Commit graph

653 commits

Author SHA1 Message Date
Jeff Mitchell 545e338a9e Add version sha to server startup output 2016-11-22 16:43:05 -05:00
Jeff Mitchell fc81a301b8 Don't say mlock is supported on OSX when it isn't. (#2120)
Fixes #2119
2016-11-22 12:56:36 -05:00
Kyle McCullough aeb23b72d7 cli: fix bug with 'vault read -field=...' when the field value contains a printf formatting verb (#2109) 2016-11-22 12:30:23 -05:00
Chris Lundquist 9b5ee87929 prevent binding 0.0.0.0 -> ::0 (#2094) 2016-11-15 12:00:57 -05:00
matt maier 57925ee863 Vendor circonus (#2082) 2016-11-10 16:17:55 -05:00
vishalnayak 931c96d1ba ssh: Use temporary file to store the identity file 2016-10-18 12:50:12 -04:00
Jeff Mitchell 53efd18dda Make listener shutdown more synchronous (#1985) 2016-10-10 13:18:19 -04:00
Jeff Mitchell 21e1f38e6a Split HA server command tests from reload tests 2016-10-07 11:06:01 -04:00
Jeff Mitchell 2c85fdfeb9 Switch default case of disable cluster. (#1959) 2016-10-02 14:54:01 -04:00
Jeff Mitchell 6d00f0c483 Adds HUP support for audit log files to close and reopen. (#1953)
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.

As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
2016-09-30 12:04:50 -07:00
Jeff Mitchell 85315ff188 Rejig where the reload functions live 2016-09-30 00:07:22 -04:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Jeff Mitchell 72b9c4c649 Fix parsing env var, needed to be in the helper too 2016-09-23 13:20:26 -04:00
Evan Phoenix 4214a0199d Advertise the cluster_(id|name) in the Scada handshake (#1906) 2016-09-23 10:55:51 -04:00
Jeff Mitchell 57f3904d74 Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT 2016-09-22 17:22:02 -04:00
Jeff Mitchell bbe87db913 Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways 2016-09-20 14:56:16 -04:00
Jeff Mitchell f3ab4971a6 Follow Vault convention on DELETE being idempotent (#1903)
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
vishalnayak e123f33a91 Add yml alias for yaml 2016-09-16 10:43:23 -04:00
Jeff Mitchell 722e26f27a Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
Jeff Mitchell 640351b7d1 Update text of init/rekey around recovery values 2016-09-12 16:20:21 -04:00
Jeff Mitchell 7e5aef279c Don't panic on bad auth path
Fixes #1860
2016-09-08 11:14:47 -04:00
Jeff Mitchell 1c6f2fd82b Add response wrapping to list operations (#1814) 2016-09-02 01:13:14 -04:00
Vishal Nayak 90737d3b44 Merge pull request #1836 from hashicorp/truncate-version-string
Remove the string 'Vault' from version information
2016-09-01 20:23:26 -04:00
Seth Vargo fc4a5bae3c Update audit-enable to show more examples (#1842)
* Update audit-enable to show more examples

* Update audit_enable.go
2016-09-01 20:14:29 -04:00
Seth Vargo a438f5e950 Add more examples and cleanup docs for auth (#1841) 2016-09-01 19:56:30 -04:00
vishalnayak 5bd665a842 Update atlas listener factory to use version with pre-release info. 2016-09-01 17:21:11 -04:00
vishalnayak f5447d8fa9 Avoid commas while printing policies 2016-09-01 16:32:27 -04:00
Jeff Mitchell 35800b0782 Don't output key/value header if there are no values to display. (#1838)
Fixes #1835
2016-09-01 15:58:16 -04:00
vishalnayak 9c78c58948 Remove the string 'Vault' from version information 2016-09-01 14:54:04 -04:00
Jeff Mitchell 61f1eee72c Remove hex output from keys; standardize on B64 for CLI output. This (#1831)
aligns with all other interactions which use B64 encoding for bytes.
2016-09-01 12:59:15 -04:00
Jeff Mitchell ecf61e9ba4 Add a separator to list output 2016-08-30 16:48:55 -04:00
Jeff Mitchell 2ce4397deb Plumb through the ability to set the storage read cache size. (#1784)
Plumb through the ability to set the storage read cache size.

Fixes #1772
2016-08-26 10:27:06 -04:00
Jeff Mitchell 1ee4cb4725 Strip trailing whitespace in token from file.
Fixes #1774
2016-08-23 20:22:45 -04:00
Jeff Mitchell dd53c4b1d8 Don't validate a dev listen address as that makes a proper Docker
entrypoint difficult.

Fixes #1762
2016-08-23 08:34:43 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell bdcfe05517 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
Jeff Mitchell 56940c282b Force dev on when dev-ha is on 2016-08-19 08:29:34 -04:00
Jeff Mitchell 62c69f8e19 Provide base64 keys in addition to hex encoded. (#1734)
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721)
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell bcb4ab5422 Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
Jeff Mitchell 92f4fdf892 Add some info about -f to the "expects two arguments" error.
Ping #1722
2016-08-12 15:47:16 -04:00
Jeff Mitchell c1a46349fa Change to keybase openpgp fork as it has important fixes 2016-08-11 08:31:43 -04:00
Jeff Mitchell 5771a539a5 Add HTTP test for renew and fix muxing 2016-08-08 20:01:08 -04:00
Jeff Mitchell 529e36636c Rename mounttune.go 2016-08-08 16:22:28 -04:00
Jeff Mitchell 69c1121d29 Fix generate-root synopsis 2016-08-05 16:35:03 -04:00
vishalnayak e029d3c87a Support execution of remote commands using 'vault ssh' 2016-08-01 14:53:00 -04:00
Jeff Mitchell 6ffefb649d Close the shutdown channel instead of sending a value down 2016-08-01 11:58:45 -04:00
vishalnayak 05b8ce8348 Address review feedback 2016-08-01 11:15:25 -04:00
vishalnayak 5ed10f4074 Make the defer statement of waitgroup to execute last 2016-08-01 10:24:27 -04:00
vishalnayak ea2e677f02 Sharing shutdown message with physical consul backend 2016-07-31 10:09:16 -04:00
vishalnayak a8b4fc0d3c Add waitgroup wait to allow physical consul to deregister checks 2016-07-30 13:17:29 -04:00
vishalnayak 8b0b0d5922 Add cluster information to 'vault status' 2016-07-29 14:13:53 -04:00
vishalnayak e5e0431393 Added Vault version informationto the 'status' command 2016-07-28 17:37:35 -04:00
Vishal Nayak c7bcaa5bb6 Merge pull request #1655 from hashicorp/cluster-id
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
Evan Phoenix 41ed3de3b1 Report the simple version string 2016-07-26 10:21:24 -07:00
vishalnayak 6e1d020c3a Added cluster_name for existing config tests 2016-07-26 11:38:24 -04:00
vishalnayak 7daa92f42c Update cluster name during config merge 2016-07-26 11:11:12 -04:00
vishalnayak a3e6400697 Remove global name/id. Make only cluster name configurable. 2016-07-26 10:01:35 -04:00
vishalnayak c7dabe4def Storing local and global cluster name/id to storage and returning them in health status 2016-07-26 02:32:42 -04:00
matt maier 6519c224ac Circonus integration for telemetry metrics 2016-07-22 15:49:23 -04:00
vishalnayak a7665723e3 Address review feedback 2016-07-22 11:31:55 -04:00
vishalnayak f53792efc7 Update docs on the init command 2016-07-22 11:22:10 -04:00
Vishal Nayak caab9d40f2 Merge pull request #1642 from hashicorp/init-service-discovery
Add service discovery to init command
2016-07-21 20:47:32 -04:00
vishalnayak b243ee256e Address review feedback by @jefferai 2016-07-21 20:46:31 -04:00
vishalnayak bd8ff10462 Address review feedback from @sean 2016-07-21 19:04:43 -04:00
vishalnayak 5316082675 Added documentation for init service discovery 2016-07-21 17:27:56 -04:00
vishalnayak f557457909 Added a separate flag consul-service to receive Consul service name 2016-07-21 16:51:38 -04:00
vishalnayak 23800c5f1d Add service discovery to init command 2016-07-21 16:17:29 -04:00
Jeff Mitchell 3ec81debe7 Trim leading/trailing space around PEM bundles.
Fixes #1634
2016-07-20 13:57:49 -04:00
Jeff Mitchell 9d68297ffa Have human-oriented token duration and secret duration output display a more human-friendly format 2016-07-19 12:15:00 -04:00
Jeff Mitchell a3ce0dcb0c Turn off DynamoDB HA by default.
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
vishalnayak c14235b206 Merge branch 'master-oss' into json-use-number
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
vishalnayak f34f0ef503 Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
vishalnayak ad7cb2c8f1 Added JSON Decode and Encode helpers.
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell 61250157d7 Don't panic on an empty configuration during merge 2016-07-05 16:49:15 -04:00
Jeff Mitchell 2c1b9499fc Add aliases for field flag to allow printing auth results.
Also fix the write command to use the shared function with aliases.

Fixes #1566
2016-06-27 23:19:09 -04:00
Jeff Mitchell 07ebfce1a4 Up sleep time during reload test to not fail under certain test conditions 2016-06-27 15:37:25 -04:00
Jeff Mitchell a7e15a8c0e Fix up external token helper tests 2016-06-22 10:04:43 -04:00
Tom Maher 3f40d8cbc7 Correctly check for existence of external token_helper binaries 2016-06-21 19:32:19 -07:00
Vishal Nayak d4d47ce5e3 Merge pull request #1531 from hashicorp/auth-mount-tune-params
Auth tune endpoints and config settings output from CLI
2016-06-20 20:24:47 -04:00
Vishal Nayak 949bb97ebc Merge pull request #1532 from hashicorp/vault-auth-path
Added -path option to 'vault auth' command
2016-06-20 16:43:26 -04:00
vishalnayak 3b308713ad Added -path option to help output 2016-06-20 16:24:49 -04:00
vishalnayak 9be9f73806 Concatenating the output instead of printing twice 2016-06-20 15:26:33 -04:00
vishalnayak 91668dd21d Fix the output format when warnings are present 2016-06-15 17:13:14 -04:00
vishalnayak 53fede4b70 Added '-path' option to 'vault auth' command 2016-06-15 16:54:27 -04:00
vishalnayak 848b479a61 Added 'sys/auth/<path>/tune' endpoints.
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
Jeff Mitchell e925987cb6 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell 65d8973864 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
Jeff Mitchell 6ff0742aa6 Remove unneeded else 2016-06-08 13:55:31 -04:00
Jeff Mitchell c0155ac02b Add renewable flag and API setting for token creation 2016-06-08 11:14:30 -04:00
Jeff Mitchell bb1e8ddaa2 Make token renewable status work properly on lookup 2016-06-08 09:19:39 -04:00
Jeff Mitchell 10b218d292 Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this... 2016-06-07 16:01:09 -04:00
Jeff Mitchell 401456ea50 Add creation time to returned wrapped token info
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
Bill Monkman de8477244e #1486 : Fixed sealed and leader checks for consul backend 2016-06-03 16:00:31 -07:00
Jeff Mitchell 5cefd6bd3a Merge pull request #1470 from hashicorp/unwrap-in-api
Make Unwrap a first-party API command and refactor UnwrapCommand to u…
2016-06-03 13:25:10 -04:00
Jeff Mitchell 64c180510e Add a metadata node_id field for Atlas usage and fix tests 2016-06-02 18:19:51 -04:00
Jeff Mitchell 0d9ea2a1a1 Initial Atlas listener implementation 2016-06-02 14:05:47 -04:00
vishalnayak c197414b3b Prioritize dev flags over its env vars 2016-06-01 12:21:29 -04:00
vishalnayak 4c08d43950 Address review feedback 2016-06-01 11:39:48 -04:00
vishalnayak 8d50543a88 Supplying strictHostKeyChecking and userKnownHostsFile from env vars 2016-06-01 11:08:24 -04:00
vishalnayak 315f9c868c Provide option to disable host key checking 2016-06-01 11:08:24 -04:00
Jeff Mitchell 63aba520c6 Make Unwrap a first-party API command and refactor UnwrapCommand to use it 2016-05-27 21:04:30 +00:00
vishalnayak ff6f5ae75b Add a non-nil check for 'port' field to be present in the response 2016-05-25 21:26:32 +00:00
Jeff Mitchell 199f99d031 Decode json.Number before handing to mapstructure 2016-05-25 19:02:31 +00:00
Jeff Mitchell 05b2d4534c Add unwrap test function and some robustness around paths for the wrap lookup function 2016-05-19 11:49:46 -04:00
Jeff Mitchell 0da8762bd5 Add unwrap command, and change how the response is embedded (as a string, not an object) 2016-05-19 11:25:15 -04:00
Jeff Mitchell dce8a8da42 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-19 02:43:22 +00:00
Jeff Mitchell 0168b74e03 Rename lease_duration to refresh_interval when there is no lease ID, and output ---- between header and values 2016-05-17 17:10:12 +00:00
Jeff Mitchell c4431a7e30 Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors 2016-05-16 16:11:33 -04:00
Jeff Mitchell 4c67a739b9 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-16 12:14:40 -04:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Jeff Mitchell 560e9c30a3 Merge branch 'master-oss' into cubbyhole-the-world 2016-05-12 14:59:12 -04:00
Jeff Mitchell 885cc73b2e Merge branch 'master-oss' into f-vault-service 2016-05-04 17:20:00 -04:00
Jeff Mitchell 99a5b4402d Merge branch 'master-oss' into cubbyhole-the-world 2016-05-04 14:42:14 -04:00
Jeff Mitchell 47a7ada7e8 Fix number of recovery shares output during init 2016-05-03 23:07:09 -04:00
Jeff Mitchell 2bbb39f4af Properly handle sigint/hup 2016-05-03 14:30:58 -04:00
Jeff Mitchell 1ffd5653c6 Add wrap support to API/CLI 2016-05-02 02:03:23 -04:00
Jeff Mitchell 749b60d57d Ensure seal finalizing happens even when using verify-only 2016-04-28 14:06:05 -04:00
Sean Chittenden 0b72906fc3 Change the interface of ServiceDiscovery
Instead of passing state, signal that the state has changed and provide a callback handler that can query Core.
2016-04-28 11:05:18 -07:00
Sean Chittenden aeea7628d6 Add a *log.Logger argument to physical.Factory
Logging in the backend is a good thing.  This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
Sean Chittenden f5183fa506 Collapse UpdateAdvertiseAddr() into RunServiceDiscovery() 2016-04-25 18:01:13 -07:00
Sean Chittenden 3977057cc9 Disable service registration for consul HA tests 2016-04-25 18:01:13 -07:00
Sean Chittenden 1f8397f0a3 Use spaces in tests to be consistent
The rest of the tests here use spaces, not tabs
2016-04-25 18:01:13 -07:00
Sean Chittenden 60006f550f Various refactoring to clean up code organization
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
Sean Chittenden e7f600b4e6 Improve error handling re: homedir expansion
Useful if the HOME envvar is not set because `vault` was launched in a clean environment (e.g. `env -i vault ...`).
2016-04-25 18:01:13 -07:00
Sean Chittenden 6b2c83564e Teach Vault how to register with Consul
Vault will now register itself with Consul.  The active node can be found using `active.vault.service.consul`.  All standby vaults are available via `standby.vault.service.consul`.  All unsealed vaults are considered healthy and available via `vault.service.consul`.  Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)).

Healthy/active:

```
curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty' && echo;
[
    {
        "Node": {
            "Node": "vm1",
            "Address": "127.0.0.1",
            "TaggedAddresses": {
                "wan": "127.0.0.1"
            },
            "CreateIndex": 3,
            "ModifyIndex": 20
        },
        "Service": {
            "ID": "vault:127.0.0.1:8200",
            "Service": "vault",
            "Tags": [
                "active"
            ],
            "Address": "127.0.0.1",
            "Port": 8200,
            "EnableTagOverride": false,
            "CreateIndex": 17,
            "ModifyIndex": 20
        },
        "Checks": [
            {
                "Node": "vm1",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm1",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "passing",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "",
                "ServiceID": "vault:127.0.0.1:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 19
            }
        ]
    }
]
```

Healthy/standby:

```
[snip]
        "Service": {
            "ID": "vault:127.0.0.2:8200",
            "Service": "vault",
            "Tags": [
                "standby"
            ],
            "Address": "127.0.0.2",
            "Port": 8200,
            "EnableTagOverride": false,
            "CreateIndex": 17,
            "ModifyIndex": 20
        },
        "Checks": [
            {
                "Node": "vm2",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm2",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "passing",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "",
                "ServiceID": "vault:127.0.0.2:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 19
            }
        ]
    }
]
```

Sealed:

```
        "Checks": [
            {
                "Node": "vm2",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm2",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "critical",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "Vault Sealed",
                "ServiceID": "vault:127.0.0.2:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 38
            }
        ]
```
2016-04-25 18:01:13 -07:00
Sean Chittenden 230b59f34c Stub out service discovery functionality
Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.
2016-04-25 18:00:54 -07:00
Sean Chittenden 0c23acb818 Comment nits 2016-04-25 18:00:54 -07:00
Jeff Mitchell 8d4e5aacae Change seal test name in command package 2016-04-26 00:12:14 +00:00
Jeff Mitchell 267b13c1ba Merge pull request #1326 from hashicorp/sethvargo/hint_noreauth
Hint that you don't need to run auth twice
2016-04-25 15:43:55 -04:00
Jeff Mitchell 98d09b0dc6 Add seal tests and update generate-root and others to handle dualseal. 2016-04-25 19:39:04 +00:00
Jeff Mitchell 4e53f4b1a4 Use UseNumber() on json.Decoder to have numbers be json.Number objects
instead of float64. This fixes some display bugs.
2016-04-20 18:38:20 +00:00
Jeff Mitchell 055a8e04e4 Change recovery options in init to be 'key'-less 2016-04-18 17:02:07 +00:00
Jeff Mitchell b4620d5d04 Add check against seal type to catch errors before we attempt to use the data 2016-04-15 18:16:48 -04:00
Sean Chittenden 069d9cf021 Fix SIGINT handling.
No signal handler was setup to receive SIGINT.  I didn't investigate to
see if signal(2) mask was setup (ala `SIG_IGN`) or if sigprocmask(2) is
being used, but in either case, the correct behavior is to capture and
treat SIGINT the same as SIGTERM.  At some point in the future these two
signals may affect the running process differently, but we will clarify
that difference in the future.
2016-04-15 10:03:22 -07:00
Jeff Mitchell 119238149b Add Finalize method to seal. 2016-04-14 20:37:34 +00:00
vishalnayak 5c336297ad Provide clarity for output statements of idempotent calls. 2016-04-14 15:46:45 +00:00
vishalnayak b7178846c1 Clarify token-revoke operation 2016-04-14 15:34:01 +00:00
Seth Vargo 54c414abb2
Clarify delete operation
One thing that has been a point of confusion for users is Vault's
response when deleting a key that does not actually exist in the system.
For example, consider:

    $ vault delete secret/foo
    Success! Deleted 'secret/foo'

This message is misleading if the secret does not exist, especially if
the same command is run twice in a row.

Obviously the reason for this is clear - returning an error if a secret
does not exist would reveal the existence of a secret (the same reason
everything on S3 is a 403 or why GitHub repos 404 instead of 403 if you
do not have permission to view them).

I think we can make the UX a little bit better by adding just a few
words to the output:

    $ vault delete secret/foo
    Success! Deleted 'secret/foo' if it existed

This makes it clear that the operation was only performed if the secret
existed, but it does not reveal any more information.
2016-04-14 10:38:10 +01:00
Jeff Mitchell a4ff72841e Check for seal status when initing and change logic order to avoid defer 2016-04-14 01:13:59 +00:00
Seth Vargo 217035d081 Hint that you don't need to run auth twice
This came up twice, in two different training courses. The UX is a
little confusing here on the CLI. Users are used to running:

    $ vault auth abcd-1234...

So when they auth using a method, the output leads them to believe the
need to "re-auth" as the generated token:

    $ vault auth -method=userpass username=foo password=bar
    Successfully authenticated!
    token: defg-5678...

A number of users then run:

    $ vault auth defg-5678

I've added some helpful text to hint this is not required if the method
is not "token".
2016-04-13 19:45:48 +01:00
Jeff Mitchell 759915bb55 Fix panic when using -field with read or write with a non-string value.
Fixes #1308
2016-04-07 22:16:33 +00:00
Sean Chittenden 58846f8eac Reinstall the mlockall(2) command
Requested by: jefferai
2016-04-05 13:58:26 -07:00
Sean Chittenden 47c3202811 Unconditionally warn on systems w/o mlock support
If someone begins using Vault on Windows in dev mode, always hint so that this isn't a surprise when they get to production.
2016-04-05 12:32:53 -07:00
Jeff Mitchell 348be0e50b Remove RevokePrefix from the API too as we simply do not support it any
longer.
2016-04-05 11:00:12 -04:00
Jeff Mitchell 9102b994aa Sync some seal stuff 2016-04-04 13:46:33 -04:00
Jeff Mitchell afae46feb7 SealInterface 2016-04-04 10:44:22 -04:00
Jeff Mitchell 1b7335cf4e Fix up the meta common options text function to not strip leading space and fix up commands 2016-04-01 16:50:12 -04:00
Jeff Mitchell b0888e8af1 Remove config from Meta; it's only used right now with the token helper. 2016-04-01 16:02:18 -04:00