* fix trucated output for kv put command with cas cmd in kv-v2 docs

* wip vault kv patch CLI docs

* add new flags to 'vault kv patch' CLI command docs

* fix cas_required formatting

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* fix cas formatting

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* additional format fixes

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-22 15:31:03 -04:00
Andreas Gruhler 8f6e4f1923
Clarify docs for CSI provider secretArgs (#12570) 2021-10-22 16:27:24 +01:00
Nick Cabatoff d66fd98d4a
Add support for go-sockaddr templated addresses in config. (#9109) 2021-10-21 10:10:48 -04:00
Meggie fe3abd7e53
Adding upgrade note about request counters API (#12858)
* Adding upgrade note about request counters API

* Note on internal and new behavior
2021-10-21 09:58:28 -04:00
Dave Du Cros ceac6e913d
operator generate-root -decode: allow token from stdin (#12881)
* operator generate-root -decode: allow token from stdin

Allow passing "-" as the value for -decode, causing the encoded token to
be read from stdin. This is intended to prevent leaking the encoded
token + otp into process logs in enterprise environments.

* add changelog entry for PR12881

* add check/test for empty decode value passed via stdin
2021-10-20 12:29:17 -04:00
Daniel Kimsey f9100dfb42
Add documentation for vault-plugin-auth-jwt skip_browser CLI option (#12833) 2021-10-19 15:55:24 -07:00
Loann Le 1347d4c534
Vault documentation: created new identity concepts page (#12825)
* created draft PR for identity doc

* relocated identity page

* fixed error in side nav

* Fix table format

* Add Learn tutorial link

* fixed typo

* Update identity.mdx

fixed typo

* modified intro

* Removed duplicated description about entity (#12861)

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-10-19 10:56:15 -07:00
Steven Clark b75e990cb6
Update website docs regarding ssh role allowed_extensions parameter (#12857)
* Update website docs regarding ssh role allowed_extensions parameter

 - Add note within the upgrading to 1.9.0 about behaviour change
 - Prefix the important note block within the main documentation about
   signed ssh certificates that it applies pre-vault 1.9
 - Update api docs for the allowed_extensions parameter within the ssh
   role parameter.

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-19 09:30:06 -04:00
Victor Rodriguez 70a9636575
Update docs with Transform FPE advanced I/O handling features (#12744) 2021-10-15 14:51:53 -04:00
hghaf099 d016fafdf8
Documentation for custom http response headers (#12524)
* Documentation for custom http response headers

* Adding more explanation of what custom headers are and when to use them

* Header in the config takes precedence

* Update website/content/docs/configuration/listener/tcp.mdx

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* Adding more information on how to use custom response headers

* adding an API link to the ui

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
2021-10-14 16:04:35 -04:00
Pratyoy Mukhopadhyay 148109b8ed
[VAULT-3252] Disallow alias creation if entity/accessor combination exists (#12747)
* Disallow alias creation if entity/accessor combination exists

* Add changelog

* Address review comments

* Add handling to aliasUpdate, some field renaming

* Update tests to work under new entity-alias constraint

* Add check to entity merge, other review fixes

* Log duplicated accessors only once

* Fix flaky test

* Add note about new constraint to docs

* Update entity merge warn log
2021-10-14 09:52:07 -07:00
Nick Cabatoff 4b847446f3
Document autopilot metrics (#12612) 2021-10-14 09:03:17 -04:00
Alex Cahn d28370747d
Docs/vip update (#12826) 2021-10-13 18:05:19 -07:00
Alex Cahn 1fd0e65fc0
Docs/vip update (#12818)
* Update the Vault Integration program page

This includes now support for HCP Vault as well as general updates to the program

* Updated process flow image

* Adding HCP V image

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

* Update website/content/docs/partnerships.mdx

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-13 13:06:09 -07:00
Loann Le ce0091f5ee
Vault Documentation: Modified What is Vault description (#12783)
* modified vault description

* modified paragraph based on feedback

* Update what-is-vault.mdx

Removed characters that were arbitrarily added.

* Update what-is-vault.mdx

changed markdown syntax for 'secret's
2021-10-13 07:48:00 -07:00
DJCrabhat 810282d469
Add nonce configuration parameter to agent AWS auto-auth documentation (#10926)
* Update aws.mdx

Was looking how to give the vault agent with AWS auth-auth the same nonce, but saw it wasn't documented.  Dove through the code, found https://github.com/hashicorp/vault/blob/master/command/agent/auth/aws/aws.go#L139 and https://github.com/hashicorp/vault/blob/master/command/agent/auth/aws/aws.go#L215 

(tried to call out the importance and point to docs, know setting `nonce` poorly could be very bad!)

* add line breaks

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

Co-authored-by: hghaf099 <83242695+hghaf099@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-13 10:45:34 -04:00
dr-db ee3b1ac4c1
Update index.mdx (#12395)
Typo fix.
2021-10-12 18:50:20 -07:00
Mike Green c99865d970
Clarify max TTL and system max TTL behavior (#12391) 2021-10-12 13:24:07 +01:00
vinay-gopalan ef103cc618
Fix connection_url in AzureSQL Config Example in Secret Engine Docs (#12803)
* remove newline in azuresql example conn url

* add changelog

* remove changelog
2021-10-11 14:11:24 -07:00
Jason O'Donnell 8b5d386537
docs: add additional resources for vault agent templating language (#12798)
* docs: add templating language links

* docs: add templating language links
2021-10-11 14:31:50 -04:00
Loann Le 964a0f3b15
Vault documentation: added new code sample to Kubernetes documentation (#12774)
* added new code sample for k8s auth

* Update kubernetes.mdx

removed spacing
2021-10-08 14:57:53 -07:00
Loann Le 833b51dbba
Documentation: added new c# code samples to Vault documentation (#12769)
* added new code sample for C-sharp

* Update aws.mdx

Removed extra spacing

* added more code samples

* Update gcp.mdx

removed spacing

* Update aws.mdx

remove spacing
2021-10-08 08:54:26 -07:00
Rowan Smith 893a4b9051
raft auto_join_scheme documentation update (#12701) 2021-10-08 08:32:50 -04:00
Jim Kalafut 65d0718a17
Update docs to reference paths filters instead of mount filters (#12717) 2021-10-07 22:53:07 -07:00
Jason O'Donnell 403595fa9f
docs: add note for rolesets to avoid globs in policies (#12756)
* docs: add note for rolesets to avoid wildcards in policies

* Add note about not using example

* Change wildcard to glob

* Update website/content/docs/upgrading/upgrade-to-1.8.0.mdx

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>

* Update documentation per review

* Update per review

* Update website/content/docs/upgrading/upgrade-to-1.8.0.mdx

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
2021-10-07 15:35:56 -04:00
Rowan Smith f21be1ed1c
updated vault.core.license.expiration_time_epoch (#12760) 2021-10-07 07:14:25 -04:00
Michael Boulding 79662d0842
Patch to support VAULT_HTTP_PROXY variable (#12582)
* patch to support VAULT_HTTP_PROXY variable

* simplify the proxy replacement

* internal code review

* rename to VAULT_HTTP_PROXY, apply within ReadEnvironment

* clean up some unintended whitespace changes

* add docs for the new env variable and a changelog entry

Co-authored-by: Dave Du Cros <davidducros@gmail.com>
2021-10-06 09:40:31 -07:00
Calvin Leung Huang 752e4a48a1
docs: add plugin limits and lifecycle sections (#12697)
* docs: add plugin limits and lifecycle sections

* remove extranous comments on the limits page

* add more lifecycle cases, review feedback

* address follow-up review feedback

* rename section to "External plugin limits"
2021-10-01 11:59:13 -07:00
Siddharth 97914173fe
Update plugin-portal.mdx (#12681) 2021-09-30 11:00:44 -07:00
Loann Le 037c538ed0
Updated documentation: added new code example and reference (#12693)
* added new code example

* Update website/content/docs/concepts/auth.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/concepts/lease.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update lease.mdx

* Update website/content/docs/concepts/lease.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2021-09-30 10:46:01 -07:00
Jim Kalafut 06d53f1b18
Highlight that password policies are defined in a namespace (#12692) 2021-09-30 09:41:45 -07:00
Theron Voran 1210a9d319
docs: vault-k8s-0.13.1 vault-helm-0.16.1 (#12680)
Vault K8s 0.13.1 and Vault Helm 0.16.1 updated the default Vault
image, so making the corresponding docs updates here.
2021-09-30 08:49:56 -07:00
Michael Golowka bee49a4c49
Update Azure secrets engine to use MS Graph (#12629) 2021-09-29 11:28:13 -06:00
jweissig f854b4446f
docs: updated enterprise package name (#12667)
Updated docs to align with Enterprise package name.
2021-09-29 10:17:31 -04:00
Blake Covarrubias 0963230b8c
docs: Remove permissive policies in Consul ACL examples (#12454)
The ACL policy examples documented on the Consul Storage Backend and
Consul Service Registration pages are too permissive. Both policies
unnecessarily grant agent:write and node:write access for all agents
within the Consul datacenter. When Consul is used solely for service
registration, `service:write` is only required permission.

This commit modifies the policy for the Consul Storage Backend to
remove node:write access, and changes agent:write to agent:read.

The policy on the Consul Service Registration page is updated to
remove all KV-related privileges, and solely grant the necessary
service:write permission.
2021-09-28 14:13:41 -07:00
Loann Le e94ab7c1f5
Documentation update: Added tuner parameters to the Sensitive information section (#12655)
* added tuner parameter to doc

* reworded the text

* updated text based on feedback

* fine-tuning sentence

* changed to relative links
2021-09-28 11:44:46 -07:00
Francisco Navarro Morales 5bff0d5fc3
Fix typo in command (#12619)
Add missing space after `cut -d`
2021-09-27 12:37:03 -07:00
Mike Green 373f50af47
Add rotate-root cli (#11192) 2021-09-23 09:00:25 -07:00
aphorise f4c1a09e25
Docs: Seal pkcs11 updated example with actual hex slot reference and … (#12530)
* Docs: Seal pkcs11 updated example with actual hex slot reference and notes related to decimal conversion. Minor correction to **Note** area in 'lib' parameter above 'slot'.

* Docs: Seal pkcs11 slot note correction.
2021-09-22 16:55:20 -04:00
Kamal Mahmud 9c0e439d33
Add additional info on v1 KV engine (#12522)
Added information flag to enable v1 KV secret engine in dev mode
2021-09-22 13:31:46 -07:00
Nick Cabatoff 4cca2e0303
Update telemetry docs to include HA forwarding metrics. (#12611) 2021-09-22 12:10:26 -04:00
Tom Proctor 181269f8e1
Revert "Update installation.mdx (#12516)" (#12571)
This reverts commit ab5ad87945177dd0bab6cbcfdf6cc8507bba8c5d.
2021-09-22 11:54:25 +01:00
Loann Le b1cff88fff
added browswer support (#12587) 2021-09-21 13:48:21 -07:00
Yoko Hyakuna 8a122201bc
Add code snippet to demonstrate GCP auth in Go (#12578)
* Add code snippet to demonstrate GCP auth in Go

* Fix a grammatical error
2021-09-17 20:51:07 -07:00
Pratyoy Mukhopadhyay 0819eac6a8
Update token renew docs (#12572)
* Update docs for token renew api and cli

* Clarify api docs for renew/renew-self

* Update wording around periodic tokens
2021-09-16 16:54:46 -07:00
Theron Voran b2418a3a8c
docs: vault-k8s 0.13.0 and vault-helm 0.16.0 (#12573) 2021-09-16 14:58:02 -07:00
Meggie 78bb7d3808
Some docs notes (seal migration + go discover link) (#12542)
* Was confused by pre1.5.1 auto->auto note

* Helpful note on go-discover
2021-09-16 10:22:38 -04:00
Mitali Bisht 89271bf0ca
Added Artifactory secrets plugin (#12528)
* Added Artifactory secrets plugin

Added Artifactory secrets vault plugin under partner programs

* Update plugin-portal.mdx
2021-09-13 15:30:31 -07:00
Aaditya S fbe2462420
Fix typo in lease renew documentation (#10651)
The documentation for `renew` is showing the output for `revoke`.
2021-09-13 11:57:10 -07:00
Lukas Grossar 2f025ef30f
Add link to go-discover README to raft documentation (#10679) 2021-09-10 14:40:36 -07:00
Mike Green 68c561389f
add example for secret tuning (#12503) 2021-09-10 09:10:33 -07:00
Justin Weissig 8a721ef225
docs: update packaging (#12527)
* docs: update packaging

Update language to support current enterprise packaging.

* Update performance-standby.mdx
2021-09-09 14:36:15 -07:00
Theron Voran ed1088d81c
docs: k8s auth issuer lookup (#12506)
Moved the issuer discovery details to from the CSI docs to the K8s
auth docs.
2021-09-09 08:39:21 -07:00
Jim Kalafut 162d9eb095
Update 1.8 upgrade guide (#12518) 2021-09-08 13:14:51 -07:00
Alex Cahn dd0f3d9f2d
Update installation.mdx (#12516)
Updating based upon feedback from ServiceNow review
2021-09-08 12:57:15 -07:00
klucks83 eca34706d7
Update Auto Unseal info to say KMS instead of EKS (#10256)
While EKS may be the managed kubernetes environment under the hood, I believe the idea behind this section of the documentation is to use AWS KMS for seal/unseal operations, not EKS.  (i.e. The surrounding documentation is discussing other Auto Unseal options such as Google KMS.)  

The use of the term EKS instead of KMS made it hard for me to discover this section of documentation, and was a little confusing at first until I realized the possible error.
2021-09-08 10:06:24 -07:00
Justin Weissig 718a5f04c9
docs: update packaging (#12459)
* [WIP] docs: update packaging

Update language to support current enterprise packaging.

* Update index.mdx

* Update entropy-augmentation.mdx

* Update entropy-augmentation.mdx

* Update control-groups.mdx

* Update sealwrap.mdx

* Update index.mdx

* Update control-groups.mdx

* Update entropy-augmentation.mdx

* Update index.mdx

* Update index.mdx

* Update sealwrap.mdx

* Update index.mdx

* Update index.mdx

* Update index.mdx
2021-09-08 08:59:25 -07:00
mickael-hc d2310302a1
docs: provide clarifications for github auth method and ssh secrets engine (#12495)
* Clarify that any org GitHub user token can be used

* Clarify ssh secrets allowed_extensions behaviors
2021-09-08 10:55:35 -05:00
Rowan Smith b4dbd46928
audit page tweaks based on customer feedback (#12504) 2021-09-08 09:21:36 -04:00
Nicholas Seemiller 8bc69a4ccc
Update examples.mdx (#12333)
Deployment manifest has incorrect `envs` tag. It should be `env`
2021-09-07 17:32:22 -04:00
Pratyoy Mukhopadhyay 448ba32bf4
Update kv input documentation with edge case (#12500) 2021-09-07 13:15:33 -07:00
Pratyoy Mukhopadhyay 994372697b
Remove deprecated reauth function from docs (#12482) 2021-09-03 06:09:21 -07:00
Yoko Hyakuna 7c9b06da99
Fix isues 12397 (#12484) 2021-09-02 17:03:55 -07:00
Zadkiel 6d7ad94097
fix: update injector resources requirements (#11198) 2021-09-02 08:01:02 -07:00
Mike Green c04518044a
Clarify on overview page that audit is default replicated (#12298)
* Note that audit is replicated

* tweak

* clarify local is to the cluster, not only the node

* tweaking. i think this makes more sense
2021-09-01 13:53:01 -07:00
Loann Le d385747027
adding ARN in description (#12477) 2021-09-01 13:12:20 -07:00
Nick Cabatoff 8154cd2e4a
Add notes re dangers of identity write endpoints. (#12365) 2021-08-30 10:23:33 -04:00
Meggie 67dcbf1dea
Upgrade note for Alpine 3.14 docker images (#12450)
* Upgrade note for Alpine 3.14 docker images

It might break things for some people

* Add CVE #

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>

* Adding upgrade note to all relevant versions

Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>
2021-08-27 12:33:44 -04:00
Loann Le 97a3fd4287
Seal Migration Doc: Modified existing note (#12444)
* changed note

* fixed spacing issue

* Update website/content/docs/concepts/seal.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* modified intro

Co-authored-by: Meggie <meggie@hashicorp.com>
2021-08-26 16:06:23 -07:00
Nick Cabatoff 4f30a01068
Remove the old license instructions from the Enterprise index page. (#12400) 2021-08-25 12:16:38 -04:00
Calvin Leung Huang 306071f8b8
docs: fix exit flag reference on agent (#12401) 2021-08-24 14:26:56 -07:00
Meggie 98678e4caf
Upgrade note for RedHat package issue (#12345)
* Upgrade note for RedHat package issue

* Reverse ordering of upgrade guides

* Refining affected versions
2021-08-24 13:07:26 -04:00
swayne275 8b033c3c49
add known issue for dr secondary lease count quota invalidation (#12288)
* add known issue for dr secondary lease count quota invalidation

* Update website/content/partials/lease-count-quota-upgrade.mdx

Co-authored-by: Meggie <meggie@hashicorp.com>

* put known issues to main 1.6 and 1.7 pages

Co-authored-by: Meggie <meggie@hashicorp.com>
2021-08-23 15:58:06 -06:00
hghaf099 94ece6fd38
Lease count quotas does not apply to root tokens (#12405) 2021-08-23 17:22:28 -04:00
Chris Capurso 3f4a381f1b
Add kv custom key metadata (#12218)
* add custom-metdata flag to "kv metadata put" command

* add kv metadata put command test for custom-metadata flag

* add custom_metadata to kv-v2 api docs

* add custom_metadata to kv-v2 cli docs

* update go.mod

* Add custom metadata limits to docs

* add changelog entry

* update vault-plugin-secrets-kv to @master
2021-08-23 15:49:09 -04:00
Theron Voran f90b7104cd
docs: updates for vault-helm-0.15.0 and vault-k8s-0.12.0 (#12373)
Also simplifies the cert-manager example
2021-08-23 09:39:36 -07:00
Alex Cahn e4e8555e3a
Fixed a slight grammar mistake (#12356) 2021-08-20 12:08:34 -07:00
Mike Green 16794711d5
Add agent approle method example (#12297) 2021-08-19 11:03:57 -04:00
Meggie 0328598798
Removing line about consul consistency (#12353) 2021-08-19 10:01:47 -04:00
Nick Cabatoff f7cb7a19b2
Add docs for metrics from #11472. (#12278) 2021-08-19 09:49:00 -04:00
Andrei Burd b868dac12c
Docs: k8s annotations for static_secret_render_interval (#12244)
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2021-08-18 13:41:16 -07:00
John-Michael Faircloth 30f470915f
docs: draft update guide for identity token roles (#12337) 2021-08-17 11:27:32 -05:00
Loann Le 4e3b66a2d7
Vault Documentation: Added Glossary (#12324)
* added glossary

* Update website/content/docs/glossary.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/glossary.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* modified secrets and barrier content based on feedback

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-08-16 13:08:44 -07:00
Jim Kalafut 75b3dec8be
Add draft upgrade guide (#12332) 2021-08-16 10:58:09 -07:00
Yoko Hyakuna 7cfbc0350d
[Docs] Add code example (#12302)
* Experiment adding code example

* Add Go code snippet

* Minor updates to the brief description

* Add a note to reference 'Code Example'

* Fix the title

* Add a callout note up front
2021-08-12 12:53:15 -07:00
Jim Kalafut af57e56f09
Add AWS EC2 Auth known issue (#12316) 2021-08-12 10:45:32 -07:00
Andrei Burd 63de67d891
Agent template static secrets docs update (#12307)
* Agent template static secrets docs update

static_secret_render_interval mention

* Update website/content/docs/agent/template.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2021-08-11 12:30:37 -04:00
hghaf099 f885d97774
VAULT-2285 adding capability to accept comma separated entries for au… (#12126)
* VAULT-2285 adding capability to accept comma separated entries for auth enable/tune

* Adding changelog

* Adding logic to detect invalid input parameter for auth enable config

* Updating tune.mdx

* Updating secret enable/tune for comma separated parameters

* Adding further parameter checks for auth/secret tests
Fixing changelog
using builtin type for a switch statement
Fixing a possible panic scenario

* Changing a function name, using deep.Equal instead of what reflect package provides

* Fixing auth/secret enable/tune mdx files

* One more mdx file fix

* Only when users provide a single comma separated string in a curl command, split the entries by commas

* Fixing API docs for auth/mount enable/tune for comma separated entries

* updating docs, removing an unnecessary switch case
2021-08-09 15:37:03 -04:00
Meggie b43f9c10cc
Master -> Main on CL links (#12286) 2021-08-09 12:57:19 -04:00
Theron Voran 3455adc885
docs: vault-k8s and cert-manager (#12281)
Adding an example of configuring vault-k8s to use cert-manager for
managing the webhook certs.

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
2021-08-06 17:56:15 -07:00
Austin Gebauer bf086e8dc6
auth/oidc: documents redirect URI for UI login with form_post response_mode (#12273) 2021-08-05 15:13:33 -07:00
Loann Le 7ef0c4bde9
replaced changelog link (#12259) 2021-08-04 12:07:22 -07:00
Mike Green 65c449063b
Add link to Learn's usage tutorial (#11199)
* Add link to Learn's usage tutorial

* Update website/content/docs/commands/operator/usage.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2021-08-03 16:19:09 -07:00
Jim Kalafut 0c678f14a0
Add link to plugin upgrade instructions (#12043) 2021-08-03 15:58:17 -07:00
mickael-hc 795a5fea43
docs: add barrier key auto-rotation to internals/rotation (#12149)
This functionality was introduced in Vault 1.7.0 and is documented in api-docs/system/rotate-config
2021-08-03 15:52:24 -07:00
Meggie 034f09c373
Adding upgrade note about arm64 (#12240) 2021-08-03 11:54:55 -04:00
Jonathan Ballet dd33777d17
Improve "Integrated Storage" documentation (#12200)
* Improve "Integrated Storage" documentation

* add missing markup
* add more links to the configuration pages

* Improve the Raft Storage configuration page

* More markup

* Improve the "High Availability" documentation

* More links to the configuration pages

* More links

* even more links
2021-07-30 15:05:15 -07:00
Theron Voran d2e2761aee
docs: updates for vault-k8s v0.11.0 (#12209) 2021-07-29 14:52:29 -07:00
Theron Voran 5e113abbf4
docs: updating for vault-helm v0.14.0 (#12206)
And found a couple missing values
2021-07-29 11:16:08 -07:00
Vishal Nayak ab232b9d9a
Update docs to reflect support for autopilot DR (#12097)
* Update docs to reflect support for autopilot DR

* Reword sentence

* Fix link

* Fix link
2021-07-29 12:40:27 -04:00
Rowan Smith 8924e7d656
Fixed typo for 'forward' value in relation to caching (#12199) 2021-07-29 07:41:08 -04:00
SaintMalik 4223ddf6fd
Docs: Fix broken link (#12192)
* Docs: Fix broken link

What does this PR do

Fix dead or broken links in this docs page, making navigation easy for others.

* fixing broken link

* fixing broken links
2021-07-28 13:18:54 -07:00
akosuadenell 5f57fa205f
Update template.mdx (#11913)
Deleted duplicate text
2021-07-28 11:54:15 -07:00
Jim Kalafut 64b7f8eb1a
Add 1.8 release notes (#12190) 2021-07-28 08:54:09 -07:00
Jim Kalafut f86cede572
Add 1.8 upgrade guide (#12186) 2021-07-28 08:46:40 -07:00
John-Michael Faircloth fa9c5dc67c
docs: Update Database Capabilities to include username customization (#12172)
* docs: Update Database Capabilities to include username customization

* add operator/diagnose to the index file
2021-07-27 10:33:12 -05:00
Hridoy Roy fff7dc7a40
Diagnose docs + changelog (#12159)
* save

* diagnose docs

* changelog

* changelog formatting
2021-07-26 08:45:12 -07:00
Jacob e579cf4ad1
docs/update replication seal table (#12147)
* Update replication.mdx 

Add separate secondary seal and recovery key columns to better distinguish what is updated in each scenario.

* Update replication.mdx, fix caps.
2021-07-22 15:41:36 -04:00
Nicholas Seemiller 87ff4bfac8
Create Kubernetes Namespace (#11902)
If you're setting up vault for the first time on a cluster, the namespace may not exist.

Add a step to create the namespace.
2021-07-22 15:41:22 -04:00
Nick Cabatoff 9a26209a9d
Fix a couple of broken links to api docs. (#12143)
* Fix a couple of broken links to api docs.

* Qualify deprecation.
2021-07-21 13:09:32 -07:00
John-Michael Faircloth 877b8166f2
docs: Update Database Capabilities to include username customization (#12130)
* Update Database Capabilities docs page to include username customization column

* fix elasticdb entry, yes for 1.8+
2021-07-21 13:24:22 -05:00
swayne275 ed361ee8da
Fix minor typo in Internals/Plugins documentation (#12113)
* fix minor plugin doc typo

* fix limits of of typo and related

* forgot to save on this typo fix
2021-07-20 07:21:24 -06:00
Nick Cabatoff e98b45fc79
Fix license expiration metric name in docs. (#12125) 2021-07-19 19:19:32 -04:00
Pratyoy Mukhopadhyay 3990446e46
Update some metric types, fix some wording (#12122) 2021-07-19 14:54:24 -07:00
Meggie 08de78aedd
Elaborating on telemetry persistence (#12119)
* Elaborating on telemetry persistence

Some users understand how an aggregator relates to Vault telemetry, and
some users are approaching this concept for the first time. Those newer
to the concepts benefit from some extra clarification that the metrics
sourced directly from Vault aren't stored anywhere.

Sources:
https://prometheus.io/docs/concepts/metric_types/
https://github.com/OpenObservability/OpenMetrics/blob/main/specification/OpenMetrics.md
https://docs.splunk.com/observability/metrics-and-metadata/metric-types.html

* Updated summary note
2021-07-19 16:12:29 -04:00
Dave Shepherd f6770be254
Add AWS Cognito secrets engine to community section of the plugins website page (#11966) 2021-07-16 13:22:33 -07:00
Mike Green 20b84c4deb
Docs: Add link to more sentinel examples (#11931) 2021-07-16 16:20:41 -04:00
Josh Black 9052ed6466
Document bolt metrics (#12107) 2021-07-16 11:44:30 -07:00
Tom Proctor 47457b1298
Add ServiceNow credential resolver docs (#11996)
* Add ServiceNow credential resolver docs

* Add information about using system CAs

* Add field mappings and troubleshooting tips
2021-07-16 10:53:14 +01:00
Danny Hermes 16c3c4902a
Typo fix: period rotation -> periodic rotation (in transit docs) (#12030) 2021-07-15 08:18:09 -04:00
John-Michael Faircloth 07e00882b8
[docs] secrets/identity - grammar and punctuation fixes (#12065)
* some grammar and punctuation fixes

* remove unneeded char
2021-07-14 14:35:10 -05:00
Mike Green 217f69f8d2
docs/stepdown-clarification (#12077) 2021-07-14 15:10:07 -04:00
Loann Le 59bf7b9b09
removed sentence from intro (#12076) 2021-07-14 10:08:04 -07:00
Jason O'Donnell 8bc9790bf4
docs: fix formatting in azure secrets overview (#12058) 2021-07-13 14:55:53 -04:00
Yong Wen Chua 7ea650bc06
Update Documentation for GCP Static Account (#12027)
* Update API Docs for Static Account

* Update CHANGELOGs

* Update guide

* Clarify IAM

* More refinement

* Fix missing replace of roleset while copy/pasting

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Remove CHANGELOG

* Fix some double ticks

* Apply suggestions from code review

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update examples

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2021-07-13 09:36:05 -07:00
Meggie 02d5ce7374
Add replication example to upgrade docs (#12040) 2021-07-12 13:13:45 -04:00
Thor db9edf519b
cockroachdb: Fix either incorrect or outdated info (#11512)
The documentation stated that Vault would not create the table
if it doesn't exist. But Vault does attempt to create the table if
it doesn't exist.

Ref:
https://github.com/hashicorp/vault/blob/master/physical/cockroachdb/cockroachdb.go#L84
2021-07-09 14:30:21 -07:00
Pratyoy Mukhopadhyay 9b5e89bd34
[VAULT-2776] Add prefix_filter option to Vault (#12025)
* [VAULT-2776] Add prefix_filter support to vault

* [VAULT-2776] Add filter_default config, update docs

* [VAULT-2776] Add changelog file

* [VAULT-2776] Update telemetry tests and error handling

* [VAULT-2776] Add test fixtures, update test

* [VAULT-2776] Update gitignore hcl filter
2021-07-09 14:49:53 -05:00
Loann Le 43265d6626
changed name from faqs to faq (#12033) 2021-07-09 09:13:49 -07:00
Danny Hermes a4bb9baf48
Typo fix: period rotation -> periodic rotation (#12011) 2021-07-08 10:45:49 -04:00
Jason O'Donnell 0bc339a2f8
docs: add SSL connection example to oracle (#12006)
* docs: add SSL connection example to oracle

* Fix link

* Add quotes to path
2021-07-07 12:47:49 -04:00
Jason O'Donnell 5a3bf9b506
docs: fix link rendering for Oracle (#11994)
* docs: fix link rendering for Oracle

* Fix render
2021-07-06 13:25:36 -04:00
Mike Green 7878db7c2c
Add link to newish learn upgrade guide (#11748) 2021-07-01 08:12:57 -07:00
Pratyoy Mukhopadhyay c7e6a07939
Augment lease revocation metrics (#11954)
* [VAULT-1982] Add metric for irrevocable leases

* [VAULT-1982] Add metric for tracking worker count per queue

* [VAULT-1982] Update external docs

* [VAULT-1982] Add nil check on metrics sink

* [VAULT-1982] Update metric name, fix access patterns

* [VAULT-1982] Add locking when marking leases as irrevocable

* [VAULT-1982] Remove workers per mount metric

* [vault-1982] Misc review fixes

* [VAULT-1982] minor refactor

* [VAULT-1982] Add/update some comments
2021-06-30 14:37:36 -07:00
Nick Cabatoff 7ad3f74e07
Add overlooked 1.7 agent cache eventual consistency options. (#11964) 2021-06-29 15:36:10 -04:00
Austin Gebauer b34e24fa64
docs: AWS KMS updates for key management secrets engine (#11958) 2021-06-29 10:31:25 -07:00
Jason O'Donnell b2c9b3c344
plugins/ad: Add rotate-role endpoint (#11942)
* plugins/ad: add rotate-role

* Add doc

* changelog

* Add note about rotate-role in overview
2021-06-25 14:00:03 -04:00