Commit graph

1487 commits

Author SHA1 Message Date
Jeff Mitchell 1d0d353901 Fix incorrect sample URL in aws-ec2 docs 2017-02-04 19:27:35 -05:00
Harrison Harnisch b09077c2d8 add socket audit backend 2017-02-02 14:21:48 -08:00
Brian Kassouf 6701ba8a10 Configure the request headers that are output to the audit log (#2321)
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
2017-02-02 11:49:20 -08:00
Vishal Nayak 5fb28f53cb Transit: Support batch encryption and decryption (#2143)
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
2017-02-02 14:24:20 -05:00
Vishal Nayak 3457a11afd awsec2: support periodic tokens (#2324)
* awsec2: support periodic tokens

* awsec2: add api docs for 'period'
2017-02-02 13:28:01 -05:00
louism517 0548555219 Support for Cross-Account AWS Auth (#2148) 2017-02-01 14:16:03 -05:00
Shane Starcher 6033ea884c Okta implementation (#1966) 2017-01-26 19:08:52 -05:00
Jeff Mitchell 89b0ee09d3 Merge pull request #2296 from hashicorp/rfay-20161230_add_cookbook_with_root_token_generation
Add 'Guides' section
2017-01-25 15:33:43 -05:00
Jeff Mitchell 715732502d Update docs.erb 2017-01-25 15:33:20 -05:00
Cameron Stokes a898996c43 Update title and other minor changes. 2017-01-24 08:47:53 -08:00
Chris Hoffman c5f690b891 Fixing a few incorrect entries 2017-01-24 11:08:58 -05:00
Chris Hoffman 03d05b448a Minor transit docs fixes 2017-01-23 22:26:38 -05:00
Chris Hoffman b3fc3db6ec Adding LDAP API reference and misc docs formatting issues 2017-01-23 22:08:08 -05:00
Cameron Stokes c19e7ce793 undo inadvertant tabs to spaces on docs.erb 2017-01-23 17:02:06 -08:00
Cameron Stokes a307328f04 Additional changes to @rfay's PR from https://github.com/hashicorp/vault/pull/2217.
- Renamed Cookbook to Guides
- Made Guides index page
- Moved Guides link on sidebar
- Minor formatting changes to generate-root guide
2017-01-23 16:41:25 -08:00
Cameron Stokes 82af6a17c8 Merge branch '20161230_add_cookbook_with_root_token_generation' of https://github.com/rfay/vault into rfay-20161230_add_cookbook_with_root_token_generation 2017-01-23 16:13:58 -08:00
Roman Vynar 1615280efa Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 13:48:35 -05:00
joe miller 98df700495 allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman 7568a212b1 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
Vishal Nayak 5aba2d47b6 ldap: Minor enhancements, tests and doc update (#2272) 2017-01-23 10:56:43 -05:00
Brian Kassouf 2cdd70fdf9 First attempt at adding docs for permissions 2017-01-20 16:34:30 -08:00
Brian Kassouf d6198b7e24 change consistency config value from a bool to a string (#2282) 2017-01-19 17:36:33 -05:00
vishalnayak 4da3cf3479 Fix file_path argument in audit's index.html 2017-01-18 21:43:29 -05:00
Vishal Nayak 06c586ccd1 tokenStore: document the 'period' field (#2267) 2017-01-18 17:25:52 -05:00
Jacob Crowther 5f28afdf32 Example "List" command missing a forward slash (#2233)
The List command example is missing a forward slash before the query parameter.
2017-01-18 17:25:23 -05:00
Raja Nadar 8668f82831 vaultsharp is now cross-platform (#2285) 2017-01-18 08:45:16 -05:00
vishalnayak 0d59c1e6db Adding the 429 code back in 2017-01-17 13:36:56 -05:00
vishalnayak 62f17774f5 doc: remove unused 429 code from docs to avoid confusion 2017-01-13 23:12:32 -05:00
Brian Kassouf f11cd7f54a SP error 2017-01-13 11:50:23 -08:00
Brian Kassouf aff6282e78 Add require_conistent to docs 2017-01-13 11:48:35 -08:00
Erwin de Keijzer d71bdf893a Fixed rabbitmq documentation
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
2017-01-13 08:54:04 +01:00
vishalnayak e5551afac7 paraphrasing the cluster_addr doc 2017-01-12 11:26:43 -05:00
Pavel TImofeev eb7f4ef467 Describe how actually configuration option for 'Per-Node Cluster Address' topic is called.
According to 'Server Configuration' web page it's 'cluster_addr' (note, not 'cluster_address').
Previously this was not clear, what exactly 'this' was.
2017-01-12 12:20:19 +03:00
Matthew Irish cb8bbc4fbd Transit key actions (#2254)
* add supports_* for transit key reads

* update transit docs with new supports_* fields
2017-01-11 10:05:06 -06:00
Cameron Stokes af192b2081 Note about VAULT_UI environment variable. (#2255) 2017-01-11 09:29:45 -05:00
Raja Nadar a5fc6d1f31 fix lookup-self response json
reflect the true 0.6.4 response.
2017-01-10 23:19:49 -08:00
Jeff Mitchell f18d08cf2b Remove documenting that the token to revoke can be part of the URL as (#2250)
this should never be used and only remains for backwards compat.

Fixes #2248
2017-01-09 22:09:29 -05:00
Jeff Mitchell 4d83db66df Clarify text around redirect addr being required 2017-01-06 15:07:01 -05:00
windowsrefund 64e7e99755 prevent startup error when user has multiple private IPs configured locally 2017-01-03 15:24:11 -05:00
Michael Hofer 6dd1de959c Add link to vault-client vc written in go (#2225) 2017-01-03 11:29:54 -05:00
Randy Fay 787b6aa93c Add cookbook section, with root token generation technique 2016-12-30 09:19:55 -07:00
Phil Porada c8248b0d97 Adds a link to the latest releases CHANGELOG on the downloads.html page (#2205) 2016-12-29 19:57:16 -06:00
Chris Hoffman f6cc4c89ec Adding Vault.NET C# Library (#2213) 2016-12-29 19:26:47 -06:00
Stenio Ferreira 6c8a071a01 Fixed docs - auth backend aws had a typo on API example (#2211) 2016-12-28 11:41:50 -06:00
Jeff Mitchell ad5bdfa83c Update vs HSM text 2016-12-28 11:23:50 -05:00
Daniel Heitmann 69da5bc021 Replace app-id with approle due to deprecation (#2197)
According to the documentation the App-ID backend is deprecated in favor of the AppRole backend since Vault 0.6.1.
2016-12-20 13:29:42 -05:00
Brian Nuszkowski 98a6e0fea3 Add Duo pushinfo capabilities (#2118) 2016-12-19 15:37:44 -05:00
Vishal Nayak ba026aeaa1 TokenStore: Added tidy endpoint (#2192) 2016-12-16 15:29:27 -05:00
Jeff Mitchell f6044764c0 Fix revocation of leases when num_uses goes to 0 (#2190) 2016-12-16 13:11:55 -05:00
Elan Ruusamäe ca1f0115b6 add unix socket example as well (#2193) 2016-12-16 05:13:35 -05:00
Elan Ruusamäe 9a9edfb515 Update index.html.md (#2191)
add DSN as link to go-sql-driver/mysql to know the syntax
2016-12-16 03:37:54 -05:00
Vishal Nayak 8400b87473 Don't add default policy to child token if parent does not have it (#2164) 2016-12-16 00:36:39 -05:00
Jack Pearkes b70eff9b26 website: turn off autocomplete on the demo (#2187)
Removes the akward browser autocomplete bar from the tutorial input.
2016-12-15 11:00:44 -05:00
James Turnbull 0b082bff42 Edits to the deploy guide 2016-12-14 11:17:50 -05:00
James Turnbull e2ef0b75b6 Edits to the authorization/acl guide 2016-12-14 11:11:14 -05:00
James Turnbull c47c8343b5 Edits to the authentication guide 2016-12-14 11:06:42 -05:00
James Turnbull 73ce47d0fe Formatting and language updates to help guide 2016-12-14 10:55:11 -05:00
James Turnbull ce6c0dcf95 Minor formatting fix to dynamic secrets guide 2016-12-14 10:51:56 -05:00
James Turnbull f1b5377e81 Updated some formatting and language in the secret backends doc 2016-12-14 10:46:14 -05:00
James Turnbull 73324e2cba Updated some formatting and language in the first secret doc 2016-12-14 10:39:45 -05:00
James Turnbull 3a981ae7b4 Updated some language and formatting in the dev-server guide 2016-12-14 10:34:52 -05:00
James Turnbull 49dd4f70df Edits to the install doc in getting started 2016-12-14 10:15:26 -05:00
James Turnbull 6df55a3126 Added next step to install section 2016-12-14 10:13:15 -05:00
vishesh92 a46217989b Fix broken link 2016-12-13 10:56:18 +05:30
Frank Farmer f1ef8485ab Small typo 2016-12-08 16:51:16 -08:00
Jeff Mitchell bd41c48304 Add doc for ui to config page 2016-12-06 17:13:12 -05:00
Jeff Mitchell a81d18b437 Add 0.6.3 upgrade page to sidebar 2016-12-06 16:37:28 -05:00
Jeff Mitchell f5891b6677 Prep for 0.6.3 2016-12-06 11:26:29 -05:00
Christopher Pauley f07a19c503 gcs physical backend (#2099) 2016-12-01 11:42:31 -08:00
Chris MacNaughton a381f727e6 Add Rust (#2136)
Add the Rust crate to the list
2016-12-01 10:54:41 -08:00
vishesh92 b17100cf0d Fix aws auth login example (#2122) 2016-12-01 10:17:08 -08:00
Brian Nuszkowski 3d66907966 Disallow passwords LDAP binds by default (#2103) 2016-12-01 10:11:40 -08:00
Talal Obeid efe97559ea Improve link to intro and getting started (#2049) 2016-11-28 09:41:08 -08:00
Andrea Crotti d1c3367168 return code is 403 not 400 (#2128) 2016-11-25 06:47:27 -08:00
Dan Gorst e1d3650b7f Minor documentation tweak (#2127)
Should be arn, not policy - latter will error as that assume an inline policy json document
2016-11-24 07:36:46 -08:00
Em Smith 1812ce8d4a Change command examples for First Secrets #2116 (#2117)
These were discovered to be out of date as per https://github.com/hashicorp/vault/issues/2116
2016-11-22 12:44:17 -05:00
Jeff Mitchell a94962e004 Update docs to fix #2102 2016-11-22 12:19:22 -05:00
Benjamin Farley aac4f894c9 Update libraries doc for Haskell community library (#2101) 2016-11-17 13:36:00 -05:00
Jeff Mitchell 6b5327a04d Document bug causing certain LDAP settings to be forgotten on upgrade to
0.6.1+.

Fixes #2104
2016-11-16 17:08:16 -05:00
Daniel Somerfield db9dbdeb86 Added document to github auth backend covering user-specific policies. (#2084) 2016-11-11 08:59:26 -05:00
matt maier 57925ee863 Vendor circonus (#2082) 2016-11-10 16:17:55 -05:00
Brad Jones a8f35e95a0 Clarify that Swift only supports v1.0 auth (#2070) 2016-11-08 06:44:34 -05:00
Jacob Crowther 799707fdd0 Specify the value of "generated secrets" (#2066)
This small change is to specify (mostly for new users) that only dynamic secrets are revoked when running revoke-self.
2016-11-07 15:02:23 -05:00
Joel Thompson 0357d73dad Add information on HMAC verification to transit docs (#2062) 2016-11-07 13:44:14 -05:00
Jeff Mitchell 9d4eedcce4 Update unwrap call documentation 2016-11-02 13:36:32 -04:00
Jeff Mitchell 9066f012a7 Fix cache default size and docs 2016-11-01 10:24:35 -04:00
Benjamin Campbell 35542e39d7 Use gpg binary in PGP website documentation (#2047) 2016-10-30 13:09:56 -04:00
Jeff Mitchell b8b962c6e5 Rearrange libs 2016-10-29 13:53:06 -04:00
Mark Paluch 8c5d40df16 Add Spring Vault to client libraries (#2042) 2016-10-29 13:52:16 -04:00
vishalnayak 48196228d6 s/localhost/127.0.0.1 in approle docs 2016-10-28 09:46:39 -04:00
vishalnayak 260424244b s/localhost/127.0.0.1 2016-10-28 09:23:05 -04:00
vishalnayak 4ab6bd41c4 Using AppRole as an example. Removed 'root' policy being used in examples 2016-10-28 01:24:25 -04:00
Greg Look 089798b5d1 Update libraries.html.md
Add Clojure Vault client.
2016-10-27 11:39:52 -07:00
vishalnayak e0fb8c17ce Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
Vishal Nayak c74303dd59 Merge pull request #2029 from bfallik/patch-1
Update aws-ec2.html.md
2016-10-26 16:57:39 -04:00
Raja Nadar d3f71e7232 doc: syslog change data type from bool to string (#1998) 2016-10-26 16:18:31 -04:00
Brian Fallik 59a59a3235 Update aws-ec2.html.md
fix minor typo
2016-10-26 15:40:40 -04:00
Raja Nadar 9bba65e614 doc: change data type from boolean to string (#1997)
the api doesn't accept the boolean value. it needs a string containing a boolean value.
2016-10-26 11:29:42 -04:00
vishalnayak 5ef3e4b5ef Docs: Add port numbers to redirect_addr 2016-10-19 22:07:25 -04:00
vishalnayak fec9d83dce Docs: Update the client redirection defaults 2016-10-18 13:27:19 -04:00
Vishal Nayak 45f720cea7 Merge pull request #2006 from hashicorp/update-github-docs
Update github login output in the docs
2016-10-18 10:27:06 -04:00
Chris Hoffman 4b6e82afcb Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
Vishal Nayak 6646656e32 Merge pull request #2013 from rjhornsby/master
Fix sidebar typo
2016-10-18 09:45:03 -04:00
Vishal Nayak efa76a02ad Merge pull request #2010 from rajanadar/patch-5
doc: add doc for the GET lease settings api
2016-10-18 09:39:23 -04:00
rjhornsby 5e89fc4997 Fix typo
Fix typo in sidebar layout that prevented sidebar item 'getting started apis' from correctly rendering when that page was active.
2016-10-17 10:59:16 -05:00
Raja Nadar d43e7395c7 fix indentation 2016-10-15 22:58:25 -07:00
Raja Nadar f743ac97c2 doc: add doc for the GET lease settings api
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
2016-10-15 22:43:50 -07:00
Raja Nadar f31d99e51d doc: add consistency field in get-role response 2016-10-15 01:15:58 -07:00
vishalnayak f556a38959 Update github login output in the docs 2016-10-14 22:39:56 -04:00
Vishal Nayak c1be9ce062 Merge pull request #1988 from mp911de/issue/refdocs-approle-post-on-secret-id-destroy
Use POST method for destroy operations in documentation
2016-10-14 15:37:13 -04:00
Vishal Nayak 11db53e2f1 Merge pull request #1991 from hashicorp/pgp-gpg-doc-update
Update pgp-gpg concepts page to use base64 decoding instead of hex
2016-10-14 15:34:04 -04:00
vishalnayak 557bf45de6 Update the getting started API doc to not use 'root' policy 2016-10-11 16:07:48 -04:00
vishalnayak 6c9358dbec Update pgp-gpg concepts page to use base64 decoding instead of hex 2016-10-11 15:58:32 -04:00
Mark Paluch 95144ddae3 Use POST method for destroy operations in documentation
Use POST method as most clients (including Vault cli) cannot send a body when using the DELETE HTTP method.
2016-10-11 17:12:07 +02:00
Laura Bennett 9fc5a37e84 address feedback 2016-10-09 22:23:30 -04:00
Laura Bennett 1b8d12fe82 changes for 'mode' 2016-10-08 19:52:49 -04:00
Laura Bennett 39e7732473 website documentation update 2016-10-07 15:48:29 -04:00
Jeff Mitchell d580bb1c27 Update upgrade guide 2016-10-05 14:10:27 -04:00
Jeff Mitchell 7f9a88d8db Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
Jeff Mitchell 83b85dea1c Prep for 0.6.2 2016-10-05 08:23:31 -04:00
Jeff Mitchell 6b0f886756 Update website with breaking change information 2016-10-04 22:35:56 -04:00
Vishal Nayak 661a8a4734 Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature
aws-ec2-auth using identity doc and RSA digest
2016-10-04 15:45:12 -04:00
vishalnayak 0f8c132ede Minor doc updates 2016-10-04 15:46:09 -04:00
vishalnayak 59475d7f14 Address review feedback 2016-10-04 15:05:44 -04:00
Vishal Nayak 4141b632fa Merge pull request #1957 from hashicorp/website-list-userpass
Added user listing endpoint to userpass docs
2016-10-04 14:10:49 -04:00
vishalnayak 348a09e05f Add only relevant certificates 2016-10-03 20:34:28 -04:00
vishalnayak dbd364453e aws-ec2 config endpoints support type option to distinguish certs 2016-10-03 20:25:07 -04:00
Matthew Irish 61975f4265 add documentation for cluster_name and link atlas listener docs 2016-10-03 15:04:33 -05:00
Matthew Irish 34a6abcbb6 document the atlas listener 2016-10-03 10:41:50 -05:00
Jeff Mitchell 2c85fdfeb9 Switch default case of disable cluster. (#1959) 2016-10-02 14:54:01 -04:00
vishalnayak aef1a88de4 Added docs for reading and deleting username 2016-09-30 16:13:57 -04:00
vishalnayak 2ad698ec0b Added user listing endpoint to userpass docs 2016-09-30 15:47:33 -04:00
Jeff Mitchell 606d717ad9 Update changelog and website for GH-1958 2016-09-30 15:08:38 -04:00
Jeff Mitchell 4a505bfa3e Update text around cubbyhole/response 2016-09-29 17:44:15 -04:00
Chris Stevens 7a8fcfcf55 Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection"
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.

The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
2016-09-29 14:05:47 -05:00
Vishal Nayak 4c74b646fe Merge pull request #1947 from hashicorp/secret-id-lookup-delete
Introduce lookup and destroy endpoints for secret IDs and its accessors
2016-09-29 10:19:54 -04:00
Jeff Mitchell b45a481365 Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
vishalnayak 34e76f8b41 Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
Michael S. Fischer 2dd1f584e6 Update documentation for required AWS API permissions
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
2016-09-28 16:50:20 -07:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
vishalnayak a9976dca1c Remove a mistyped character 2016-09-28 18:30:49 -04:00
Vishal Nayak 69c57f843d Merge pull request #1943 from hashicorp/iam-bounds-prefix
Check for prefix match instead of exact match for IAM bound parameters
2016-09-28 18:11:53 -04:00
vishalnayak e01f99f042 Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
Vishal Nayak ba5da65163 Merge pull request #1940 from chrishoffman/consul-doc
Small consul doc fix
2016-09-28 15:48:45 -04:00
Vishal Nayak 4a30a6b4f8 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn
Proper naming for bound_iam_instance_profile_arn
2016-09-28 15:34:56 -04:00
Chris Hoffman 8c755bfe92 Small consul doc fix 2016-09-28 15:11:39 -04:00
Laura Bennett 010293ccc3 Merge pull request #1931 from hashicorp/cass-consistency
Adding consistency into cassandra
2016-09-27 21:12:02 -04:00
Chris Hoffman d235acf809 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett 883b5db420 typo correction 2016-09-27 16:38:27 -04:00
Laura Bennett 648a71fa11 updates to the documents 2016-09-27 16:36:20 -04:00
Jeff Mitchell 96afb1d27a Update getting started docs since root can no longer be used from github 2016-09-26 13:09:26 -04:00
Seth Vargo be9fb99a99 Update middleman-hashicorp (#1922) 2016-09-26 12:40:48 -04:00
Vishal Nayak b1ee56a15b Merge pull request #1910 from hashicorp/secret-id-cidr-list
CIDR restrictions on Secret ID
2016-09-26 10:22:48 -04:00
Jeff Mitchell f8e3cf4591 Add information about accessors to the token concepts page.
Fixes #1918
2016-09-26 10:18:38 -04:00
vishalnayak d080107a87 Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
John c39eeecaea tip to override VAULT_ADDR in getting started guide (#1915) 2016-09-23 19:34:07 -04:00
vishalnayak 2d4bfeff49 Update website for bound_iam_instance_profile_arn 2016-09-23 11:23:59 -04:00
vishalnayak aaadd4ad97 Store the CIDR list in the secret ID storage entry.
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
2016-09-21 20:19:26 -04:00
Jeff Mitchell 226ef5d78c Make HA in etcd off by default. (#1909)
Fixes #1908

(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
2016-09-21 14:01:36 -04:00
Jeff Mitchell 0ff76e16d2 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell 982f151722 Update docs to reflect that there is more than one constraint for EC2 now 2016-09-20 16:11:32 -04:00
Chris Hoffman 5c241d31e7 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Carlo Cabanilla f6239cf0c0 fix shell quoting (#1904)
$() doesnt get evaluated in single quotes, so you need to break out of it first
2016-09-19 17:11:16 -04:00
Jeff Mitchell 7f3041d6a5 Fix formatting 2016-09-19 13:00:50 -04:00
Jeff Mitchell 6e40d606d4 Bump to newer middleman-hashicorp 2016-09-19 12:42:35 -04:00
Jeff Mitchell 85c51fd861 Update website docs to indicate sudo being required for auth/audit
endpoints.
2016-09-19 12:10:08 -04:00
Jeff Mitchell f7b3937c77 Fix website display of tune paths 2016-09-16 12:03:50 -04:00
Vishal Nayak 61664bc653 Merge pull request #1886 from hashicorp/approle-upgrade-notes
upgrade notes entry for approle constraint and warning on role read
2016-09-15 12:14:01 -04:00
Vishal Nayak 4f33e8d713 Merge pull request #1892 from hashicorp/role-tag-defaults
Specify that role tags are not tied to an instance by default
2016-09-15 12:04:41 -04:00
vishalnayak 9bca127631 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak 2639ca4d4f Address review feedback 2016-09-14 16:06:38 -04:00
vishalnayak dcddaa8094 Address review feedback 2016-09-14 15:13:54 -04:00
vishalnayak d5cc763b8d Clarify that tags can be used on all instances that satisfies constraints 2016-09-14 14:55:09 -04:00
vishalnayak 03fc7b517f Specify that role tags are not tied to an instance by default 2016-09-14 14:49:18 -04:00
vishalnayak 53c919b1d0 Generate the nonce by default 2016-09-14 14:28:02 -04:00
Jeff Mitchell 722e26f27a Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
vishalnayak 99a2655d8e upgrade notes entry for approle constraint and warning on role read 2016-09-13 17:44:07 -04:00
Jeff Mitchell bc3cce7d2d Add 0.6.2 page to sidebar 2016-09-13 16:49:54 -04:00
vishalnayak bef9c2ee61 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00
Jeff Mitchell 888e833aae Remove old text from upgrade notes, as changes were made 2016-09-13 11:51:46 -04:00
sashman c01bf6cb1b Update libraries.html.md (#1879) 2016-09-13 09:23:46 -04:00
AJ Bourg b524e43f15 Small change: Fix permission vault requires.
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
2016-09-12 14:38:10 -06:00
Michael Warkentin 14f2a673e2 Out of date code
Looks like the `500` is now a `405`:

```
$ vault read aws/config/root
Error reading aws/config/root: Error making API request.

URL: GET http://127.0.0.1:8200/v1/aws/config/root
Code: 405. Errors:

* 1 error(s) occurred:

* unsupported operation
```
2016-09-12 15:58:25 -04:00
Raja Nadar d8b1ab05dd doc: change invalid otp response code to 400 (#1863)
invalid otp response code is 400 bad request.
2016-09-08 11:13:13 -04:00
Raja Nadar b06167c748 doc: fixing field name to security_token (#1850)
response field is security_token, not secret_token.
2016-09-03 22:40:57 -04:00
vishalnayak 5bd665a842 Update atlas listener factory to use version with pre-release info. 2016-09-01 17:21:11 -04:00
vishalnayak 9c78c58948 Remove the string 'Vault' from version information 2016-09-01 14:54:04 -04:00
khanklatt 242105a0ad Correcting typo on "mechanisms" (#1822) 2016-09-01 09:53:20 -04:00
Raja Nadar 7bd0edee4b doc: add keys_base64 to response json (#1824)
add the missing fields in json response for initializing vault.
keys_base64
2016-09-01 09:40:40 -04:00
Raja Nadar f6cfc1c7ad doc: add missing version and cluster fields (#1826)
adding the missing "version" field in json response.
also adding a new response when the unseal completes, and 2 more fields are returned. (cluster..)
2016-09-01 09:39:26 -04:00
Raja Nadar 97e5a02692 doc: add missing token field to generate-root apis (#1828)
the response is missing the encoded token field for a couple of apis.
2016-09-01 09:39:00 -04:00
Andrew Backhouse 2f35789e71 Update index.html.md (#1819)
Corrected a minor spelling error.
2016-08-31 10:02:43 -04:00
Jeff Mitchell 222adbdb61 Fix headers in aws-ec2 doc. 2016-08-30 11:53:21 -04:00
Jeff Mitchell 93b5b2a2c0 Update website with POST STS path 2016-08-30 10:37:55 -04:00
Raja Nadar 5172cdab3f doc: remove duplicate aws-ec2 menu item
the auth backends menu had a duplicate entry for aws-ec2 auth.
removed the dup one.
2016-08-30 00:59:44 -07:00
Raja Nadar 1ae71ce7db add missing field keys_base64 to rekey operation
fixing the json response blob in the documentation
2016-08-28 17:38:10 -07:00
Jeff Mitchell d9c46aadc2 update docs 2016-08-26 17:52:42 -04:00
Jeff Mitchell 2f5876dfe9 Use key derivation for convergent nonce. (#1794)
Use key derivation for convergent nonce.

Fixes #1792
2016-08-26 14:11:03 -04:00
Jeff Mitchell 2ce4397deb Plumb through the ability to set the storage read cache size. (#1784)
Plumb through the ability to set the storage read cache size.

Fixes #1772
2016-08-26 10:27:06 -04:00
Jeff Mitchell aa5daadd67 Don't duplicate building info 2016-08-25 13:00:26 -04:00
Jeff Mitchell 9fee9ce8ff Don't allow tokens in paths. (#1783) 2016-08-24 15:59:43 -04:00
Mikhail Zholobov 0b9d0c1cec Update website Vagrantfile (#1689)
* Upgrade base box to `bento/ubuntu-16.04`
* Remove JS stuff
* Install `git` and `bundler`
* Add gpg key for RVM
2016-08-24 13:53:00 -04:00
Adam Greene 66d3117cad fix aws-ec2 formatting around ttl (#1770) 2016-08-23 16:07:57 -04:00
Karl Falconer 6cbae1388e [Documentation] AppRole /login is unauthenticated (#1771) 2016-08-23 16:03:36 -04:00
Jeff Mitchell c64dba556c Swap push/pull. 2016-08-22 19:34:53 -04:00
Eric Peterson 6db65c317e Fix grammar (#1759) 2016-08-22 12:17:48 -04:00
Eric Peterson 9bd1a95850 Fix spelling (#1758) 2016-08-22 11:56:37 -04:00
S 7395fb02bc Update tokens.html.md
Bullet points at the end were off (probably due to some line wrapping settings somewhere)
2016-08-22 10:47:11 -04:00
Jeff Mitchell 3320aeb4f6 Update upgrade guide 2016-08-22 09:33:36 -04:00
Jeff Mitchell 48eac5434b Bump version 2016-08-22 09:19:13 -04:00
Jeff Mitchell 1642013e8b Update version numbers 2016-08-21 19:33:52 -04:00
vishalnayak dfe73733d5 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell 865ca94032 Initial fixups, not yet done 2016-08-20 22:39:41 -04:00
Jeff Mitchell 0029559ab0 Update location of LDAP docs in upgrade guide.
Fixes #1656
2016-08-19 10:31:31 -04:00
Jeff Mitchell c349e697f5 Change uninit/sealed status codes from health endpoint 2016-08-18 12:10:23 -04:00
Martin Forssen a617ff0f93 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role>
This parameter was not documented
2016-08-18 13:16:58 +02:00
Brian Shumate a941dbdd76 Add a bit of clarification 2016-08-17 16:07:30 -04:00
Jeff Mitchell 734e80ca56 Add permit pool to dynamodb 2016-08-15 19:45:06 -04:00
Matt Hurne 56252fb637 AppRole documentation tweaks (#1735)
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
2016-08-15 16:12:08 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721)
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell 7497b37280 Completely revamp token documentation 2016-08-13 17:05:31 -04:00
Jeff Mitchell d2124486ef Merge pull request #1702 from hashicorp/renew-post-body
Add ability to specify renew lease ID in POST body.
2016-08-08 20:01:25 -04:00
Jeff Mitchell ab71b981ad Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell 4f0310ed96 Don't allow root from authentication backends either.
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
2016-08-08 17:32:37 -04:00
Jeff Mitchell be39df9887 Update upgrade docs 2016-08-08 16:44:13 -04:00
Vishal Nayak 77cac79725 Merge pull request #1700 from hashicorp/sethvargo/link
Update links to serf
2016-08-08 13:16:05 -04:00
Seth Vargo 80f5b8281a
Update links to serf 2016-08-08 12:47:14 -04:00
Jeff Mitchell 0a67bcb5bd Merge pull request #1696 from hashicorp/transit-convergent-specify-nonce
Require nonce specification for more flexibility
2016-08-08 11:41:10 -04:00
Jeff Mitchell d60caa2a79 Remove old terraform page 2016-08-08 08:26:05 -04:00
Jeff Mitchell 606ba64e23 Remove context-as-nonce, add docs, and properly support datakey 2016-08-07 15:53:40 -04:00
Jeff Mitchell 21e39bfea6 Remove erroneous information about some endpoints being root-protected 2016-08-04 16:08:54 -04:00
Cameron Stokes 0b60375952 ~secret/aws: env variable and IAM role usage 2016-08-04 13:02:07 -07:00
Jeff Mitchell 1b0c9afc43 Update DB docs with new SQL specification options 2016-08-03 15:45:56 -04:00
vishalnayak 4f45910dfc disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell b4386032db Fix up some wording 2016-08-02 16:25:00 -04:00
vishalnayak 75c51378ce Updated token auth docs with disallowed_policies 2016-08-02 15:33:03 -04:00
Jeff Mitchell 9902891c81 Alphabetize token store docs 2016-08-01 13:37:12 -04:00
Jeff Mitchell 357f2d972f Add some extra safety checking in accessor listing and update website
docs.
2016-08-01 13:12:06 -04:00
Chris Hoffman c1c35880da Missing prefix on roles list 2016-07-29 11:31:26 -04:00
Jan Dudulski 1e46b1cef0 Update revoke-prefix path in doc
Minor update to make doc up to date with v0.6
2016-07-29 12:17:24 +02:00
Chris Hoffman 2930f2ca39 Preferred method is AppRole since AppId is now deprecated 2016-07-28 14:32:20 -04:00
Vishal Nayak 358b13d2b4 Merge pull request #1660 from TerryHowe/ansible-module-hashivault
Add note about Ansible module in docs
2016-07-27 13:56:41 -04:00
Adam Greene da8ff50143 documentation cleanup 2016-07-27 10:43:59 -07:00
Terry Howe da49a7993e Add note about Ansible module in docs 2016-07-27 10:34:13 -06:00
vishalnayak cc8a3a0141 Revert version in website 2016-07-27 10:56:11 -04:00
vishalnayak 019f79bbd2 Update version in website 2016-07-27 10:54:36 -04:00
Laura Bennett 4d9c909ae4 Merge pull request #1650 from hashicorp/request-uuid
Added unique identifier to each request. Closes hashicorp/vault#1617
2016-07-27 09:40:48 -04:00
Vishal Nayak c7bcaa5bb6 Merge pull request #1655 from hashicorp/cluster-id
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
vishalnayak 669bbdfa48 Address review feedback from @jefferai 2016-07-26 14:05:27 -04:00
Jeff Mitchell 6e63af6ad0 Add deprecation notices for App ID 2016-07-26 10:08:46 -04:00
Jeff Mitchell cdb0f78960 Add app-id deprecation to upgrade notes 2016-07-26 10:04:08 -04:00
vishalnayak a6907769b0 AppRole authentication backend 2016-07-26 09:32:41 -04:00
Jeff Mitchell 3002799c26 Add upgrade notes for LDAP 2016-07-25 09:07:52 -04:00
Laura Bennett 483e796177 website update for request uuuid 2016-07-24 21:23:12 -04:00
Oren Shomron cd6d114e42 LDAP Auth Backend Overhaul
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
2016-07-22 21:20:05 -04:00
Vishal Nayak 38d8ff33d5 Merge pull request #1647 from hashicorp/version-in-api
Add version information to health status
2016-07-22 18:34:33 -04:00
vishalnayak a92da37351 Updated sys/health docs 2016-07-22 18:33:29 -04:00
matt maier 6519c224ac Circonus integration for telemetry metrics 2016-07-22 15:49:23 -04:00
vishalnayak 765d131b47 Added service-tags config option to provide additional tags to registered service 2016-07-22 04:41:48 -04:00
Jeff Mitchell 3e7449164c Update website text 2016-07-21 14:54:24 -04:00
Jeff Mitchell 6d41045b3b Update website description 2016-07-21 14:32:23 -04:00
Laura Bennett 559b0a5006 Merge pull request #1635 from hashicorp/mysql-idle-conns
Added maximum idle connections to mysql to close hashicorp/vault#1616
2016-07-20 15:31:37 -04:00
Laura Bennett 422dcc8f25 minor formatting edits 2016-07-20 14:42:52 -04:00
Jeff Mitchell f2b6569b0b Merge pull request #1604 from memory/mysql-displayname-2
concat role name and token displayname to form mysql username
2016-07-20 14:02:17 -04:00
Nathan J. Mehl ea294f1d27 use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Laura Bennett dba466f50e update documentation for idle connections 2016-07-20 12:50:07 -04:00
Nathan J. Mehl 0483457ad2 respond to feedback from @vishalnayak
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
2016-07-20 06:36:51 -07:00
Jeff Mitchell 49194847da Add mongodb to sidebar 2016-07-19 14:00:47 -04:00
Matt Hurne 11a3cb67d0 mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease 2016-07-19 12:46:54 -04:00
Matt Hurne 75a5fbd8fe Merge branch 'master' into mongodb-secret-backend 2016-07-19 10:38:45 -04:00
Jeff Mitchell 04f0471a9f Update documentation around dynamodb changes 2016-07-18 14:10:55 -04:00
Jeff Mitchell c47fc73bd1 Use parsebool 2016-07-18 13:49:05 -04:00
Jeff Mitchell a3ce0dcb0c Turn off DynamoDB HA by default.
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
Jeff Mitchell 4c5ae34ebf Merge pull request #1613 from skippy/update-aws-ec2-docs
[Docs] aws-ec2 -- note IAM action requirement
2016-07-18 10:40:38 -04:00
Jeff Mitchell 73923db995 Merge pull request #1589 from skippy/patch-2
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
2016-07-18 10:02:35 -04:00
Adam Greene 8f6b97f4e4 [Docs] aws-ec2 -- note IAM action requirement 2016-07-13 15:52:47 -07:00
Adam Greene d6f5c5f491 english tweaks 2016-07-13 15:11:01 -07:00
vishalnayak 407722a9b4 Added tls_min_version to consul storage backend 2016-07-12 20:10:54 -04:00
Nathan J. Mehl 314a5ecec0 allow overriding the default truncation length for mysql usernames
see https://github.com/hashicorp/vault/issues/1605
2016-07-12 17:05:43 -07:00
Jeff Mitchell a6682405a3 Migrate number of retries down by one to have it be max retries, not tries 2016-07-11 21:57:14 +00:00
Jeff Mitchell 57cdb58374 Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00
Matt Hurne 8232de5095 Merge branch 'master' into mongodb-secret-backend 2016-07-09 21:14:21 -04:00
Jeff Mitchell 4aa557ffa6 Add documentation of retry env vars 2016-07-08 10:41:11 -04:00
Matt Hurne 253d4e86fc Merge branch 'master' into mongodb-secret-backend 2016-07-08 08:32:03 -04:00
Jeff Mitchell cf42b28487 Some policy concept page clarifications 2016-07-08 05:05:46 +00:00
Matt Hurne 8d5a7992c1 mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages 2016-07-07 23:09:45 -04:00
Matt Hurne a5f5b26e4b Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required 2016-07-07 22:34:00 -04:00
Matt Hurne b1dd5bf449 mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON 2016-07-07 22:31:35 -04:00
Matt Hurne da0bd77dc4 Merge branch 'master' into mongodb-secret-backend 2016-07-07 21:24:40 -04:00
Eric Herot cbc76c357e Pretty sure the method to delete a token role is not GET 2016-07-07 13:54:20 -04:00
Jeff Mitchell 4a597c3a7a Fix upgrade to 0.6 docs 2016-07-06 19:00:23 -04:00
Jeff Mitchell a6d3210163 Merge pull request #1590 from skippy/patch-3
Update aws-ec2.html.md -- clarify pkcs7 cert cleanup before use
2016-07-06 21:31:12 +02:00
Brian Shumate 07dd449e9e Minor grammar edit 2016-07-06 10:02:52 -04:00
Jeff Mitchell 2c0e677fe5 Fix website upgrade menu for 0.6.0 2016-07-06 09:28:21 -04:00
Stig Lindqvist 71b481ba40 Correcting grammar 2016-07-06 17:57:22 +12:00
Adam Greene 2405b7f078 Update aws-ec2.html.md
per #1582, updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
2016-07-05 13:21:56 -07:00
Adam Greene 5ef359ff6c Update aws-ec2.html.md
clarify, and make more explicit, the language around the default AWS public certificate
2016-07-05 13:14:29 -07:00
Matt Hurne cf17deb33b mongodb secret backend: Update documentation 2016-07-05 09:50:23 -04:00
Matt Hurne 292c2fad69 Merge branch 'master' into mongodb-secret-backend 2016-07-01 20:39:13 -04:00
Mark Paluch ab63c938c4 Address review feedback.
Switch ConnectTimeout to framework.TypeDurationSecond  with a default of 5. Remove own parsing code.
2016-07-01 22:26:08 +02:00
Mark Paluch 3859f7938a Support connect_timeout for Cassandra and align timeout.
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration.  Also align the timeout to 5 seconds which is the default for the Python and Java drivers.

Fixes #1538
2016-07-01 21:22:37 +02:00
Matt Hurne 561e67ade8 Merge branch 'master' into mongodb-secret-backend 2016-06-30 20:23:16 -04:00
Tim Schindler 24c6a605ea added documentation about ETCD_ADDR env var to etcd backend documentation 2016-06-30 18:46:40 +00:00
Matt Hurne 350b69670c Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl' 2016-06-30 09:57:43 -04:00
Matt Hurne 5e8c912048 Add mongodb secret backend 2016-06-29 08:33:06 -04:00
Jeff Mitchell 07f53eebc2 Update PKI docs with key_usge info 2016-06-23 11:07:17 -04:00
Cameron Stokes 92f49578e1 Minor typo - that->than. 2016-06-22 11:28:31 -07:00
Jason Antman d8242d04d2 clarify some aspects of GPG key usage 2016-06-22 10:26:06 -04:00
Brian Shumate e34146d9d8 Update deploy.html.md
Corrected link to Using PGP, GPG, and Keybase
2016-06-21 12:14:58 -04:00
Vishal Nayak 78d4d5c8c3 Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2
Added bound_account_id to aws-ec2 auth backend
2016-06-21 10:03:20 -04:00
Vishal Nayak d4d47ce5e3 Merge pull request #1531 from hashicorp/auth-mount-tune-params
Auth tune endpoints and config settings output from CLI
2016-06-20 20:24:47 -04:00
vishalnayak 8b490e44a1 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
Jeff Mitchell 2e7704ea7e Add convergent encryption option to transit.
Fixes #1537
2016-06-20 13:17:48 -04:00
Mark Paluch ea4c58f17b Fix RabbitMQ documentation
Change parameter `uri` to `connection_uri` in code example.
2016-06-19 17:45:30 +02:00
vishalnayak d0a142c75a Merge branch 'master-oss' into bind-account-id-aws-ec2
Conflicts:
	website/source/docs/auth/aws-ec2.html.md
2016-06-17 12:41:21 -04:00
vishalnayak 848b479a61 Added 'sys/auth/<path>/tune' endpoints.
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
Martin Forssen f8558ca1f2 Fixed a number of spelling errors in aws-ec2.html.md 2016-06-15 13:32:36 +02:00
vishalnayak 8e03c1448b Merge branch 'master-oss' into bind-account-id-aws-ec2
Conflicts:
	builtin/credential/aws-ec2/backend_test.go
	builtin/credential/aws-ec2/path_login.go
	builtin/credential/aws-ec2/path_role.go
2016-06-14 14:46:08 -04:00
Vishal Nayak bf2cab6cd3 Merge pull request #1522 from ifuyivara/master
Adding IAM Role ARN as a constraint for EC2 authentication
2016-06-14 14:20:24 -04:00
Ivan Fuyivara 0ffbef0ccd added tests, nil validations and doccumentation 2016-06-14 16:58:50 +00:00
Anthony Nguyen d55d775c76 Move favicon into assets directory
Fixes #1507
2016-06-14 12:38:27 -04:00
vishalnayak 26f7fcf6a1 Added bound_account_id to aws-ec2 auth backend 2016-06-14 11:58:19 -04:00
vishalnayak 4a078f8726 RabbitMQ docs++ 2016-06-14 10:22:30 -04:00
Jeff Mitchell 8fc2f5ccf1 Bump version and remove --all behavior from dist script 2016-06-14 13:25:44 +00:00
Jeff Mitchell 04a03bcb54 Add updated wrapping information 2016-06-14 05:59:50 +00:00
Jon Benson 7883e98eb8 Update aws-ec2.html.md 2016-06-09 23:08:08 -07:00
vishalnayak c6a27f2fa8 s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN 2016-06-09 14:00:56 -04:00
vishalnayak 308294db46 Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token 2016-06-09 13:45:56 -04:00
Jeff Mitchell 41decb2e16 update sys-health docs with HEAD info 2016-06-09 12:30:23 -04:00
Jeff Mitchell 351f536913 Don't check parsability of a ttl key on write.
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.

The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.

Fixes #1505
2016-06-08 20:14:36 -04:00
Jeff Mitchell 2b4b6559e3 Merge pull request #1504 from hashicorp/token-store-roles-renewability
Add renewable flag to token store roles
2016-06-08 15:56:54 -04:00
Laura Bennett 5ccb4fe907 Merge pull request #1498 from hashicorp/pki-list
PKI List Functionality
2016-06-08 15:42:50 -04:00
Jeff Mitchell cf8f38bd4c Add renewable flag to token store roles 2016-06-08 15:17:22 -04:00
Laura Bennett fc8c73584b url fix 2016-06-08 14:53:33 -04:00
Jeff Mitchell 65d8973864 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
Laura Bennett 08cd10d541 Updates for pki/certs list functionality 2016-06-08 14:37:57 -04:00
Jeff Mitchell b8c30aea18 Merge pull request #1502 from hashicorp/pr-1425
Staging area for me to fix up PR 1425
2016-06-08 12:31:31 -04:00
Jeff Mitchell 29ee2666e7 Update docs 2016-06-08 12:23:04 -04:00
Jeff Mitchell 3cce72b10d Update docs with max_parallel 2016-06-08 12:22:18 -04:00
Jeff Mitchell 72a25d018c Add permit pool and cleanhttp support to Swift 2016-06-08 12:20:21 -04:00
Jeff Mitchell da6371ffc3 Merge remote-tracking branch 'origin/master' into pr-1425 2016-06-08 12:10:29 -04:00
Vishal Nayak ab543414f6 Merge pull request #788 from doubledutch/master
RabbitMQ Secret Backend
2016-06-08 10:02:24 -04:00
Jeff Mitchell 7308031e4d Add more entries to the 0.6 upgrade notes 2016-06-06 16:04:02 -04:00
Vinay Hiremath 584c2b9c10 Small grammatical error
"invaliding" => "invalidating"
2016-06-03 11:07:54 -07:00
Jeff Mitchell 33764e85b1 Merge pull request #1324 from hashicorp/sethvargo/doc_gpg
Add a page for step-by-step gpg/keybase
2016-06-03 13:24:57 -04:00
Jeff Mitchell a147c3346c Make some updates to PGP documentation 2016-06-03 13:23:20 -04:00
Jeff Mitchell 07193b519d Add announcment list to community page 2016-06-01 22:06:21 -04:00
vishalnayak 315f9c868c Provide option to disable host key checking 2016-06-01 11:08:24 -04:00
vishalnayak dbee3cd81b Address review feedback 2016-06-01 10:36:58 -04:00
vishalnayak 5c25265fce rename aws.html.md as aws-ec2.html.md 2016-05-30 14:11:15 -04:00
vishalnayak a072f2807d Rename aws as aws-ec2 2016-05-30 14:11:15 -04:00
vishalnayak 30fa7f304b Allow * to be set for allowed_users 2016-05-30 03:12:43 -04:00
vishalnayak 971b2cb7b7 Do not allow any username to login if allowed_users is not set 2016-05-30 03:01:47 -04:00
Sami Rageb 2dba9b180b Fixed & clarified grammar around HCL & JSON
- Fixed the statement that HCL is JSON compatible, it's vice versa
- Added that HCL is a superset of JSON to eliminate any lingering confusion
2016-05-26 20:14:59 -05:00
Jeff Mitchell 81e14262cd Remove reference to cookies altogether
Fixes #1437
2016-05-26 09:29:41 -04:00
vishalnayak 21605ee9d8 Typo fix: s/Vault/Consul 2016-05-24 18:22:20 -04:00
Seth Vargo b1959e1f26
Use updated architecture diagram
As much as we love @armon's omnigraffle, this new diagram better matches
the Vault branding 😄.
2016-05-23 20:10:51 -04:00
Kevin Pike 111ef09a18 Update rabbitmq lease docs 2016-05-20 23:28:41 -07:00
Jeff Mitchell caf77109ba Add cubbyhole wrapping documentation 2016-05-19 13:33:51 -04:00
Jeff Mitchell a13807e759 Merge pull request #1318 from steve-jansen/aws-logical-assume-role
Add sts:AssumeRole support to the AWS secret backend
2016-05-19 12:17:27 -04:00
Francis Chuang ae1d5a8fea Minor grammar fix. 2016-05-19 17:01:30 +10:00
Stuart Glenn b75eed61ed Add documentation on Swift backend configuration 2016-05-16 17:29:40 -05:00
Seth Vargo 888527f9d4
Add note about paid training 2016-05-16 16:45:02 -04:00
Jeff Mitchell 60975bf76e Revert "Remove a few assumptions regarding bash(1) being located in /bin." 2016-05-15 15:22:21 -04:00
Sean Chittenden f91114fef5
Remove a few assumptions regarding bash(1) being located in /bin.
Use sh(1) where appropriate.
2016-05-15 11:41:14 -07:00
Sean Chittenden 7a4b31ce51
Speling police 2016-05-15 09:58:36 -07:00
Vishal Nayak 53fc941761 Merge pull request #1300 from hashicorp/aws-auth-backend
AWS EC2 instances authentication backend
2016-05-14 19:42:03 -04:00
vishalnayak 4122ed860b Rename 'role_name' to 'role' 2016-05-13 14:31:13 -04:00
Jeff Mitchell b850f876a7 Merge pull request #1407 from z00m1n/patch-1
fix PostgreSQL sample code
2016-05-12 17:07:48 -07:00
cmclaughlin cdf715b94a Document configuring listener to use a CA cert 2016-05-12 15:34:47 -07:00
Steven Samuel Cole e3bb3a4efb fix PostgreSQL sample code
The current sample configuration line fails with `Error initializing backend of type postgresql: failed to check for native upsert: pq: unsupported sslmode "disabled"; only "require" (default), "verify-full", "verify-ca", and "disable" supported`.
2016-05-12 23:22:41 +02:00
vishalnayak 7e8a2d55d0 Update docs and path names to the new patterns 2016-05-12 11:45:10 -04:00
Jeff Mitchell aecc3ad824 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
vishalnayak ddcaf26396 Merge branch 'master-oss' into aws-auth-backend 2016-05-10 14:50:00 -04:00
Jeff Mitchell d899f9d411 Don't revoke CA certificates with leases. 2016-05-09 19:53:28 -04:00
Jeff Mitchell d77563994c Merge pull request #1346 from hashicorp/disable-all-caches
Disable all caches
2016-05-07 16:33:45 -04:00
Steve Jansen 597d59962c Adds sts:AssumeRole support to the AWS secret backend
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
2016-05-05 23:32:41 -04:00
Jeff Mitchell 3e71221839 Merge remote-tracking branch 'origin/master' into aws-auth-backend 2016-05-05 10:04:52 -04:00
Chris Jansen ea21dec7b4 Add scala vault library to list of client libs 2016-05-04 18:04:28 +01:00
Jeff Mitchell 3600b2573d Update website docs re token store role period parsing 2016-05-04 02:17:20 -04:00
vishalnayak b7c48ba109 Change image/ to a more flexible /role endpoint 2016-05-03 23:36:59 -04:00
Jeff Mitchell 8572190b64 Plumb disabling caches through the policy store 2016-05-02 22:36:44 -04:00
vishalnayak 9f2a111e85 Allow custom endpoint URLs to be supplied to make EC2 API calls 2016-05-02 17:21:52 -04:00
Seth Vargo 45ac1bc151
Track enhanced links 2016-05-02 15:57:23 -04:00
Jeff Mitchell 4182d711c3 Merge branch 'master-oss' into aws-auth-backend 2016-04-29 14:23:16 +00:00
Jeff Mitchell 81da06de05 Fix fetching parameters in token store when it's optionally in the URL 2016-04-28 15:15:37 -04:00
vishalnayak 2a2dc0befb Added allow_instance_migration to the role tag 2016-04-28 11:43:48 -04:00
vishalnayak b7b1f80a83 Updated docs 2016-04-28 11:25:47 -04:00
vishalnayak 779d73ce2b Removed existence check on blacklist/roletags, docs fixes 2016-04-27 21:29:32 -04:00
vishalnayak de1a1be564 tidy endpoint fixes 2016-04-26 10:22:29 -04:00
vishalnayak 21854776af Added cooldown period for periodic tidying operation 2016-04-26 10:22:29 -04:00
vishalnayak 5a2e1340df Removed redundant AWS public certificate. Docs update. 2016-04-26 10:22:29 -04:00
vishalnayak 58c485f519 Support providing multiple certificates.
Append all the certificates to the PKCS#7 parser during signature verification.
2016-04-26 10:22:29 -04:00
Jeff Mitchell fd977bb478 Updating to docs 2016-04-26 10:22:29 -04:00
vishalnayak 9d4a7c5901 Docs update 2016-04-26 10:22:29 -04:00
Sean Chittenden 5a33edb57d Change to the pre-0.6.4 Consul Check API
Consul is never going to pass in more than 1K of output.  This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden 3228d25c65 Add a small bit of wording re: disable_registration
Consul service registration for Vault requires Consul 0.6.4.
2016-04-25 18:01:13 -07:00
Sean Chittenden dd3219ec56 Provide documentation and example output 2016-04-25 18:01:13 -07:00
Sean Chittenden 60006f550f Various refactoring to clean up code organization
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
Sean Chittenden 0c23acb818 Comment nits 2016-04-25 18:00:54 -07:00