luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
3410 commits 1 branch 0 tags 214 MiB
Commit graph

738 commits

Author SHA1 Message Date
Jeff Mitchell 7d1d003ba0 Update documentation and use ParseBool for list query param checking 2016-01-22 10:07:32 -05:00
Jeff Mitchell be1b4c8a46 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell 5341cb69cc Updates and documentation 2016-01-22 10:07:32 -05:00
Jeff Mitchell d621d7ebe7 Add C# library and do some reorg on the library page 2016-01-22 10:03:02 -05:00
Devin Christensen 512b1ddf6c Merge 'upstream/master' into postgres_physical 2016-01-21 13:04:27 -07:00
Dmitriy Gromov 4abca91d66 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov 0b5e35c8cd documenting the new aws/sts endpoint 2016-01-21 14:05:10 -05:00
Devin Christensen 06641570c7 Remove DDL statements from the code 2016-01-20 18:52:49 -07:00
Devin Christensen fc94487f55 Add support for PostgreSQL as a physical backend 2016-01-19 17:00:09 -07:00
Jeff Mitchell 973c888833 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell 3b994dbc7f Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jorge Ferreira 306c63b1be /encryption key/master key/ 2016-01-19 15:42:50 +00:00
Seth Vargo 6d655d75fe Do not use compressed javascripts 
Minifier gets really confused when you give it already-compressed
javascript.
 2016-01-14 15:00:41 -05:00
Jeff Mitchell 1001566a26 Keep ordering consistent in config doc, and put HA backends first 2016-01-14 13:55:53 -05:00
Seth Vargo 94f590581a Add scripts to deploy via Atlas 2016-01-14 13:42:53 -05:00
Seth Vargo e40c77ff27 Use HTTPS + www where appropriate 2016-01-14 13:42:47 -05:00
Seth Vargo d210b561a2 ImageOptim 2016-01-14 13:42:34 -05:00
Seth Vargo 13b1e8f9df Fix image asset URLs 2016-01-14 13:42:28 -05:00
Seth Vargo 2d7555f442 Remove Heroku stuff 2016-01-14 13:42:13 -05:00
Jeff Mitchell 5873824ee2 Version 0.4.1 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWls/HAAoJEFGFLYc0j/xMarQH/i6rW+wLm9DadkFV23jwjttt
 TRumTPDoBxHQDoB0wkC4CmA8UiZnzc68o5OlxisC8KAz/89HWZf8sUDxkOSY1vUX
 BGDkiv+KF6LiDRAdDyIqK6PYUkKHaJgue9Vnwu5+1iRv1sjK5PyPb992Wmt/DtOM
 nRn8Hn5qmmDCUm79TKXpZNMs/CRx21VM7q2Sm139kLzTr0Qg2Oyxcp3mB8TR7LtV
 ATdMQ//HzL/tGJ6Yw7zkgZzdf7EMFFO1SSVqAzqag6kqNqwjvmDGrQaTzkdl7anv
 72zMXqVcryeSL6DRZuR+OrHs63aaoTwIXcqO56nBrZ1NAEqkI0oCcvDZNLt7yi4=
 =YCXl
 -----END PGP SIGNATURE-----

Merge tag 'v0.4.1'

Version 0.4.1
 2016-01-14 09:57:21 -05:00
Jeff Mitchell eeac69939c Bump values to 0.4.1 2016-01-13 17:28:17 -05:00
Jeff Mitchell d949043cac Merge pull request #914 from hashicorp/acl-rework 
More granular ACL capabilities
 2016-01-12 21:11:52 -05:00
Ziyi, LIU 5204da4edd Fix typo 
Change "...implements is own login endpoint..." to "...implements its own login endpoint..."
 2016-01-12 22:22:13 +08:00
Jeff Mitchell e815db8756 Update audit sys docs 2016-01-11 19:08:23 -05:00
Eric Kidd 69434fd13e etcd: Allow disabling sync for load balanced etcd 
Some etcd configurations (such as that provided by compose.io) place the
etcd cluster behind multiple load balancers or proxies.  In this
configuration, calling Sync (or AutoSync) on the etcd client will
replace the load balancer addresses with the underlying etcd server
address.

This will cause the etcd client to bypass the load balancers, and may
cause the connection to fail completely if the etcd servers are
protected by a firewall.

This patch provides a "sync" option for the etcd backend, which defaults
to the current behavior, but which can be used to turn off of sync.
This corresponds to etcdctl's --no-sync option.
 2016-01-11 13:56:58 -05:00
Eric Kidd ebabcd857a etcd: Document existing username and password options 
These options were present in the source code, but not in the
documentation.  They're needed to connect to some hosted etcd services.
 2016-01-11 11:30:51 -05:00
Jeff Mitchell 4f4ddbf017 Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
Paul Seiffert 3a0ea3bcaa Add documentation for the DynamoDB backend 2016-01-08 17:34:31 +01:00
Jeff Mitchell a094eedce2 Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell d4bc51751e Fix typo in docs 2016-01-05 11:45:23 -05:00
Jeff Mitchell e54edd54ac Update documentation with policy fetching information. 2016-01-05 11:26:19 -05:00
Jonathan Thomas df5f5d68bd Merge pull request #888 from aedotj/patch-1 
Fixed "edit this page" not clickable
 2016-01-04 11:29:21 -08:00
kenjones-cisco 496e9962d0 Fixes mis-placed html tag 2015-12-31 10:37:01 -05:00
Jeff Mitchell a7a02b3043 Cert documentation fix. 
Fixes #899
 2015-12-30 16:44:24 -05:00
Jeff Mitchell 6cdb8aeb4f Merge branch 'master' into f-disable-tls 2015-12-29 12:59:02 -05:00
Jeff Mitchell 41d6e0e085 Merge pull request #882 from hashicorp/clarify-physical-support 
Clarify stance on physical backend support
 2015-12-29 11:40:23 -06:00
Greg G 911431ac27 Fixed "edit this page" not clickable 
The link in .edit-page-link is moved using top and right properties, which makes it "under" the layer of the rest of the page (at least in the docs). Changing the z-index fixes it.
 2015-12-28 17:51:27 +01:00
bashtoni 8248d15a5b Doc grammar fix 2015-12-22 21:27:08 +00:00
Jeff Mitchell dca0e72f10 Clarify stance on physical backend support 2015-12-22 10:50:31 -05:00
Jeff Mitchell 8cfc45e0eb Merge pull request #879 from hashicorp/header 
fixes 'by HashiCorp' in the header
 2015-12-21 12:39:54 -05:00
captainill a8b013a4f3 cleanup footer 2015-12-20 11:56:28 -08:00
kenjones c02013f631 add missing html tag 2015-12-20 14:20:30 -05:00
captainill 2ec7a2f032 capitol C in by hashicorp lockup 2015-12-19 21:21:18 -08:00
Jeff Mitchell 8bba9497ac Some copyediting/simplifying of the Consul page 2015-12-18 10:07:40 -05:00
kenjones 0d74de9da4 Update secret backend Consul documentation 
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
 2015-12-18 09:44:31 -05:00
Jeff Mitchell 1261791e6f Update etcd config docs with new options in 0.4. 
Ping #780
 2015-12-17 10:34:41 -05:00
Terry Corley d6884b85e1 Change API endpoint path for app-id 
The /login path was confusing because its not relative and not consistent with other documentation. Other documentation (e.g., username and password at https://www.vaultproject.io/docs/auth/userpass.html) uses relative path.
 2015-12-15 12:45:04 -06:00
captainill 60c5975f87 flexbox should only have been used on website subpages 2015-12-15 10:14:25 -08:00
Jeff Mitchell db7a2083bf Allow setting the advertise address via an environment variable. 
Fixes #581
 2015-12-14 21:22:55 -05:00
Jeff Mitchell ff9745bb00 Update Changelog and documentation with separate-HA-backend info. 2015-12-14 21:04:58 -05:00
Jeff Mitchell 7dca03eb3f Update documentation with Consul backend token_type parameter. 
Fixes #854
 2015-12-14 20:54:13 -05:00
Johan Haals fce85c12e2 Add vault-java to libraries 
vault-java implements the basic HTTP API, more endpoints are in the
pipeline
 2015-12-14 19:04:05 +01:00
captainill dfbe08fe8f fix bug in js for sticky footer by replacing with flexbox 2015-12-11 17:21:06 -08:00
Dallas Reedy 4f839cce9e Fix typo 
futher => further
 2015-12-11 08:50:06 -08:00
Jeff Mitchell 016e0dd0f3 Bump website version 2015-12-10 12:49:58 -05:00
Jeff Mitchell e25b3ad344 Update documentation to be consistent with return codes 
Fixes #831
 2015-12-10 10:26:40 -05:00
Jeff Mitchell 448efd56fa Merge branch 'master' into pki-csrs 2015-12-08 10:57:53 -05:00
Jeff Mitchell 902b7b0589 Add a warning about consistency of IAM credentials as a stop-gap. 
Ping #687
 2015-12-08 10:56:34 -05:00
Jeff Mitchell eee8386ea9 Add info about cert backend not checking CRL revocation. 2015-12-05 15:12:43 -05:00
Jeff Mitchell bf0909a892 Tab -> space doc fix 2015-12-05 15:04:54 -05:00
Jeff Mitchell 1dbfcc3b45 Merge branch 'master' into pki-csrs 2015-12-03 15:23:08 -05:00
Jeff Mitchell 3bdbd66f7d Remove datacenter from Consul configuration, as it cannot actually do 
anything

Fixes #816
 2015-12-03 15:16:37 -05:00
Jeff Mitchell 4eec9d69e8 Change allowed_base_domain to allowed_domains and allow_base_domain to 
allow_bare_domains, for comma-separated multi-domain support.
 2015-11-30 23:49:11 -05:00
Jeff Mitchell b6c49ddf01 Remove token display names from input options as there isn't a viable 
use-case for it at the moment
 2015-11-30 18:07:42 -05:00
Armon Dadgar 60ad2e0bbd website: updating documentation 2015-11-25 12:23:56 -08:00
Jeff Mitchell d461929c1d Documentation update 2015-11-20 13:13:57 -05:00
Jeff Mitchell 22a6d6fa22 Merge branch 'master' into pki-csrs 2015-11-20 12:48:38 -05:00
Jeff Mitchell 25e359084c Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up 2015-11-19 17:14:22 -05:00
Jeff Mitchell af3d6ced8e Update validator function for URIs. Change example of entering a CA to a 
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
 2015-11-19 11:35:17 -05:00
Jeff Mitchell 71f9ea8561 Make it clear that generating/setting a CA cert will overwrite what's 
there.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell a95228e4ee Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00
Jeff Mitchell c461652b40 Address some feedback from review 2015-11-19 09:51:18 -05:00
Jeff Mitchell ed62afec14 Large documentation updates, remove the pathlength path in favor of 
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell ea676ad4cc Add tests for intermediate signing and CRL, and fix a couple things 
Completes extra functionality.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell 1c7157e632 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell 45e7e61d71 Update audit documentation around what hash is used 2015-11-18 10:42:42 -05:00
captainill 28ae7b2466 edit this page 2015-11-09 21:10:49 -08:00
captainill d931c62d94 sidebar 2015-11-09 21:08:05 -08:00
captainill 2af4092734 redesign header bulk 2015-11-09 20:58:06 -08:00
Jeff Mitchell 1a45696208 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell 10913e2e6b Update cert documentation to note requiring sudo access. 2015-11-06 16:09:42 -05:00
Jeff Mitchell ffa879d6e2 Update S3 docs 2015-11-06 09:26:09 -05:00
Jeff Mitchell 08dbc70c9f Switch etcd default port to 2379, in line with 2.x. 
Fixes #753
 2015-11-05 09:47:50 -05:00
Sander van Harmelen 4ad533a5ba Add a line to the documentation to describe the new feature 2015-11-04 15:36:24 +01:00
Jeff Mitchell a4322afedb Merge pull request #746 from hashicorp/issue-677 
Add a PermitPool to physical and consul/inmem
 2015-11-03 15:26:58 -05:00
Jeff Mitchell 7f44a1b812 Add configuration parameter for max parallel connections to Consul 2015-11-03 15:26:07 -05:00
Jeff Mitchell 73e3aa1d64 Add create-orphan to documentation 2015-11-03 15:15:33 -05:00
Jeff Mitchell d3f7546602 Fix trailing whitespace complaints 2015-11-03 10:52:20 -05:00
Jeff Mitchell f0a25ed581 Clarify that CRLs are not fetched by Vault 2015-11-03 10:52:20 -05:00
Jeff Mitchell 154fc24777 Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell 59cc61cc79 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jeff Mitchell ffa196da0e Note that the dev server does not fork 
Fixes #710.
 2015-10-30 12:47:56 -04:00
Seth Vargo f83eba4666 Force a trailing slash 2015-10-29 16:21:39 -04:00
Jeff Mitchell e2d4a5fe0f Documentation update around path/key name encryption. 
Make it clear that path/key names in generic are not encrypted.

Fixes #697
 2015-10-29 11:21:40 -04:00
Jeff Mitchell c1d8b97342 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Jeff Mitchell 57290b6d92 Minor format fix in environment documentation 2015-10-28 09:56:28 -04:00
Seth Vargo b057645d73 Use vendored fastly logo 2015-10-26 12:13:03 -04:00
Seth Vargo a710a80252 Use releases for releases 2015-10-26 00:06:17 -04:00
Jason Antman c7ff26b650 add documentation for GitHub Auth Backend 'ttl' and 'max_ttl' parameters 2015-10-23 09:30:48 -04:00
Jason Antman b27e80d090 add GitHub Enterprise base_url to docs 
In https://github.com/hashicorp/vault/issues/716 @jefferai confirmed that the GitHub Auth Backend supports GitHub enterprise using an undocumented ``base_url`` parameter. This adds that parameter to the relevant documentation page.
 2015-10-23 09:18:07 -04:00
Jeremiah Johnson d4a8c08feb fix typo in first-secret.html.md 2015-10-22 12:04:22 -06:00
Jeff Mitchell 0168ce491b Update token documentation to better explain token durations 2015-10-22 13:02:37 -04:00
Jeff Mitchell 189b72c3ba Document the renew-self call 2015-10-21 10:53:20 -04:00
Jeff Mitchell bc40e652bf Remove revoke-self from sys API documentation as it's in the token-store instead 2015-10-21 10:46:41 -04:00
mkb 1d29ae940a Minor grammar fix. 2015-10-20 13:42:46 -07:00
Sam Handler df0d335700 bundle update middleman-hashicorp 2015-10-12 14:28:43 -04:00
Jeff Mitchell 9f0b1547bb Allow disabling the physical storage cache with 'disable_cache'. 
Fixes #674.
 2015-10-12 13:00:32 -04:00
Jeff Mitchell 44706da08c Merge pull request #691 from hashicorp/sethvargo/tabs_spaces_oh_my 
Remove tabs from terminal output
 2015-10-12 12:39:44 -04:00
Seth Vargo 50f720bc06 Remove tabs from terminal output 
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
 2015-10-12 12:10:22 -04:00
Jeff Mitchell 55c26a909e Documentation updates to remove lease id and duration from generic 
backend example.
 2015-10-12 10:01:15 -04:00
Seth Vargo 89d40450cd Force a Ruby version 2015-10-08 13:22:20 -04:00
Sam Handler ed9bb36516 bundle update middleman-hashicorp 2015-10-07 17:41:50 -04:00
Sam Handler ad09203343 use github_url to generate edit_this_page link 2015-10-07 17:39:08 -04:00
Sam Handler 703c01c767 Add github_slug and website_root config vars 2015-10-07 17:38:22 -04:00
Vishal Nayak bf464b9a4b Merge pull request #661 from hashicorp/maxopenconns 
Parameterize max open connections in postgresql and mysql backends
 2015-10-03 16:55:20 -04:00
Curtis Allen c9213a809d update acl example 
Without `auth/token/lookup-self` read access you are unable to
authenticate. Update example to work as well as use new command output.
 2015-10-02 09:06:42 -06:00
vishalnayak 644a655920 mysql: made max_open_connections configurable 2015-10-01 21:15:56 -04:00
vishalnayak 2051101c43 postgresql: Configurable max open connections to the database 2015-10-01 20:11:24 -04:00
Colin Rymer e2b157aa79 Remove redundant wording for SSH OTP introduction. 2015-09-30 10:58:44 -04:00
Jeff Mitchell f711393de6 Merge pull request #649 from ipoval/master 
[code-gardening] fix typo in the documentation
 2015-09-29 19:01:58 -07:00
Paul Hinze aa774daf1c website: bundle update 
gets latest middleman-hashicorp w/ bugfix
 2015-09-29 18:56:47 -07:00
vishalnayak c3569bae5e Fixed gravatar hash 2015-09-29 14:12:58 -04:00
Ivan Povalyukhin 0bced67170 [code-gardening] fix typo in the documentation 2015-09-28 19:34:57 -07:00
Jeff Mitchell 62ac518ae7 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Sam Handler a0290f69df Add 'edit this page' link to footer 2015-09-24 14:10:32 -07:00
Sam Handler d8ab92dcd6 bundle update middleman-hashicorp 2015-09-24 13:53:13 -07:00
Sam Handler f963e0b67d Update README to point to Makefile 2015-09-24 13:52:27 -07:00
Sam Handler b274e94413 Add Makefile 2015-09-24 13:51:25 -07:00
Jeff Mitchell af27a99bb7 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Jeff Mitchell e38c21e0ca Documentation fix for global TTLs 2015-09-24 12:17:26 -04:00
Jeff Mitchell 8fa7d3bd0b Add revoke-self to docs 2015-09-24 12:05:00 -04:00
Dominic Luechinger 89511e6977 Fixes docs for new JWT secret backend 2015-09-24 16:47:17 +02:00
Spencer Herzberg 54c62fe5aa docs: pg username not prefixed with vault- 
due to
05fa4a4a48,
vault no longer prefixes the username with `vault-`
 2015-09-22 10:14:47 -05:00
Jeff Mitchell a5f52f43b1 Minor doc update to SSH 2015-09-21 16:26:07 -04:00
Jeff Mitchell 29c722dbb6 Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell 3eb38d19ba Update transit backend documentation, and also return the min decryption 
value in a read operation on the key.
 2015-09-21 16:13:43 -04:00
Jeff Mitchell ca33cd8423 Add API endpoint documentation to cubbyhole 2015-09-21 16:13:36 -04:00
Jeff Mitchell 273f13fb41 Add API endpoint documentation to generic 2015-09-21 16:13:29 -04:00
Jeff Mitchell 59ba17c601 Add clarity to the lease concepts document. 2015-09-21 08:56:26 -04:00
Jeff Mitchell 801e531364 Enhance transit backend: 
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
 2015-09-18 14:41:05 -04:00
Jeff Mitchell 8f79e8be82 Add revoke-self endpoint. 
Fixes #620.
 2015-09-17 13:22:30 -04:00
Jonathan Klein dff6e468f9 Grammar fix 2015-09-15 15:53:27 -04:00
Jeff Mitchell 538852d6d6 Add documentation for cubbyhole 2015-09-15 13:50:37 -04:00
vishalnayak 142cb563a6 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Jeff Mitchell ace611d56d Address items from feedback. Make MountConfig use values rather than 
pointers and change how config is read to compensate.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell 488d33c70a Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell 4239f9d243 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell f4239556d2 Merge pull request #508 from mfischer-zd/webdoc_environment 
docs: Document environment variables
 2015-09-09 11:29:10 -04:00
Jeff Mitchell 1a8bcfe18d Merge pull request #592 from blalor/patch-1 
Remove unused param to 'vault write aws/roles/deploy'
 2015-09-09 11:28:15 -04:00
Michael S. Fischer 24a5127fab docs: Document environment variables 2015-09-08 11:59:58 -07:00
Neo 4e3e9c38a2 Typo fix 2015-09-08 02:43:01 +02:00
Brian Lalor 2ae48fa586 Remove unused param to 'vault write aws/roles/deploy' 
The name is taken from the path, not the request body.  Having the duplicate key is confusing.
 2015-09-06 06:57:39 -04:00
Armon Dadgar 4eaacaf546 Merge pull request #590 from MarkVLK/patch-1 
Update mysql docs markdown to fix grammar error
 2015-09-04 19:13:50 -07:00
MarkVLK fae51d605f Update transit docs markdown to add missing word 
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
 2015-09-04 17:11:34 -07:00
MarkVLK cd292d5372 Update mysql docs markdown to fix grammar error 
Changed "... used to **generated** those credentials" to "... used to **generate** those credentials."
 2015-09-04 17:05:45 -07:00
Seth Vargo 6f248425a6 Update documentation around cookies 2015-09-03 10:36:59 -04:00
Vishal Nayak d4609dea28 Merge pull request #578 from hashicorp/exclude-cidr-list 
Vault SSH: Added exclude_cidr_list option to role
 2015-08-28 07:59:46 -04:00
vishalnayak b12a2f0013 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
Jeff Mitchell a4fc4a8e90 Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470. 2015-08-27 12:24:37 -07:00
vishalnayak fbff20d9ab Vault SSH: Docs for default CIDR value 2015-08-27 13:10:15 -04:00
vishalnayak 702a869010 Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
Jeff Mitchell 8669a87fdd When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes. 2015-08-26 07:59:50 -07:00
Jeff Mitchell b940d214bd Merge pull request #568 from ctennis/add_some_s3_info 
Make it clear for physical S3 backend we support instance profiles as well.
 2015-08-26 09:03:38 -04:00
Jeff Mitchell cc232e6f79 Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell 0b580d0521 Update website documentation for init and rekey with secret_pgp_keys API option 2015-08-25 14:52:13 -07:00
Caleb Tennis 6c30f9a0f9 Make it clear we support instance profiles as well, the existing docs seem to indicate static credentials are required 2015-08-25 06:47:07 -07:00
Armon Dadgar 88a7b57491 Merge pull request #558 from captainill/master 
make sure header is below clickable area that hides sidebar
 2015-08-21 10:21:40 -07:00
Jeff Mitchell ea9fbb90bc Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell 0fa783f850 Update help text for TTL values in generic backend 2015-08-20 17:59:30 -07:00
captainill ad9e00b166 make sure header is below clickable area that hides sidebar 2015-08-20 17:22:48 -07:00
Jeff Mitchell b57ce8e5c2 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4. 
Fixes #528.
 2015-08-20 16:41:25 -07:00
Vishal Nayak beca9f1596 Merge pull request #385 from hashicorp/vishal/vault 
SSH Secret Backend for Vault
 2015-08-20 10:03:15 -07:00
Bernhard K. Weisshuhn 86cde438a5 avoid dashes in generated usernames for cassandra to avoid quoting issues 2015-08-20 11:15:28 +02:00
vishalnayak 76ed3bec74 Vault SSH: 1024 is default key size and removed 4096 2015-08-19 12:51:33 -07:00
vishalnayak 1f5062a6e1 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-19 12:16:37 -07:00
David Winterbottom 9fd6837d7b Fix typo in ACL doc 2015-08-19 07:36:16 +01:00
Armon Dadgar f351cd5ee0 Merge pull request #531 from mfischer-zd/fix_doc_tls 
Clarify availability of tls_min_version
 2015-08-18 19:01:28 -07:00
vishalnayak b5cda4942b Vault SSH: doc update 2015-08-18 11:50:32 -07:00
vishalnayak b91ebbc6e2 Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak 9db318fc55 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
Michael S. Fischer 0e0cdeed75 Clarify availability of tls_min_version 
`tls_min_version` doesn't work in the current Vault release;
make that clear.
 2015-08-13 08:35:09 -07:00
vishalnayak 93dfa67039 Merging changes from master 2015-08-12 09:28:16 -07:00
vishalnayak 0abf07cb91 Vault SSH: Website doc v1. Removed path_echo 2015-08-12 09:25:28 -07:00
Erik Kristensen 2233f993ae initial pass at JWT secret backend 2015-08-06 17:49:44 -06:00
Armon Dadgar f58f46c243 Merge pull request #439 from geckoboard/feature-tls-mysql 
Using SSL to encrypt connections to MYSQL
 2015-08-05 14:52:43 -07:00
Armon Dadgar 4d08cfdf6f Merge pull request #469 from kgutwin/f-config-defaultlease 
Add configuration options for default lease duration and max lease duration
 2015-08-04 10:06:41 -07:00
Vivien Schilis 9db7426002 Add documentation for the tls_ca_file option 2015-08-04 05:10:33 +00:00
Rusty Ross 719ac6e714 update doc for app-id 
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
 2015-08-03 09:44:26 -07:00
Armon Dadgar 473668a1a0 Merge pull request #482 from chiefy/master 
Adding vaulted nodejs library to libraries section in docs.
 2015-07-31 15:13:44 -07:00
Long Nguyen e666b5c624 added golang client 2015-07-31 17:10:38 -04:00
Christopher Najewicz c5c7926af6 Adding vaulted nodejs library to libraries section in docs. 2015-07-31 14:31:26 -04:00
Armon Dadgar 03728af495 Merge pull request #464 from bgirardeau/master 
Add Multi-factor authentication with Duo
 2015-07-30 17:51:31 -07:00
Bradley Girardeau aa55d36f03 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Karl Gutwin 4bad987e58 PR review updates 2015-07-30 13:21:41 -04:00
Karl Gutwin 151ec72d00 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
Armon Dadgar 1535a21198 Merge pull request #384 from dkaffee92/feature/storage-backend-consul-configuration 
allow specifying certificates used to talk to consul for storage backend
 2015-07-29 14:41:53 -07:00
Fabian Ruff 41106d9b69 fix doc for pki/revoke API 2015-07-29 14:28:12 +02:00
Kevin Fishner 9fe25414aa update analytics 2015-07-28 16:05:27 -07:00
Bradley Girardeau 112f98d86f mfa: cleanup website documentation 2015-07-28 12:25:01 -07:00
Bradley Girardeau 6c24a000a3 mfa: add website documentation 2015-07-28 11:00:57 -07:00
Daniel Kaffee a6f828ba0a made documentation a bit more clear 2015-07-28 15:50:43 +03:00
Daniel Kaffee 4146be770c refactor code 2015-07-28 14:55:33 +03:00
Armon Dadgar 83729a3bd9 website: fixing details about HA backends 2015-07-24 12:11:45 -07:00
Armon Dadgar 80e59089ba Merge pull request #449 from JustinLaRose/master 
Cassandra secret backend doc update for connection config
 2015-07-23 13:42:59 -07:00
Armon Dadgar eeb623bca0 Merge pull request #447 from kgutwin/f-tlsvers 
Specify Vault listener minimum TLS version
 2015-07-23 13:42:42 -07:00
Armon Dadgar 9ec3cefea9 Merge pull request #433 from infame-io/feature/s3_sts 
Granting S3 backend temporary access
 2015-07-23 13:33:58 -07:00
Karl Gutwin 3a5e036727 Document warning for using lower TLS versions 2015-07-23 11:54:45 -04:00
Lauro Balderas 436dfd464d S3 backend session token documentation updated 2015-07-23 22:53:20 +10:00
Justin LaRose 361f10f79e Cassandra secret backend doc update for connection config - "hosts" instead of "host" 2015-07-23 03:07:29 -04:00
Karl Gutwin 1096f5a53e Avoid unnecessary abbreviation 2015-07-22 23:28:46 -04:00
Karl Gutwin 9c963a0632 TLS minimum version documentation 2015-07-22 23:21:18 -04:00
Armon Dadgar 63fcb61145 Merge pull request #419 from nbrownus/telemetry_names 
Disable hostname prefix for runtime telemetry
 2015-07-22 15:38:23 -07:00
Armon Dadgar 01147622ce Merge pull request #420 from bgirardeau/master 
LDAP Auth - Add per-user policies and option to login with userPrincipalName
 2015-07-22 14:35:21 -07:00
Bradley Girardeau e8d26d244b ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Seth Vargo 564f6d3743 Small tutorial fixes and tweaks 2015-07-19 16:52:11 -04:00
Daniel Somerfield 30920dc751 Finished draft of api tutorial and worked it into the flow. 2015-07-19 12:29:06 -07:00
Daniel Somerfield 89e0ed22db More work on apis doc. 2015-07-16 06:29:52 -07:00
Daniel Somerfield 3f45692500 Added start of page in intro that explains / demos the REST apis 2015-07-15 06:28:04 -07:00
Bradley Girardeau 1e1d4ba66d ldap: add documentation for setting policies based on user 2015-07-14 16:13:40 -07:00
Nate Brown 65dc78ba35 Docs for the telemetry object 2015-07-14 15:45:45 -07:00
Bradley Girardeau 0e2edc2378 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Seth Vargo d86a608db8 Use Rack::Protection 2015-07-13 13:07:24 -04:00
Seth Vargo 2ddeb831e4 Update middleman-hashicorp 2015-07-13 13:07:18 -04:00
Armon Dadgar 3042452def website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar 7be012b8b6 website: help command is now path-help 2015-07-13 20:03:29 +10:00
Armon Dadgar 26937498f6 physical/zk: Fixing node representation. Fixes #416 2015-07-13 19:33:23 +10:00
Armon Dadgar 8dd9478e14 website: fixing documentation errors. Fixes #412 2015-07-13 19:10:44 +10:00
Armon Dadgar 2da54da6ed website: update HA status, discourage ZK 2015-07-13 19:01:32 +10:00
Matt Button 76bc988e50 Remove documentation that was copied from the terraform project 2015-07-12 16:52:24 +00:00
mootpt 872593d1e1 fixed secrets backend url 
minor doc fix
 2015-07-06 11:11:58 -07:00
mootpt f782e7382e pointed authentication backend to proper location 
pointed authentication backend to proper location
 2015-07-06 10:42:14 -07:00
Armon Dadgar 70cd3d1206 Merge pull request #400 from hashicorp/f-glob 
Change ACL semantics, use explicit glob and deny has highest precedence
 2015-07-06 11:15:49 -06:00
Armon Dadgar 768a6e33b0 website: clarify changes in addition to feedback 2015-07-06 11:10:09 -06:00
Armon Dadgar 0be3d419c8 secret/transit: address PR feedback 2015-07-05 19:58:31 -06:00
Armon Dadgar 37b68d6dce website: clarify getting started ACL docs 2015-07-05 18:40:05 -06:00
Armon Dadgar 01b0257c5f website: update for glob matching 2015-07-05 17:43:13 -06:00
Armon Dadgar f4d555a2ba website: document derived keys in secret/transit 2015-07-05 14:47:16 -07:00
Armon Dadgar 0521c6df6c http: support ?standbyok for 200 status on standby. Fixes #389 2015-07-02 17:49:35 -07:00
Bradley Girardeau 42050fe77b ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar 3c58773598 Merge pull request #380 from kgutwin/cert-cli 
Enable TLS client cert authentication via the CLI
 2015-06-30 11:44:28 -07:00
Armon Dadgar b8f2e8d498 website: document insecure_tls for LDAP backend 2015-06-30 09:42:18 -07:00
Jeff Mitchell 42b90fa9b9 Address some issues from code review. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:27:23 -04:00
Karl Gutwin 70fc49be84 Website docs. 2015-06-30 09:18:39 -04:00
Jeff Mitchell fccbc587c6 A Cassandra secrets backend. 
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:04:01 -04:00
Armon Dadgar 3902626163 Merge pull request #310 from jefferai/f-pki 
Initial PKI backend implementation
 2015-06-21 11:12:22 +01:00
sergiopatino 3e58e8fff2 Fix typo in link to Atlas URL. 
Missing a colon after https!
 2015-06-21 02:41:26 -07:00
Jeff Mitchell e086879fa3 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell a6fc48b854 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Armon Dadgar 28ddff305c physical/mysql: cleanup and documentation 2015-06-18 14:31:00 -07:00
Jeff Mitchell 34f495a354 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00