Jeff Mitchell
1d0d353901
Fix incorrect sample URL in aws-ec2 docs
2017-02-04 19:27:35 -05:00
Harrison Harnisch
b09077c2d8
add socket audit backend
2017-02-02 14:21:48 -08:00
Brian Kassouf
6701ba8a10
Configure the request headers that are output to the audit log ( #2321 )
...
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited
* Remove some debug lines
* Add a persistant layer and refactor a bit
* update the api endpoints to be more restful
* Add comments and clean up a few functions
* Remove unneeded hash structure functionaility
* Fix existing tests
* Add tests
* Add test for Applying the header config
* Add Benchmark for the ApplyConfig method
* ResetTimer on the benchmark:
* Update the headers comment
* Add test for audit broker
* Use hyphens instead of camel case
* Add size paramater to the allocation of the result map
* Fix the tests for the audit broker
* PR feedback
* update the path and permissions on config/* paths
* Add docs file
* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
Vishal Nayak
5fb28f53cb
Transit: Support batch encryption and decryption ( #2143 )
...
* Transit: Support batch encryption
* Address review feedback
* Make the normal flow go through as a batch request
* Transit: Error out if encryption fails during batch processing
* Transit: Infer the 'derived' parameter based on 'context' being set
* Transit: Batch encryption doc updates
* Transit: Return a JSON string instead of []byte
* Transit: Add batch encryption tests
* Remove plaintext empty check
* Added tests for batch encryption, more coming..
* Added more batch encryption tests
* Check for base64 decoding of plaintext before encrypting
* Transit: Support batch decryption
* Transit: Added tests for batch decryption
* Transit: Doc update for batch decryption
* Transit: Sync the path-help and website docs for decrypt endpoint
* Add batch processing for rewrap
* transit: input validation for context
* transit: add rewrap batch option to docs
* Remove unnecessary variables from test
* transit: Added tests for rewrap use cases
* Address review feedback
* Address review feedback
* Address review feedback
* transit: move input checking out of critical path
* transit: allow empty plaintexts for batch encryption
* transit: use common structs for batch processing
* transit: avoid duplicate creation of structs; add omitempty to response structs
* transit: address review feedback
* transit: fix tests
* address review feedback
* transit: fix tests
* transit: rewrap encrypt user error should not error out
* transit: error out for internal errors
2017-02-02 14:24:20 -05:00
Vishal Nayak
3457a11afd
awsec2: support periodic tokens ( #2324 )
...
* awsec2: support periodic tokens
* awsec2: add api docs for 'period'
2017-02-02 13:28:01 -05:00
louism517
0548555219
Support for Cross-Account AWS Auth ( #2148 )
2017-02-01 14:16:03 -05:00
Shane Starcher
6033ea884c
Okta implementation ( #1966 )
2017-01-26 19:08:52 -05:00
Jeff Mitchell
89b0ee09d3
Merge pull request #2296 from hashicorp/rfay-20161230_add_cookbook_with_root_token_generation
...
Add 'Guides' section
2017-01-25 15:33:43 -05:00
Jeff Mitchell
715732502d
Update docs.erb
2017-01-25 15:33:20 -05:00
Cameron Stokes
a898996c43
Update title and other minor changes.
2017-01-24 08:47:53 -08:00
Chris Hoffman
c5f690b891
Fixing a few incorrect entries
2017-01-24 11:08:58 -05:00
Chris Hoffman
03d05b448a
Minor transit docs fixes
2017-01-23 22:26:38 -05:00
Chris Hoffman
b3fc3db6ec
Adding LDAP API reference and misc docs formatting issues
2017-01-23 22:08:08 -05:00
Cameron Stokes
c19e7ce793
undo inadvertant tabs to spaces on docs.erb
2017-01-23 17:02:06 -08:00
Cameron Stokes
a307328f04
Additional changes to @rfay's PR from https://github.com/hashicorp/vault/pull/2217 .
...
- Renamed Cookbook to Guides
- Made Guides index page
- Moved Guides link on sidebar
- Minor formatting changes to generate-root guide
2017-01-23 16:41:25 -08:00
Cameron Stokes
82af6a17c8
Merge branch '20161230_add_cookbook_with_root_token_generation' of https://github.com/rfay/vault into rfay-20161230_add_cookbook_with_root_token_generation
2017-01-23 16:13:58 -08:00
Roman Vynar
1615280efa
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener ( #2293 )
2017-01-23 13:48:35 -05:00
joe miller
98df700495
allow roles to set OU value in certificates issued by the pki backend ( #2251 )
2017-01-23 12:44:45 -05:00
Chris Hoffman
7568a212b1
Adding support for exportable transit keys ( #2133 )
2017-01-23 11:04:43 -05:00
Vishal Nayak
5aba2d47b6
ldap: Minor enhancements, tests and doc update ( #2272 )
2017-01-23 10:56:43 -05:00
Brian Kassouf
2cdd70fdf9
First attempt at adding docs for permissions
2017-01-20 16:34:30 -08:00
Brian Kassouf
d6198b7e24
change consistency config value from a bool to a string ( #2282 )
2017-01-19 17:36:33 -05:00
vishalnayak
4da3cf3479
Fix file_path argument in audit's index.html
2017-01-18 21:43:29 -05:00
Vishal Nayak
06c586ccd1
tokenStore: document the 'period' field ( #2267 )
2017-01-18 17:25:52 -05:00
Jacob Crowther
5f28afdf32
Example "List" command missing a forward slash ( #2233 )
...
The List command example is missing a forward slash before the query parameter.
2017-01-18 17:25:23 -05:00
Raja Nadar
8668f82831
vaultsharp is now cross-platform ( #2285 )
2017-01-18 08:45:16 -05:00
vishalnayak
0d59c1e6db
Adding the 429 code back in
2017-01-17 13:36:56 -05:00
vishalnayak
62f17774f5
doc: remove unused 429 code from docs to avoid confusion
2017-01-13 23:12:32 -05:00
Brian Kassouf
f11cd7f54a
SP error
2017-01-13 11:50:23 -08:00
Brian Kassouf
aff6282e78
Add require_conistent to docs
2017-01-13 11:48:35 -08:00
Erwin de Keijzer
d71bdf893a
Fixed rabbitmq documentation
...
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
2017-01-13 08:54:04 +01:00
vishalnayak
e5551afac7
paraphrasing the cluster_addr doc
2017-01-12 11:26:43 -05:00
Pavel TImofeev
eb7f4ef467
Describe how actually configuration option for 'Per-Node Cluster Address' topic is called.
...
According to 'Server Configuration' web page it's 'cluster_addr' (note, not 'cluster_address').
Previously this was not clear, what exactly 'this' was.
2017-01-12 12:20:19 +03:00
Matthew Irish
cb8bbc4fbd
Transit key actions ( #2254 )
...
* add supports_* for transit key reads
* update transit docs with new supports_* fields
2017-01-11 10:05:06 -06:00
Cameron Stokes
af192b2081
Note about VAULT_UI environment variable. ( #2255 )
2017-01-11 09:29:45 -05:00
Raja Nadar
a5fc6d1f31
fix lookup-self response json
...
reflect the true 0.6.4 response.
2017-01-10 23:19:49 -08:00
Jeff Mitchell
f18d08cf2b
Remove documenting that the token to revoke can be part of the URL as ( #2250 )
...
this should never be used and only remains for backwards compat.
Fixes #2248
2017-01-09 22:09:29 -05:00
Jeff Mitchell
4d83db66df
Clarify text around redirect addr being required
2017-01-06 15:07:01 -05:00
windowsrefund
64e7e99755
prevent startup error when user has multiple private IPs configured locally
2017-01-03 15:24:11 -05:00
Michael Hofer
6dd1de959c
Add link to vault-client vc written in go ( #2225 )
2017-01-03 11:29:54 -05:00
Randy Fay
787b6aa93c
Add cookbook section, with root token generation technique
2016-12-30 09:19:55 -07:00
Phil Porada
c8248b0d97
Adds a link to the latest releases CHANGELOG on the downloads.html page ( #2205 )
2016-12-29 19:57:16 -06:00
Chris Hoffman
f6cc4c89ec
Adding Vault.NET C# Library ( #2213 )
2016-12-29 19:26:47 -06:00
Stenio Ferreira
6c8a071a01
Fixed docs - auth backend aws had a typo on API example ( #2211 )
2016-12-28 11:41:50 -06:00
Jeff Mitchell
ad5bdfa83c
Update vs HSM text
2016-12-28 11:23:50 -05:00
Daniel Heitmann
69da5bc021
Replace app-id with approle due to deprecation ( #2197 )
...
According to the documentation the App-ID backend is deprecated in favor of the AppRole backend since Vault 0.6.1.
2016-12-20 13:29:42 -05:00
Brian Nuszkowski
98a6e0fea3
Add Duo pushinfo capabilities ( #2118 )
2016-12-19 15:37:44 -05:00
Vishal Nayak
ba026aeaa1
TokenStore: Added tidy endpoint ( #2192 )
2016-12-16 15:29:27 -05:00
Jeff Mitchell
f6044764c0
Fix revocation of leases when num_uses goes to 0 ( #2190 )
2016-12-16 13:11:55 -05:00
Elan Ruusamäe
ca1f0115b6
add unix socket example as well ( #2193 )
2016-12-16 05:13:35 -05:00
Elan Ruusamäe
9a9edfb515
Update index.html.md ( #2191 )
...
add DSN as link to go-sql-driver/mysql to know the syntax
2016-12-16 03:37:54 -05:00
Vishal Nayak
8400b87473
Don't add default policy to child token if parent does not have it ( #2164 )
2016-12-16 00:36:39 -05:00
Jack Pearkes
b70eff9b26
website: turn off autocomplete on the demo ( #2187 )
...
Removes the akward browser autocomplete bar from the tutorial input.
2016-12-15 11:00:44 -05:00
James Turnbull
0b082bff42
Edits to the deploy guide
2016-12-14 11:17:50 -05:00
James Turnbull
e2ef0b75b6
Edits to the authorization/acl guide
2016-12-14 11:11:14 -05:00
James Turnbull
c47c8343b5
Edits to the authentication guide
2016-12-14 11:06:42 -05:00
James Turnbull
73ce47d0fe
Formatting and language updates to help guide
2016-12-14 10:55:11 -05:00
James Turnbull
ce6c0dcf95
Minor formatting fix to dynamic secrets guide
2016-12-14 10:51:56 -05:00
James Turnbull
f1b5377e81
Updated some formatting and language in the secret backends doc
2016-12-14 10:46:14 -05:00
James Turnbull
73324e2cba
Updated some formatting and language in the first secret doc
2016-12-14 10:39:45 -05:00
James Turnbull
3a981ae7b4
Updated some language and formatting in the dev-server guide
2016-12-14 10:34:52 -05:00
James Turnbull
49dd4f70df
Edits to the install doc in getting started
2016-12-14 10:15:26 -05:00
James Turnbull
6df55a3126
Added next step to install section
2016-12-14 10:13:15 -05:00
vishesh92
a46217989b
Fix broken link
2016-12-13 10:56:18 +05:30
Frank Farmer
f1ef8485ab
Small typo
2016-12-08 16:51:16 -08:00
Jeff Mitchell
bd41c48304
Add doc for ui to config page
2016-12-06 17:13:12 -05:00
Jeff Mitchell
a81d18b437
Add 0.6.3 upgrade page to sidebar
2016-12-06 16:37:28 -05:00
Jeff Mitchell
f5891b6677
Prep for 0.6.3
2016-12-06 11:26:29 -05:00
Christopher Pauley
f07a19c503
gcs physical backend ( #2099 )
2016-12-01 11:42:31 -08:00
Chris MacNaughton
a381f727e6
Add Rust ( #2136 )
...
Add the Rust crate to the list
2016-12-01 10:54:41 -08:00
vishesh92
b17100cf0d
Fix aws auth login example ( #2122 )
2016-12-01 10:17:08 -08:00
Brian Nuszkowski
3d66907966
Disallow passwords LDAP binds by default ( #2103 )
2016-12-01 10:11:40 -08:00
Talal Obeid
efe97559ea
Improve link to intro and getting started ( #2049 )
2016-11-28 09:41:08 -08:00
Andrea Crotti
d1c3367168
return code is 403 not 400 ( #2128 )
2016-11-25 06:47:27 -08:00
Dan Gorst
e1d3650b7f
Minor documentation tweak ( #2127 )
...
Should be arn, not policy - latter will error as that assume an inline policy json document
2016-11-24 07:36:46 -08:00
Em Smith
1812ce8d4a
Change command examples for First Secrets #2116 ( #2117 )
...
These were discovered to be out of date as per https://github.com/hashicorp/vault/issues/2116
2016-11-22 12:44:17 -05:00
Jeff Mitchell
a94962e004
Update docs to fix #2102
2016-11-22 12:19:22 -05:00
Benjamin Farley
aac4f894c9
Update libraries doc for Haskell community library ( #2101 )
2016-11-17 13:36:00 -05:00
Jeff Mitchell
6b5327a04d
Document bug causing certain LDAP settings to be forgotten on upgrade to
...
0.6.1+.
Fixes #2104
2016-11-16 17:08:16 -05:00
Daniel Somerfield
db9dbdeb86
Added document to github auth backend covering user-specific policies. ( #2084 )
2016-11-11 08:59:26 -05:00
matt maier
57925ee863
Vendor circonus ( #2082 )
2016-11-10 16:17:55 -05:00
Brad Jones
a8f35e95a0
Clarify that Swift only supports v1.0 auth ( #2070 )
2016-11-08 06:44:34 -05:00
Jacob Crowther
799707fdd0
Specify the value of "generated secrets" ( #2066 )
...
This small change is to specify (mostly for new users) that only dynamic secrets are revoked when running revoke-self.
2016-11-07 15:02:23 -05:00
Joel Thompson
0357d73dad
Add information on HMAC verification to transit docs ( #2062 )
2016-11-07 13:44:14 -05:00
Jeff Mitchell
9d4eedcce4
Update unwrap call documentation
2016-11-02 13:36:32 -04:00
Jeff Mitchell
9066f012a7
Fix cache default size and docs
2016-11-01 10:24:35 -04:00
Benjamin Campbell
35542e39d7
Use gpg binary in PGP website documentation ( #2047 )
2016-10-30 13:09:56 -04:00
Jeff Mitchell
b8b962c6e5
Rearrange libs
2016-10-29 13:53:06 -04:00
Mark Paluch
8c5d40df16
Add Spring Vault to client libraries ( #2042 )
2016-10-29 13:52:16 -04:00
vishalnayak
48196228d6
s/localhost/127.0.0.1 in approle docs
2016-10-28 09:46:39 -04:00
vishalnayak
260424244b
s/localhost/127.0.0.1
2016-10-28 09:23:05 -04:00
vishalnayak
4ab6bd41c4
Using AppRole as an example. Removed 'root' policy being used in examples
2016-10-28 01:24:25 -04:00
Greg Look
089798b5d1
Update libraries.html.md
...
Add Clojure Vault client.
2016-10-27 11:39:52 -07:00
vishalnayak
e0fb8c17ce
Added revocation_sql to the website docs
2016-10-27 12:15:08 -04:00
Vishal Nayak
c74303dd59
Merge pull request #2029 from bfallik/patch-1
...
Update aws-ec2.html.md
2016-10-26 16:57:39 -04:00
Raja Nadar
d3f71e7232
doc: syslog change data type from bool to string ( #1998 )
2016-10-26 16:18:31 -04:00
Brian Fallik
59a59a3235
Update aws-ec2.html.md
...
fix minor typo
2016-10-26 15:40:40 -04:00
Raja Nadar
9bba65e614
doc: change data type from boolean to string ( #1997 )
...
the api doesn't accept the boolean value. it needs a string containing a boolean value.
2016-10-26 11:29:42 -04:00
vishalnayak
5ef3e4b5ef
Docs: Add port numbers to redirect_addr
2016-10-19 22:07:25 -04:00
vishalnayak
fec9d83dce
Docs: Update the client redirection defaults
2016-10-18 13:27:19 -04:00
Vishal Nayak
45f720cea7
Merge pull request #2006 from hashicorp/update-github-docs
...
Update github login output in the docs
2016-10-18 10:27:06 -04:00
Chris Hoffman
4b6e82afcb
Add ability to list keys in transit backend ( #1987 )
2016-10-18 10:13:01 -04:00
Vishal Nayak
6646656e32
Merge pull request #2013 from rjhornsby/master
...
Fix sidebar typo
2016-10-18 09:45:03 -04:00
Vishal Nayak
efa76a02ad
Merge pull request #2010 from rajanadar/patch-5
...
doc: add doc for the GET lease settings api
2016-10-18 09:39:23 -04:00
rjhornsby
5e89fc4997
Fix typo
...
Fix typo in sidebar layout that prevented sidebar item 'getting started apis' from correctly rendering when that page was active.
2016-10-17 10:59:16 -05:00
Raja Nadar
d43e7395c7
fix indentation
2016-10-15 22:58:25 -07:00
Raja Nadar
f743ac97c2
doc: add doc for the GET lease settings api
...
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
2016-10-15 22:43:50 -07:00
Raja Nadar
f31d99e51d
doc: add consistency field in get-role response
2016-10-15 01:15:58 -07:00
vishalnayak
f556a38959
Update github login output in the docs
2016-10-14 22:39:56 -04:00
Vishal Nayak
c1be9ce062
Merge pull request #1988 from mp911de/issue/refdocs-approle-post-on-secret-id-destroy
...
Use POST method for destroy operations in documentation
2016-10-14 15:37:13 -04:00
Vishal Nayak
11db53e2f1
Merge pull request #1991 from hashicorp/pgp-gpg-doc-update
...
Update pgp-gpg concepts page to use base64 decoding instead of hex
2016-10-14 15:34:04 -04:00
vishalnayak
557bf45de6
Update the getting started API doc to not use 'root' policy
2016-10-11 16:07:48 -04:00
vishalnayak
6c9358dbec
Update pgp-gpg concepts page to use base64 decoding instead of hex
2016-10-11 15:58:32 -04:00
Mark Paluch
95144ddae3
Use POST method for destroy operations in documentation
...
Use POST method as most clients (including Vault cli) cannot send a body when using the DELETE HTTP method.
2016-10-11 17:12:07 +02:00
Laura Bennett
9fc5a37e84
address feedback
2016-10-09 22:23:30 -04:00
Laura Bennett
1b8d12fe82
changes for 'mode'
2016-10-08 19:52:49 -04:00
Laura Bennett
39e7732473
website documentation update
2016-10-07 15:48:29 -04:00
Jeff Mitchell
d580bb1c27
Update upgrade guide
2016-10-05 14:10:27 -04:00
Jeff Mitchell
7f9a88d8db
Postgres revocation sql, beta mode ( #1972 )
2016-10-05 13:52:59 -04:00
Jeff Mitchell
83b85dea1c
Prep for 0.6.2
2016-10-05 08:23:31 -04:00
Jeff Mitchell
6b0f886756
Update website with breaking change information
2016-10-04 22:35:56 -04:00
Vishal Nayak
661a8a4734
Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature
...
aws-ec2-auth using identity doc and RSA digest
2016-10-04 15:45:12 -04:00
vishalnayak
0f8c132ede
Minor doc updates
2016-10-04 15:46:09 -04:00
vishalnayak
59475d7f14
Address review feedback
2016-10-04 15:05:44 -04:00
Vishal Nayak
4141b632fa
Merge pull request #1957 from hashicorp/website-list-userpass
...
Added user listing endpoint to userpass docs
2016-10-04 14:10:49 -04:00
vishalnayak
348a09e05f
Add only relevant certificates
2016-10-03 20:34:28 -04:00
vishalnayak
dbd364453e
aws-ec2 config endpoints support type option to distinguish certs
2016-10-03 20:25:07 -04:00
Matthew Irish
61975f4265
add documentation for cluster_name and link atlas listener docs
2016-10-03 15:04:33 -05:00
Matthew Irish
34a6abcbb6
document the atlas listener
2016-10-03 10:41:50 -05:00
Jeff Mitchell
2c85fdfeb9
Switch default case of disable cluster. ( #1959 )
2016-10-02 14:54:01 -04:00
vishalnayak
aef1a88de4
Added docs for reading and deleting username
2016-09-30 16:13:57 -04:00
vishalnayak
2ad698ec0b
Added user listing endpoint to userpass docs
2016-09-30 15:47:33 -04:00
Jeff Mitchell
606d717ad9
Update changelog and website for GH-1958
2016-09-30 15:08:38 -04:00
Jeff Mitchell
4a505bfa3e
Update text around cubbyhole/response
2016-09-29 17:44:15 -04:00
Chris Stevens
7a8fcfcf55
Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection"
...
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.
The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
2016-09-29 14:05:47 -05:00
Vishal Nayak
4c74b646fe
Merge pull request #1947 from hashicorp/secret-id-lookup-delete
...
Introduce lookup and destroy endpoints for secret IDs and its accessors
2016-09-29 10:19:54 -04:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
vishalnayak
34e76f8b41
Added website docs for lookup and destroy APIs
2016-09-28 22:11:48 -04:00
Michael S. Fischer
2dd1f584e6
Update documentation for required AWS API permissions
...
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
2016-09-28 16:50:20 -07:00
Jeff Mitchell
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
vishalnayak
a9976dca1c
Remove a mistyped character
2016-09-28 18:30:49 -04:00
Vishal Nayak
69c57f843d
Merge pull request #1943 from hashicorp/iam-bounds-prefix
...
Check for prefix match instead of exact match for IAM bound parameters
2016-09-28 18:11:53 -04:00
vishalnayak
e01f99f042
Check for prefix match instead of exact match for IAM bound parameters
2016-09-28 18:08:28 -04:00
Vishal Nayak
ba5da65163
Merge pull request #1940 from chrishoffman/consul-doc
...
Small consul doc fix
2016-09-28 15:48:45 -04:00
Vishal Nayak
4a30a6b4f8
Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn
...
Proper naming for bound_iam_instance_profile_arn
2016-09-28 15:34:56 -04:00
Chris Hoffman
8c755bfe92
Small consul doc fix
2016-09-28 15:11:39 -04:00
Laura Bennett
010293ccc3
Merge pull request #1931 from hashicorp/cass-consistency
...
Adding consistency into cassandra
2016-09-27 21:12:02 -04:00
Chris Hoffman
d235acf809
Adding support for chained intermediate CAs in pki backend ( #1694 )
2016-09-27 17:50:17 -07:00
Laura Bennett
883b5db420
typo correction
2016-09-27 16:38:27 -04:00
Laura Bennett
648a71fa11
updates to the documents
2016-09-27 16:36:20 -04:00
Jeff Mitchell
96afb1d27a
Update getting started docs since root can no longer be used from github
2016-09-26 13:09:26 -04:00
Seth Vargo
be9fb99a99
Update middleman-hashicorp ( #1922 )
2016-09-26 12:40:48 -04:00
Vishal Nayak
b1ee56a15b
Merge pull request #1910 from hashicorp/secret-id-cidr-list
...
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Jeff Mitchell
f8e3cf4591
Add information about accessors to the token concepts page.
...
Fixes #1918
2016-09-26 10:18:38 -04:00
vishalnayak
d080107a87
Update docs to contain bound_iam_role_arn
2016-09-26 09:37:38 -04:00
John
c39eeecaea
tip to override VAULT_ADDR in getting started guide ( #1915 )
2016-09-23 19:34:07 -04:00
vishalnayak
2d4bfeff49
Update website for bound_iam_instance_profile_arn
2016-09-23 11:23:59 -04:00
vishalnayak
aaadd4ad97
Store the CIDR list in the secret ID storage entry.
...
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
Jeff Mitchell
226ef5d78c
Make HA in etcd off by default. ( #1909 )
...
Fixes #1908
(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
2016-09-21 14:01:36 -04:00
Jeff Mitchell
0ff76e16d2
Transit and audit enhancements
2016-09-21 10:49:26 -04:00
Jeff Mitchell
982f151722
Update docs to reflect that there is more than one constraint for EC2 now
2016-09-20 16:11:32 -04:00
Chris Hoffman
5c241d31e7
Renaming ttl_max -> max_ttl in mssql backend ( #1905 )
2016-09-20 12:39:02 -04:00
Carlo Cabanilla
f6239cf0c0
fix shell quoting ( #1904 )
...
$() doesnt get evaluated in single quotes, so you need to break out of it first
2016-09-19 17:11:16 -04:00
Jeff Mitchell
7f3041d6a5
Fix formatting
2016-09-19 13:00:50 -04:00
Jeff Mitchell
6e40d606d4
Bump to newer middleman-hashicorp
2016-09-19 12:42:35 -04:00
Jeff Mitchell
85c51fd861
Update website docs to indicate sudo being required for auth/audit
...
endpoints.
2016-09-19 12:10:08 -04:00
Jeff Mitchell
f7b3937c77
Fix website display of tune paths
2016-09-16 12:03:50 -04:00
Vishal Nayak
61664bc653
Merge pull request #1886 from hashicorp/approle-upgrade-notes
...
upgrade notes entry for approle constraint and warning on role read
2016-09-15 12:14:01 -04:00
Vishal Nayak
4f33e8d713
Merge pull request #1892 from hashicorp/role-tag-defaults
...
Specify that role tags are not tied to an instance by default
2016-09-15 12:04:41 -04:00
vishalnayak
9bca127631
Updated docs with nonce usage
2016-09-14 19:31:09 -04:00
vishalnayak
2639ca4d4f
Address review feedback
2016-09-14 16:06:38 -04:00
vishalnayak
dcddaa8094
Address review feedback
2016-09-14 15:13:54 -04:00
vishalnayak
d5cc763b8d
Clarify that tags can be used on all instances that satisfies constraints
2016-09-14 14:55:09 -04:00
vishalnayak
03fc7b517f
Specify that role tags are not tied to an instance by default
2016-09-14 14:49:18 -04:00
vishalnayak
53c919b1d0
Generate the nonce by default
2016-09-14 14:28:02 -04:00
Jeff Mitchell
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
vishalnayak
99a2655d8e
upgrade notes entry for approle constraint and warning on role read
2016-09-13 17:44:07 -04:00
Jeff Mitchell
bc3cce7d2d
Add 0.6.2 page to sidebar
2016-09-13 16:49:54 -04:00
vishalnayak
bef9c2ee61
Ensure at least one constraint on the role
2016-09-13 16:03:15 -04:00
Jeff Mitchell
888e833aae
Remove old text from upgrade notes, as changes were made
2016-09-13 11:51:46 -04:00
sashman
c01bf6cb1b
Update libraries.html.md ( #1879 )
2016-09-13 09:23:46 -04:00
AJ Bourg
b524e43f15
Small change: Fix permission vault requires.
...
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
2016-09-12 14:38:10 -06:00
Michael Warkentin
14f2a673e2
Out of date code
...
Looks like the `500` is now a `405`:
```
$ vault read aws/config/root
Error reading aws/config/root: Error making API request.
URL: GET http://127.0.0.1:8200/v1/aws/config/root
Code: 405. Errors:
* 1 error(s) occurred:
* unsupported operation
```
2016-09-12 15:58:25 -04:00
Raja Nadar
d8b1ab05dd
doc: change invalid otp response code to 400 ( #1863 )
...
invalid otp response code is 400 bad request.
2016-09-08 11:13:13 -04:00
Raja Nadar
b06167c748
doc: fixing field name to security_token ( #1850 )
...
response field is security_token, not secret_token.
2016-09-03 22:40:57 -04:00
vishalnayak
5bd665a842
Update atlas listener factory to use version with pre-release info.
2016-09-01 17:21:11 -04:00
vishalnayak
9c78c58948
Remove the string 'Vault' from version information
2016-09-01 14:54:04 -04:00
khanklatt
242105a0ad
Correcting typo on "mechanisms" ( #1822 )
2016-09-01 09:53:20 -04:00
Raja Nadar
7bd0edee4b
doc: add keys_base64 to response json ( #1824 )
...
add the missing fields in json response for initializing vault.
keys_base64
2016-09-01 09:40:40 -04:00
Raja Nadar
f6cfc1c7ad
doc: add missing version and cluster fields ( #1826 )
...
adding the missing "version" field in json response.
also adding a new response when the unseal completes, and 2 more fields are returned. (cluster..)
2016-09-01 09:39:26 -04:00
Raja Nadar
97e5a02692
doc: add missing token field to generate-root apis ( #1828 )
...
the response is missing the encoded token field for a couple of apis.
2016-09-01 09:39:00 -04:00
Andrew Backhouse
2f35789e71
Update index.html.md ( #1819 )
...
Corrected a minor spelling error.
2016-08-31 10:02:43 -04:00
Jeff Mitchell
222adbdb61
Fix headers in aws-ec2 doc.
2016-08-30 11:53:21 -04:00
Jeff Mitchell
93b5b2a2c0
Update website with POST STS path
2016-08-30 10:37:55 -04:00
Raja Nadar
5172cdab3f
doc: remove duplicate aws-ec2 menu item
...
the auth backends menu had a duplicate entry for aws-ec2 auth.
removed the dup one.
2016-08-30 00:59:44 -07:00
Raja Nadar
1ae71ce7db
add missing field keys_base64 to rekey operation
...
fixing the json response blob in the documentation
2016-08-28 17:38:10 -07:00
Jeff Mitchell
d9c46aadc2
update docs
2016-08-26 17:52:42 -04:00
Jeff Mitchell
2f5876dfe9
Use key derivation for convergent nonce. ( #1794 )
...
Use key derivation for convergent nonce.
Fixes #1792
2016-08-26 14:11:03 -04:00
Jeff Mitchell
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
Jeff Mitchell
aa5daadd67
Don't duplicate building info
2016-08-25 13:00:26 -04:00
Jeff Mitchell
9fee9ce8ff
Don't allow tokens in paths. ( #1783 )
2016-08-24 15:59:43 -04:00
Mikhail Zholobov
0b9d0c1cec
Update website Vagrantfile ( #1689 )
...
* Upgrade base box to `bento/ubuntu-16.04`
* Remove JS stuff
* Install `git` and `bundler`
* Add gpg key for RVM
2016-08-24 13:53:00 -04:00
Adam Greene
66d3117cad
fix aws-ec2 formatting around ttl ( #1770 )
2016-08-23 16:07:57 -04:00
Karl Falconer
6cbae1388e
[Documentation] AppRole /login is unauthenticated ( #1771 )
2016-08-23 16:03:36 -04:00
Jeff Mitchell
c64dba556c
Swap push/pull.
2016-08-22 19:34:53 -04:00
Eric Peterson
6db65c317e
Fix grammar ( #1759 )
2016-08-22 12:17:48 -04:00
Eric Peterson
9bd1a95850
Fix spelling ( #1758 )
2016-08-22 11:56:37 -04:00
S
7395fb02bc
Update tokens.html.md
...
Bullet points at the end were off (probably due to some line wrapping settings somewhere)
2016-08-22 10:47:11 -04:00
Jeff Mitchell
3320aeb4f6
Update upgrade guide
2016-08-22 09:33:36 -04:00
Jeff Mitchell
48eac5434b
Bump version
2016-08-22 09:19:13 -04:00
Jeff Mitchell
1642013e8b
Update version numbers
2016-08-21 19:33:52 -04:00
vishalnayak
dfe73733d5
Seperate endpoints for read/delete using secret-id and accessor
2016-08-21 14:42:49 -04:00
Jeff Mitchell
865ca94032
Initial fixups, not yet done
2016-08-20 22:39:41 -04:00
Jeff Mitchell
0029559ab0
Update location of LDAP docs in upgrade guide.
...
Fixes #1656
2016-08-19 10:31:31 -04:00
Jeff Mitchell
c349e697f5
Change uninit/sealed status codes from health endpoint
2016-08-18 12:10:23 -04:00
Martin Forssen
a617ff0f93
Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role>
...
This parameter was not documented
2016-08-18 13:16:58 +02:00
Brian Shumate
a941dbdd76
Add a bit of clarification
2016-08-17 16:07:30 -04:00
Jeff Mitchell
734e80ca56
Add permit pool to dynamodb
2016-08-15 19:45:06 -04:00
Matt Hurne
56252fb637
AppRole documentation tweaks ( #1735 )
...
* Fix spelling error in AppRole docs
* Add force flag to sample command to generate a secret ID in AppRole docs
* Update sample output for AppRole login in docs
2016-08-15 16:12:08 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell
7497b37280
Completely revamp token documentation
2016-08-13 17:05:31 -04:00
Jeff Mitchell
d2124486ef
Merge pull request #1702 from hashicorp/renew-post-body
...
Add ability to specify renew lease ID in POST body.
2016-08-08 20:01:25 -04:00
Jeff Mitchell
ab71b981ad
Add ability to specify renew lease ID in POST body.
2016-08-08 18:00:44 -04:00
Jeff Mitchell
4f0310ed96
Don't allow root from authentication backends either.
...
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
2016-08-08 17:32:37 -04:00
Jeff Mitchell
be39df9887
Update upgrade docs
2016-08-08 16:44:13 -04:00
Vishal Nayak
77cac79725
Merge pull request #1700 from hashicorp/sethvargo/link
...
Update links to serf
2016-08-08 13:16:05 -04:00
Seth Vargo
80f5b8281a
Update links to serf
2016-08-08 12:47:14 -04:00
Jeff Mitchell
0a67bcb5bd
Merge pull request #1696 from hashicorp/transit-convergent-specify-nonce
...
Require nonce specification for more flexibility
2016-08-08 11:41:10 -04:00
Jeff Mitchell
d60caa2a79
Remove old terraform page
2016-08-08 08:26:05 -04:00
Jeff Mitchell
606ba64e23
Remove context-as-nonce, add docs, and properly support datakey
2016-08-07 15:53:40 -04:00
Jeff Mitchell
21e39bfea6
Remove erroneous information about some endpoints being root-protected
2016-08-04 16:08:54 -04:00
Cameron Stokes
0b60375952
~secret/aws: env variable and IAM role usage
2016-08-04 13:02:07 -07:00
Jeff Mitchell
1b0c9afc43
Update DB docs with new SQL specification options
2016-08-03 15:45:56 -04:00
vishalnayak
4f45910dfc
disallowed_policies doc update
2016-08-02 16:33:22 -04:00
Jeff Mitchell
b4386032db
Fix up some wording
2016-08-02 16:25:00 -04:00
vishalnayak
75c51378ce
Updated token auth docs with disallowed_policies
2016-08-02 15:33:03 -04:00
Jeff Mitchell
9902891c81
Alphabetize token store docs
2016-08-01 13:37:12 -04:00
Jeff Mitchell
357f2d972f
Add some extra safety checking in accessor listing and update website
...
docs.
2016-08-01 13:12:06 -04:00
Chris Hoffman
c1c35880da
Missing prefix on roles list
2016-07-29 11:31:26 -04:00
Jan Dudulski
1e46b1cef0
Update revoke-prefix path in doc
...
Minor update to make doc up to date with v0.6
2016-07-29 12:17:24 +02:00
Chris Hoffman
2930f2ca39
Preferred method is AppRole since AppId is now deprecated
2016-07-28 14:32:20 -04:00
Vishal Nayak
358b13d2b4
Merge pull request #1660 from TerryHowe/ansible-module-hashivault
...
Add note about Ansible module in docs
2016-07-27 13:56:41 -04:00
Adam Greene
da8ff50143
documentation cleanup
2016-07-27 10:43:59 -07:00
Terry Howe
da49a7993e
Add note about Ansible module in docs
2016-07-27 10:34:13 -06:00
vishalnayak
cc8a3a0141
Revert version in website
2016-07-27 10:56:11 -04:00
vishalnayak
019f79bbd2
Update version in website
2016-07-27 10:54:36 -04:00
Laura Bennett
4d9c909ae4
Merge pull request #1650 from hashicorp/request-uuid
...
Added unique identifier to each request. Closes hashicorp/vault#1617
2016-07-27 09:40:48 -04:00
Vishal Nayak
c7bcaa5bb6
Merge pull request #1655 from hashicorp/cluster-id
...
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
vishalnayak
669bbdfa48
Address review feedback from @jefferai
2016-07-26 14:05:27 -04:00
Jeff Mitchell
6e63af6ad0
Add deprecation notices for App ID
2016-07-26 10:08:46 -04:00
Jeff Mitchell
cdb0f78960
Add app-id deprecation to upgrade notes
2016-07-26 10:04:08 -04:00
vishalnayak
a6907769b0
AppRole authentication backend
2016-07-26 09:32:41 -04:00
Jeff Mitchell
3002799c26
Add upgrade notes for LDAP
2016-07-25 09:07:52 -04:00
Laura Bennett
483e796177
website update for request uuuid
2016-07-24 21:23:12 -04:00
Oren Shomron
cd6d114e42
LDAP Auth Backend Overhaul
...
--------------------------
Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.
Simplified group membership lookup significantly to support multiple use-cases:
* Enumerating groups via memberOf attribute on user object
* Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
* Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule
There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.
Additional changes:
* Clarify documentation for LDAP auth backend.
* Reworked how default values are set, added tests
* Removed Dial from LDAP config read. Network should not affect configuration.
2016-07-22 21:20:05 -04:00
Vishal Nayak
38d8ff33d5
Merge pull request #1647 from hashicorp/version-in-api
...
Add version information to health status
2016-07-22 18:34:33 -04:00
vishalnayak
a92da37351
Updated sys/health docs
2016-07-22 18:33:29 -04:00
matt maier
6519c224ac
Circonus integration for telemetry metrics
2016-07-22 15:49:23 -04:00
vishalnayak
765d131b47
Added service-tags config option to provide additional tags to registered service
2016-07-22 04:41:48 -04:00
Jeff Mitchell
3e7449164c
Update website text
2016-07-21 14:54:24 -04:00
Jeff Mitchell
6d41045b3b
Update website description
2016-07-21 14:32:23 -04:00
Laura Bennett
559b0a5006
Merge pull request #1635 from hashicorp/mysql-idle-conns
...
Added maximum idle connections to mysql to close hashicorp/vault#1616
2016-07-20 15:31:37 -04:00
Laura Bennett
422dcc8f25
minor formatting edits
2016-07-20 14:42:52 -04:00
Jeff Mitchell
f2b6569b0b
Merge pull request #1604 from memory/mysql-displayname-2
...
concat role name and token displayname to form mysql username
2016-07-20 14:02:17 -04:00
Nathan J. Mehl
ea294f1d27
use both role name and token display name to form mysql username
2016-07-20 10:17:00 -07:00
Laura Bennett
dba466f50e
update documentation for idle connections
2016-07-20 12:50:07 -04:00
Nathan J. Mehl
0483457ad2
respond to feedback from @vishalnayak
...
- split out usernameLength and displaynameLength truncation values,
as they are different things
- fetch username and displayname lengths from the role, not from
the request parameters
- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Jeff Mitchell
49194847da
Add mongodb to sidebar
2016-07-19 14:00:47 -04:00
Matt Hurne
11a3cb67d0
mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease
2016-07-19 12:46:54 -04:00
Matt Hurne
75a5fbd8fe
Merge branch 'master' into mongodb-secret-backend
2016-07-19 10:38:45 -04:00
Jeff Mitchell
04f0471a9f
Update documentation around dynamodb changes
2016-07-18 14:10:55 -04:00
Jeff Mitchell
c47fc73bd1
Use parsebool
2016-07-18 13:49:05 -04:00
Jeff Mitchell
a3ce0dcb0c
Turn off DynamoDB HA by default.
...
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
Jeff Mitchell
4c5ae34ebf
Merge pull request #1613 from skippy/update-aws-ec2-docs
...
[Docs] aws-ec2 -- note IAM action requirement
2016-07-18 10:40:38 -04:00
Jeff Mitchell
73923db995
Merge pull request #1589 from skippy/patch-2
...
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
2016-07-18 10:02:35 -04:00
Adam Greene
8f6b97f4e4
[Docs] aws-ec2 -- note IAM action requirement
2016-07-13 15:52:47 -07:00
Adam Greene
d6f5c5f491
english tweaks
2016-07-13 15:11:01 -07:00
vishalnayak
407722a9b4
Added tls_min_version to consul storage backend
2016-07-12 20:10:54 -04:00
Nathan J. Mehl
314a5ecec0
allow overriding the default truncation length for mysql usernames
...
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
Jeff Mitchell
a6682405a3
Migrate number of retries down by one to have it be max retries, not tries
2016-07-11 21:57:14 +00:00
Jeff Mitchell
57cdb58374
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages
2016-07-11 21:37:46 +00:00
Matt Hurne
8232de5095
Merge branch 'master' into mongodb-secret-backend
2016-07-09 21:14:21 -04:00
Jeff Mitchell
4aa557ffa6
Add documentation of retry env vars
2016-07-08 10:41:11 -04:00
Matt Hurne
253d4e86fc
Merge branch 'master' into mongodb-secret-backend
2016-07-08 08:32:03 -04:00
Jeff Mitchell
cf42b28487
Some policy concept page clarifications
2016-07-08 05:05:46 +00:00
Matt Hurne
8d5a7992c1
mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages
2016-07-07 23:09:45 -04:00
Matt Hurne
a5f5b26e4b
Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required
2016-07-07 22:34:00 -04:00
Matt Hurne
b1dd5bf449
mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON
2016-07-07 22:31:35 -04:00
Matt Hurne
da0bd77dc4
Merge branch 'master' into mongodb-secret-backend
2016-07-07 21:24:40 -04:00
Eric Herot
cbc76c357e
Pretty sure the method to delete a token role is not GET
2016-07-07 13:54:20 -04:00
Jeff Mitchell
4a597c3a7a
Fix upgrade to 0.6 docs
2016-07-06 19:00:23 -04:00
Jeff Mitchell
a6d3210163
Merge pull request #1590 from skippy/patch-3
...
Update aws-ec2.html.md -- clarify pkcs7 cert cleanup before use
2016-07-06 21:31:12 +02:00
Brian Shumate
07dd449e9e
Minor grammar edit
2016-07-06 10:02:52 -04:00
Jeff Mitchell
2c0e677fe5
Fix website upgrade menu for 0.6.0
2016-07-06 09:28:21 -04:00
Stig Lindqvist
71b481ba40
Correcting grammar
2016-07-06 17:57:22 +12:00
Adam Greene
2405b7f078
Update aws-ec2.html.md
...
per #1582 , updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
2016-07-05 13:21:56 -07:00
Adam Greene
5ef359ff6c
Update aws-ec2.html.md
...
clarify, and make more explicit, the language around the default AWS public certificate
2016-07-05 13:14:29 -07:00
Matt Hurne
cf17deb33b
mongodb secret backend: Update documentation
2016-07-05 09:50:23 -04:00
Matt Hurne
292c2fad69
Merge branch 'master' into mongodb-secret-backend
2016-07-01 20:39:13 -04:00
Mark Paluch
ab63c938c4
Address review feedback.
...
Switch ConnectTimeout to framework.TypeDurationSecond with a default of 5. Remove own parsing code.
2016-07-01 22:26:08 +02:00
Mark Paluch
3859f7938a
Support connect_timeout for Cassandra and align timeout.
...
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration. Also align the timeout to 5 seconds which is the default for the Python and Java drivers.
Fixes #1538
2016-07-01 21:22:37 +02:00
Matt Hurne
561e67ade8
Merge branch 'master' into mongodb-secret-backend
2016-06-30 20:23:16 -04:00
Tim Schindler
24c6a605ea
added documentation about ETCD_ADDR env var to etcd backend documentation
2016-06-30 18:46:40 +00:00
Matt Hurne
350b69670c
Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl'
2016-06-30 09:57:43 -04:00
Matt Hurne
5e8c912048
Add mongodb secret backend
2016-06-29 08:33:06 -04:00
Jeff Mitchell
07f53eebc2
Update PKI docs with key_usge info
2016-06-23 11:07:17 -04:00
Cameron Stokes
92f49578e1
Minor typo - that->than.
2016-06-22 11:28:31 -07:00
Jason Antman
d8242d04d2
clarify some aspects of GPG key usage
2016-06-22 10:26:06 -04:00
Brian Shumate
e34146d9d8
Update deploy.html.md
...
Corrected link to Using PGP, GPG, and Keybase
2016-06-21 12:14:58 -04:00
Vishal Nayak
78d4d5c8c3
Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2
...
Added bound_account_id to aws-ec2 auth backend
2016-06-21 10:03:20 -04:00
Vishal Nayak
d4d47ce5e3
Merge pull request #1531 from hashicorp/auth-mount-tune-params
...
Auth tune endpoints and config settings output from CLI
2016-06-20 20:24:47 -04:00
vishalnayak
8b490e44a1
Added list functionality to logical aws backend's roles
2016-06-20 19:51:04 -04:00
Jeff Mitchell
2e7704ea7e
Add convergent encryption option to transit.
...
Fixes #1537
2016-06-20 13:17:48 -04:00
Mark Paluch
ea4c58f17b
Fix RabbitMQ documentation
...
Change parameter `uri` to `connection_uri` in code example.
2016-06-19 17:45:30 +02:00
vishalnayak
d0a142c75a
Merge branch 'master-oss' into bind-account-id-aws-ec2
...
Conflicts:
website/source/docs/auth/aws-ec2.html.md
2016-06-17 12:41:21 -04:00
vishalnayak
848b479a61
Added 'sys/auth/<path>/tune' endpoints.
...
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
Martin Forssen
f8558ca1f2
Fixed a number of spelling errors in aws-ec2.html.md
2016-06-15 13:32:36 +02:00
vishalnayak
8e03c1448b
Merge branch 'master-oss' into bind-account-id-aws-ec2
...
Conflicts:
builtin/credential/aws-ec2/backend_test.go
builtin/credential/aws-ec2/path_login.go
builtin/credential/aws-ec2/path_role.go
2016-06-14 14:46:08 -04:00
Vishal Nayak
bf2cab6cd3
Merge pull request #1522 from ifuyivara/master
...
Adding IAM Role ARN as a constraint for EC2 authentication
2016-06-14 14:20:24 -04:00
Ivan Fuyivara
0ffbef0ccd
added tests, nil validations and doccumentation
2016-06-14 16:58:50 +00:00
Anthony Nguyen
d55d775c76
Move favicon into assets directory
...
Fixes #1507
2016-06-14 12:38:27 -04:00
vishalnayak
26f7fcf6a1
Added bound_account_id to aws-ec2 auth backend
2016-06-14 11:58:19 -04:00
vishalnayak
4a078f8726
RabbitMQ docs++
2016-06-14 10:22:30 -04:00
Jeff Mitchell
8fc2f5ccf1
Bump version and remove --all behavior from dist script
2016-06-14 13:25:44 +00:00
Jeff Mitchell
04a03bcb54
Add updated wrapping information
2016-06-14 05:59:50 +00:00
Jon Benson
7883e98eb8
Update aws-ec2.html.md
2016-06-09 23:08:08 -07:00
vishalnayak
c6a27f2fa8
s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN
2016-06-09 14:00:56 -04:00
vishalnayak
308294db46
Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token
2016-06-09 13:45:56 -04:00
Jeff Mitchell
41decb2e16
update sys-health docs with HEAD info
2016-06-09 12:30:23 -04:00
Jeff Mitchell
351f536913
Don't check parsability of a ttl
key on write.
...
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.
The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.
Fixes #1505
2016-06-08 20:14:36 -04:00
Jeff Mitchell
2b4b6559e3
Merge pull request #1504 from hashicorp/token-store-roles-renewability
...
Add renewable flag to token store roles
2016-06-08 15:56:54 -04:00
Laura Bennett
5ccb4fe907
Merge pull request #1498 from hashicorp/pki-list
...
PKI List Functionality
2016-06-08 15:42:50 -04:00
Jeff Mitchell
cf8f38bd4c
Add renewable flag to token store roles
2016-06-08 15:17:22 -04:00
Laura Bennett
fc8c73584b
url fix
2016-06-08 14:53:33 -04:00
Jeff Mitchell
65d8973864
Add explicit max TTL capability to token creation API
2016-06-08 14:49:48 -04:00
Laura Bennett
08cd10d541
Updates for pki/certs list functionality
2016-06-08 14:37:57 -04:00
Jeff Mitchell
b8c30aea18
Merge pull request #1502 from hashicorp/pr-1425
...
Staging area for me to fix up PR 1425
2016-06-08 12:31:31 -04:00
Jeff Mitchell
29ee2666e7
Update docs
2016-06-08 12:23:04 -04:00
Jeff Mitchell
3cce72b10d
Update docs with max_parallel
2016-06-08 12:22:18 -04:00
Jeff Mitchell
72a25d018c
Add permit pool and cleanhttp support to Swift
2016-06-08 12:20:21 -04:00
Jeff Mitchell
da6371ffc3
Merge remote-tracking branch 'origin/master' into pr-1425
2016-06-08 12:10:29 -04:00
Vishal Nayak
ab543414f6
Merge pull request #788 from doubledutch/master
...
RabbitMQ Secret Backend
2016-06-08 10:02:24 -04:00
Jeff Mitchell
7308031e4d
Add more entries to the 0.6 upgrade notes
2016-06-06 16:04:02 -04:00
Vinay Hiremath
584c2b9c10
Small grammatical error
...
"invaliding" => "invalidating"
2016-06-03 11:07:54 -07:00
Jeff Mitchell
33764e85b1
Merge pull request #1324 from hashicorp/sethvargo/doc_gpg
...
Add a page for step-by-step gpg/keybase
2016-06-03 13:24:57 -04:00
Jeff Mitchell
a147c3346c
Make some updates to PGP documentation
2016-06-03 13:23:20 -04:00
Jeff Mitchell
07193b519d
Add announcment list to community page
2016-06-01 22:06:21 -04:00
vishalnayak
315f9c868c
Provide option to disable host key checking
2016-06-01 11:08:24 -04:00
vishalnayak
dbee3cd81b
Address review feedback
2016-06-01 10:36:58 -04:00
vishalnayak
5c25265fce
rename aws.html.md as aws-ec2.html.md
2016-05-30 14:11:15 -04:00
vishalnayak
a072f2807d
Rename aws as aws-ec2
2016-05-30 14:11:15 -04:00
vishalnayak
30fa7f304b
Allow * to be set for allowed_users
2016-05-30 03:12:43 -04:00
vishalnayak
971b2cb7b7
Do not allow any username to login if allowed_users is not set
2016-05-30 03:01:47 -04:00
Sami Rageb
2dba9b180b
Fixed & clarified grammar around HCL & JSON
...
- Fixed the statement that HCL is JSON compatible, it's vice versa
- Added that HCL is a superset of JSON to eliminate any lingering confusion
2016-05-26 20:14:59 -05:00
Jeff Mitchell
81e14262cd
Remove reference to cookies altogether
...
Fixes #1437
2016-05-26 09:29:41 -04:00
vishalnayak
21605ee9d8
Typo fix: s/Vault/Consul
2016-05-24 18:22:20 -04:00
Seth Vargo
b1959e1f26
Use updated architecture diagram
...
As much as we love @armon's omnigraffle, this new diagram better matches
the Vault branding 😄 .
2016-05-23 20:10:51 -04:00
Kevin Pike
111ef09a18
Update rabbitmq lease docs
2016-05-20 23:28:41 -07:00
Jeff Mitchell
caf77109ba
Add cubbyhole wrapping documentation
2016-05-19 13:33:51 -04:00
Jeff Mitchell
a13807e759
Merge pull request #1318 from steve-jansen/aws-logical-assume-role
...
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
Francis Chuang
ae1d5a8fea
Minor grammar fix.
2016-05-19 17:01:30 +10:00
Stuart Glenn
b75eed61ed
Add documentation on Swift backend configuration
2016-05-16 17:29:40 -05:00
Seth Vargo
888527f9d4
Add note about paid training
2016-05-16 16:45:02 -04:00
Jeff Mitchell
60975bf76e
Revert "Remove a few assumptions regarding bash(1) being located in /bin."
2016-05-15 15:22:21 -04:00
Sean Chittenden
f91114fef5
Remove a few assumptions regarding bash(1) being located in /bin.
...
Use sh(1) where appropriate.
2016-05-15 11:41:14 -07:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Vishal Nayak
53fc941761
Merge pull request #1300 from hashicorp/aws-auth-backend
...
AWS EC2 instances authentication backend
2016-05-14 19:42:03 -04:00
vishalnayak
4122ed860b
Rename 'role_name' to 'role'
2016-05-13 14:31:13 -04:00
Jeff Mitchell
b850f876a7
Merge pull request #1407 from z00m1n/patch-1
...
fix PostgreSQL sample code
2016-05-12 17:07:48 -07:00
cmclaughlin
cdf715b94a
Document configuring listener to use a CA cert
2016-05-12 15:34:47 -07:00
Steven Samuel Cole
e3bb3a4efb
fix PostgreSQL sample code
...
The current sample configuration line fails with `Error initializing backend of type postgresql: failed to check for native upsert: pq: unsupported sslmode "disabled"; only "require" (default), "verify-full", "verify-ca", and "disable" supported`.
2016-05-12 23:22:41 +02:00
vishalnayak
7e8a2d55d0
Update docs and path names to the new patterns
2016-05-12 11:45:10 -04:00
Jeff Mitchell
aecc3ad824
Add explicit maximum TTLs to token store roles.
2016-05-11 16:51:18 -04:00
vishalnayak
ddcaf26396
Merge branch 'master-oss' into aws-auth-backend
2016-05-10 14:50:00 -04:00
Jeff Mitchell
d899f9d411
Don't revoke CA certificates with leases.
2016-05-09 19:53:28 -04:00
Jeff Mitchell
d77563994c
Merge pull request #1346 from hashicorp/disable-all-caches
...
Disable all caches
2016-05-07 16:33:45 -04:00
Steve Jansen
597d59962c
Adds sts:AssumeRole support to the AWS secret backend
...
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens. For example, STS federated tokens cannot
invoke IAM APIs, such as Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Jeff Mitchell
3e71221839
Merge remote-tracking branch 'origin/master' into aws-auth-backend
2016-05-05 10:04:52 -04:00
Chris Jansen
ea21dec7b4
Add scala vault library to list of client libs
2016-05-04 18:04:28 +01:00
Jeff Mitchell
3600b2573d
Update website docs re token store role period parsing
2016-05-04 02:17:20 -04:00
vishalnayak
b7c48ba109
Change image/ to a more flexible /role endpoint
2016-05-03 23:36:59 -04:00
Jeff Mitchell
8572190b64
Plumb disabling caches through the policy store
2016-05-02 22:36:44 -04:00
vishalnayak
9f2a111e85
Allow custom endpoint URLs to be supplied to make EC2 API calls
2016-05-02 17:21:52 -04:00
Seth Vargo
45ac1bc151
Track enhanced links
2016-05-02 15:57:23 -04:00
Jeff Mitchell
4182d711c3
Merge branch 'master-oss' into aws-auth-backend
2016-04-29 14:23:16 +00:00
Jeff Mitchell
81da06de05
Fix fetching parameters in token store when it's optionally in the URL
2016-04-28 15:15:37 -04:00
vishalnayak
2a2dc0befb
Added allow_instance_migration to the role tag
2016-04-28 11:43:48 -04:00
vishalnayak
b7b1f80a83
Updated docs
2016-04-28 11:25:47 -04:00
vishalnayak
779d73ce2b
Removed existence check on blacklist/roletags, docs fixes
2016-04-27 21:29:32 -04:00
vishalnayak
de1a1be564
tidy endpoint fixes
2016-04-26 10:22:29 -04:00
vishalnayak
21854776af
Added cooldown period for periodic tidying operation
2016-04-26 10:22:29 -04:00
vishalnayak
5a2e1340df
Removed redundant AWS public certificate. Docs update.
2016-04-26 10:22:29 -04:00
vishalnayak
58c485f519
Support providing multiple certificates.
...
Append all the certificates to the PKCS#7 parser during signature verification.
2016-04-26 10:22:29 -04:00
Jeff Mitchell
fd977bb478
Updating to docs
2016-04-26 10:22:29 -04:00
vishalnayak
9d4a7c5901
Docs update
2016-04-26 10:22:29 -04:00
Sean Chittenden
5a33edb57d
Change to the pre-0.6.4 Consul Check API
...
Consul is never going to pass in more than 1K of output. This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden
3228d25c65
Add a small bit of wording re: disable_registration
...
Consul service registration for Vault requires Consul 0.6.4.
2016-04-25 18:01:13 -07:00
Sean Chittenden
dd3219ec56
Provide documentation and example output
2016-04-25 18:01:13 -07:00
Sean Chittenden
60006f550f
Various refactoring to clean up code organization
...
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
Sean Chittenden
0c23acb818
Comment nits
2016-04-25 18:00:54 -07:00