Commit graph

1790 commits

Author SHA1 Message Date
Jeff Mitchell e72890e83f
VSI (#4985) 2018-07-24 22:02:27 -04:00
Olivier Lemasle 4604c00018 State in docs that FoundationDB backend is community supported (#4964) 2018-07-20 09:59:13 -04:00
Peter Vandenabeele db2970623d Fix small typo in Vault website documentation (#4962) 2018-07-20 09:57:16 -04:00
Brian Shumate e2dd0864c4 Add missing telemetry metrics (#4785)
* Add missing telemetry metrics

- Add merkle related telemetry
- Add WAL related telemetry

* additional wal metrics

* Use correct metrics naming
2018-07-19 18:36:55 -04:00
Chris Hoffman 712652c318
Fixing formatting 2018-07-19 10:36:09 -04:00
Chris Hoffman 6a169ab00d
Adding information on required azure permissions (#4956) 2018-07-19 10:24:55 -04:00
Julien Blache c8fb9ed6a8 FoundationDB physical backend (#4900) 2018-07-16 10:18:09 -04:00
Seth Vargo 1259ee6743 Add plugin CLI for interacting with the plugin catalog (#4911)
* Add 'plugin list' command

* Add 'plugin register' command

* Add 'plugin deregister' command

* Use a shared plugin helper

* Add 'plugin read' command

* Rename to plugin info

* Add base plugin for help text

* Fix arg ordering

* Add docs

* Rearrange to alphabetize

* Fix arg ordering in example

* Don't use "sudo" in command description
2018-07-13 10:35:08 -07:00
Seth Vargo a379989da4 Update GCP docs (#4898)
* Consistently use "Google Cloud" where appropriate

* Update GCP docs

This updates the GCP docs to use the new updated fields that will be
present in the next release of the plugin as well as fixes up some
inconsistencies between the GCP docs and other auth method
documentation.
2018-07-11 15:52:22 -04:00
Jeff Mitchell 2322eabc68
Add jwt auth docs (#4891) 2018-07-11 15:08:49 -04:00
Md. Nure Alam Nahid 7b9bedf94d Add additional config keys for swift (#4901)
* Add additional config keys for swift

* Add additional swift config keys in the doc page
2018-07-11 08:29:29 -07:00
Seth Vargo 408fc1eac0 Properly capitalize H in GitHub (#4889)
It's really bothering me, sorry.
2018-07-10 08:11:03 -07:00
Jeff Mitchell 4a3fe87a39
Allow max request size to be user-specified (#4824)
* Allow max request size to be user-specified

This turned out to be way more impactful than I'd expected because I
felt like the right granularity was per-listener, since an org may want
to treat external clients differently from internal clients. It's pretty
straightforward though.

This also introduces actually using request contexts for values, which
so far we have not done (using our own logical.Request struct instead),
but this allows non-logical methods to still get this benefit.

* Switch to ioutil.ReadAll()
2018-07-06 15:44:56 -04:00
Chris Bednarski 514ffac5e2 Added documentation to consul and listener pages explaining how to control Consul's DNS resolution with multiple listeners (#4862) 2018-07-06 08:51:51 -04:00
Calvin Leung Huang 04332f5b3f
Add missing replication props, prettify tables (#4816)
* Add missing request.replication props, prettify tables

* Fix location of replication prop
2018-07-05 16:11:21 -04:00
Chris Hoffman 32c94b2638
Update docs 2018-07-03 08:28:43 -04:00
Brian Shumate 7b106683f0 Clarify policies note (#4832)
- Make it even clearer that "*" is the glob character referred to
2018-07-03 08:27:12 -04:00
Chris Hoffman 6b7d215e7e
Clarify performance replication token handling 2018-06-29 09:32:35 -04:00
Logan Rakai 619dd3c6ed Typo fix (#4822) 2018-06-23 16:34:25 -07:00
Logan Rakai 59b87fae53 Small grammar fix (#4821) 2018-06-22 21:59:39 -07:00
Jeff Mitchell 2410a11156 Add a warning to syslog
Ping #3617
2018-06-22 09:00:07 -04:00
Steven Farage fadb3eb6fd Make documentation match API example (#4809)
Quick and easy change to make the passwords match.
2018-06-21 10:50:02 -07:00
Becca Petrin 73cbbe2a9f Add bound cidrs to tokens in AppRole (#4680) 2018-06-19 22:57:11 -04:00
Calvin Leung Huang 418513bbd9 Be explicit about trailing slash on paths for list capability (#4793) 2018-06-19 12:10:39 -04:00
Laura Uva 4cae4abbab Add example of min_wrapping_ttl and max_wrapping_ttl (#4753) 2018-06-18 19:59:21 -04:00
Jeff Mitchell 762f08eac2 Mention delegating change password privs in ad docs 2018-06-15 17:01:47 -04:00
Jeff Mitchell 164c7225f1 Remove msa info from AD page 2018-06-15 16:55:28 -04:00
Nándor István Krácser d4303bc53e docs: kv 2 is used by default in the dev server only (#4773) 2018-06-15 09:09:27 -04:00
Laura Uva 44e874e06f Update kv v2 documentation to better warn and elaborate on changes needed when upgrading a mount from version 1 to version 2 (customer request) (#4754) 2018-06-13 16:44:15 -07:00
Becca Petrin aa390e0e7e
add link to api docs (#4757) 2018-06-13 09:35:37 -07:00
Pavlos Ratis 49834a3a83 Use shell highlighting in the command snippets (#4736) 2018-06-11 08:46:35 -04:00
Chris Hoffman 611244d337
Update gcpckms.html.md 2018-06-08 17:07:59 -04:00
Chris Hoffman 3a690656ee
fix typo 2018-06-08 17:05:17 -04:00
Chris Hoffman 5d07ff7c7a
Adding Azure Key Vault seal docs (#4728) 2018-06-08 17:04:14 -04:00
Brian Shumate d2519da5ad Tiny formalized edit (#4715) 2018-06-07 06:44:57 -07:00
Kevin Hicks ed7992e8ae update docs and help text to include 'operator' (#4712) 2018-06-06 21:11:21 -07:00
Jeff Mitchell 4b7d2bed01 Transit convergent v3 2018-06-05 18:53:39 -04:00
LeSuisse 809079cac2 Update usage of deprecated commands rekey and rotate in the documentation (#4703) 2018-06-05 12:37:26 -04:00
Nándor István Krácser a36f91101a Fix VAULT_LOG_LEVEL in docs (#4696) 2018-06-05 10:23:32 -04:00
Becca Petrin 6cafb12ff4 be more explicit about names (#4695) 2018-06-04 21:34:17 -04:00
emily 192c228931 Add GCP auth helper (#4654)
* update auth plugin vendoring

* add GCP auth helper and docs
2018-05-29 20:36:24 -04:00
Becca Petrin 606889f005
Docs for the upcoming Active Directory secrets engine (#4612) 2018-05-29 08:49:09 -07:00
Chris Hoffman 43c5030eca
pkcs11 docs updates 2018-05-25 15:39:07 -04:00
Chris Hoffman 3db5a6adaa
updating link 2018-05-22 10:00:20 -04:00
Reid Wiggins 9813794bc2 Add documentation for MySQL 5.6 root rotation (#4584)
The default root rotation statement for MySQL is only valid for 5.7 and
up. This commit adds example documentation for 5.6.

Fixes #4567
2018-05-18 08:56:11 -07:00
Romain Vrignaud 9050bc809b Rename Google Container Engine to Google Kubernetes Engine (#4586) 2018-05-18 08:19:56 -07:00
Jeff Mitchell 124271c1ec
Merge pull request #4580 from tavislikedavis/patch-1
Update policies.html.md
2018-05-17 09:14:35 -07:00
Jeff Mitchell 38f5f5f783
Updated for new syntax 2018-05-17 09:14:12 -07:00
Seth Vargo 21e79035e0 Move UI docs from enterprise to OSS (#4565) 2018-05-17 08:48:10 -07:00
Tavis Wilson 50e05056d3
Update policies.html.md 2018-05-16 14:35:30 -05:00
Jeff Mitchell aa98f33f63 Mention that you can actually rekey when using an HSM 2018-05-13 16:49:42 -04:00
Jeff Mitchell 821d347375 Update HSM documentation and fix GCP docs build 2018-05-13 16:39:22 -04:00
Robbie McKinstry 9765779622 Client side rate limiting (#4421) 2018-05-11 10:42:06 -04:00
Seth Vargo a4fa046730 Update GCP secrets to be example-driven (#4539)
👍
2018-05-10 16:58:22 -04:00
Tyler Marshall 407550bd89 Fix minor spelling mistake (#4548) 2018-05-10 13:42:01 -07:00
Shelby Moore f8e1f82225 Updated proxy protocol config validation (#4528) 2018-05-09 10:53:44 -04:00
Jacob Friedman 64bb0bd58a Updated link for k8s-tokenreview (#4523)
Link for k8s-tokenreview was broken when they released a new version so I went ahead and fixed it.
2018-05-08 13:36:12 -07:00
Chris Hoffman 7c0e590f54
docs update 2018-05-07 16:34:39 -04:00
Chris Hoffman e7bbe6fbed
docs updates 2018-05-07 16:33:38 -04:00
Chris Hoffman 049df3da3e
updating pkcs11 docs (#4520) 2018-05-07 13:50:45 -04:00
Jerome Cheng d180e45cf5 Fix incorrect file path in Token Helper doc (#4499)
Vault stores the token in `~/.vault-token` and not `~/.vault_token`.
2018-05-02 21:56:38 -07:00
Nathan Valentine 608f013bf2 s/aws_region/region/ (#4497)
The correct key name is 'region' as opposed to 'aws_region'.
2018-05-02 14:25:03 -07:00
Fabrizio Cucci cef52dae90 Fix role of example in Kubernetes Auth Method (#4483)
It was `test` but it should be `demo` to be aligned with the example.
2018-05-01 15:04:53 -07:00
Pavlos Ratis cd344bdbb8 [website] fix Markdown formatting on GCP page (#4471) 2018-04-27 09:13:07 -07:00
Jim Kalafut 7f69ff0546 Minor updates to Azure auth docs 2018-04-27 08:47:06 -07:00
emily 8a309e6406 fix docs (#4466) 2018-04-26 16:54:19 -04:00
Jeff Mitchell 0f806d0950 Remove out of date text on HSM rekeying 2018-04-26 10:10:30 -04:00
Jim Kalafut 063c225f97
Fix typo in aws auth docs 2018-04-25 22:57:39 -07:00
Andrew Speed 418be4cb54 Fix authentication example mentioning vault auth but using vault login (#4458) 2018-04-25 14:59:38 -07:00
Chris Hoffman fba759ab97
fix document formatting 2018-04-25 10:16:41 -04:00
Chris Hoffman 2d05034dd3
Seal Rotation Docs (#4449)
* wip docs

* adding docs

* removing vendor supported mechanism
2018-04-25 09:59:06 -04:00
Becca Petrin 639dc005ee
uppercase Vault in plugin doc (#4442) 2018-04-24 10:41:37 -07:00
Jeff Mitchell 0882e5afb6 Update audit text to make it clear that audit logs are for authenticated interactions 2018-04-23 10:49:32 -04:00
Malhar Vora 45fe086107 Corrects description for mode option in ssh command (#4420)
Fixes #4375
2018-04-22 13:42:46 -04:00
Malhar Vora 739362b081 Correct typo in Kubernetes auth backend docs
Resolve small typo in Configuring Kubernetes section in Kubernetes Auth Backend
documentation.

Fixes #4417
2018-04-21 19:37:59 -07:00
Jeff Mitchell 6d95b4d266
Add the ability to restrict token usage by IP. Add to token roles. (#4412)
Fixes #815
2018-04-21 10:49:16 -04:00
Alvin Huang 84ffdbb7b5 remove redundant 'Vault' in approle docs (#4405) 2018-04-20 09:55:15 -04:00
Vishal Nayak 5fa9e4ca5c
phys/consul: Allow tuning of session ttl and lock wait time (#4352)
* phys/consul: allow tuning of session ttl and lock wait time

* use parseutil

* udpate docs
2018-04-18 13:09:55 -04:00
Jeff Mitchell 805b5e5160
X-Forwarded-For (#4380) 2018-04-17 18:52:09 -04:00
Laura Uva 2ae6d614b8 Add mode to the examples under automation steps (#4374) 2018-04-17 13:47:41 -04:00
Jerome Cheng a82a612e2c Fix indentation of code block in Consul Secrets Engine docs (#4350)
The indentation of the code block in the Consul Secrets Engine doc was
removed in #4224, but the closing backticks remained indented one level,
resulting in the block swallowing all text after it. Removing the
indentation from the closing backticks fixes this.
2018-04-13 09:55:35 -04:00
Peter Souter 28f6d65032 Remove Enterprise Only flag (#4337) 2018-04-11 14:27:58 -04:00
Matthew Irish 2f43a20ebe
fix broken link (#4329) 2018-04-10 11:11:38 -05:00
Brian Kassouf a8b8ca136e
KV: Update 'versioned' naming to 'v2' (#4293)
* Update 'versioned' naming to 'v2'

* Make sure options are set

* Fix description of auth flag

* Review feedback
2018-04-09 09:39:32 -07:00
Chris Hoffman 19f9f6ee89
Root Credential Rotation Docs (#4312)
* updating root credential docs

* more docs updates

* more docs updates
2018-04-09 12:20:29 -04:00
Chris Hoffman cbcf31c570
remove token from curl request for login paths (#4303) 2018-04-06 18:10:59 -04:00
Andy Manoske 9c1db25639
Update index.html.md 2018-04-05 15:16:28 -07:00
Seth Vargo a90467289a Rename Google things to say "Google", update telemetry (#4267) 2018-04-04 10:37:44 -04:00
Brian Kassouf 62ce5ec91d
Versioned K/V docs (#4259)
* Work on kv docs

* Add more kv docs

* Update kv docs

* More docs updates

* address some review coments
2018-04-03 23:22:41 -07:00
Roy Sindre Norangshol a9c717b44e project is now project_id (#4251)
Verified both via vault CLI and direct curl'ing towards API endpoints.
2018-04-03 17:11:47 -04:00
Vishal Nayak 032ca979dc
move identity docs from ent docs to oss (#4235) 2018-04-01 13:59:43 -04:00
LeSuisse cdd7cc1635 Update usage of the deprecated generated-root command in the documentation (#4232) 2018-03-31 11:17:08 -04:00
Seth Vargo b48a9878e7 Add HA support to the Google Cloud Storage backend (#4226) 2018-03-30 12:36:37 -04:00
Brian Shumate bf1b8709a6 Update Consuls Secrets quick start (#4224)
- Fix typo in role name
- Drop ordered list formatting on get credential example
2018-03-30 10:46:05 -04:00
Jon Benson d1b0d6efb3 Update mfa-totp.html.md (#4220) 2018-03-29 16:51:13 -04:00
Jeff Mitchell 2f90e0c2e1 Merge branch 'master-oss' into 0.10-beta 2018-03-27 12:40:30 -04:00
vishalnayak 37153482be docs: update aws ec2 auth step 2018-03-26 17:26:48 -04:00
Jeff Mitchell e8fc0a11ce Remove a few more vault.rocks usages 2018-03-26 15:02:22 -04:00
Wilhelmina Drengwitz a10f02ef7b Add general recommendation for the api_addr config value (#4198)
We ran into some confusion about what we should be setting the api_addr config value to. I feel this general recommendation should nudge any others into a better understanding of what this value should point to.
2018-03-26 13:46:54 -04:00
Jeff Mitchell 65d8eb0914 Add more docs around list paths in policies.
CC #4199
2018-03-26 11:30:58 -04:00
Seth Vargo 0b827774ae Drop vault.rocks (#4186) 2018-03-23 11:41:51 -04:00
Chris Hoffman b7ef4a3a6f
adding Azure docs (#4185)
Adding Azure Auth Method docs
2018-03-22 18:28:42 -04:00
Jim Kalafut 7842557e62 Fix minor docs and help text issues (#4184) 2018-03-22 09:29:59 -04:00
Brian Kassouf 3324d6dd12 Add kv backend (#4181) 2018-03-21 22:56:52 -04:00
emily f9b6f4b1c5 Docs for Vault GCP secrets plugin (#4159) 2018-03-21 15:02:38 -04:00
Josh Soref 73b1fde82f Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell 9e46f0f84a Explicitly call out that we use aes-256 gcm-96 for the barrier.
Fixes #2913
2018-03-19 19:53:12 -04:00
Roger Berlind 753f8a8545 Fixed broken k8s TokenReview API link (#4144) 2018-03-17 21:23:41 -04:00
immutability 04d1202426 Plugins need setcap too for syscall mlock (#4138) 2018-03-16 06:05:01 -07:00
Jim Kalafut 3f1ed4eb0d Fix description of parameter value globbing (#4131) 2018-03-14 17:03:00 -04:00
Edward Z. Yang ac98730578 Vault user needed to use STS Federation Tokens (#4108)
If you try to use role authorization to get an STS token, you'll get this error:

* Error generating STS keys: AccessDenied: Cannot call GetFederationToken with session credentials
2018-03-14 10:24:29 -04:00
Malte a0776eb703 Fix typo in recommended vault auth iam policy (#4128)
The resource arn for the `sts:AssumeRole` action is missing a `:` for the region and therefore invalid.
2018-03-14 03:45:21 -04:00
Brian Shumate bbd4d7ab4c Docs: grammatical clarification around community supported note (#4122) 2018-03-13 10:32:28 -04:00
Jeff Mitchell 9d2a0dc31f Update text around default policy to make it clear that it is user-modifiable 2018-03-08 15:48:11 -05:00
Jim Kalafut 079de043e3 Fix instruction in installation docs (#4097) 2018-03-08 11:02:04 -05:00
Aleksandar a8304e5d4d Add the chunk_size optional parameter to gcs storage (#4060) 2018-03-05 08:32:48 -05:00
Mike eb1c2b0732 Correct endpoint's path in Doc (#4074)
Fix typo in endpoint's path
2018-03-05 07:41:53 -05:00
Jim Kalafut ef4537e5d4 Change "mount" to "secrets enable" in docs 2018-03-02 12:54:28 -08:00
Joel Thompson e4949d644b auth/aws: Allow lists in binds (#3907)
* auth/aws: Allow lists in binds

In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
2018-03-02 11:09:14 -05:00
Andy Manoske 942aa9bbdc
Update index.html.md
Updated for Unbound
2018-02-28 16:20:54 -08:00
Jeff Mitchell 20157fd56a Fix broken link on Consul docs 2018-02-26 13:28:15 -05:00
chris trott 78df6a630e Configurable Consul Service Address (#3971)
* Consul service address is blank

Setting an explicit service address eliminates the ability for Consul
to dynamically decide what it should be based on its translate_wan_addrs
setting.

translate_wan_addrs configures Consul to return its lan address to nodes
in its same datacenter but return its wan address to nodes in foreign
datacenters.

* service_address parameter for Consul storage backend

This parameter allows users to override the use of what Vault knows to
be its HA redirect address.

This option is particularly commpelling because if set to a blank
string, Consul will leverage the node configuration where the service is
registered which includes the `translate_wan_addrs` option. This option
conditionally associates nodes' lan or wan address based on where
requests originate.

* Add TestConsul_ServiceAddress

Ensures that the service_address configuration parameter is setting the
serviceAddress field of ConsulBackend instances properly.

If the "service_address" parameter is not set, the ConsulBackend
serviceAddress field must instantiate as nil to indicate that it can be
ignored.
2018-02-23 11:15:29 -05:00
Yoko 5389550cdc
Changed the layout category menu (#4007)
* Changed the layout category menu

* Fixed typos

* Fixed a typo, and removed the duplicated generate-root guide

* Fixed the redirect.txt
2018-02-22 16:24:01 -08:00
Jeff Mitchell 2dda3f6363 Make docs around regenerate_key more specific 2018-02-22 09:09:20 -05:00
Jeff Mitchell c2ae25d588 Update PKCS11 seal information 2018-02-21 09:05:36 -05:00
Jeff Mitchell 857cdaeb2b Add some info about cert reloading behavior on SIGHUP
CC #3990
2018-02-15 17:11:48 -05:00
Seth Vargo cd930b1173 Add support for Google Cloud Spanner (#3977) 2018-02-14 20:31:20 -05:00
Jeff Mitchell 35906aaa6c
Add ChaCha20-Poly1305 support to transit (#3975) 2018-02-14 11:59:46 -05:00
Nick 11f197dfa5 Update lease.html.md (#3759) 2018-02-14 09:44:34 -05:00
Brian Shumate e6bf69b96b DOCS: update Telemetry with more coverage (#3968)
- Add initial secrets engines metrics
- Update metrics types/values
- Update language for auth methods, secrets engines, audit devices
- Add more linking to relevant documentation
2018-02-14 09:39:51 -05:00
Brian Shumate bbc196a6e5 Clarify with example of file-backend specific metrics (#3913) 2018-02-13 11:04:11 -05:00
Brian Shumate 492b3e2277 DOCS: update Telemetry (#3964)
- Correct time to millis
- Correct storage backend summaries from # ops to duration of ops
2018-02-13 10:15:19 -05:00
Paul Stack 3c683dba92 Adding Manta Storage Backend (#3720)
This PR adds a new Storage Backend for Triton's Object Storage - Manta

```
make testacc TEST=./physical/manta
==> Checking that code complies with gofmt requirements...
==> Checking that build is using go version >= 1.9.1...
go generate
VAULT_ACC=1 go test -tags='vault' ./physical/manta -v  -timeout 45m
=== RUN   TestMantaBackend
--- PASS: TestMantaBackend (61.18s)
PASS
ok  	github.com/hashicorp/vault/physical/manta	61.210s
```

Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store

Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value

The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta
will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value`

The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
2018-02-12 18:22:41 -05:00
Calvin Leung Huang 60732577f5
CLI Enhancements (#3897)
* Use Colored UI if stdout is a tty

* Add format options to operator unseal

* Add format test on operator unseal

* Add -no-color output flag, and use BasicUi if no-color flag is provided

* Move seal status formatting logic to OutputSealStatus

* Apply no-color to warnings from DeprecatedCommands as well

* Add OutputWithFormat to support arbitrary data, add format option to auth list

* Add ability to output arbitrary list data on TableFormatter

* Clear up switch logic on format

* Add format option for list-related commands

* Add format option to rest of commands that returns a client API response

* Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead

* Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead

* Remove -no-color flag, use env var exclusively to toggle colored output

* Fix compile

* Remove -no-color flag in main.go

* Add missing FlagSetOutputFormat

* Fix generate-root/decode test

* Migrate init functions to main.go

* Add no-color flag back as hidden

* Handle non-supported data types for TableFormatter.OutputList

* Pull formatting much further up to remove the need to use c.flagFormat (#3950)

* Pull formatting much further up to remove the need to use c.flagFormat

Also remove OutputWithFormat as the logic can cause issues.

* Use const for env var

* Minor updates

* Remove unnecessary check

* Fix SSH output and some tests

* Fix tests

* Make race detector not run on generate root since it kills Travis these days

* Update docs

* Update docs

* Address review feedback

* Handle --format as well as -format
2018-02-12 18:12:16 -05:00
Jeff Mitchell 4969505c7e
Add transaction-like behavior for Transit persists. (#3959) 2018-02-12 17:27:28 -05:00
Jeff Mitchell db8772f15e Minor website wording updates 2018-02-12 15:28:06 -05:00
Jeff Mitchell 5a047fba68 Document the disable_sealwrap parameter 2018-02-12 15:20:07 -05:00
alexandrumd 56f0ff4293 Change 'rules' parameter for Policies requests (#3947)
With Vault Version: 0.9.1, the following is returned when using "rules" for policies operation:
```The following warnings were returned from the Vault server:
* 'rules' is deprecated, please use 'policy' instead```
2018-02-09 07:43:18 -05:00
Roger Berlind 07f587dd05 Updated replication table (#3929) 2018-02-08 18:11:00 -05:00
Chris Hoffman d723479b32
Fixing docs links and adding redirects for new guides (#3939)
* updating links

* updating links

* updating links

* updating links

* updating links

* adding redirects
2018-02-07 19:29:07 -05:00
cikenerd e7973773ac Update etcd storage doc (#3753) 2018-02-06 11:00:00 -05:00
Jeff Mitchell 193278f9a4 Minor grammatical update to MFA doc 2018-02-05 12:26:16 -05:00
Jeff Mitchell 0255d4ca10 Make the MFA support status more clear for the legacy system 2018-02-04 19:25:27 -05:00
Vishal Nayak 01b1b9ff6d
docs/telemetry: remove merge conflict remnant (#3882)
* remove merge conflict remnant

* s/auth/authentication
2018-02-01 12:09:58 -05:00
Brian Shumate a7049247d9 Correct cofiguration option in example (#3879) 2018-01-31 13:41:31 -05:00
Jack Pearkes a2f0f0a8e5 website: add note about the 0.9.2+ CLI changes to reduce confusion (#3868)
* website: add note about the 0.9.2+ CLI changes to reduce confusion

* website: fix frontmatter for 0.9.3 guide, add to guides index

* website: add overview title to 0.9.3 guide for spacing
2018-01-30 13:30:47 -05:00
Chris Bartlett c7580b2961 #3850 Fixed documentation for aws/sts ttl (#3851) 2018-01-25 22:20:30 -05:00
Paweł Słomka b994e83c65 Cleanup of deprecated commands in tests, docs (#3788) 2018-01-15 15:19:28 -05:00
Vishal Nayak 8ef51c0065
Delete group alias upon group deletion (#3773) 2018-01-11 10:58:05 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jon Davies 66e2593ef9 s3.go: Added options to use paths with S3 and the ability to disable SSL (#3730) 2018-01-03 12:11:00 -05:00
Didi Kohen 089a0793bd Clarify that keybase is supported only in the CLI (#3744) 2018-01-03 11:18:38 -05:00
Alexandre Nicastro 19b4062801 docs: fix typo (change 'a' to 'an' - indefinite article) (#3741) 2018-01-03 10:47:15 -05:00
Brian Shumate 4a9333b076 Docs: Updated Telemetry documentation (#3722) 2017-12-26 13:51:15 -05:00
Brian Shumate bbf1c67d80 Update backend config docs - addresses #3718 (#3724) 2017-12-26 13:48:45 -05:00
Jeff Mitchell 1a2eba5f87 Port website changes from ent side 2017-12-21 09:00:35 -05:00
Roger Berlind 27cdb42258 Added example for Azure SQL Database (#3700) 2017-12-18 13:55:56 -05:00
Jeff Mitchell 77a7c52392
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
James Nugent e320d0580a physical/dynamodb: Clarify ha_enabled type (#3703)
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.

While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
2017-12-18 09:30:29 -05:00
James Nugent 618b52d72d docs: Add correct method for mlock on systemd (#3704)
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
2017-12-18 09:29:37 -05:00
Chris Hoffman ef56322369 Merge remote-tracking branch 'oss/master' into f-nomad
* oss/master:
  Add support for encrypted TLS key files (#3685)
2017-12-15 19:51:28 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Jeff Mitchell b478ba8bac
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Brian Shumate d5d265956d Docs: fix typo in libtool ltdl name and link to avoid confusion and note about arch (#3644) 2017-12-11 13:42:19 -05:00
Brian Shumate a8932fbcbd Docs: Update PKI URL config examples to FQDN — addresses #3606 (#3647) 2017-12-11 13:25:59 -05:00
Brian Shumate 07a0d25aeb Docs: Update PKI output examples - addresses #3606 (#3628) 2017-12-11 11:57:07 -05:00
Brad Sickles 295e11d40d Adding mfa support to okta auth backend. (#3653) 2017-12-07 14:17:42 -05:00
Brian Shumate a0d1092420 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Brian Kassouf 34f5d1e637 Remove the note about GKE from the Kubernetes docs (#3658) 2017-12-06 13:38:00 -05:00
Calvin Leung Huang 8f87854b86
Clarify api_addr related errors on VaultPluginTLSProvider (#3620)
* Mention api_addr on VaultPluginTLSProvider logs, update docs

* Clarify message and mention automatic api_address detection

* Change error message to use api_addr

* Change error messages to use api_addr
2017-12-05 12:01:35 -05:00
Jeff Mitchell e301ebe91b
Update secrets page
Fixes #3623
2017-12-04 12:05:34 -05:00
Chris Hoffman b17fb19b52 Expanding on the quick start guide with how to set up an intermediate authority (#3622) 2017-12-04 11:23:58 -05:00
Brian Shumate ac69680d7b Docs: mlock() notes, fixes #3605 (#3614) 2017-12-04 10:56:16 -05:00
Marc Sensenich 92f937c021 Remove Trailing White space in Kubernetes Doc (#3360)
Removed a trailing white space from which caused `Error loading data: Invalid key/value pair ' ': format must be key=value` if copying the example

```
vault write auth/kubernetes/role/demo \
    bound_service_account_names=vault-auth \
    bound_service_account_namespaces=default \
    policies=default \
    ttl=1h
```
2017-12-02 14:12:39 -05:00
Nicolas Corrarello b3799697a2
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello a6d3119e3e
Pull master into f-nomad
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:56:37 +00:00
Laura Uva 3b5cbe54fd Added clarification to KV documentation about default CLI behavior and how to preserve non-string type values (#3596) 2017-11-27 11:43:49 -05:00
Brian Shumate fa4af18b73 Docs: policy update for multiple policies, fixes #3611 (#3613) 2017-11-27 09:54:38 -05:00
mariachugunova 89a0919250 Fix typo in s3 storage backend docs (#3603) 2017-11-23 13:28:33 -08:00
Jeff Mitchell 141548fb33 Add now-necessary mfa import to sentinel MFA example 2017-11-14 21:42:43 -05:00
Brian Kassouf 85a5a75835
Add token_reviewer_jwt to the kubernetes docs (#3586) 2017-11-14 13:27:09 -08:00
Vishal Nayak 3c7f194797
Doc: Add groups to identity concepts (#3581)
* Add groups to the concepts page

* s/pulled-in and pulled-out/synced against

* Remove double spaces
2017-11-14 13:27:49 -05:00
Seth Vargo 68052f18d0
Flip seal pages upside down to put examples first 2017-11-14 13:12:35 -05:00
Seth Vargo 4efcfe03d1
Add an auto-unseal page to the docs
This helps with SEO and also is where I'd expect auto unsealing to be referenced.
2017-11-14 13:12:20 -05:00
Jeff Mitchell 8ba71a67e5 Minor website wording updates 2017-11-14 12:34:28 -05:00
Jeff Mitchell 40e3883788 Fix some broken links 2017-11-14 12:32:03 -05:00
Jeff Mitchell 7ac167f8a4 Sync docs 2017-11-14 06:13:11 -05:00
Vishal Nayak 5d976794d4
API refactoring and doc updates (#3577)
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
2017-11-13 20:59:42 -05:00
Brian Shumate 697a506b7b DOCS: Update telemetry docs - fixes #3557 (#3571) 2017-11-13 09:58:04 -05:00
Calvin Leung Huang 87feab4492
Docs update related to new top-level config values (#3556)
* Add new top level config value docs, add VAULT_API_ADDR, purge old references

* Fix indentation

* Update wording on ha.html

* Add section on split data/HA mode

* Fix grammar
2017-11-10 20:06:07 -05:00
James Soubry f2a98cc662 Fix curl commands (#3558)
Curl commands require HCL within JSON to work.
2017-11-09 10:16:09 -05:00
Joel Thompson 2c8cd19e14 auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Jonathan Freedman 4109473134 More Mount Conflict Detection (#2919) 2017-11-06 15:29:09 -05:00
Jason Antman af649c60d0 Add third party tools list to website (#3488) 2017-11-06 12:11:02 -05:00
Nicolas Corrarello 5a317a1a32
Updated documentation 2017-11-06 15:13:50 +00:00
Vishal Nayak 06923430cc
docs: s/persona/alias (#3529) 2017-11-03 11:17:59 -04:00
Chris Hoffman 3d8d887676
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Nicolas Corrarello d540985926 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Nicolas Corrarello 0fc65cabc7 Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00
Nathan Valentine 0345dca20f Should these names not reference Vault? (#3506)
Since we are in the Vault docs, should these names not reference Vault instead of Nomad?
2017-10-30 11:04:38 -05:00
Vishal Nayak b16084fdaf aws-ec2: Avoid audit logging of custom nonces (#3381) 2017-10-27 11:23:15 -04:00
smeach c575435040 Updated cli arg to reflect text description (#3487) 2017-10-27 09:44:56 -05:00
AJ Bourg a71add2973 Add a doc for the token helper (#3411)
* Add token helper docs.

* Update it so the new token helpers page appears in the navigation.
2017-10-27 09:42:33 -05:00
Seth Vargo 83b1eb900a
More naming cleanup 2017-10-24 09:35:03 -04:00
Seth Vargo 6c1411447c
Remove more references to auth backend 2017-10-24 09:34:12 -04:00
Seth Vargo 926ca5c125
Update k8s documentation 2017-10-24 09:34:12 -04:00
Seth Vargo 51a27b758b
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo c5665920f6
Standardize on "auth method"
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
2017-10-24 09:32:15 -04:00
Seth Vargo 3bbeace911
Audit backend -> device 2017-10-24 09:30:52 -04:00
Seth Vargo aa34fb17c7
Absorb help and read-write into index 2017-10-24 09:30:52 -04:00
Seth Vargo 162c525159
Add "write" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 6fa133852e
Add "unwrap" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4d80ccbb4c
Add "token" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 51e185b9a2
Add "status" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 4634949b9b
Add "ssh" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo a106350950
Add "server" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo 28fa271c4e
Add "secrets" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo bcf6657e9c
Add "read" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo c743167f4c
Add "policy" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 54f8e0adb2
Update "path-help" documentation 2017-10-24 09:30:51 -04:00
Seth Vargo f48bc06d93
Add "operator" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo a81ff9a97c
Add "login" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 50d6c9a642
Add "list" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 57c0d53121
Add "lease" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo d31bccccdf
Add "delete" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 48e84342c2
Add "auth" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 0fa0a5ca41
Add "audit" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 3c43409e6c
Add "token revoke" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 6d150b5228
Add "token renew" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo cac3515379
Add "token lookup" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo ffe608d535
Add "token create" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 61edbf3325
Add "token capabilities" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 529b9bd224
Add "secrets tune" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo 40b8f3c204
Add "secrets move" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo f2bbb3cc18
Add "secrets list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c782b25e7c
Add "secrets enable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 087a87c59e
Add "secrets disable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 6995d1e06b
Add "policy write" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 79b3f7d8fe
Add "policy read" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo e29e78eb7d
Add "policy list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 6522bd12d5
Add "policy fmt" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo b735d70922
Add "policy delete" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c9d74f77e4
Add "operator unseal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo f15eddf299
Add "operator step-down" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c62de019dd
Add "operator seal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c2f31c503a
Add "operator rotate" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 310d4adc87
Add "operator rekey" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo 83df4a8c4c
Add "operator key-status" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo c35d67c9e3
Add "operator init" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo ed15b273ca
Add "operator generate-root" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo baf2edbc57
Add "lease revoke" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo a1de44f93c
Add "lease renew" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 21e74d73dd
Add "auth tune" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 7d880e3154
Add "auth list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 01780e9b75
Add "auth help" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo e04fb8423a
Add "auth enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 95af51f279
Add "auth disable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 89e23d0e84
Add "audit list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo 04ee9ce40a
Add "audit enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo fd2a12bce4
Add "audit disable" command documentation 2017-10-24 09:30:49 -04:00
Chris Hoffman df29bc4fc0 updating mssql docs (#3477) 2017-10-19 11:21:29 -04:00
Brian Shumate d150f374fd Match plugin name from releases (#3453) 2017-10-19 11:10:42 -04:00
Brian Kassouf fdd76563eb Add a note about the instant client libraries (#3434)
* Add a note about the instant client libraries

* Update oracle.html.md
2017-10-12 09:40:06 -04:00
emily cbe41b590f add GCP APIs that need to be enabled to GCP auth docs, small doc fixes (#3446) 2017-10-11 09:18:32 -04:00
Nicolas Corrarello 3380fd647d Adding Nomad docs to the nav. Minor cosmetics fixes 2017-10-06 16:03:06 +01:00
David Dixon cfd27317d8 Small typo corrections for policies doc (#3413) 2017-10-06 09:38:00 -04:00
Oluwafemi Sule b6ec6351af fix spellings errors (#3400) 2017-09-29 11:52:42 -04:00
Alex Dadgar f56e191020 Fix spelling errors (#3390) 2017-09-28 07:54:40 -04:00
Brian Kassouf b1db3765ca Kubernetes Docs Update (#3386)
* Update Kubnernetes Docs

* Add a note about alpha clusters on GKE

* Fix JSON formatting

* Update kubernetes.html.md

* Fix a few review comments
2017-09-27 14:02:18 -07:00
Jeff Mitchell 17a15cd594 Add option to disable client certificate requesting. (#3373)
Fixes #3372
2017-09-25 14:41:46 -04:00
Nicolas Corrarello 5178e5f5f2 Adding Nomad secret backend documentation 2017-09-20 17:31:28 -05:00
Dave Pedu 19e4d8b6c3 Spelling fix (#3351) 2017-09-19 15:25:39 -04:00
Brian Kassouf 9b0d594d02 Kubernetes auth (#3350)
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a9427bcde7e73cea41dea19d0922f94789.

* Update the vendored directory
2017-09-19 09:27:26 -05:00
emily ed3d75d0b1 Add GCE docs for GCP Auth Backend (#3341) 2017-09-19 07:44:05 -05:00
Bruno Miguel Custódio 2abddb248e Fix a few quirks in the GCP auth backend's docs. (#3322) 2017-09-19 07:41:41 -05:00
Vishal Nayak e99640f462 Add 'pid_file' config option (#3321)
* add pid_file config option

* address review feedback

* address review comments
2017-09-16 17:09:37 -04:00
Chris Hoffman 1029ad3b33 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman a2d2f1a543 Adding support for base_url for Okta api (#3316)
* Adding support for base_url for Okta api

* addressing feedback suggestions, bringing back optional group query

* updating docs

* cleaning up the login method

* clear out production flag if base_url is set

* docs updates

* docs updates
2017-09-15 00:27:45 -04:00
Chris Hoffman 9d73c81f38 Disable the sys/raw endpoint by default (#3329)
* disable raw endpoint by default

* adding docs

* config option raw -> raw_storage_endpoint

* docs updates

* adding listing on raw endpoint

* reworking tests for enabled raw endpoints

* root protecting base raw endpoint
2017-09-15 00:21:35 -04:00
Chris Hoffman 2e60b20eae update enterprise urls /docs/vault-enterprise -> /docs/enterprise (#3333) 2017-09-13 15:37:40 -04:00
Bruno Miguel Custódio 886a0acee6 Fix navigation and prameters in the 'gcp' auth backend docs. (#3317) 2017-09-11 15:26:24 -04:00
Adam Duke a3f97c5e3e fix typo in policies documentation (#3302) 2017-09-07 11:55:24 -04:00
Jeff Mitchell 9578361513 Massive update to response-wrapping concept page 2017-09-01 08:32:55 -04:00
Jeff Mitchell 8acef196a8 Add 'discard' target to file audit backend (#3262)
Fixes #seth
2017-08-30 19:16:47 -04:00
Joel Thompson caf90f58d8 auth/aws: Allow wildcard in bound_iam_principal_id (#3213) 2017-08-30 17:51:48 -04:00
stephan stachurski e396d87bc5 add support to use application default credentials to gcs storage backend (#3257) 2017-08-30 15:42:02 -04:00
Seth Vargo 9f80099fae
Remove fake news about custom plugins
This also adds a redirect from the old page to the new one
2017-08-30 12:57:45 -04:00
Christopher Pauley eccbb21ce8 stdout support for file backend via logger (#3235) 2017-08-29 14:51:16 -04:00
Brian Kassouf 23089dafbc Add basic autocompletion (#3223)
* Add basic autocompletion

* Add autocomplete to some common commands

* Autocomplete the generate-root flags

* Add information about autocomplete to the docs
2017-08-24 15:23:40 -07:00
Serg 66b178f969 Update index.html.md (#3233) 2017-08-24 10:08:35 -04:00
Seth Vargo ec9e187ce4 Thread stderr through too (#3211)
* Thread stderr through too

* Small docs typo
2017-08-21 17:23:29 -04:00
Seth Vargo 1f45a6c96e Addd more SSH CA troubleshooting (#3201)
* Add notes about pty and other permit-* extensions

* Update troubleshooting

* Add an example of JSON for sign

* Fix a bug about what keys to push up
2017-08-21 17:22:54 -04:00
Calvin Leung Huang 73fd103456 Update gcp auth backend docs (#3209)
* Update gcp auth backend docs

* Minor formatting and wording fixes

* Minor formatting fixes
2017-08-18 16:25:52 -04:00
Seth Vargo b4bec62d47
Typo fix 2017-08-16 18:38:35 -04:00
Seth Vargo 7b1e013511
Refactor SSH CA backend docs 2017-08-16 18:38:35 -04:00
Brian Kassouf 406396603a Fix a few links (#3188) 2017-08-16 10:27:12 -07:00
Jeff Mitchell bbcbe1f6d5 Fix ping docs location 2017-08-16 12:57:31 -04:00
emily 31a994e452 Initial GCP auth backend documentation (#3167) 2017-08-15 22:03:04 -04:00
Jeff Mitchell 0c2c078e48 Add PingID MFA docs (#3182) 2017-08-15 22:01:34 -04:00
Brian Kassouf 89b81bcb4c Oracle plugin docs (#3131)
* Add oracle database docs

* Add oracle database docs

* Fix commas in json output

* Update oracle.html.md
2017-08-15 17:24:01 -07:00
Andy Manoske bc7d77c83f Update index.html.md
Updated replication docs for DR
2017-08-14 19:02:02 -07:00
Jeff Mitchell 035d37cd36 Fix hanadb link 2017-08-14 13:04:26 -04:00
Lucas Vasconcelos Santana ea2d4c7d55 add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Lucas Vasconcelos Santana 914fab79ce add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Seth Vargo 8ee362744b Break SSH types into their own pages (#3157)
@jefferai and I discussed this on Friday. With three fully-documented
SSH backends, the page is lengthy, ungreppable, and intimidating. This
commit separates the SSH backends into their own pages with as little
text changes as possible.
2017-08-14 10:49:41 -04:00
Seth Vargo 0274a0f639 Rename database plugins for SEO (#3156)
When we "nest" like this, it's important to use a common suffix,
"Database Secret Backend" in this case, so that the SEO minions can
properly group search results for end users.
2017-08-14 10:46:39 -04:00
Jeff Mitchell 75bc43e961 Update github comment 2017-08-11 17:03:18 -04:00
Seth Vargo d931a2fa85 Remove references to VSI (#3143)
Andy approved
2017-08-10 20:47:59 -04:00
Issac 07dc10cdc8 Add TLS config to skeleton plugin (#3137) 2017-08-09 11:41:17 -07:00
vishalnayak c88db7b185 docs: Add API section for MFA docs 2017-08-09 13:26:29 -04:00
vishalnayak 0a0e697e05 docs: fix broken link 2017-08-09 13:17:56 -04:00
vishalnayak 254c1b6ae0 docs: Added identity concepts 2017-08-09 13:08:05 -04:00
vishalnayak 9844475b64 docs: Add X-Vault-MFA to the list of env vars 2017-08-09 11:31:30 -04:00
Chris Hoffman e3e5be4617 API Docs updates (#3135) 2017-08-09 11:22:19 -04:00
Jeff Mitchell d8a3bccb43 Fix cassandra doc link 2017-08-09 10:32:03 -04:00
Vishal Nayak 6d6e84f804 docs: MFA usage details (#3133) 2017-08-08 23:48:31 -04:00
Jeff Mitchell 5cb3a79568 Add an extra sentence to the github warning 2017-08-08 21:10:15 -04:00
Calvin Leung Huang 95af5bf6c7 Add plugin backends docs (#3125)
* Add docs on plugins/backend/reload, add plugin backend guide

* Fix docs headers

* Fix API endpoint description

* Update plugin guide and internals pages
2017-08-08 12:39:19 -04:00
Chris Hoffman 191d48f848 API Docs updates (#3101) 2017-08-08 12:28:17 -04:00
Jeff Mitchell accba5287c Add a note about GitHub auth backend security 2017-08-08 10:26:05 -04:00
Paulo Ribeiro 1e3c74862e Fix minor grammatical error (#3110) 2017-08-04 11:08:49 -04:00
Jeff Mitchell 65d7face69 Merge branch 'master-oss' into issue-2241 2017-08-03 07:41:34 -04:00
Gobin Sougrakpam 8e01c994bf tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Jeff Mitchell 7e3ff5e56c Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Minkyu Kim 68fd01e3fc Fix outdated documentation about AWS STS credentials (#3093) (#3094) 2017-08-02 11:18:35 -04:00
Jeff Mitchell 4885b3e502 Use RemoteCredProvider instead of EC2RoleProvider (#2983) 2017-07-31 18:27:16 -04:00
Brian Rodgers d8e47e6f79 docs: Added text to clarify that root does not refer to AWS root creds (#2950) 2017-07-31 17:31:44 -04:00
Oliver Beattie e5a3156429 Fix docs to use new style 2017-07-31 15:24:08 +01:00
Filipe Varela a5a480551c Makes naming consistent w/ other storage backends (ie: etcd) 2017-07-31 15:18:07 +01:00
Filipe Varela b0446a2b25 Adds docs for new configuration options 2017-07-31 15:18:06 +01:00
Oliver Beattie 3919f38bd5 Add a (basic) Cassandra storage backend 2017-07-31 15:18:01 +01:00
James Phillips 0ab5b0e26b Fixes a typo in the VSI doc. (#3047) 2017-07-26 12:18:52 -04:00
Jeremy Voorhis 87d4014b6b s/alterate/alternate/ (#3056) 2017-07-26 11:44:06 -04:00
Vishal Nayak a80d7fb9c8 docs: Identity Store (#3055) 2017-07-25 18:33:17 -04:00
Chris Hoffman 2aa02fb3f0 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Calvin Leung Huang bb54e9c131 Backend plugin system (#2874)
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
Joel Thompson 3704751a8f Improve sts header parsing (#3013) 2017-07-18 09:51:45 -04:00
Gobin Sougrakpam 2ddbc4a939 Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT (#3022) 2017-07-18 09:48:31 -04:00
Andy Manoske d82f231753 Update configuration.html.md (#3029) 2017-07-17 14:37:32 -04:00
Jeff Mitchell 4387871bca Add max_parallel to mssql and postgresql (#3026)
For storage backends, set max open connections to value of max_parallel.
2017-07-17 13:04:49 -04:00
Seth Vargo ce1808f77d Update Policies and Auth concepts pages (#3011) 2017-07-14 11:15:22 -04:00
Jeff Mitchell 8903f68bf6 Reformat some wrapping docs 2017-07-13 19:02:15 -04:00
Tony Cai 07088fe8a0 Added HANA database plugin (#2811)
* Added HANA dynamic secret backend

* Added acceptance tests for HANA secret backend

* Add HANA backend as a logical backend to server

* Added documentation to HANA secret backend

* Added vendored libraries

* Go fmt

* Migrate hana credential creation to plugin

* Removed deprecated hana logical backend

* Migrated documentation for HANA database plugin

* Updated HANA DB plugin to use role name in credential generation

* Update HANA plugin tests

* If env vars are not configured, tests will skip rather than succeed

* Fixed some improperly named string variables

* Removed unused import

* Import SAP hdb driver
2017-07-07 13:11:23 -07:00
Will May 23ff17c769 Allow Okta auth backend to specify TTL and max TTL values (#2915) 2017-07-05 09:42:37 -04:00
Jasper Siepkes 5ae38eb745 Added documentation for working with MySQL wildcards in GRANT (#2963) 2017-07-04 13:59:08 -04:00
Brian Shumate 5fb9c73e1d DOCS: fix typo (#2965) 2017-07-03 12:40:31 -04:00
Cameron Stokes 711d6e6569 [docs] Add requirements for hsm. (#2941) 2017-07-01 21:21:51 +01:00
Seth Vargo 00e2213790 Add rekeying guide & move guides to top-level (#2935) 2017-06-29 14:43:43 +01:00
Brian Shumate 7a8b16f441 Docs: Expand Telemetry documentation (#2860) 2017-06-29 04:02:48 +01:00
Brian Boerst 0631c02558 Typo fix in vault enterprise/replication docs. (#2932) 2017-06-29 04:01:32 +01:00
Seth Vargo cb7e3051c0 Merge pull request #2914 from hashicorp/sethvargo/ec2authimage
Add diagram for EC2 Auth flow
2017-06-28 07:31:37 +08:00
Seth Vargo ca966b6e79
Re-org and move text around in list instead 2017-06-27 22:38:16 +08:00
Seth Vargo 16149fbbf2
Capitalize C 2017-06-27 22:38:16 +08:00
Seth Vargo 436d656a32
Add diagram for EC2 Auth flow 2017-06-27 22:38:16 +08:00
Armon Dadgar 4cd3a56b8b adding link to security model 2017-06-26 17:43:04 -07:00
Armon Dadgar fb8b737ae8 website: Add more hardening tips 2017-06-26 14:00:36 -07:00
TheCodeAssassin 9e09899c69 Small typo fix (#2921) 2017-06-26 10:08:18 -04:00
Cameron Stokes e28244cb8b [docs]: Fix typo in hardening guide. 2017-06-22 22:20:17 -07:00
Armon Dadgar e184c3fa0d Merge pull request #2898 from hashicorp/docs-prod-hard
website: adding production hardening guide
2017-06-22 15:05:35 -07:00
Saj Goonatilleke a576feeb1d Fix a typo in the telemetry documentation (#2910) 2017-06-22 20:12:28 +01:00
Armon Dadgar a40d24772e Make recommendation vs requirement more clear 2017-06-22 11:02:18 -07:00
Armon Dadgar 266f55c5d9 Copy changes 2017-06-21 09:55:00 -07:00
Armon Dadgar 9ae6004dbe website copy updates 2017-06-20 21:21:04 -07:00
Armon Dadgar 10a56c7ceb website: adding production hardening guide 2017-06-20 17:44:54 -07:00
Jeff Mitchell 40ef2e5c85 More cleanup
Ping #2894
2017-06-20 10:46:24 -04:00
Jeff Mitchell 9edbf1c8d1 Clarify/fix some configuration info.
Fixes #2894
2017-06-20 10:12:59 -04:00
Jeff Mitchell 8f1f9d5522 Add ACL info to Consul configuration page 2017-06-19 19:39:52 -04:00
Raphael Randschau db4e1b4a99 CouchDB physical backend (#2880) 2017-06-17 11:22:10 -04:00
Jeff Mitchell cf7d56e8f3 Fix up CORS.
Ref #2021
2017-06-17 01:26:25 -04:00
Aaron Salvo 0303f51b68 Cors headers (#2021) 2017-06-17 00:04:55 -04:00
Jeff Mitchell 33ca94773f Add DogStatsD metrics output. (#2883)
Fixes #2490
2017-06-16 23:51:46 -04:00
Jeff Mitchell 0ea8f17357 Add some warnings to the upgrade guide 2017-06-16 13:23:22 -04:00
vishalnayak a50ce54603 doc: add radius to MFA backend docs 2017-06-15 18:31:53 -04:00
Nathan Valentine 3309496916 Clean up extra word in docs (#2847) 2017-06-12 13:08:54 -04:00
Jeff Mitchell 8b3657d840 Add note about lowercasing usernames to userpass docs 2017-06-08 09:41:01 -04:00
Cameron Stokes 8e0ac2dbb0 [docs] Add notes about deprecated database backends. (#2835) 2017-06-07 23:45:01 -07:00
Brian Kassouf 8d58b43906 update database interface in the docs 2017-06-07 11:20:13 -07:00
Joel Thompson 4a934915d7 Resolve AWS IAM unique IDs (#2814) 2017-06-07 10:27:11 -04:00
Joel Thompson 7437ada31c Check if there's a bound iam arn when renewing (#2819)
Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN.  However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.

This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.

Fixes #2781
2017-06-06 22:35:12 -04:00
Brian Kassouf 606fe393be Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
sam boyer 789d7ab4e0 Minor typos & wordsmithing for clarity (#2807) 2017-06-05 09:32:09 -07:00
Jeff Mitchell dad291c93c Add plugin_directory to configuration page (#2801)
Fixes #2795
2017-06-03 08:11:03 -04:00
Igor Katson 88118dce0f Add max_parallel parameter to MySQL backend. (#2760)
* Add max_parallel parameter to MySQL backend.

This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".

This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.

* Fix a typo in mysql storage readme
2017-06-01 15:20:32 -07:00
Vishal Nayak 128907172f doc: leases are generated only for dynamic secrets (#2772)
* doc: leases are generated only for dynamic secrets

* Address review feedback
2017-05-31 09:47:17 -04:00
vishalnayak 9bbeff3f44 doc: Fix the sample input value for cache_size 2017-05-19 12:32:44 -04:00
Kenny Gatdula f9a71de87a Update plugins.html.md (#2744)
Minor typo and spellcheck update
2017-05-18 14:06:44 -04:00
Martins Sipenko f3f6b02682 Fix X-Vault-AWS-IAM-Server-ID example (#2728) 2017-05-15 09:06:45 -04:00
Martins Sipenko 774c70e1e2 Update aws.html.md (#2715) 2017-05-12 12:10:11 -04:00
Calvin Leung Huang 9fd39a0681 Mongodb plugin (#2698)
* WIP on mongodb plugin

* Add mongodb plugin

* Add tests

* Update mongodb.CreateUser() comment

* Update docs

* Add missing docs

* Fix mongodb docs

* Minor comment and test updates

* Fix imports

* Fix dockertest import

* Set c.Initialized at the end, check for empty CreationStmts first on CreateUser

* Remove Initialized check on Connection()

* Add back Initialized check

* Update docs

* Move connProducer and credsProducer into pkg for  mongodb and cassandra

* Chage parseMongoURL to be a private func

* Default to admin if no db is provided in creation_statements

* Update comments and docs
2017-05-11 17:38:54 -04:00
Jeremy Voorhis 3407a033ba Update the S3 storage backend docs to reflect capabilities. 2017-05-11 14:30:05 -07:00
Cameron Stokes ab7d91a506 [docs] Update glossary for auth backend terminology. (#2703) 2017-05-09 22:17:32 -04:00
Jeff Mitchell 7068292252 Update/clarify docs on generic backend ttl.
Ping #2697
2017-05-09 09:56:11 -04:00
Brian Kassouf 16e6f9640d Few docs updates 2017-05-04 14:07:12 -07:00
Calvin Leung Huang c0ce0ae499 Merge branch 'database-refactor' of github.com:hashicorp/vault into database-refactor 2017-05-04 16:46:47 -04:00
Calvin Leung Huang b49993f81f Update mssql docs 2017-05-04 16:46:34 -04:00
Brian Kassouf 3c41bdfa16 update docs 2017-05-04 13:38:49 -07:00
Brian Kassouf 7dcec6e68f Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 12:40:00 -07:00
mymercurialsky 4c0e3c5d2f Implemented TOTP Secret Backend (#2492)
* Initialized basic outline of TOTP backend using Postgresql backend as template

* Updated TOTP backend.go's structure and help string

* Updated TOTP path_roles.go's structure and help strings

* Updated TOTP path_role_create.go's structure and help strings

* Fixed typo in path_roles.go

* Fixed errors in path_role_create.go and path_roles.go

* Added TOTP secret backend information to cli commands

* Fixed build errors in path_roles.go and path_role_create.go

* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords

* Initialized TOTP test file based on structure of postgresql test file

* Added enforcement of input values

* Added otp library to vendor folder

* Added test steps and cleaned up errors

* Modified read credential test step, not working yet

* Use of vendored package not allowed - Test error

* Removed vendor files for TOTP library

* Revert "Removed vendor files for TOTP library"

This reverts commit fcd030994bc1741dbf490f3995944e091b11da61.

* Hopefully fixed vendor folder issue with TOTP Library

* Added additional tests for TOTP backend

* Cleaned up comments in TOTP backend_test.go

* Added default values of period, algorithm and digits to field schema

* Changed account_name and issuer fields to optional

* Removed MD5 as a hash algorithm option

* Implemented requested pull request changes

* Added ability to validate TOTP codes

* Added ability to have a key generated

* Added skew, qr size and key size parameters

* Reset vendor.json prior to merge

* Readded otp and barcode libraries to vendor.json

* Modified help strings for path_role_create.go

* Fixed test issue in testAccStepReadRole

* Cleaned up error formatting, variable names and path names. Also added some additional documentation

* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes

* Added ability to pass in TOTP urls

* Added additional tests for TOTP server functions

* Removed unused QRSize, URL and Generate members of keyEntry struct

* Removed unnecessary urlstring variable from pathKeyCreate

* Added website documentation for TOTP secret backend

* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.

* Updated website documentation and added QR example

* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests

* Updated API documentation to inlude to exported variable and qr size option

* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 10:49:42 -07:00
Brian Kassouf 5ee0d696d4 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Brian Kassouf 29bfc0a0d4 PR comments 2017-05-04 10:41:59 -07:00
Brian Kassouf ce391ca425 add new mysql plugin names and fix grammar 2017-05-03 18:41:39 -07:00
Brian Kassouf e92818e0ae Upate links in docs 2017-05-03 10:25:12 -07:00
Brian Kassouf dbb5b38e0d Add API docs 2017-05-03 02:13:07 -07:00
Brian Kassouf 63de72c10f Add custom plugins docs page 2017-05-03 00:01:28 -07:00
Brian Kassouf 50ac77be51 Update docs for the database backend and it's plugins 2017-05-02 22:24:31 -07:00
Brian Kassouf b60ff2048d Update docs and add cassandra as a builtin plugin 2017-05-02 17:04:49 -07:00
Brian Kassouf 20994c1247 Fix wording in docs 2017-05-02 16:20:07 -07:00
Jeff Mitchell 712cacaf4d Add website skeleton 2017-05-02 16:26:32 -04:00
Brian Kassouf ca7ff89bcb Fix documentation 2017-05-02 02:22:06 -07:00
Brian Kassouf a963097747 Add internals doc for plugins 2017-05-02 01:59:36 -07:00
Seth Vargo 44e1c64cfd Add UI docs (#2664) 2017-05-01 17:36:37 -04:00
Michael Ansel 30b71cbbac Add constraints on the Common Name for certificate-based authentication (#2595)
* Refactor to consolidate constraints on the matching chain

* Add CN prefix/suffix constraint

* Maintain backwards compatibility (pick a random cert if multiple match)

* Vendor go-glob

* Replace cn_prefix/suffix with required_name/globbing

Move all the new tests to acceptance-capable tests instead of embedding in the CRL test

* Allow authenticating against a single cert

* Add new params to documentation

* Add CLI support for new param

* Refactor for style

* Support multiple (ORed) name patterns

* Rename required_names to allowed_names

* Update docs for parameter rename

* Use the new TypeCommaStringSlice
2017-04-30 11:37:10 -04:00
greenbrian 90a442ec92 Fix links on Consul storage backend page (#2652) 2017-04-28 07:48:23 -04:00
Jeff Mitchell d9e639ece2 Fix types of listener options, currently they're all strings 2017-04-25 11:20:48 -04:00
Joel Thompson e06a78a474 Create unified aws auth backend (#2441)
* Rename builtin/credential/aws-ec2 to aws

The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.

* Expand aws-ec2 backend to more generic aws

This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.

* Add missing aws auth handler to CLI

This was omitted from the previous commit

* aws auth backend general variable name cleanup

Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.

* Update docs for the aws auth backend

* Refactor aws bind validation

* Fix env var override in aws backend test

Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.

* Update docs on use of IAM authentication profile

AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.

* Fix typo in aws auth cli help

* Respond to PR feedback

* More PR feedback

* Respond to additional PR feedback

* Address more feedback on aws auth PR

* Make aws auth_type immutable per role

* Address more aws auth PR feedback

* Address more iam auth PR feedback

* Rename aws-ec2.html.md to aws.html.md

Per PR feedback, to go along with new backend name.

* Add MountType to logical.Request

* Make default aws auth_type dependent upon MountType

When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.

* Pass MountPoint and MountType back up to the core

Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
2017-04-24 15:15:50 -04:00
Matthew Gallagher 8c75c2611a Remove mention of Darwin mlock support from docs. (#2624) 2017-04-22 16:56:01 -04:00
Mitch Davis a051ec1b59 Use service bind for searching LDAP groups (#2534)
Fixes #2387
2017-04-18 15:52:05 -04:00
Jeff Mitchell 563ad2175f Update index.html.md 2017-04-18 15:50:44 -04:00
Jon Benson 73950e8fb1 Fix sentence - remove "and" 2017-04-17 19:35:04 -07:00
Jeff Mitchell ce58bfa88f Update SSH docs to indicate deprecation of dynamic key type 2017-04-17 11:11:05 -04:00
Jeff Mitchell c2407eab5a Add some extra documentation around ssh-keygen -L to see signed cert
info.

Ping #2569
2017-04-13 15:23:27 -04:00
Chris Hoffman 3c7a69b119 minor docs update 2017-04-10 09:46:25 -04:00
Jeff Mitchell 9136952055 Update AES-GCM verification text 2017-04-07 14:35:29 -04:00
Jeff Mitchell e0d00fdf7b Remove superfluous/misleading comments around some listener options 2017-04-07 14:23:56 -04:00
Jeff Mitchell f805618a2c Update SSH CA documentation
Fixes #2551
Fixes #2569
2017-04-07 11:59:25 -04:00
Jeff Mitchell d39ca0be68 Remove "these are denoted below" w.r.t. SIGHUP
SIGHUP support is denoted in the sections/options that support actions on SIGHUP, so with the new docs layout it's confusing to have the old statement in there. Remove in favor of the inline comments.

Fixes #2572
2017-04-06 16:08:58 -04:00
Sebastian Haba 3322f637ac add mssql physical backend (#2546) 2017-04-06 09:33:49 -04:00
Pavel Timofeev d2afabe4f6 Ldap auth doc fix (#2568)
* Move url parameter to the next line and fix a typo

* Add userdn paramater to the Scenario 1.
Without userdn set Vault can't search with error like

Code: 400. Errors:

* LDAP search failed for detecting user: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
        ''
2017-04-05 08:29:38 -07:00
Cameron Stokes 76c74a3995 [docs] Add header to fix formatting. 2017-04-05 10:35:59 +10:00
Cameron Stokes 1884845525 [docs] Adding missing guide from index page.
Also, make guide titles consistent with sidebar.
2017-04-05 10:22:20 +10:00
Jeff Mitchell 04bbc50ccb Add back lost Postgres creation sql for storage backend 2017-04-04 12:30:07 -04:00
Emre Erkunt de3d2438b7 Fixed an example on aws backend documentation about an iam profile. (#2522) 2017-04-04 09:03:27 -07:00
Jonathan Sokolowski a4ceaf0035 Etcd DNS discovery (#2521)
* etcd: Add discovery_srv option
2017-04-04 08:50:44 -07:00
Jeff Mitchell 9ec414016d Update SSH docs to note that host key verification is not performed. 2017-04-03 10:43:41 -04:00
Francis Chuang 917158a510 Fix typo (#2558) 2017-04-03 05:46:40 -07:00
Adam Shannon a6156d8e79 Quote dynamodb's ha_enabled property (#2547)
With `ha_enabled = true` vault crashes with the following error: 

```
error parsing 'storage': storage.dynamodb: At 17:16: root.ha_enabled: unknown type for string *ast.LiteralType
```

This seems related to https://github.com/hashicorp/vault/issues/1559
2017-03-30 14:09:47 -07:00
vishalnayak 1cfd0e94b3 docs: aws-ec2: link sts configuration from cross account access 2017-03-28 14:34:21 -07:00
Dan Everton 4ef8ce1198 Add permitPool support to S3 (#2466) 2017-03-26 14:32:26 -04:00
Jeff Mitchell 04d8f3a34d Fix AWS-EC2 sts/certificate typo
Fixes #2512
2017-03-21 13:29:40 -04:00
Jack Pearkes efa2a280aa website: update docs to clearly link to enterprise version 2017-03-21 08:41:39 -07:00
Vishal Nayak b9b68ca5e8 docs: Elaborate the steps for SSH CA backend with 'sshd_config' changes (#2507) 2017-03-19 18:52:15 -04:00
Brian Kassouf 5437cf2e51 Add note about prefix/suffix globbing on policy parameters 2017-03-17 13:53:41 -07:00
Seth Vargo 21ecbda1f4
Update titles 2017-03-17 14:37:01 -04:00
Seth Vargo 6931bbd091
Links 2017-03-17 14:27:32 -04:00
Seth Vargo d4390d103e
/docs/http -> /api 2017-03-17 14:06:03 -04:00
Jeff Mitchell d2e9e0b873 Merge branch 'master-oss' into pr-2495 2017-03-17 13:40:58 -04:00
Jeff Mitchell a38b55385a Update replication guide and add to sidebar 2017-03-17 12:38:19 -04:00
Jeff Mitchell 6109dcf7d7 Fix broken GCS account link 2017-03-17 12:12:28 -04:00
Jeff Mitchell 9bfcc0be94 Fix misspelling of website link 2017-03-17 12:07:37 -04:00
Seth Vargo 0f845ef67d
Use relative links 2017-03-16 12:04:36 -07:00