Jeff Mitchell
545e338a9e
Add version sha to server startup output
2016-11-22 16:43:05 -05:00
Jeff Mitchell
fc81a301b8
Don't say mlock is supported on OSX when it isn't. ( #2120 )
...
Fixes #2119
2016-11-22 12:56:36 -05:00
Kyle McCullough
aeb23b72d7
cli: fix bug with 'vault read -field=...' when the field value contains a printf formatting verb ( #2109 )
2016-11-22 12:30:23 -05:00
Chris Lundquist
9b5ee87929
prevent binding 0.0.0.0 -> ::0 ( #2094 )
2016-11-15 12:00:57 -05:00
matt maier
57925ee863
Vendor circonus ( #2082 )
2016-11-10 16:17:55 -05:00
vishalnayak
931c96d1ba
ssh: Use temporary file to store the identity file
2016-10-18 12:50:12 -04:00
Jeff Mitchell
53efd18dda
Make listener shutdown more synchronous ( #1985 )
2016-10-10 13:18:19 -04:00
Jeff Mitchell
21e1f38e6a
Split HA server command tests from reload tests
2016-10-07 11:06:01 -04:00
Jeff Mitchell
2c85fdfeb9
Switch default case of disable cluster. ( #1959 )
2016-10-02 14:54:01 -04:00
Jeff Mitchell
6d00f0c483
Adds HUP support for audit log files to close and reopen. ( #1953 )
...
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.
As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
2016-09-30 12:04:50 -07:00
Jeff Mitchell
85315ff188
Rejig where the reload functions live
2016-09-30 00:07:22 -04:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
Jeff Mitchell
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
Jeff Mitchell
72b9c4c649
Fix parsing env var, needed to be in the helper too
2016-09-23 13:20:26 -04:00
Evan Phoenix
4214a0199d
Advertise the cluster_(id|name) in the Scada handshake ( #1906 )
2016-09-23 10:55:51 -04:00
Jeff Mitchell
57f3904d74
Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT
2016-09-22 17:22:02 -04:00
Jeff Mitchell
bbe87db913
Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways
2016-09-20 14:56:16 -04:00
Jeff Mitchell
f3ab4971a6
Follow Vault convention on DELETE
being idempotent ( #1903 )
...
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
vishalnayak
e123f33a91
Add yml alias for yaml
2016-09-16 10:43:23 -04:00
Jeff Mitchell
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
Jeff Mitchell
640351b7d1
Update text of init/rekey around recovery values
2016-09-12 16:20:21 -04:00
Jeff Mitchell
7e5aef279c
Don't panic on bad auth path
...
Fixes #1860
2016-09-08 11:14:47 -04:00
Jeff Mitchell
1c6f2fd82b
Add response wrapping to list operations ( #1814 )
2016-09-02 01:13:14 -04:00
Vishal Nayak
90737d3b44
Merge pull request #1836 from hashicorp/truncate-version-string
...
Remove the string 'Vault' from version information
2016-09-01 20:23:26 -04:00
Seth Vargo
fc4a5bae3c
Update audit-enable to show more examples ( #1842 )
...
* Update audit-enable to show more examples
* Update audit_enable.go
2016-09-01 20:14:29 -04:00
Seth Vargo
a438f5e950
Add more examples and cleanup docs for auth ( #1841 )
2016-09-01 19:56:30 -04:00
vishalnayak
5bd665a842
Update atlas listener factory to use version with pre-release info.
2016-09-01 17:21:11 -04:00
vishalnayak
f5447d8fa9
Avoid commas while printing policies
2016-09-01 16:32:27 -04:00
Jeff Mitchell
35800b0782
Don't output key/value header if there are no values to display. ( #1838 )
...
Fixes #1835
2016-09-01 15:58:16 -04:00
vishalnayak
9c78c58948
Remove the string 'Vault' from version information
2016-09-01 14:54:04 -04:00
Jeff Mitchell
61f1eee72c
Remove hex output from keys; standardize on B64 for CLI output. This ( #1831 )
...
aligns with all other interactions which use B64 encoding for bytes.
2016-09-01 12:59:15 -04:00
Jeff Mitchell
ecf61e9ba4
Add a separator to list output
2016-08-30 16:48:55 -04:00
Jeff Mitchell
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
Jeff Mitchell
1ee4cb4725
Strip trailing whitespace in token from file.
...
Fixes #1774
2016-08-23 20:22:45 -04:00
Jeff Mitchell
dd53c4b1d8
Don't validate a dev listen address as that makes a proper Docker
...
entrypoint difficult.
Fixes #1762
2016-08-23 08:34:43 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
Jeff Mitchell
56940c282b
Force dev on when dev-ha is on
2016-08-19 08:29:34 -04:00
Jeff Mitchell
62c69f8e19
Provide base64 keys in addition to hex encoded. ( #1734 )
...
* Provide base64 keys in addition to hex encoded.
Accept these at unseal/rekey time.
Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell
bcb4ab5422
Add periodic support for root/sudo tokens to auth/token/create
2016-08-12 21:14:12 -04:00
Jeff Mitchell
92f4fdf892
Add some info about -f to the "expects two arguments" error.
...
Ping #1722
2016-08-12 15:47:16 -04:00
Jeff Mitchell
c1a46349fa
Change to keybase openpgp fork as it has important fixes
2016-08-11 08:31:43 -04:00
Jeff Mitchell
5771a539a5
Add HTTP test for renew and fix muxing
2016-08-08 20:01:08 -04:00
Jeff Mitchell
529e36636c
Rename mounttune.go
2016-08-08 16:22:28 -04:00
Jeff Mitchell
69c1121d29
Fix generate-root synopsis
2016-08-05 16:35:03 -04:00
vishalnayak
e029d3c87a
Support execution of remote commands using 'vault ssh'
2016-08-01 14:53:00 -04:00
Jeff Mitchell
6ffefb649d
Close the shutdown channel instead of sending a value down
2016-08-01 11:58:45 -04:00
vishalnayak
05b8ce8348
Address review feedback
2016-08-01 11:15:25 -04:00
vishalnayak
5ed10f4074
Make the defer statement of waitgroup to execute last
2016-08-01 10:24:27 -04:00
vishalnayak
ea2e677f02
Sharing shutdown message with physical consul backend
2016-07-31 10:09:16 -04:00
vishalnayak
a8b4fc0d3c
Add waitgroup wait to allow physical consul to deregister checks
2016-07-30 13:17:29 -04:00
vishalnayak
8b0b0d5922
Add cluster information to 'vault status'
2016-07-29 14:13:53 -04:00
vishalnayak
e5e0431393
Added Vault version informationto the 'status' command
2016-07-28 17:37:35 -04:00
Vishal Nayak
c7bcaa5bb6
Merge pull request #1655 from hashicorp/cluster-id
...
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
Evan Phoenix
41ed3de3b1
Report the simple version string
2016-07-26 10:21:24 -07:00
vishalnayak
6e1d020c3a
Added cluster_name for existing config tests
2016-07-26 11:38:24 -04:00
vishalnayak
7daa92f42c
Update cluster name during config merge
2016-07-26 11:11:12 -04:00
vishalnayak
a3e6400697
Remove global name/id. Make only cluster name configurable.
2016-07-26 10:01:35 -04:00
vishalnayak
c7dabe4def
Storing local and global cluster name/id to storage and returning them in health status
2016-07-26 02:32:42 -04:00
matt maier
6519c224ac
Circonus integration for telemetry metrics
2016-07-22 15:49:23 -04:00
vishalnayak
a7665723e3
Address review feedback
2016-07-22 11:31:55 -04:00
vishalnayak
f53792efc7
Update docs on the init command
2016-07-22 11:22:10 -04:00
Vishal Nayak
caab9d40f2
Merge pull request #1642 from hashicorp/init-service-discovery
...
Add service discovery to init command
2016-07-21 20:47:32 -04:00
vishalnayak
b243ee256e
Address review feedback by @jefferai
2016-07-21 20:46:31 -04:00
vishalnayak
bd8ff10462
Address review feedback from @sean
2016-07-21 19:04:43 -04:00
vishalnayak
5316082675
Added documentation for init service discovery
2016-07-21 17:27:56 -04:00
vishalnayak
f557457909
Added a separate flag consul-service to receive Consul service name
2016-07-21 16:51:38 -04:00
vishalnayak
23800c5f1d
Add service discovery to init command
2016-07-21 16:17:29 -04:00
Jeff Mitchell
3ec81debe7
Trim leading/trailing space around PEM bundles.
...
Fixes #1634
2016-07-20 13:57:49 -04:00
Jeff Mitchell
9d68297ffa
Have human-oriented token duration and secret duration output display a more human-friendly format
2016-07-19 12:15:00 -04:00
Jeff Mitchell
a3ce0dcb0c
Turn off DynamoDB HA by default.
...
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
vishalnayak
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
vishalnayak
f34f0ef503
Make 'tls_min_version' configurable
2016-07-12 19:32:47 -04:00
vishalnayak
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell
61250157d7
Don't panic on an empty configuration during merge
2016-07-05 16:49:15 -04:00
Jeff Mitchell
2c1b9499fc
Add aliases for field flag to allow printing auth results.
...
Also fix the write command to use the shared function with aliases.
Fixes #1566
2016-06-27 23:19:09 -04:00
Jeff Mitchell
07ebfce1a4
Up sleep time during reload test to not fail under certain test conditions
2016-06-27 15:37:25 -04:00
Jeff Mitchell
a7e15a8c0e
Fix up external token helper tests
2016-06-22 10:04:43 -04:00
Tom Maher
3f40d8cbc7
Correctly check for existence of external token_helper binaries
2016-06-21 19:32:19 -07:00
Vishal Nayak
d4d47ce5e3
Merge pull request #1531 from hashicorp/auth-mount-tune-params
...
Auth tune endpoints and config settings output from CLI
2016-06-20 20:24:47 -04:00
Vishal Nayak
949bb97ebc
Merge pull request #1532 from hashicorp/vault-auth-path
...
Added -path option to 'vault auth' command
2016-06-20 16:43:26 -04:00
vishalnayak
3b308713ad
Added -path option to help output
2016-06-20 16:24:49 -04:00
vishalnayak
9be9f73806
Concatenating the output instead of printing twice
2016-06-20 15:26:33 -04:00
vishalnayak
91668dd21d
Fix the output format when warnings are present
2016-06-15 17:13:14 -04:00
vishalnayak
53fede4b70
Added '-path' option to 'vault auth' command
2016-06-15 16:54:27 -04:00
vishalnayak
848b479a61
Added 'sys/auth/<path>/tune' endpoints.
...
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
Jeff Mitchell
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
Jeff Mitchell
65d8973864
Add explicit max TTL capability to token creation API
2016-06-08 14:49:48 -04:00
Jeff Mitchell
6ff0742aa6
Remove unneeded else
2016-06-08 13:55:31 -04:00
Jeff Mitchell
c0155ac02b
Add renewable flag and API setting for token creation
2016-06-08 11:14:30 -04:00
Jeff Mitchell
bb1e8ddaa2
Make token renewable status work properly on lookup
2016-06-08 09:19:39 -04:00
Jeff Mitchell
10b218d292
Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this...
2016-06-07 16:01:09 -04:00
Jeff Mitchell
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
Bill Monkman
de8477244e
#1486 : Fixed sealed and leader checks for consul backend
2016-06-03 16:00:31 -07:00
Jeff Mitchell
5cefd6bd3a
Merge pull request #1470 from hashicorp/unwrap-in-api
...
Make Unwrap a first-party API command and refactor UnwrapCommand to u…
2016-06-03 13:25:10 -04:00
Jeff Mitchell
64c180510e
Add a metadata node_id field for Atlas usage and fix tests
2016-06-02 18:19:51 -04:00
Jeff Mitchell
0d9ea2a1a1
Initial Atlas listener implementation
2016-06-02 14:05:47 -04:00
vishalnayak
c197414b3b
Prioritize dev flags over its env vars
2016-06-01 12:21:29 -04:00
vishalnayak
4c08d43950
Address review feedback
2016-06-01 11:39:48 -04:00
vishalnayak
8d50543a88
Supplying strictHostKeyChecking and userKnownHostsFile from env vars
2016-06-01 11:08:24 -04:00
vishalnayak
315f9c868c
Provide option to disable host key checking
2016-06-01 11:08:24 -04:00
Jeff Mitchell
63aba520c6
Make Unwrap a first-party API command and refactor UnwrapCommand to use it
2016-05-27 21:04:30 +00:00
vishalnayak
ff6f5ae75b
Add a non-nil check for 'port' field to be present in the response
2016-05-25 21:26:32 +00:00
Jeff Mitchell
199f99d031
Decode json.Number before handing to mapstructure
2016-05-25 19:02:31 +00:00
Jeff Mitchell
05b2d4534c
Add unwrap test function and some robustness around paths for the wrap lookup function
2016-05-19 11:49:46 -04:00
Jeff Mitchell
0da8762bd5
Add unwrap command, and change how the response is embedded (as a string, not an object)
2016-05-19 11:25:15 -04:00
Jeff Mitchell
dce8a8da42
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-19 02:43:22 +00:00
Jeff Mitchell
0168b74e03
Rename lease_duration to refresh_interval when there is no lease ID, and output ---- between header and values
2016-05-17 17:10:12 +00:00
Jeff Mitchell
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
Jeff Mitchell
4c67a739b9
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-16 12:14:40 -04:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Jeff Mitchell
560e9c30a3
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-12 14:59:12 -04:00
Jeff Mitchell
885cc73b2e
Merge branch 'master-oss' into f-vault-service
2016-05-04 17:20:00 -04:00
Jeff Mitchell
99a5b4402d
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-04 14:42:14 -04:00
Jeff Mitchell
47a7ada7e8
Fix number of recovery shares output during init
2016-05-03 23:07:09 -04:00
Jeff Mitchell
2bbb39f4af
Properly handle sigint/hup
2016-05-03 14:30:58 -04:00
Jeff Mitchell
1ffd5653c6
Add wrap support to API/CLI
2016-05-02 02:03:23 -04:00
Jeff Mitchell
749b60d57d
Ensure seal finalizing happens even when using verify-only
2016-04-28 14:06:05 -04:00
Sean Chittenden
0b72906fc3
Change the interface of ServiceDiscovery
...
Instead of passing state, signal that the state has changed and provide a callback handler that can query Core.
2016-04-28 11:05:18 -07:00
Sean Chittenden
aeea7628d6
Add a *log.Logger argument to physical.Factory
...
Logging in the backend is a good thing. This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
Sean Chittenden
f5183fa506
Collapse UpdateAdvertiseAddr() into RunServiceDiscovery()
2016-04-25 18:01:13 -07:00
Sean Chittenden
3977057cc9
Disable service registration for consul HA tests
2016-04-25 18:01:13 -07:00
Sean Chittenden
1f8397f0a3
Use spaces in tests to be consistent
...
The rest of the tests here use spaces, not tabs
2016-04-25 18:01:13 -07:00
Sean Chittenden
60006f550f
Various refactoring to clean up code organization
...
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
Sean Chittenden
e7f600b4e6
Improve error handling re: homedir expansion
...
Useful if the HOME envvar is not set because `vault` was launched in a clean environment (e.g. `env -i vault ...`).
2016-04-25 18:01:13 -07:00
Sean Chittenden
6b2c83564e
Teach Vault how to register with Consul
...
Vault will now register itself with Consul. The active node can be found using `active.vault.service.consul`. All standby vaults are available via `standby.vault.service.consul`. All unsealed vaults are considered healthy and available via `vault.service.consul`. Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)).
Healthy/active:
```
curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty ' && echo;
[
{
"Node": {
"Node": "vm1",
"Address": "127.0.0.1",
"TaggedAddresses": {
"wan": "127.0.0.1"
},
"CreateIndex": 3,
"ModifyIndex": 20
},
"Service": {
"ID": "vault:127.0.0.1:8200",
"Service": "vault",
"Tags": [
"active"
],
"Address": "127.0.0.1",
"Port": 8200,
"EnableTagOverride": false,
"CreateIndex": 17,
"ModifyIndex": 20
},
"Checks": [
{
"Node": "vm1",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"CreateIndex": 3,
"ModifyIndex": 3
},
{
"Node": "vm1",
"CheckID": "vault-sealed-check",
"Name": "Vault Sealed Status",
"Status": "passing",
"Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
"Output": "",
"ServiceID": "vault:127.0.0.1:8200",
"ServiceName": "vault",
"CreateIndex": 19,
"ModifyIndex": 19
}
]
}
]
```
Healthy/standby:
```
[snip]
"Service": {
"ID": "vault:127.0.0.2:8200",
"Service": "vault",
"Tags": [
"standby"
],
"Address": "127.0.0.2",
"Port": 8200,
"EnableTagOverride": false,
"CreateIndex": 17,
"ModifyIndex": 20
},
"Checks": [
{
"Node": "vm2",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"CreateIndex": 3,
"ModifyIndex": 3
},
{
"Node": "vm2",
"CheckID": "vault-sealed-check",
"Name": "Vault Sealed Status",
"Status": "passing",
"Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
"Output": "",
"ServiceID": "vault:127.0.0.2:8200",
"ServiceName": "vault",
"CreateIndex": 19,
"ModifyIndex": 19
}
]
}
]
```
Sealed:
```
"Checks": [
{
"Node": "vm2",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"CreateIndex": 3,
"ModifyIndex": 3
},
{
"Node": "vm2",
"CheckID": "vault-sealed-check",
"Name": "Vault Sealed Status",
"Status": "critical",
"Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
"Output": "Vault Sealed",
"ServiceID": "vault:127.0.0.2:8200",
"ServiceName": "vault",
"CreateIndex": 19,
"ModifyIndex": 38
}
]
```
2016-04-25 18:01:13 -07:00
Sean Chittenden
230b59f34c
Stub out service discovery functionality
...
Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.
2016-04-25 18:00:54 -07:00
Sean Chittenden
0c23acb818
Comment nits
2016-04-25 18:00:54 -07:00
Jeff Mitchell
8d4e5aacae
Change seal test name in command package
2016-04-26 00:12:14 +00:00
Jeff Mitchell
267b13c1ba
Merge pull request #1326 from hashicorp/sethvargo/hint_noreauth
...
Hint that you don't need to run auth twice
2016-04-25 15:43:55 -04:00
Jeff Mitchell
98d09b0dc6
Add seal tests and update generate-root and others to handle dualseal.
2016-04-25 19:39:04 +00:00
Jeff Mitchell
4e53f4b1a4
Use UseNumber() on json.Decoder to have numbers be json.Number objects
...
instead of float64. This fixes some display bugs.
2016-04-20 18:38:20 +00:00
Jeff Mitchell
055a8e04e4
Change recovery options in init to be 'key'-less
2016-04-18 17:02:07 +00:00
Jeff Mitchell
b4620d5d04
Add check against seal type to catch errors before we attempt to use the data
2016-04-15 18:16:48 -04:00
Sean Chittenden
069d9cf021
Fix SIGINT handling.
...
No signal handler was setup to receive SIGINT. I didn't investigate to
see if signal(2) mask was setup (ala `SIG_IGN`) or if sigprocmask(2) is
being used, but in either case, the correct behavior is to capture and
treat SIGINT the same as SIGTERM. At some point in the future these two
signals may affect the running process differently, but we will clarify
that difference in the future.
2016-04-15 10:03:22 -07:00
Jeff Mitchell
119238149b
Add Finalize method to seal.
2016-04-14 20:37:34 +00:00
vishalnayak
5c336297ad
Provide clarity for output statements of idempotent calls.
2016-04-14 15:46:45 +00:00
vishalnayak
b7178846c1
Clarify token-revoke operation
2016-04-14 15:34:01 +00:00
Seth Vargo
54c414abb2
Clarify delete operation
...
One thing that has been a point of confusion for users is Vault's
response when deleting a key that does not actually exist in the system.
For example, consider:
$ vault delete secret/foo
Success! Deleted 'secret/foo'
This message is misleading if the secret does not exist, especially if
the same command is run twice in a row.
Obviously the reason for this is clear - returning an error if a secret
does not exist would reveal the existence of a secret (the same reason
everything on S3 is a 403 or why GitHub repos 404 instead of 403 if you
do not have permission to view them).
I think we can make the UX a little bit better by adding just a few
words to the output:
$ vault delete secret/foo
Success! Deleted 'secret/foo' if it existed
This makes it clear that the operation was only performed if the secret
existed, but it does not reveal any more information.
2016-04-14 10:38:10 +01:00
Jeff Mitchell
a4ff72841e
Check for seal status when initing and change logic order to avoid defer
2016-04-14 01:13:59 +00:00
Seth Vargo
217035d081
Hint that you don't need to run auth twice
...
This came up twice, in two different training courses. The UX is a
little confusing here on the CLI. Users are used to running:
$ vault auth abcd-1234...
So when they auth using a method, the output leads them to believe the
need to "re-auth" as the generated token:
$ vault auth -method=userpass username=foo password=bar
Successfully authenticated!
token: defg-5678...
A number of users then run:
$ vault auth defg-5678
I've added some helpful text to hint this is not required if the method
is not "token".
2016-04-13 19:45:48 +01:00
Jeff Mitchell
759915bb55
Fix panic when using -field with read or write with a non-string value.
...
Fixes #1308
2016-04-07 22:16:33 +00:00
Sean Chittenden
58846f8eac
Reinstall the mlockall(2) command
...
Requested by: jefferai
2016-04-05 13:58:26 -07:00
Sean Chittenden
47c3202811
Unconditionally warn on systems w/o mlock support
...
If someone begins using Vault on Windows in dev mode, always hint so that this isn't a surprise when they get to production.
2016-04-05 12:32:53 -07:00
Jeff Mitchell
348be0e50b
Remove RevokePrefix from the API too as we simply do not support it any
...
longer.
2016-04-05 11:00:12 -04:00
Jeff Mitchell
9102b994aa
Sync some seal stuff
2016-04-04 13:46:33 -04:00
Jeff Mitchell
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
Jeff Mitchell
1b7335cf4e
Fix up the meta common options text function to not strip leading space and fix up commands
2016-04-01 16:50:12 -04:00
Jeff Mitchell
b0888e8af1
Remove config from Meta; it's only used right now with the token helper.
2016-04-01 16:02:18 -04:00