Commit graph

5002 commits

Author SHA1 Message Date
Yoko Hyakuna 155a32fc77
Fix the GDPR link (#20382) 2023-04-27 08:57:23 -07:00
Josh Black 80a9d7d4ce
Correct an oversight re: skip_flush in the docs (#20383) 2023-04-26 17:30:09 -07:00
Brian Shumate 7fcdb23376
Docs: DR replication API updates (#20373)
* Docs: DR replication API updates

- Add clarification for secondary_public_key parameter
- Update section header

* During activation
2023-04-26 16:15:46 -07:00
Braulio Gomes Rodrigues 627fe60044
Vault change doc main couchbase (#20314)
* changing chouchbase host variable

* Alterando linha 82 couchbase

* Changing couchbase host address in main document
2023-04-25 10:21:25 -07:00
miagilepner 7d631cb44f
VAULT-15791: Update docs to use vault-java-driver fork (#20316) 2023-04-25 11:08:05 +02:00
Nick Cabatoff 3ddb69bd2b
Fix docs-nav-data.json that I broke in #20312 (#20322) 2023-04-24 13:10:53 -04:00
Nick Cabatoff 4d42b08644
Add guidelines for agent/server version compatibility (#20312) 2023-04-24 11:49:50 -04:00
Braulio Gomes Rodrigues 03fa9432a4
changing chouchbase host variable (#19812)
* changing chouchbase host variable

* Alterando linha 82 couchbase
2023-04-24 13:56:56 +00:00
Josh Black 4b9599fddb
update website docs for new update-primary mode (#20302) 2023-04-21 15:21:28 -07:00
John Children bebe6dcaa0
Docs: Fix k8s injector templating example (#20271)
From every other example I can find, the secret name in the template should match the one in the inject annotation. Indeed the same example appears in the examples page.

https://github.com/hashicorp/vault/blob/main/website/content/docs/platform/k8s/injector/examples.mdx#patching-existing-pods
2023-04-21 17:12:13 +00:00
melmus c5d10e0b8b
doc/Update service_registration if use Vault HA (#19920)
* Update service_registration if use Vault HA

* Update protocol

* Minor updates for style consistency

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-21 17:04:25 +00:00
Luis (LT) Carbonell d308c31cbf
Add Configurable LDAP Max Page Size (#19032)
* Add config flag for LDAP max page size

* Add changelog

* move changelog to correct file

* cleanup

* Default to non-paged searching for with -1

* Update website/content/api-docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update tests

---------

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-04-20 20:39:27 +00:00
Austin Gebauer eaf67b7c0e
Add OIDC provider docs for IBM ISAM (#19247)
* Add OIDC provider docs for IBM ISAM

* Add changelog, api docs and docs-nav-data

---------

Co-authored-by: Benjamin Voigt <benjamin.voigt@god.dev>
2023-04-20 11:30:59 -07:00
Hugo Puntos dae5489787
Fix link for the tutorial about Key Management Secrets Engine with GCP Cloud KMS (#19418) 2023-04-19 12:43:21 -04:00
Jason O'Donnell b5822e612b
cli/namespace: add detailed flag to namespace list (#20243)
* cli/namespace: add detailed flag to namespace list

* changelog
2023-04-19 09:31:51 -04:00
Sohil Kaushal 5424eb2e8f
docs(postgresql): Update Postgresql SE API doco (#19931)
* docs(postgresql): Update Postgresql SE API doco

Update the postgresql secret engine API docs to include some "caveats"
of the pgx library. In particular, this enhances the docs to inform the
user that if any sslcreds are supplied as a part of the Database
connection string, the user/vault admin will need to ensure that the
certificates are present at those paths.

* Chore: fixup minor error with db docs

* Keep the language simple

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-19 00:17:44 +00:00
Yoko Hyakuna e7a43f86ba
[Docs] Mark the 'policies' parameter as deprecated for tokens (#20238)
* Mark the 'policies' parameter as deprecated

* Update website/content/partials/tokenfields.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

---------

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2023-04-18 23:55:05 +00:00
Tom Proctor f2d8762679
Docs: CSI encoding config released in v1.3.0 (#20237) 2023-04-18 23:55:25 +01:00
Nathan Handler ad1c669d4b
Fix Indentation in Kubernetes Auth Example (#20216)
In the Kubernetes Auth Code Example, the indentation for the `auth` import is off, causing it to not be indented the same amount as the previous `vault` import. This change ensures that both imports use the same indentation.
2023-04-18 15:23:25 -07:00
Yura Shutkin 7de8a3bc31
Update wrapping-unwrap.mdx (#20109)
* Update wrapping-unwrap.mdx

It is possible to unwrap data without authentication in Vault. I've added an example of a curl request.

* Add changelog record
2023-04-18 14:20:27 -07:00
Jason O'Donnell bb82c679ad
docs/debug: add example policy for debug command (#20232) 2023-04-18 14:17:19 -04:00
Max Bowsher 91abc177bb
Minor follow-ups to #16865 (#20220)
* Minor follow-ups to #16865

Fix PKI issuer upgrade logic when upgrading to 1.12 or later, to
actually turn off the issuer crl-signing usage when it intended to.

Fix minor typo in docs.

* changelog
2023-04-18 07:39:05 -04:00
Milena Zlaticanin 42400699c0
add missing mongodb atlas fields to the docs (#20207) 2023-04-17 14:10:07 -07:00
Niranjan Shrestha adbfffc47b
Update userpass.mdx (#20121)
* Update userpass.mdx

vault write auth/userpass/users/mitchellh password=foo policies=admins
in the path "userpass" is actually a path, if custom path is defined, custom path need to used, instead of userpass.

* Add extra description

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-04-17 16:52:13 +00:00
Scott Miller 5be4d61d13
Add documentation for cert auth OCSP checking (#18064) 2023-04-13 18:33:21 +00:00
Jason O'Donnell ec9e08c931
sdk/ldaputil: add connection_timeout configurable (#20144)
* sdk/ldaputil: add connection_timeout configurable

* changelog

* Update doc

* Fix test

* Change default to 30s
2023-04-13 12:43:28 -04:00
Josh Black cf20bb9233
Add additional clarity around autopilot upgrade versions (#20129) 2023-04-12 17:21:50 -07:00
James King 0b6327eda9
Potentially Malicious Link (#20114)
* Potentially Malicious Link

The current link redirects to a personal beauty sales site.

* Create 20114.txt
2023-04-12 20:23:41 +00:00
Matt Schultz 2310e13cf1
Update docs to include specifics and caveats around Transit Managed Keys support. (#20099) 2023-04-12 12:19:25 -05:00
Mike Palmiotto 1b5d527521
api: Add reporting fields to activitylog config endpoint (#20086)
This PR adds the internal reporting state to the
`internal/counters/config` read endpoint:
* reporting_enabled
* billing_start_timestamp
2023-04-12 12:02:28 -04:00
Violet Hynes 918d1001e0
Docs: remove use_auto_auth token from cache docs (#20111) 2023-04-12 13:26:36 +00:00
Yoko Hyakuna 0b3f24a2d8
Update the HTTP verb for consistency (#20056) 2023-04-11 13:35:06 -07:00
Austin Gebauer 787c5971ab
docs/oidc: fixes Azure user.read permission link (#20079) 2023-04-11 11:34:38 -07:00
Jonathan Frappier 6980579388
Fix list formatting (#20076) 2023-04-11 09:25:12 -07:00
John-Michael Faircloth 8a4e50fa64
secrets/openldap: add creds/ endpoint to API docs (#19973) 2023-04-11 08:42:50 -05:00
Yoko Hyakuna de1eeffdcf
[Docs] Add tutorial links to install doc (#20051)
* Add tutorial links for additional guidance

* Removed extra space
2023-04-10 08:52:48 -07:00
Christopher Swenson 43912fe0e2
Update docs for Helm 0.24.0 release (#20049)
Release: https://github.com/hashicorp/vault-helm/releases/tag/v0.24.0
2023-04-07 14:03:43 -07:00
Kyle Schochenmaier c3ef3d9c3f
add upgrade documentation around STS lease_duration issue (#20011)
* add upgrade documentation around STS lease_duration issue

Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>
2023-04-07 17:34:42 +00:00
Andreas Gruhler 0036a35c58
Update helm.mdx (#20020)
I was wondering why the default VaultAuth CR was not created. It was due the fact that I copy/pasted the snippet from the docs here, which has the wrong key.
2023-04-07 09:31:08 -07:00
ram-parameswaran 29182ae562
update index.mdx with correct installation doc ref (#19932)
* update index.mdx with correct installation doc ref

update index.mdx with installation doc ref to point to the right installation.mdx path

* Update installation ref

Update installation ref

* Update index ref without relative path

Update installation doc index ref without relative path
2023-04-07 08:48:23 -07:00
Brian Shumate 29fdfeeb04
API docs: update Transit restore payload example (#20032)
- Correct JSON payload example
2023-04-07 08:14:43 -04:00
Chip Stepowski 8cd90fc1e2
Update Create Role heading to Create/Update Role (#20000)
The subheading states you can update a named role but for navigation purposes I think it would also make sense to add it to the heading too.
2023-04-06 11:42:22 +01:00
Florin Cătălin Țiucra-Popa 59d3f5110d
Update create.mdx (#19981)
Add the missing Command Option `-wrap-ttl`
2023-04-05 17:54:07 +02:00
Yoko Hyakuna f649c9e20c
Updated the example config with api_addr parameter (#19985) 2023-04-04 17:58:08 -07:00
Yoko Hyakuna e90d94b97e
Extends the PR19488 (#19928) 2023-04-04 14:52:57 -07:00
Theron Voran 74d87239af
docs/vault-k8s: example using pkiCert and writeToFile (#19926)
Adding an example of using pkiCert and writeToFile to write cert and
key files from a template.

---------

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-04-03 16:39:26 -07:00
Alain Chiasson 9ee73e38fb
Update replication-dr.mdx (#19604)
In testing, disabling the dr secondary requires a DR Operations token, not a vault token.
2023-04-03 13:35:16 -04:00
Alexander Scheel a94541080f
Clarify that other operations run while tidy is paused (#19914)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-31 16:09:37 -04:00
Mark Lewis d90f6daee9
Update kubernetes.mdx (#19567)
Correct 2 typos
2023-03-30 16:42:25 -07:00
Anthony Burke 95472e0ae5
fixes oracle plugin whitespace (#19470) 2023-03-30 16:40:25 -07:00
Chip Stepowski 256e20e862
Added note about Autopilot default values. (#19515)
* Added note about Autopilot default values.

* Update website/content/docs/concepts/integrated-storage/autopilot.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-03-30 16:30:29 -07:00
Peter Wilson 538e66ffea
Add available types to API documentation for enable audit (#19850) 2023-03-30 15:30:35 +00:00
Kit Haines d2ecf8ffc5
Add PKI-CLI to docs (#19669)
* Add pki-cli docs.

* Tiny updates.

* Whitespace fix, include description

* Closing-tags.

* Update website/content/docs/commands/pki/verify-sign.mdx

Title Code as Shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

Title More Code as Shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/list-intermediates.mdx

Title code block as shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/commands/pki/issue.mdx

Title code-block as shell

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Apply suggestions from code review

Label Code-Blocks as Shell-Session

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Apply suggestions from code review

Comma and Period Changes.

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Apply suggestions from code review

ascheels highlighting-1

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix highlighting throughout.

* Update website/content/docs/commands/pki/list-intermediates.mdx

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

Clarifying note on why unknown fields might be there.

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/docs/commands/pki/reissue.mdx

cipherboy request

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add Key-ID RFC link.

* k=v add link

* correct link

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-30 07:31:48 -04:00
Theron Voran f0391962a2
docs/vault-secrets-operator: update for beta install (#19835)
Update the helm commands to work with the beta release.
2023-03-29 22:51:34 +00:00
Brian Shumate f4fbca8050
Docs: API: Update token_period description (#19821)
- Clarify token_period per feedback in SPE-34
2023-03-29 13:53:16 -07:00
Ben Ash 7322dd952b
Add vault-secrets-operator beta docs. (#19827)
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2023-03-29 20:33:06 +00:00
Robert 71071fd954
docs: Change wording for AssumeRole permissions in AWS secrets (#19823)
Co-authored-by: wernerwws <wernerwws@users.noreply.github.com>
2023-03-29 13:03:26 -05:00
Raymond Ho 554674fb59
add docs for VAULT_RUN_MODE (#19808) 2023-03-28 21:18:45 -07:00
Victor Rodriguez bd76f6c539
Update Vault PKCS#11 Provider documentation for v0.2.0. (#19783) 2023-03-28 14:57:45 -04:00
Anton Averchenkov 41466b9eca
docs: Fix duration format link in kv-v2 docs page (#19768) 2023-03-27 13:18:25 -04:00
Raymond Ho f725e151b8
add warning for vault lambda extension cache ttl (#19738) 2023-03-24 23:37:38 +00:00
ram-parameswaran f491cc8225
Update username template description for AWS (#19690)
Update username template description for AWS by calling out what DisplayName and PolicyName actually are placeholders for
2023-03-23 19:56:55 -07:00
Yoko Hyakuna 11a748de4a
Add OpenAPI Go and C# (#18896)
* Add OpenAPI Go and C#

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Add code sample links for OpenAPI-based Go and .NET

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>

* Remove command flags that are no longer needed

* Fix 'OpenAPI C#' > 'OpenAPI .NET'

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

* Update website/content/docs/get-started/developer-qs.mdx

Co-authored-by: AnPucel <adiroff@hashicorp.com>

---------

Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
Co-authored-by: AnPucel <adiroff@hashicorp.com>
2023-03-23 16:04:50 -07:00
Rowan Smith 8627b8aca5
Update tcp.mdx (#19546)
expand the info for using x-forwarded-for option
2023-03-23 15:59:42 -07:00
Yoko Hyakuna af842e2cee
Fix the title parsing error (#19685) 2023-03-22 20:35:35 -07:00
Luis (LT) Carbonell 91e04109be
add clarifying statement for pkcs11 support (#19673) 2023-03-22 12:40:23 -04:00
ram-parameswaran b24115cf1e
Updated connection_url to be pgx library relevant (#19667)
Updated connection_url to be according to the options available in the pgx library instead of the now deprecated use of the lib/pq which was done as part of Vault 1.11 as documented here - https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#june-20-2022
2023-03-22 09:02:47 -07:00
Karel 7469b0828a
Fix: Optionally reload x509 key-pair from disk on agent auto-auth (#19002)
* Optionally reload x509 key-pair from disk

* Document 'reload' config value

* Added changelog release note
2023-03-22 11:01:58 -04:00
Raymond Ho 96e966e9ef
VAULT-13614 Support SCRAM-SHA-256 encrypted passwords for PostgreSQL (#19616) 2023-03-21 12:12:53 -07:00
mickael-hc 427b4dbd49
security model updates (#19656) 2023-03-21 11:14:00 -07:00
Rowan Smith c29f5e718a
docs / Update 1.13.0 Known Issues (#19601)
* Update 1.13.0.mdx

add a note to known issues

* Update website/content/docs/release-notes/1.13.0.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-03-20 18:14:41 -07:00
Daniel Huckins 058710d33d
Add -mount flag to kv list command (#19378)
* add flag

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle kv paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* scaffold test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* need metadata for list paths

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add (broken) test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* fix test

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* update docs

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add changelog

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* format

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add godoc

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add test case for mount only

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* handle case of no unnamed arg

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add non-mount behavior

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add more detail to comment

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* add v1 tests

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>

---------

Signed-off-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-03-20 16:26:21 -04:00
Rowan Smith c581f90c05
Update deregister.mdx (#19573)
adding `-version=` parameter to docs
2023-03-20 12:08:20 -07:00
Tom Proctor 7fd394fc76
Docs: Implementing the plugin version interface (#19606) 2023-03-20 17:43:31 +00:00
Alexander Scheel 1fe1c756ab
Add known issue text for PKI revocation (#19632)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-20 12:24:05 -04:00
Steven Clark 6fbf3da148
Add known issue about OCSP GET redirection responses (#19523) 2023-03-17 18:07:04 +00:00
Violet Hynes 31f764b82b
Update KV-V2 docs to explicitly call out the secret mount path as a parameter (#19607)
* Update KV-V2 docs to explicitly call out the secret mount path as a parameter

* Missed some angular brackets

* remove wishy language
2023-03-17 12:21:55 -04:00
miagilepner ec4bd1fb25
VAULT-14204 Update parameter policy documentation (#19586) 2023-03-17 11:14:54 +01:00
Mike Palmiotto 89d7b874ba
Add upgrade note for Removed builtins in 1.13 (#19531) 2023-03-15 22:18:44 +00:00
Hamid Ghaf 27bb03bbc0
adding copyright header (#19555)
* adding copyright header

* fix fmt and a test
2023-03-15 09:00:52 -07:00
Scott Miller de31641aea
Add the Tokenization/Rotation persistence issue as a Known Issue (#19542)
* Note the known issue with rotation interaction with tokenization key policy persistence

* typo
2023-03-15 09:42:02 -05:00
Violet Hynes fdd38deb49
Update auto-auth docs to remove tilde for home (#19548)
* Update auto-auth docs to remove tilde for home

* Extra clean-up
2023-03-15 09:35:43 -04:00
Francis Chuang 74c3697144
Add Oracle Cloud auth to the Vault Agent (#19260)
* Add Oracle Cloud auth to the Vault Agent

* Use ParseDurationSecond to parse credential_poll_interval

* Use os.UserHomeDir()
2023-03-15 09:08:52 -04:00
Violet Hynes 85f845c3e0
VAULT-12798 Correct removal behaviour when JWT is symlink (#18863)
* VAULT-12798 testing for jwt symlinks

* VAULT-12798 Add testing of jwt removal

* VAULT-12798 Update docs for clarity

* VAULT-12798 Small change, and changelog

* VAULT-12798 Lstat -> Stat

* VAULT-12798 remove forgotten comment

* VAULT-12798 small refactor, add new config item

* VAULT-12798 Require opt-in config for following symlinks for JWT deletion

* VAULT-12798 change changelog
2023-03-14 15:44:19 -04:00
Ashlee M Boyer 788af4a90e
Remove .mdx extension from link (#19514) 2023-03-13 15:03:06 -04:00
Meggie be18d6cac3
Un-hiding link to 1.13 upgrade guide (#19505)
* Un-hiding link to 1.13 upgrade guide

* Removing draft notice
2023-03-10 11:30:19 -05:00
Robert 0315efba0c
Add info about gcp service account key encoding (#19496) 2023-03-10 09:13:37 -06:00
Yoko Hyakuna e392b6650f
Remove the note about Vault not supporting number Okta verify push number challenge (#19497) 2023-03-09 16:30:49 -08:00
Max Winslow dbbdd33c63
Change headings to h2 (#19402) 2023-03-07 15:48:51 -08:00
Phil Renaud d09c716e4b
Link to the Nomad tutorial for Vault as OIDC provider (#19461) 2023-03-06 10:30:14 -08:00
Yoko Hyakuna 40dc1d39d9
Add more context on the Release Notes landing page (#19456)
* Add little more verbiage on the Release Notes landing page

* Add missing comma
2023-03-03 14:39:39 -08:00
prabhat-hashi e5b982199f
Docs - update ldap page to add clarity around sAMAccountName (#19450)
* Docs - update ldap page to add clarity around sAMAccountName

Updated https://developer.hashicorp.com/vault/docs/secrets/ldap#active-directory-ad-1 to clarify customers configure username properly using username_template when sAMAccountName is involved.

* Docs -  edit on last update for ldap page

Fixed the link /vault/docs/concepts/username-templating
2023-03-03 10:09:13 -08:00
Max Winslow c44f94d7ff
update entity-alias doc fix (#19435) 2023-03-03 08:16:26 -08:00
Tony Wittinger 64b4ee234d
docs: updated key size in transit documentation (#19346) 2023-03-02 16:07:40 -08:00
akshya96 09057073ae
Vault Status Command Differs Depending on Format (#19361)
* vault-issue-9185

* removing new lines:

* removing new space

* fix grammar

* change field name
2023-03-01 12:57:53 -08:00
Alexander Scheel dabe38dcc1
Document RSA operations (#19377)
Also clarify hash function choices.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-03-01 13:35:35 -05:00
Mark Sailes 4c3c56dee4
Remove the Lambda SnapStart incompatibility notice. (#19394) 2023-03-01 18:13:18 +00:00
Malte S. Stretz 320f46ba8a
Add documentation for tls_max_version (#19398) 2023-03-01 14:45:04 +00:00
Max Winslow 109fbe06bb
change verbiage for lookup group and entity (#19406) 2023-02-28 12:40:38 -08:00
Austin Gebauer 10fe43701f
docs/ad: adds deprecation announcements and migration guide (#19388)
* docs/ad: adds deprecation announcements and migration guide

* fix table ending

* remove fully-qualified links

* Minor format fixes - migrationguide

* Update website/content/docs/secrets/ad/migration-guide.mdx

Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>

* Update website/content/docs/secrets/ad/migration-guide.mdx

Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com>
2023-02-28 10:41:59 -08:00
Alexander Scheel 2970b15a63
Add docs on FIPS Inside vs Seal Wrap (#19310)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-28 10:22:17 -05:00
Yoko Hyakuna cd7f7cc131
Vault 1.13.0 Release Notes (#19360)
* Adding Vault 1.13.0 Release Notes

* Add OpenAPI Go and .NET client libraries to the list

* Add the 'UI wizard removal' to the release note
2023-02-27 12:44:13 -08:00
Rowan Smith 4fd467a53b
approle naming syntax documentation (#19369)
Documentation does not currently detail the accepted naming scheme for approle roles, this aims to provide clarity based on customer feedback. https://github.com/hashicorp/vault/blob/main/sdk/framework/path.go#L16-L18 details the regex used.
2023-02-27 12:08:15 -08:00
Alexander Scheel 7182949029
Fix transit byok tool, add docs, tests (#19373)
* Fix Vault Transit BYOK helper argument parsing

This commit fixes the following issues with the importer:

 - More than two arguments were not supported, causing the CLI to error
   out and resulting in a failure to import RSA keys.
 - The @file notation support was not accepted for KEY, meaning
   unencrypted keys had to be manually specified on the CLI.
 - Parsing of additional argument data was done in a non-standard way.
 - Fix parsing of command line options and ensure only relevant
   options are included.

Additionally, some error messages and help text was clarified.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing documentation on Transit CLI to website

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add tests for Transit BYOK vault subcommand

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Appease CI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-27 18:25:38 +00:00
Jakob Beckmann 078a245939
Allow alias dereferencing in LDAP searches (#18230)
* impr(auth/ldap): allow to dereference aliases in searches

* docs: add documentation for LDAP alias dereferencing

* chore(auth/ldap): add changelog entry for PR 18230

* chore: run formatter

* fix: update default LDAP configuration with new default

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>

* docs(ldap): add alias dereferencing to API docs for LDAP

---------

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>
2023-02-24 13:49:17 -05:00
David Yu 9753379fe8
Update consul.mdx (#19300) 2023-02-22 17:45:26 -05:00
Austin Gebauer a8d382d52a
docs/oidc: make it clear that contents of CA certificate are expected (#19297) 2023-02-22 11:33:53 -08:00
Bryce Kalow 2fa1153e95
adds content-check command and README update (#19271) 2023-02-22 12:04:00 -05:00
Max Coulombe b9bcd135e5
Added disambiguation that creation request can also update roles (#17371)
+ added  disambiguation that creation request can also update roles
2023-02-22 12:02:31 -05:00
Alexander Scheel fbebf2508b
Add note clarifying revoked issuer associations (#19289)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-22 15:48:20 +00:00
Raymond Ho 57ff9835f7
use github token env var if present when fetching org id (#19244) 2023-02-21 12:17:35 -08:00
Christopher Swenson 724ccd5bc4
docs: Add page about events (#19243)
This page details the new events experiment that will be
released in Vault 1.13.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-21 16:43:34 +00:00
Tero Saarni b634bb897b
docs/k8s: updated helm doc for short-lived SA tokens (#15675)
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2023-02-21 12:09:27 +00:00
Max Winslow 3a132c2428
Add vault print token to commands in Vault docs (#19183)
* doc-update

* Update website/content/docs/commands/print.mdx

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-02-17 20:51:48 -08:00
Scott Miller 0a5f3208fd
Document the 'convergent' tokenization transform option (#19249) 2023-02-17 13:15:40 -06:00
Alexander Scheel dd3356752a
Add note on client cert definition (#19248)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-17 11:36:41 -05:00
John-Michael Faircloth 9c837ef4b5
docs/upgrade guide: add changes to plugin loading (#19231)
* docs/upgrade guide: add changes to plugin loading

* clarify this is for external plugins
2023-02-16 22:47:29 +00:00
claire bontempo a5a80b895d
replace whitelist with allow (#19217) 2023-02-16 14:35:30 -08:00
Peter Wilson 70f1d3c217
Remove incorrect information about being able to set environment variables for certain log config (#19208) 2023-02-16 13:37:59 +00:00
Raymond Ho 91446e129e
Add rotate root docs for azure secrets (#19187) 2023-02-15 13:07:42 -08:00
Steven Zamborsky 7534689818
Update raftautosnapshots.mdx (#18996)
Clarify that the `local_max_space` value for local automated snapshots is cumulative for all snapshots in the `file_prefix` path.
2023-02-14 22:46:41 -08:00
John-Michael Faircloth fc13efc80e
docs/plugins: update upgrading plugins (#19109)
* docs/plugins: update upgrading plugins

* Update website/content/docs/upgrading/plugins.mdx

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

---------

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2023-02-14 17:40:06 +00:00
Max Coulombe 2c32190eed
Fix database sample payload doc (#19170)
* * fix database static-user rotation statement in sample payload

* + added changelog
2023-02-14 08:29:27 -05:00
Theron Voran dda2df25db
docs/vault-helm: fix multi-line block copy (#19119)
Add a `$` before the command in shell blocks that include command
output, so that the "Copy" button on the website only copies the
command and not the output.
2023-02-13 22:21:11 -08:00
ram-parameswaran 7dff0e6ae4
Update PKI Secret Engine doc for auto-tidy (#19122)
PKI Secret Engine documentation for auto-tidy(https://developer.hashicorp.com/vault/api-docs/secret/pki#configure-automatic-tidy) has a parameter interval_duration(https://developer.hashicorp.com/vault/api-docs/secret/pki#interval_duration). This needs to explicitly call out the default value to be 12 hours.
2023-02-10 15:57:58 -05:00
Milena Zlaticanin b6c5d07c5e
Azure Auth - rotate-root documentation (#18780)
* add documentation for rotate root

* commit suggestions

* move api permissions section
2023-02-08 18:14:28 -07:00
Steven Clark e599068323
Add OCSP GET known issue (#19066) 2023-02-08 15:06:44 +00:00
Tom Crayford 532f4ab60a
Docs: Remove duplicated, outdated raft information (#11620)
Co-authored-by: Mehdi Ahmadi <aphorise@gmail.com>
2023-02-08 13:37:54 +00:00
Alexander Scheel 06e950b40e
Fix documentation on CRL fixed version (#19046)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 20:51:03 +00:00
akshya96 6b96bd639c
adding emit duration for telemetry (#19027) 2023-02-07 11:26:38 -08:00
Alexander Scheel 3f8aaedc2a
Add suggested root rotation procedure (#19033)
* Add suggested root rotation procedure

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify docs heading

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 13:51:33 -05:00
Alexander Scheel 9130a786bb
Document pki cross cluster behavior (#19031)
* Add documentation on cross-cluster CRLs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add missing revocation queue safety buffer

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-07 11:11:33 -05:00
Max Winslow 54a4b9c4d3
docs: Typo (#18541) 2023-02-07 11:35:41 +00:00
Bryce Kalow f33e779d5d
update learn links to point to developer locations (#19026) 2023-02-06 20:34:51 -08:00
Scott Miller 78aaa3ca92
Add a note that multi-cluster ENT setups can avoid this risk (#19024)
* wip

* all-seals

* typo

* add note about unreplicated items

* italics

* word-smithing
2023-02-06 19:25:14 -06:00
Theron Voran 4278ed606c
docs/vault-k8s: 1.2.0 release updates (#19010) 2023-02-06 22:35:12 +00:00
Scott Miller b43e4fbd9c
Add a stronger warning about the usage of recovery keys (#19011)
* Add a stronger warning about the usage of recovery keys

* Update website/content/docs/concepts/seal.mdx

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Keep the mitigation text in the warning box

---------

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-02-06 16:23:05 -06:00
Kyle Schochenmaier e5af4d34c1
update annotation docs for agent telemetry stanza (#18681)
* update annotation docs for telemetry stanza
Co-authored-by: Kendall Strautman <36613477+kendallstrautman@users.noreply.github.com>
2023-02-06 13:47:50 -06:00
Matt Schultz 6bfebc3ce3
Transit Managed Keys Documentation (#18994)
* Document 'managed_key' key type for transit. Document new 'usages' parameter when creating a managed key in the system backend.

* Document new managed key parameters for transit managed key rotation.
2023-02-03 18:49:02 -06:00
Alexander Scheel 660979d58b
Document Cross-Cluster CRLs/OCSP for Vault Enterprise (#18970)
* Add documentation on fetching unified CRLs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation on unified OCSP

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify that OCSP requests need to be URL encoded

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Document new CRL config parameters

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify notes about cross-cluster options

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-02-03 16:30:23 -05:00
Christopher Swenson dfdeca7b5d
docs: Remove XKS proxy TLS setup note (#18988)
The TLS settings should not need to be modified as xks-proxy should
generate the certificate and key itself for listening.
2023-02-03 13:22:04 -08:00
Alexander Scheel cb2f6ff7fe
Add docs on cross-cluster listing endpoints (#18987)
* Add docs on cross-cluster listing endpoints

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Update website/content/api-docs/secret/pki.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-02-03 20:01:10 +00:00
Alexander Scheel 8b331fa769
Add notes on cross cluster CRLs (#18986)
* Group CRL related sections

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix casing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add notes about cluster size and revocation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Apply suggestions from code review

Thanks Yoko!

Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
2023-02-03 19:51:30 +00:00
Alexander Scheel 1a2eef482d
Add docs on cross cluster tidy operations (#18979)
* List tidy parameters in one place

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add new tidy status outputs

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add docs on new tidy parameters

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-03 14:27:18 -05:00
Rowan Smith 6c53845db9
docs allow_forwarding_via_token syntax update (#18956)
* allow_forwarding_via_token syntax update

the example syntax used for `allow_forwarding_via_token` marks the option as an array when it does not need to be, this updates the format on the page to be a code block and removes the square braces

* another update to `allow_forwarding_via_token` syntax
2023-02-03 10:58:19 -08:00
Sascha Marcel Schmidt 544f07de66
docs: Change default value for ha_enabled to false (#18983)
see: https://github.com/hashicorp/vault/blob/main/physical/mysql/mysql.go#L132
2023-02-03 18:20:14 +00:00
Austin Gebauer e165697ce7
secrets/azure: changes permission recommendation to be minimally permissive (#18937) 2023-02-01 11:07:57 -08:00
Hamid Ghaf 6a8716ac18
docs for named login MFA (#18833)
* docs for named login MFA

* feedback
2023-02-01 10:30:14 -05:00
Alexander Scheel 5d17f9b142
Allow cleanup ssh dynamic keys host keys (#18939)
* Add ability to clean up host keys for dynamic keys

This adds a new endpoint, tidy/dynamic-keys that removes any stale host
keys still present on the mount. This does not clean up any pending
dynamic key leases and will not remove these keys from systems with
authorized hosts entries created by Vault.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-02-01 15:09:16 +00:00
Alexander Scheel 881ae5a303
Remove dynamic keys from SSH Secrets Engine (#18874)
* Remove dynamic keys from SSH Secrets Engine

This removes the functionality of Vault creating keys and adding them to
the authorized keys file on hosts.

This functionality has been deprecated since Vault version 0.7.2.

The preferred alternative is to use the SSH CA method, which also allows
key generation but places limits on TTL and doesn't require Vault reach
out to provision each key on the specified host, making it much more
secure.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove dynamic ssh references from documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove dynamic key secret type entirely

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify changelog language

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add removal notice to the website

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-01-31 16:02:22 -05:00