dc603b4f7f
Allow identity templates in ssh backend `default_user` field ( #16351 )
...
* Allow identity templates in ssh backend `default_user` field
* use correct test expected value
* include api docs for `default_user_template` field
2022-07-29 09:45:52 -04:00
4dc7b71a28
docs/vault-k8s: updated for v0.17.0 release ( #16492 )
2022-07-28 14:23:47 -07:00
e3f942f51c
agent: add disable_keep_alives configurable ( #16479 )
...
agent: add disable_keep_alives config
Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
2022-07-28 12:59:49 -07:00
b3f138679c
identity/oidc: allow filtering the list providers response by an allowed_client_id ( #16181 )
...
* identity/oidc: allow filtering the list providers response by an allowed_client_id
* adds changelog
* adds api documentation
* use identity store view in list provider test
2022-07-28 09:47:53 -07:00
b04d6e6720
Remove SHA1 for certs in prep for Go 1.18 ( #16455 )
...
Remove SHA1 for certs in prep for Go 1.18
* Remove certs with SHA1 from tests
* Use default SHA-256 with PKCS7 in AWS
* Update SHA1 deprecation note
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2022-07-28 09:14:33 -07:00
1b1c6fe168
Correct the Transit HMAC key source in docs ( #16463 )
...
* Correct the Transit HMAC key source in docs
* Update website/content/api-docs/secret/transit.mdx
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-07-27 11:48:41 -05:00
66ef22b735
docs/k8s: adding terraform config examples ( #16121 )
...
Adding a terraform examples page for configuring vault-helm.
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-26 20:43:26 -04:00
bd0461619c
Docs: Add list of supported k8s versions for agent injector ( #16433 )
2022-07-26 15:59:27 +01:00
6e0c04d602
vault-951Documentation ( #16434 )
2022-07-25 16:53:03 -07:00
7b43bf4c68
Add a note referring to automated upgrade ( #16444 )
...
* Add a note referring to automated upgrade
* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-07-25 15:03:55 -07:00
887e77c2ae
Agent JWT auto auth `remove_jwt_after_reading` config option ( #11969 )
...
Add a new config option for Vault Agent's JWT auto auth
`remove_jwt_after_reading`, which defaults to true. Can stop
Agent from attempting to delete the file, which is useful in k8s
where the service account JWT is mounted as a read-only file
and so any attempt to delete it generates spammy error logs.
When leaving the JWT file in place, the read period for new
tokens is 1 minute instead of 500ms to reflect the assumption
that there will always be a file there, so finding a file does not
provide any signal that it needs to be re-read. Kubernetes
has a minimum TTL of 10 minutes for tokens, so a period of
1 minute gives Agent plenty of time to detect new tokens,
without leaving it too unresponsive. We may want to add a
config option to override these default periods in the future.
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-25 07:42:09 -06:00
140406143e
command/server: add dev-tls flag ( #16421 )
...
* command/server: add dev-tls flag
* Add website documentation
* changelog
* Lower file permissions
* Update cert gen per review
* Add dev-tls-cert-dir flag and cert clean up
* fmt
* Update cert generation per review
* Remove unused function
* Add better error messages
* Log errors in cleanup, fix directory not existing bug
* Remove hidden flag from -dev-tls-cert-dir
* Add usage
* Update 16421.txt
* Update variable names for files
* Remove directory on cleanup
2022-07-22 14:04:03 -04:00
31151671ab
Transform tokenization key auto-rotate docs ( #16410 )
...
* Document auto rotate fields for transform tokenization endpoints.
* Update Transform tokenization docs to mention key auto-rotation.
2022-07-21 15:48:58 -05:00
c0b0c4fde7
Add an "Important Note" regarding EKS CSR approval. ( #16406 )
2022-07-21 13:34:03 -07:00
5062502756
auth/oidc: documents the client_nonce parameter ( #16403 )
2022-07-21 09:34:46 -07:00
133535fabe
add paths for import endpoints ( #16401 )
2022-07-21 11:19:13 -05:00
d05e8d1222
Fix typo in the docs ( #16323 )
...
It's very confusing, `Volumes` are very similar to `volumes` and can cause confusion 😄
2022-07-21 10:42:46 -04:00
24b9fa39bc
Update s3.mdx ( #13630 )
...
fix IAM requirements to use KMS key
2022-07-21 10:41:33 -04:00
08b0cf40d5
Update reload.mdx ( #14207 )
...
To match with the API version of docs- https://www.vaultproject.io/api-docs/system/plugins-reload-backend#sys-plugins-reload-backend .
2022-07-21 10:39:25 -04:00
164d37b11a
Add section for Engine V2 requests ( #14381 )
...
This may be a related issue: https://github.com/hashicorp/vault/issues/7161
2022-07-21 10:38:57 -04:00
3e4f4fdd55
Change AWS to Azure in Tutorial section ( #15206 )
...
* Change AWS to Azure in Tutorial section
* trigger ci
Co-authored-by: taoism4504 <loann@hashicorp.com>
2022-07-21 10:36:27 -04:00
9dc861a8b3
Missing word ( #16269 )
...
Can't believe this went unnoticed for 5 years :)
2022-07-20 08:54:10 -07:00
58a646c726
updated note ( #16372 )
2022-07-19 16:52:41 -07:00
1313a53702
formatting issue - missing list bullet ( #16352 )
2022-07-19 15:51:36 -07:00
3d978605f8
Add HashiBox to community tools ( #16150 )
2022-07-19 11:37:58 -07:00
b44d0ab1df
Information about aws_s3_server_side_encryption ( #16253 )
...
Add when cannot use the combination of parameters.
2022-07-19 11:18:19 -07:00
d72064cb81
[Kubernetes Secret Engine]: Role namespace configuration possible via LabelSelector ( #16240 )
...
* docs(#16222 ): add documentation for changes in PR hashicorp/vault-plugin-secrets-kubernetes#10
* docs(#16222 ): add changelog entry
* docs(#16222 ): improve documentation to make the use case of setting both allowed_kubernetes_namespaces and allowed_kubernetes_namespace_selector parameters for role configuration
2022-07-19 13:11:45 -05:00
460388d957
Docs: Add release notes for MSSQL TDE ( #16326 )
2022-07-19 11:52:59 +01:00
1a71678954
docs/plugin-portal: adds missing HashiCorp supported plugins ( #16346 )
2022-07-18 22:42:49 -07:00
6b3cc4adc0
docs(plugin-portal): added Harbor Robot Account plugin ( #16320 )
2022-07-18 18:03:32 -07:00
745ea70434
Fix the contribution guide link ( #16344 )
2022-07-18 16:37:31 -07:00
8169940284
docs: fix consul secrets feature version ( #16304 )
...
* Move consul_namespace into Consul v1.7 instead of v1.8
2022-07-18 13:03:45 -05:00
e3ce0f0d1d
Update policies.mdx ( #16312 )
...
548 From "builtin" to "built-in" to be consistent with the previous sentence.
589 from "can not" to "cannot"
2022-07-15 15:28:49 -07:00
a4b5813817
append slash to consul path in doc ( #15260 )
...
Co-authored-by: Chulki Lee <chulki.lee@gmail.com>
2022-07-14 12:27:31 -07:00
0113f8c586
Update localhost:3000 links to be correct ( #16301 )
...
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-07-14 12:08:28 -07:00
cf0cb3be49
Update the policy examples ( #16297 )
...
* Update the policy examples
* Adjusted the examples
2022-07-14 08:01:22 -07:00
e6b24b09f0
update sys-mfa-doc ( #16291 )
2022-07-13 10:36:52 -07:00
485b7b0abe
Remove the callout note about Ent ( #16288 )
2022-07-13 09:00:11 -07:00
662395be90
Back out panic message, add new warning to FIPS docs ( #16243 )
...
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-07-12 17:05:45 -04:00
90bef11019
Fix import statements for auth submodules ( #16278 )
2022-07-12 12:06:44 -07:00
ebd0da3201
Clarification for local mounts in the context of DR ( #16218 )
...
* Clarification for local mounts in the context of DR
The docs were unclear on this point, so @russparsloe and I looked into it.
Local mounts are indeed replicated to DR secondaries.
This is the opposite of what it says on https://developer.hashicorp.com/vault/tutorials/enterprise/performance-replication#disaster-recovery
> Local backend mounts are not replicated and their use will require existing DR mechanisms if DR is necessary in your implementation.
So that page will also need updating
* changelog
* fix changelog syntax for local mount with DR (#16218 )
2022-07-12 10:17:12 -07:00
4dda00ee1a
auth/oidc: Adds documentation for SecureAuth IdP ( #16274 )
2022-07-12 08:11:55 -07:00
c9e17d6219
Document autopilot config differences at a high level ( #15000 )
...
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-07-11 14:37:44 -07:00
2f1502556a
docs/configuration: document CockroachDB HA mode ( #16202 )
...
HA support for CockroachDB was added in #12965 . This commit updates the docs
to reflect that support.
2022-07-11 12:00:51 -07:00
647c2eba42
auth/oidc: splits IdP setup guides into separate pages ( #16167 )
2022-07-11 10:20:24 -07:00
c00e605b48
secrets/k8s: updates API docs for kubernetes_host with correct env var ( #16251 )
2022-07-08 08:52:42 -07:00
d04b143bd5
pki: When a role sets key_type to any ignore key_bits value when signing a csr ( #16246 )
...
* pki: When a role sets key_type to any ignore key_bits value when signing
- Bypass the validation for the role's key_bits value when signing CSRs
if the key_type is set to any. We still validate the key is at least
2048 for RSA backed CSRs as we did in 1.9.x and lower.
2022-07-08 10:56:15 -04:00
e942fae6cc
Vault documentation: added info about new policy flag ( #16244 )
...
* added info about new policy flag
* updated wording
2022-07-07 12:54:27 -07:00
9ebaab28c2
added content for network guidance ( #16242 )
2022-07-07 11:18:45 -07:00
c54d33608c
Update 'master key' -> 'root key' ( #16226 )
2022-07-06 16:03:08 -07:00
Ian Ferguson