open-vault

Author	SHA1	Message	Date
Jim Weber	dbb00534d9	saving role name to the Secret Internal data. Default revoke query added The rolename is now saved to the secret internal data for fetching later during the user revocation process. No longer deriving the role name from request path Added support for default revoke SQL statements that will provide the same functionality as before. If not revoke SQL statements are provided the default statements are used. Cleaned up personal ignores from the .gitignore file	2016-10-02 18:53:16 -04:00
Jim Weber	e0ea497cfe	Getting role name from the creds path used in revocation	2016-09-23 16:57:08 -04:00
Jim Weber	8709406eb3	secretCredsRevoke command no longer uses hardcoded query The removal of a user from the db is now handled similar to the creation. The SQL is read out of a key from the role and then executed with values substituted for username.	2016-09-23 16:05:49 -04:00
Jim Weber	1bed6bfc2c	Added support for a revokeSQL key value pair to the role	2016-09-23 16:00:23 -04:00
Jeff Mitchell	d65da5613c	Add missing dep	2016-09-21 14:02:35 -04:00
Jeff Mitchell	226ef5d78c	Make HA in etcd off by default. (#1909 ) Fixes #1908 (Doesn't really "fix" it but someone from the community needs to step up if they want to see this fixed.)	2016-09-21 14:01:36 -04:00
Jeff Mitchell	5c9bd9adcb	changelog++	2016-09-21 13:50:07 -04:00
Jeff Mitchell	676e7e0f07	Ensure upgrades have a valid HMAC key	2016-09-21 11:10:57 -04:00
Jeff Mitchell	0ff76e16d2	Transit and audit enhancements	2016-09-21 10:49:26 -04:00
Jeff Mitchell	982f151722	Update docs to reflect that there is more than one constraint for EC2 now	2016-09-20 16:11:32 -04:00
Jeff Mitchell	bbe87db913	Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways	2016-09-20 14:56:16 -04:00
Chris Hoffman	5c241d31e7	Renaming ttl_max -> max_ttl in mssql backend (#1905 )	2016-09-20 12:39:02 -04:00
Carlo Cabanilla	f6239cf0c0	fix shell quoting (#1904 ) $() doesnt get evaluated in single quotes, so you need to break out of it first	2016-09-19 17:11:16 -04:00
Jeff Mitchell	27782238a1	changelog++	2016-09-19 13:03:03 -04:00
Jeff Mitchell	69c4452344	Merge branch 'master' of https://github.com/hashicorp/vault into master-oss	2016-09-19 13:02:30 -04:00
Jeff Mitchell	f3ab4971a6	Follow Vault convention on `DELETE` being idempotent (#1903 ) * Follow Vault convention on `DELETE` being idempotent with audit/auth/mounts deletes (a.k.a. disabling/unmounting).	2016-09-19 13:02:25 -04:00
Jeff Mitchell	7f3041d6a5	Fix formatting	2016-09-19 13:00:50 -04:00
Jeff Mitchell	6e40d606d4	Bump to newer middleman-hashicorp	2016-09-19 12:42:35 -04:00
Jeff Mitchell	85c51fd861	Update website docs to indicate sudo being required for auth/audit endpoints.	2016-09-19 12:10:08 -04:00
Vishal Nayak	97dc0e9f64	Merge pull request #1897 from hashicorp/secret-id-accessor-locks Safely manipulate secret id accessors	2016-09-19 11:37:38 -04:00
Jeff Mitchell	86c83c3a98	changelog++	2016-09-19 09:41:01 -04:00
vishalnayak	fefd3a6c0b	s/GetOctalFormatted/GetHexFormatted	2016-09-16 17:47:15 -04:00
Jeff Mitchell	f7b3937c77	Fix website display of tune paths	2016-09-16 12:03:50 -04:00
Jeff Mitchell	897d3c6d2c	Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop.	2016-09-16 11:05:43 -04:00
vishalnayak	271ab5a4bd	changelog++	2016-09-16 10:59:59 -04:00
Vishal Nayak	47a9c45189	Merge pull request #1899 from hashicorp/format-yml Add yml alias for yaml	2016-09-16 10:56:01 -04:00
vishalnayak	e123f33a91	Add yml alias for yaml	2016-09-16 10:43:23 -04:00
vishalnayak	ba72e7887a	Safely manipulate secret id accessors	2016-09-15 18:13:50 -04:00
Vishal Nayak	61664bc653	Merge pull request #1886 from hashicorp/approle-upgrade-notes upgrade notes entry for approle constraint and warning on role read	2016-09-15 12:14:01 -04:00
vishalnayak	5597156886	check for nil role	2016-09-15 12:10:40 -04:00
Vishal Nayak	4f33e8d713	Merge pull request #1892 from hashicorp/role-tag-defaults Specify that role tags are not tied to an instance by default	2016-09-15 12:04:41 -04:00
vishalnayak	6a0f788dee	changelog++	2016-09-15 12:03:48 -04:00
Vishal Nayak	464f479ff0	Merge pull request #1889 from hashicorp/configurable-nonce aws-ec2: generate the client nonce by default during first login attempt	2016-09-15 11:49:38 -04:00
vishalnayak	92986bb2a0	Address review feedback	2016-09-15 11:41:52 -04:00
vishalnayak	a1de742dce	s/disableReauthenticationNonce/reauthentication-disabled-nonce	2016-09-15 11:29:02 -04:00
vishalnayak	9bca127631	Updated docs with nonce usage	2016-09-14 19:31:09 -04:00
vishalnayak	857f921d76	Added comment	2016-09-14 18:27:35 -04:00
vishalnayak	39796e8801	Disable reauthentication if nonce is explicitly set to empty	2016-09-14 17:58:00 -04:00
vishalnayak	2639ca4d4f	Address review feedback	2016-09-14 16:06:38 -04:00
James Pearson Hughes	f598c78d98	DynamoDB: fix log typo (#1891 )	2016-09-14 15:16:24 -04:00
vishalnayak	dcddaa8094	Address review feedback	2016-09-14 15:13:54 -04:00
Jeff Mitchell	bd4584c346	Make bootstrap use -u to ensure up-to-date versions of tools, as that's what we build with. Fixes #1890	2016-09-14 15:10:02 -04:00
vishalnayak	d5cc763b8d	Clarify that tags can be used on all instances that satisfies constraints	2016-09-14 14:55:09 -04:00
vishalnayak	03fc7b517f	Specify that role tags are not tied to an instance by default	2016-09-14 14:49:18 -04:00
vishalnayak	d0e4d77fce	address review feedback	2016-09-14 14:28:02 -04:00
vishalnayak	d7ce69c5eb	Remove the client nonce being empty check	2016-09-14 14:28:02 -04:00
vishalnayak	53c919b1d0	Generate the nonce by default	2016-09-14 14:28:02 -04:00
Vishal Nayak	eece4e047b	Merge pull request #1887 from hashicorp/ec2-nonce-constant-compare Use constant time comparisons for client nonce	2016-09-14 12:40:17 -04:00
vishalnayak	455a4ae055	address review feedback	2016-09-14 12:08:35 -04:00
vishalnayak	b1392567d1	Use constant time comparisons for client nonce	2016-09-13 20:12:43 -04:00

1 2 3 4 5 ...

4606 commits