Commit graph

2540 commits

Author SHA1 Message Date
Jeff Mitchell b2cc9ebd3a Remove regenerate-key docs as it no longer exists 2019-02-01 09:29:40 -05:00
Jeff Mitchell 47accf8086 Add role_id as an alias name source for AWS and change the defaults 2019-01-30 15:51:45 -05:00
Donald Guy 4363453017 Docs: Azure auth example using metadata service (#6124)
There are probably better ways to massage this but I think it would be helpful to have something like this included
2019-01-30 12:13:39 -08:00
Brian Shumate 2337df4b2b Update documentation for command operator unseal (#6117)
- Add migrate command option
2019-01-28 10:27:51 -05:00
Gordon Shankman cd2f7bbde8 Adding support for SSE in the S3 storage backend. (#5996) 2019-01-26 16:48:08 -05:00
Calvin Leung Huang 34af3daeb0 docs: update agent sample config (#6096) 2019-01-24 07:25:03 -05:00
Jeff Mitchell 3f1a7d4fdd
Update to latest etcd and use the new repository packages (#6087)
This will be necessary for go mod work

Additionally, the srv api has changed. This adapts to it.
2019-01-23 14:35:03 -05:00
Jeff Mitchell 5e126f6de8
Implement JWS-compatible signature marshaling (#6077)
This currently only applies to ECDSA signatures, and is a toggleable
option.
2019-01-23 12:31:34 -05:00
gitirabassi 1aaacda3ec small fixes to docs and indexes 2019-01-18 02:14:57 +01:00
Jim Kalafut 0f2fcfb6f1
Update JWT docs with new jwt_supported_algs parameter (#6069) 2019-01-17 15:27:20 -08:00
Yoko e5c6b421e0 Fixed the broken link (#6052)
* Fixed the broken link

* Fixing the broken link

* Fixes redirect to Tokens guide

The separate redirect within learn.hashicorp.com will be fixed on its own repo.
2019-01-16 17:06:28 -08:00
Yoko e09f058ada
Adding the CLI flag placement info (#6027)
* Adding the CLI flag placement info

* Adding the definition of 'options' and 'args'

* tweaked the wording a little bit

* Added more description in the example

* Added a link to 'Flags' in the doc for options def
2019-01-15 11:24:50 -08:00
Jim Kalafut 960eb45014
Remove unnecessary permission 2019-01-10 16:18:10 -08:00
Seth Vargo e726f13957 Simplify permission requirements for GCP things (#6012) 2019-01-10 10:05:21 -08:00
Dilan Bellinghoven f9dacbf221 Add docker-credential-vault-login to Third-Party Tools (#6003)
* Added Docker credential helper to list of Third-Party tools

* website/source/api/relatedtools.html.md: Fixed a typo
2019-01-10 10:46:18 -05:00
Yoko 9a4de34dce Allowed characters in paths (#6015) 2019-01-10 10:39:20 -05:00
Vishal Nayak 0c30f46587
Add option to configure ec2_alias values (#5846)
* Add option to configure ec2_alias values

* Doc updates

* Fix overwriting of previous config value

* s/configEntry/config

* Fix formatting

* Address review feedback

* Address review feedback
2019-01-09 18:28:29 -05:00
Yoko 0a97f95ff4
Document upper limit on Transit encryption size (#6014) 2019-01-08 17:57:43 -08:00
Giacomo Tirabassi 0d3845c537 Influxdb secret engine built-in plugin (#5924)
* intial work for influxdb secret plugin

* fixed typo

* added comment

* added documentation

* added tests

* fixed tests

* added vendoring

* minor testing issue with hardcoded values

* minor fixes
2019-01-08 17:26:16 -08:00
Julien Blache 91d432fc85 FoundationDB backend TLS support and housekeeping (#5800)
* Fix typo in documentation

* Update fdb-go-install.sh for new release tags

* Exclude FoundationDB bindings from vendoring, delete vendored copy

FoundationDB bindings are tightly coupled to the server version and
client library version used in a specific deployment. Bindings need
to be installed using the fdb-go-install.sh script, as documented in
the foundationdb backend documentation.

* Add TLS support to FoundationDB backend

TLS support appeared in FoundationDB 5.2.4, raising the minimum API version
for TLS-aware FoundationDB code to 520.

* Update documentation for FoundationDB TLS support
2019-01-08 09:01:44 -08:00
Seth Vargo 46cbfb0e4b Fix formatting (#6009)
The new markdown parser is less forgiving
2019-01-08 08:51:37 -08:00
Thomas Kula 4265579aaa Fix small typo in azure.html.md (#6004) 2019-01-07 10:03:22 -05:00
Aric Walker c065b46f42 Remove duplicate "Users can" from policy md (#6002) 2019-01-07 07:02:28 -08:00
Seth Vargo c3f1043c24 Reduce required permissions for the GCPCKMS auto-unsealer (#5999)
This changes the behavior of the GCPCKMS auto-unsealer setup to attempt
encryption instead of a key lookup. Key lookups are a different API
method not covered by roles/cloudkms.cryptoKeyEncrypterDecrypter. This
means users must grant an extended scope to their service account
(granting the ability to read key data) which only seems to be used to
validate the existence of the key.

Worse, the only roles that include this permission are overly verbose
(e.g. roles/viewer which gives readonly access to everything in the
project and roles/cloudkms.admin which gives full control over all key
operations). This leaves the user stuck between choosing to create a
custom IAM role (which isn't fun) or grant overly broad permissions.

By changing to an encrypt call, we get better verification of the unseal
permissions and users can reduce scope to a single role.
2019-01-04 16:29:31 -05:00
Seth Vargo 1917bb406d Fix audit docs (#6000)
These appear to have been converted to (bad) HTML. This returns them to
their original markdown format.
2019-01-04 13:45:50 -06:00
Iain Gray ecdacbb90a Update DG to Vault 1.0 (#5855)
* Update DG to Vault 1.0

* as per comments  - chrishoffman

* Removed stray bracket and added quotes

* updated as per conversations with Dan
2019-01-03 10:10:37 -05:00
Graham Land 2e92372710 Docs: Add Auto Unseal Rekey example (#5952)
* Add KMS Rekey example

I've had customers looking for AWS KMS rekeying examples today - when using pgp keys.
This example would have clarified what they needed to do.

* Replaced KMS reference with Auto Unseal

``` bash
Rekey an Auto Unseal vault and encrypt the resulting recovery keys with PGP:
```
2019-01-03 09:23:43 -05:00
Becca Petrin d7f31fe5e4
Merge pull request #5892 from jen20/jen20/dynamodb-capacity-doc
docs: Clarify the utility of DynamoDB capacities
2018-12-20 11:54:26 -08:00
Becca Petrin d108843a0a
Merge pull request #5947 from hmalphettes/master
Docs: JWT API - List Roles: fix the path
2018-12-20 09:15:57 -08:00
R.B. Boyer 0ebb30938c website: fix simple typo (#5979) 2018-12-19 14:46:54 -08:00
Clint 004ca032e8
add MSSQL storage docs to sidebar (#5978) 2018-12-19 14:06:42 -06:00
Graham Land c1fa76e9e2 Docs: Add example for Vault init Auto Unseal with PGP Keys (#5951)
* Add example for AWS KMS AutoUnseal with PGP Keys

A customer could not figure how to get this working today. 
This example would have helped them. We don't mention KMS anywhere in this section.

* Changed reference from AWS KMS to Auto Unseal

``` bash
Initialize Auto Unseal, but encrypt the recovery keys with pgp keys:
```
2018-12-18 11:42:10 -05:00
Janosch Maier b95fbbafe9 Docs: Fix project resource name in gcp roleset documentation (#5966)
The resource name when referring to a GCP project needs to have a "s". This PR adds the missing letter in the documentation.
2018-12-17 16:22:02 -08:00
vishalnayak 689163e7ed Upgrade guide for 0.11.6 2018-12-14 12:22:50 -05:00
Matthew Irish 4e06fd698e update help output examples and mention openapi fragment support (#5954) 2018-12-14 09:12:03 -05:00
Jeff Mitchell d9d47bb252 Update Consul ACL example
Fixes #5831
2018-12-13 17:18:28 -05:00
Hugues Malphettes 726d79d854
Merge branch 'master' into master 2018-12-14 05:21:41 +08:00
Jeff Mitchell 1d847b3acc Add sidebar link for approle autoauth docs 2018-12-13 09:51:47 -05:00
Hugues Malphettes 6ea6844ef9
JWT API - List Roles: fix the path
With vault-1.0.0 and vault-0.11.4 a different path is needed to list the jwt registered roles:

```
$ vault list auth/jwt/roles
No value found at auth/jwt/roles/

$ vault list auth/jwt/role
Keys
----
myrole
```
I hope this helps!
2018-12-13 06:27:30 +08:00
Sergey Trasko f24a4f189e Fixed markdown for cert documentation (#5735) 2018-12-12 15:27:28 -05:00
Joel Thompson 286b3f4e9f auth/aws: Clarify docs for cross-account access with IAM auth (#5900)
The docs hadn't been updated to reflect the ability to do cross-account
AWS IAM auth, and so it was a bit confusing as to whether that was
supported. This removes the ambiguity by explicitly mentioning AWS IAM
principals.
2018-12-12 15:21:27 -05:00
Bert Roos cfa008896d Added comma for readability (#5941)
Signed-off-by: Bert Roos <Bert-R@users.noreply.github.com>
2018-12-12 09:23:20 -05:00
Graham Land 53c6b36613 Fixing a couple of small typos (#5942) 2018-12-12 05:56:58 -08:00
emily 94c03d1072 Update GCP auth BE docs (#5753)
Documented changes from https://github.com/hashicorp/vault-plugin-auth-gcp/pull/55
* Deprecating `project_id` for `bound_projects` and making it optional
* Deprecating `google_certs_endpoint` (unused)
* Adding group aliases 

Also, some general reformatting
2018-12-10 12:54:18 -08:00
Jeff Mitchell c67ef8be09
Update PKI docs (#5929) 2018-12-10 10:24:47 -05:00
Tommy Murphy d3774e6aaa Correct GCE Token Parameter (#5667)
As written the GCE token curl results in an error: "non-empty audience parameter required".

Google's docs (https://cloud.google.com/compute/docs/instances/verifying-instance-identity) confirm that the parameter is 'audience' not 'aud'.
2018-12-07 15:10:30 -08:00
Matthew Irish a447dac803
change ui url so that it includes the trailing slash (#5890) 2018-12-05 12:25:16 -06:00
Chris Hoffman 561502394a
fixing redirect (#5908) 2018-12-05 12:06:15 -05:00
Chris Hoffman 57536e0c41
adding a redirect for old style upgrade guide location (#5905) 2018-12-05 10:54:10 -05:00
Chris Hoffman cebbe43f70
removing beta tag (#5904) 2018-12-05 10:45:22 -05:00
Jim Kalafut cb52f36c38 Update downloads.html.erb (#5899) 2018-12-05 10:40:33 -05:00
Chris Hoffman 1da490e929
adding upgrade guide for 1.0 (#5903)
* adding upgrade guide for 1.0

* fixing sidebar
2018-12-05 10:33:53 -05:00
ncabatoff b53437a2f8
Fix documentation re substitutions. It appears this was broken from day one. (#5896) 2018-12-04 13:14:00 -05:00
Jim Kalafut 3552019795
Update operator migrate docs (#5895) 2018-12-04 08:49:42 -08:00
James Nugent 65e7a2660d docs: Clarify the utility of DynamoDB capacities
When configuring DynamoDB, the read and write capacities configured only
have any effect if the table does not exist. As per the comment in the
code [1], the configuration of an existing table is never modified. This
was not previously reflected in the documentation - this commit
rectifies that.

[1]: https://github.com/hashicorp/vault/blob/master/physical/dynamodb/dynamodb.go#L743-L745
2018-12-03 17:55:18 -06:00
Martin 6c0ce0b11f Typo in policy template doc (#5887) 2018-12-03 14:36:17 -05:00
Jim Kalafut 1f3ea9b30a
Fix docs typos (#5881) 2018-11-30 14:32:04 -08:00
Martins Sipenko 3c0d63169c Fix config/sts docs (#5839) 2018-11-30 11:08:47 -08:00
Mike Christof a82ff1f92e fixed api/secret/ssh docs (#5833) 2018-11-30 10:55:33 -08:00
Lucy Davinhart 046e5fcf57 Document /sys/health?perfstandbyok (#5870)
* Document /sys/health?perfstandbyok

Discovered that in Vault Enterprise 0.11.5, `/sys/health?standbyok` returns a 473 status for performance standby nodes, compared to a 200 for standard standby nodes.

Turns out there was an additional `perfstandbyok` option added, here:
e5aaf80764

* Update health.html.md

Slight tweak to wording for perfstandbyok
2018-11-29 09:57:30 -08:00
Martins Sipenko 640bae4b65 Remove false statement from docs. (#5854) 2018-11-27 07:47:34 -05:00
Clint dfe585c7f7 Agent kube projected token (#5725)
* Add support for custom JWT path in Agent: kubernetes auth

- add support for "token_path" configuration
- add a reader for mocking in tests

* add documentation for token_path
2018-11-19 14:28:17 -08:00
Jennifer Yip 6421670cfe Add consent manager to vaultproject.io (#5808)
* Add consent manager

* Add Hull and Hotjar
2018-11-19 17:23:03 -05:00
Atthavit Wannasakwong 4344bb8ec1 fix wrong IAM action name in docs (#5812)
Reference:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/api-permissions-reference.html
2018-11-17 09:10:50 -08:00
Janosch Maier 192c8b5c84 Fix incorrect parameter name in docs (#5798) 2018-11-15 13:56:12 -08:00
Clint 7db8d4031e
Add read config endpoint docs (#5790)
* Add read config endpoint docs

* fix response code, remove empty fields from sample response
2018-11-15 11:51:06 -06:00
Yoko 4c6de9f808
Fixing broken link (#5794) 2018-11-15 09:23:05 -08:00
Jim Kalafut d45220159d
Fix incorrect parameter name in docs (#5793)
Fixes https://github.com/hashicorp/vault-plugin-auth-gcp/issues/56
2018-11-14 17:16:04 -08:00
Becca Petrin 8f82809c78
Update docs to match running builtins as plugins (#5727) 2018-11-14 09:17:12 -08:00
Brian Kassouf 119ae7e26d
Update downloads.html.erb 2018-11-13 20:01:17 -08:00
Vishal Nayak c144bc4b34
Recommend IAM auth over EC2 (#5772)
* Recommend IAM auth over EC2

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Update website/source/docs/auth/aws.html.md

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
2018-11-13 18:49:25 -05:00
Vishal Nayak 086e7c6a41
Fix CLI flag name for rekeying (#5774) 2018-11-13 14:27:14 -05:00
Jim Kalafut a6b6898cca
Add docs for openapi endpoint (#5766) 2018-11-13 09:39:19 -08:00
Jeff Mitchell 41460ffb29
Add note about seal migration not being supported for secondaries currently (#5762) 2018-11-12 09:41:05 -05:00
Jeff Escalante 517589eff3 Add redirect for /intro/index.html, remove old unused redirects file (#5728)
* add redirect for /intro/index.html, remove old unused redirects file

* adjust redirect link
2018-11-09 13:12:11 -05:00
Jim Kalafut 7e799faaaf
Fix sidebar order (#5744) 2018-11-09 09:46:28 -08:00
Jeff Mitchell b30cd2e97f Update forwarded-for docs to indicate it supports cidrs, not just single hosts 2018-11-09 10:28:00 -05:00
Seth Vargo f79d2f06fa Add missing link to API docs (#5719) 2018-11-07 07:04:16 -08:00
Jeff Mitchell 8b6b344d86
Add default-service/default-batch to token store roles (#5711) 2018-11-07 09:45:09 -05:00
Jeff Mitchell 6e4f990902 Better documentation around increment
Fixes #5701
2018-11-06 17:42:20 -05:00
Jeff Mitchell 5cfe558ec8 Add a reminder about local auth methods and policies 2018-11-06 14:51:57 -05:00
Chris Griggs 275559deb4 moving VIP guide (#5693) 2018-11-05 19:50:55 -05:00
Mike Wickett 62db2920b9 website: Add analytics and swap CTA & docs section order (#5684)
* website: Add analytics tracking for components and outbound links

* website: Update component dependencies

* website: Swap cta and documentation sections
2018-11-05 17:29:09 -05:00
Yoko 19b9f41fc5 Added a missing redirect link (#5634) 2018-11-05 14:07:48 -05:00
Nicolas Corrarello 0b44a55d22 Adding support for Consul 1.4 ACL system (#5586)
* Adding support for Consul 1.4 ACL system

* Working tests

* Fixed logic gate

* Fixed logical gate that evaluate empty policy or empty list of policy names

* Ensure tests are run against appropiate Consul versions

* Running tests against official container with a 1.4.0-rc1 tag

* policies can never be nil (as even if it is empty will be an empty array)

* addressing feedback, refactoring tests

* removing cast

* converting old lease field to ttl, adding max ttl

* cleanup

* adding missing test

* testing wrong version

* adding support for local tokens

* addressing feedback
2018-11-02 10:44:12 -04:00
Jeff Mitchell 87ffca230e Add batch token info to token store, approle, mount tuning 2018-11-01 14:51:06 -04:00
Raymond Kao 24187b2e99 Fixed wording from "SQL" to "MongoDB" for clarity (#5643)
The original wording made it appear as if SQL statements were being executed against a MongoDB backend, which is incorrect and confusing.  Fixed to better reflect what is actually occurring.
2018-11-01 09:26:05 -04:00
Jeff Mitchell 756e4c5f89 Update jwt to pull in groups claim delimiter pattern 2018-10-31 16:04:39 -04:00
Brian Shumate 113380c461 docs: update JWT auth method (#5655)
- Add convenience/contextual link to API documnetation
2018-10-31 11:03:04 -04:00
Jeff Mitchell 6c488921ff Fix website/path-help docs around pki/tidy 2018-10-30 21:33:30 -04:00
Jeff Mitchell 605a7e30ad
Add the ability for secret IDs in agent approle to be wrapped (#5654) 2018-10-30 20:53:49 -04:00
Jeff Escalante 71f68f2199 fix sidebar links (#5653) 2018-10-30 20:51:38 -04:00
Jeff Mitchell 217e244e17 Make MFA links work again 2018-10-30 14:27:00 -04:00
Jeff Mitchell 6d20c8fce2
Add approle agent method removing secret ID file by default. (#5648)
Also, massively update tests.
2018-10-30 14:09:04 -04:00
RJ Spiker 3223d661ce website: community page content update (#5641) 2018-10-30 12:33:51 -04:00
Aleksey Zhukov 5361205d5b WIP Agent AppRole auto-auth (#5621) 2018-10-30 12:17:19 -04:00
Benjamin Dos Santos 1f86528ad8 docs(systemd): Capabilities had been removed (#5579)
* docs(systemd): `Capabilities` had been removed

The `Capabilities=` unit file setting has been removed and is ignored for
backwards compatibility. `AmbientCapabilities=` and `CapabilityBoundingSet=`
should be used instead.

8f968c7321/NEWS (L1357)

* style: remove trailing white space
2018-10-30 10:18:08 -04:00
Balazs Nagy ca5c60642e Use tidy_revoked_certs instead of tidy_revocation_list (#5608) 2018-10-29 19:29:35 -04:00
RJ Spiker fca7cb3794 website: update sidebar_title in front matter to use <code> (#5636)
* website: replace deprecated <tt> with <code> in front matter sidebar_title

* website: wrap front matter sidebar_title in <code> for commands pages
2018-10-29 15:58:37 -04:00
Christophe Tafani-Dereeper fb89c1adc5 Fix typo ('Gase' -> 'Case') (#5638) 2018-10-29 15:19:35 -04:00
Ben Boeckel 1e3d41ffa9 website: add missing @ to example (#5560)
* website: remove mention of `@` in command

The command does not contain the mentioned `@` symbol and can be
confusing.

* docs: use `policy-name` instead of `my-policy`

Just making things consistent.
2018-10-29 13:12:48 -04:00
Seth Vargo 5fcdd6c4e3 More formatting fixes (#5582) 2018-10-29 13:12:19 -04:00
Jeff Mitchell 3c1a82e60c
Add token type to sentinel docs, fix up some names, and better codify what Sentinel reports for various token types (#5630) 2018-10-27 11:07:27 -07:00
Jeffrey Hogan cd35ecf02e Use H3 for parameters to match existing pattern (#5566) 2018-10-26 19:13:14 -04:00
Chris Hoffman fa380e9be4
Fix seal migration docs (#5623)
* fixing seal migration docs

* do not use deprecated command

* adding redirect for old docs
2018-10-26 10:04:51 -07:00
Joel Thompson 62b54c8a5c Update awskms seal docs (#5618)
The seal already supported an endpoint configuration, but it wasn't
documented, so adding the docs for it. Also adding a note on required
KMS permissions.
2018-10-26 06:18:04 -07:00
Chris Hoffman bbca4729b6
Updating seal docs (#5616)
* updating seal docs

* fixing api docs
2018-10-25 16:44:53 -07:00
Seth Vargo a0cffd4c3f Update docs and permissions (#5612) 2018-10-25 14:10:11 -07:00
Justin Shoffstall 65014f790f Clarify that Perf Standbys require Consul backend (#5539)
* Clarify that Perf Standbys require Consul backend

* Fixed for line length
2018-10-25 13:13:44 -07:00
Alan Tang a69793ae32 fix duplicated word (#5599)
I think that is a duplicated word.
2018-10-24 18:15:24 -07:00
Mike Wickett bf6c6e12ee website: fix redirects to learn 2018-10-24 13:46:56 -06:00
Mike Wickett 49c07c436d website: add temporary callout to download v1.0 beta 2018-10-24 13:46:56 -06:00
Mike Wickett 3139263ed6 website: add redirects for intro/getting-started content to Learn 2018-10-24 13:46:43 -06:00
Mike Wickett 9b6026153b website: remove GA snippet - Segment handles this 2018-10-24 13:46:43 -06:00
Jeff Escalante bff998390e Website: small fix for the sidebar (#5595)
* sidebar attempted fix

* fix html errors

* a couple css updates
2018-10-24 12:21:37 -07:00
Andy Manoske 9c2c9d5e13
Update partnerships.html.md 2018-10-23 14:56:55 -07:00
Andy Manoske e19b90e056
Update partnerships.html.md 2018-10-23 14:56:17 -07:00
Andy Manoske f8314f47aa
Update partnerships.html.md 2018-10-23 14:55:51 -07:00
Andy Manoske caad3aff9c
Fix broken links
fix links to old guides infrastructure
2018-10-23 14:22:18 -07:00
Andy Manoske b355c6a3ce
Update partnerships.html.md 2018-10-23 13:58:33 -07:00
Andy Manoske 8b65b243d2
Update partnerships.html.md 2018-10-23 13:48:16 -07:00
Andy Manoske 67c8883a8c
Partnerships docs updates
Updates to include partnerships within new site
2018-10-23 13:45:53 -07:00
Chris Hoffman fc85623b5f
Adding gcpkms docs (#5590)
* adding gcpkms docs

* adding detail links

* adding 1.0 Beta badge
2018-10-23 12:14:32 -07:00
Jeff Mitchell b2f2568a21 Merge branch 'master-oss' into 1.0-beta-oss 2018-10-23 04:02:28 -04:00
Thomas Kula 434b0a30fb Document that periodic tokens do expire unless explicitly renewed (#5581) 2018-10-22 15:48:16 -04:00
Jeff Mitchell 12f32ad22c Merge branch 'master-oss' into 1.0-beta-oss 2018-10-22 12:32:44 -04:00
Seth Vargo 1fa851eeeb Fix website formatting (#5576) 2018-10-20 20:35:33 -04:00
andrejvanderzee 585911c79e Added role-option max_sts_ttl to cap TTL for AWS STS credentials. (#5500)
* Added role-option max_sts_ttl to cap TTL for AWS STS credentials.

* Allow for setting max_sts_ttl to 0 after it has been set already.

* Fixed message in error response for default_sts_ttl > max_sts_ttl.
2018-10-20 10:36:47 -04:00
Matthew Irish 8073ebcd1e Merge branch 'oss-master' into 1.0-beta-oss 2018-10-19 20:40:36 -05:00
Geoffrey Grosenbach d2c44f1181 Redirect old install link to learn.hashicorp (#5567) 2018-10-19 16:24:04 -07:00
Jim Kalafut 51a240ec74
Fix docs typo 2018-10-19 15:43:45 -07:00
Mitchell Hashimoto cb23b9bb50
website: fix netlify redirects for 404s 2018-10-19 15:38:53 -07:00
Jeff Mitchell 9f6dd376e2 Merge branch 'master-oss' into 1.0-beta-oss 2018-10-19 17:47:58 -04:00
Jeff Escalante 255412f234 fix docs sidebar issue, update product subnav (#5564) 2018-10-19 14:34:23 -07:00
Mitchell Hashimoto 78dedf1f25
website: fix broken link in docs header 2018-10-19 14:10:18 -07:00
RJ Spiker 7ce0ecaad1 fix product-subnav broken links (#5561) 2018-10-19 14:05:23 -07:00
Jeff Escalante 2503568f3c analytics correction to run through segment, clean up extra methods in config.rb (#5562) 2018-10-19 14:04:09 -07:00
Jim Kalafut c1d435c80c
Update Azure Secrets docs (#5554)
Add coverage of application_object_id parameter.
2018-10-19 13:48:15 -07:00
Jeff Escalante a3dfde5cec New Docs Website (#5535)
* conversion stage 1

* correct image paths

* add sidebar title to frontmatter

* docs/concepts and docs/internals

* configuration docs and multi-level nav corrections

* commands docs, index file corrections, small item nav correction

* secrets converted

* auth

* add enterprise and agent docs

* add extra dividers

* secret section, wip

* correct sidebar nav title in front matter for apu section, start working on api items

* auth and backend, a couple directory structure fixes

* remove old docs

* intro side nav converted

* reset sidebar styles, add hashi-global-styles

* basic styling for nav sidebar

* folder collapse functionality

* patch up border length on last list item

* wip restructure for content component

* taking middleman hacking to the extreme, but its working

* small css fix

* add new mega nav

* fix a small mistake from the rebase

* fix a content resolution issue with middleman

* title a couple missing docs pages

* update deps, remove temporary markup

* community page

* footer to layout, community page css adjustments

* wip downloads page

* deps updated, downloads page ready

* fix community page

* homepage progress

* add components, adjust spacing

* docs and api landing pages

* a bunch of fixes, add docs and api landing pages

* update deps, add deploy scripts

* add readme note

* update deploy command

* overview page, index title

* Update doc fields

Note this still requires the link fields to be populated -- this is solely related to copy on the description fields

* Update api_basic_categories.yml

Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.

* Add bottom hero, adjust CSS, responsive friendly

* Add mega nav title

* homepage adjustments, asset boosts

* small fixes

* docs page styling fixes

* meganav title

* some category link corrections

* Update API categories page

updated to reflect the second level headings for api categories

* Update docs_detailed_categories.yml

Updated to represent the existing docs structure

* Update docs_detailed_categories.yml

* docs page data fix, extra operator page remove

* api data fix

* fix makefile

* update deps, add product subnav to docs and api landing pages

* Rearrange non-hands-on guides to _docs_

Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.

* WIP Redirects for guides to docs

* content and component updates

* font weight hotfix, redirects

* fix guides and intro sidenavs

* fix some redirects

* small style tweaks

* Redirects to learn and internally to docs

* Remove redirect to `/vault`

* Remove `.html` from destination on redirects

* fix incorrect index redirect

* final touchups

* address feedback from michell for makefile and product downloads
2018-10-19 08:40:11 -07:00
Jeff Mitchell 841c4fcdd1 Merge branch 'master-oss' into 1.0-beta-oss 2018-10-19 09:25:17 -04:00
Jeff Mitchell 5f6ddc6a33 Update some grammar 2018-10-18 13:32:42 -04:00
Pouyan Azari 6e6318d5a2 Added link to list of all extensions for the ssh. (#5542)
Added a link to the OpenSSH extension list, this is not documented anywhere in vault documentation website.
2018-10-18 08:51:07 -07:00
Jeff Mitchell d843e0b52c Merge branch 'master-oss' into 1.0-beta-oss 2018-10-18 10:28:14 -04:00
Vishal Nayak ec7343b1c6
Transit: Key Trim (#5388)
* Support key trimming

* Add doc

* Move trimming to its own endpoint

* Remove trimmed_min_version field from config endpoint

* Fix description

* Doc updates

* Fix response json in docs

* Address review feedback

* s/min_version/min_available_version

* Commenting and error statement updates
2018-10-17 09:05:05 -07:00
Brian Shumate e2aad73e72 Docs: Basics: Tokens: Note (#5479)
- Add note about token values
2018-10-17 10:40:55 -04:00
Martin f31aee7d47 add mentions of authorization header support in doc (#5478) 2018-10-17 10:38:15 -04:00
Kevin Buchs 1cd1b5a98e Update dynamodb.html.md (#5519) 2018-10-17 10:36:52 -04:00
Gabriel Martinez bbb1c186ae Update dynamic-secrets.html.md (#5530)
1. Using the current tutorial will return a warning after creating the role "my-role:
```bash
WARNING! The following warnings were returned from Vault:

  * Detected use of legacy role or policy parameter. Please upgrade to use the
  new parameters.
```

To fix this we need to update the command and the query. Correct entries can be found in documentation for the [AWS Engine](https://www.vaultproject.io/docs/secrets/aws/index.html).

2. `vault revoke` to `vault lease revoke`. The command bellow is updated, but the text above it was not.
2018-10-17 10:35:15 -04:00
Jeff Mitchell 224fbd4a88 Merge branch 'master-oss' into 1.0-beta-oss 2018-10-16 10:08:03 -04:00
Laura Gjerman-Uva 5fc44ea9e3 Update Replication Guide to clarify how to get a token on a newly activated Secondary replica, including need to use unseal/recovery keys from Primary if doing generate-root. (#5492) 2018-10-15 21:54:23 -07:00
Jeff Mitchell a64fc7d7cb
Batch tokens (#755) 2018-10-15 12:56:24 -04:00
Munif Tanjim cabcd014ed Update database API doc's parameter description (#5512) 2018-10-15 06:47:43 -07:00
Yoko f3fe00a313
[Guide] Fixed issue 5497 (#5508)
* Fixied issue 5497

* Cleaned up the policy
2018-10-12 16:26:03 -07:00
Jeff Mitchell c41cb98ace Update website docs to reflect fix in #5495 2018-10-10 11:56:50 -04:00
Jeff Mitchell 518f095cd7 Update website docs around root token generation 2018-10-10 11:51:05 -04:00
Yoko dfb0974369
Updating the diagrams (#5488) 2018-10-09 14:51:27 -07:00
Jeff Mitchell 30e64b8297 Add note about accepting 200 or 204 2018-10-09 16:54:18 -04:00
Jeff Mitchell ab582c80e8 Remove outdated references to UUIDs for token values 2018-10-08 12:45:17 -04:00
Jeff Mitchell ff57c14bc2
Set allowed OIDs to any value when generaing a CA. (#5462)
* Set allowed OIDs to any value when generaing a CA.

Also, allow utf-8 in addition to utf8 as the OID type specifier, and
allow `*` to specify any OID of a supported type.

* Update PKI docs
2018-10-08 09:51:43 -04:00
Jim Kalafut b7c8082960
Fix docs typos 2018-10-05 22:53:09 -07:00
Jim Kalafut 24dc42c908
Update examples to use sha256 (#5468)
sha_256 is supported but not referenced in our API docs.
2018-10-04 09:51:54 -07:00
Jeff Mitchell 10d9009eba Remove incorrect api docs text around metadata being supported for identity aliases 2018-10-04 09:09:41 -04:00
Jeff 45f3297739 fix doc typo (#5455) 2018-10-03 11:25:57 -07:00
Martins Sipenko 2e27e96441 Fix missing > (#5452) 2018-10-03 09:16:36 -04:00
Brian Kassouf fc2e32df7c
Fix identity link (#5449) 2018-10-02 17:45:17 -07:00
Brian Kassouf 6d4346f602
mailto link (#5448) 2018-10-02 17:41:04 -07:00
Becca Petrin 8bfb2a335b alicloud auto-unseal docs (#5446) 2018-10-02 17:21:26 -07:00
Chris Hoffman 6639d015e9
adding upgrade guide (#5447) 2018-10-02 20:18:59 -04:00
sk4ry 0fab335eec Add ability to configure the NotBefore property of certificates in role api (#5325)
* Add ability to configure the NotBefore property of certificates in role api

* Update index.html.md

* converting field to time.Duration

* setting default back to 30s

* renaming the parameter not_before_duration to differentiate between the NotBefore datetime on the cert

* Update description
2018-10-02 11:10:43 -04:00
Joel Thompson 6a9e6cc474 Allow specifying role-default TTLs in AWS secret engine (#5138)
* Allow specifying role-default TTLs in AWS secret engine

* Add an acceptance test

* Add docs for AWS secret role-default TTLs

* Rename default_ttl to default_sts_ttl

* Return default_ttl as int64 instead of time.Duration

* Fix broken tests

The merge of #5383 broke the tests due to some changes in the test style
that didn't actually cause a git merge conflict. This updates the tests
to the new style.
2018-10-02 10:14:16 -04:00
Nageswara Rao Podilapu e12948593b Update page content with a generic noun (#5444)
This might be a typo, It says `A user may have a client token sent to her` instead it should say `A user may have a client token sent to them`
2018-10-02 09:31:01 -04:00
Saurabh Pal 77e635f7e1 Enable TLS based communication with Zookeeper Backend (#4856)
* The added method customTLSDial() creates a tls connection to the zookeeper backend when 'tls_enabled' is set to true in config

* Update to the document for TLS configuration that is  required to enable TLS connection to Zookeeper backend

* Minor formatting update

* Minor update to the description for example config

* As per review comments from @kenbreeman, additional property description indicating support for multiple Root CAs in a single file has been added

* minor formatting
2018-10-01 14:12:08 -07:00
Brian Kassouf 5f34bbbe6d
Update replication-performance.html.md 2018-10-01 13:59:50 -07:00
Brian Kassouf 45c8894c0d
Update replication-dr.html.md 2018-10-01 13:59:17 -07:00
Brian Kassouf 03cf7958ad
Update replication-dr.html.md 2018-10-01 12:53:20 -07:00
Brian Kassouf e6b337b06f
Update replication-performance.html.md 2018-10-01 12:52:44 -07:00
Becca Petrin d1904e972f Discuss ambient credentials in namespaces (#5431)
* discuss ambient credentials in namespaces

* update aws cred chain description
2018-10-01 15:23:54 -04:00
Chris Pick 36c20e8e2d Note that GCP auth method needs iam API enabled (#5339)
In addition to the specific permissions that are already mentioned, the project also needs the `iam.googleapis.com` API enabled, otherwise authenticating will fail with an error similar to:

```
Error authenticating: Error making API request.

URL: PUT https://localhost:8200/v1/auth/gcp/login
Code: 400. Errors:

* could not find service account key or Google Oauth cert with given 'kid' id
```
2018-10-01 10:09:32 -07:00
Brian Shumate d62d482033 Guide/Identity: use consistent id/accessor example to fix #5340 (#5432) 2018-09-28 17:43:15 -04:00
Mike Christof f7bf4a4384 fixed read-entity-by-name code (#5422) 2018-09-28 07:23:46 -07:00
Calvin Leung Huang 253d999c55 docs: Update CLI page to include namespace and flags info (#5363) 2018-09-27 17:08:14 -07:00
joe miller d39ffc9e25 add allowed_organiztaional_units parameter to cert credential backend (#5252)
Specifying the `allowed_organiztaional_units` parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).

Example use cases:

Certificates are issued to entities in an organization arrangement by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.

```
$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering,support
```
2018-09-27 19:04:55 -05:00
Andy Manoske 32feda57fb
Broken link fix
Fix broken links
2018-09-26 19:48:07 -07:00
Andy Manoske d42a78a2b1
partnerships-format
Some small formatting fixes
2018-09-26 19:41:27 -07:00
Andy Manoske 05f51a4332
Fix header issues
Fix partnerships docs formatting issues
2018-09-26 19:30:28 -07:00
Andy Manoske ab1494389c
Merge branch 'master' into partnerships-add-docs 2018-09-26 19:17:26 -07:00
Andy Manoske 860a655814
Update community.html.erb 2018-09-26 19:16:56 -07:00
Andy Manoske 8b9160035c
Delete partnerships.html.erb 2018-09-26 19:14:06 -07:00
Andy Manoske ece77e4789
Update guides.erb 2018-09-26 19:12:03 -07:00
Andy Manoske 367d75c089
Create index.html.md 2018-09-26 19:06:22 -07:00
Andy Manoske d63e66a902
Update partnerships.html.erb 2018-09-26 18:56:48 -07:00
Jim Kalafut 462dc06a88 operator migrate docs (#5400)
* operator migrate docs

* Address feedback

* Fix title
2018-09-26 10:55:04 -07:00
Joel Thompson 2dc468f4d1 auth/aws: Make identity alias configurable (#5247)
* auth/aws: Make identity alias configurable

This is inspired by #4178, though not quite exactly what is requested
there. Rather than just use RoleSessionName as the Identity alias, the
full ARN is uses as the Alias. This mitigates against concerns that an
AWS role with an insufficiently secured trust policy could allow an
attacker to generate arbitrary RoleSessionNames in AssumeRole calls to
impersonate anybody in the Identity store that had an alias set up.
By using the full ARN, the owner of the identity store has to explicitly
trust specific AWS roles in specific AWS accounts to generate an
appropriate RoleSessionName to map back to an identity.

Fixes #4178

* Respond to PR feedback

* Remove CreateOperation

Response to PR feedback
2018-09-26 08:27:12 -07:00
Joel Thompson 5e6f8904d8 Add AWS Secret Engine Root Credential Rotation (#5140)
* Add AWS Secret Engine Root Credential Rotation

This allows the AWS Secret Engine to rotate its credentials used to
access AWS. This will only work when the AWS Secret Engine has been
provided explicit IAM credentials via the config/root endpoint, and
further, when the IAM credentials provided are the only access key on
the IAM user associated wtih the access key (because AWS allows a
maximum of 2 access keys per user).

Fixes #4385

* Add test for AWS root credential rotation

Also fix a typo in the root credential rotation code

* Add docs for AWS root rotation

* Add locks around reading and writing config/root

And wire the backend up in a bunch of places so the config can get the
lock

* Respond to PR feedback

* Fix casing in error messages

* Fix merge errors

* Fix locking bugs
2018-09-26 07:10:00 -07:00
Clint fec3b70374
Allow force restore for Transit Key Restores (#5382)
* Add test file for testing path_restore in Transit backend. Fails because 'force' is not implemented yet

* initial implementation of 'force', to force restore of existing transit key atomically
2018-09-25 15:20:59 -05:00
Vishal Nayak 68a496dde4
Support operating on entities and groups by their names (#5355)
* Support operating on entities and groups by their names

* address review feedback
2018-09-25 12:28:28 -07:00
emily b37b8b7edf Docs PR for GCP secrets backend access token changes (#5366)
* initial docs pass

* fix docs
2018-09-21 10:31:49 -07:00
Brian Shumate b43c52d89b Add Enterprise Replication metrics (#3981) 2018-09-21 12:01:44 -04:00
Brian Shumate 25d6d03222 Docs: update policy read API output to address #5298 (#5299) 2018-09-21 10:52:46 -04:00
Brian Shumate 7d692ee614 Update screenshot (#5378)
- Use a Vault dashboard example (previous example was for Consul)
- Rename image file
2018-09-21 09:53:49 -04:00