Commit graph

3516 commits

Author SHA1 Message Date
Michael Golowka e07fe992ef
DBPW - Add readme to dbplugin package (#10230) 2020-10-26 13:57:02 -06:00
Theron Voran b705d71ae7
Add info about aws timeouts to docs (#10209)
In auth/aws, seal/awskms, and secrets/aws, storage/s3, and
storage/dynamodb.

One blurb for the docs pages and one for the .0 upgrade pages.
2020-10-26 11:15:59 -07:00
Aleksandr Bezobchuk 95bbd8d920
Merge PR #10192: Auto-Join: Configurable Scheme & Port (and add k8s provider) 2020-10-23 16:13:09 -04:00
Ryan Treat d5169bae28
Update Venafi Secrets Engine doc to account for recent enhancements (#10221) 2020-10-22 16:25:37 -07:00
Meggie ecaa561262
Updating latest version to 1.5.5 on website (#10208) 2020-10-21 19:27:43 -04:00
Jason O'Donnell cdcbac013b
docs: update helm to 0.8.0 (#10190)
* docs: update helm to 0.8.0

* Fix formatting

* Add allowed values to failurePolicy
2020-10-20 15:47:47 -04:00
Jason O'Donnell 2dbd6dd098
Update injector docs for 0.6.0 (#10186) 2020-10-20 13:09:37 -04:00
Mike Green 77ea265a0a
Clarify prometheus_retention_time to 0 (#10187)
zero prometheus_retention_time will disable.
2020-10-20 11:51:08 -04:00
Michael Golowka ec29078acb
DBPW - Update docs with password policies & new Database interface (#10138) 2020-10-19 15:58:09 -06:00
Jeff Escalante ee6dafcf45
fix press kit (#10169) 2020-10-18 22:07:58 -07:00
Julien Rottenberg 6c6dc2bfbb
Fix for broken link (#10152) 2020-10-16 16:44:33 -07:00
davidadeleon ab18a74c08
Updated missing code encoding around two path references (#10161) 2020-10-16 16:26:28 -07:00
Aleksandr Bezobchuk 0d6a0ec589
Merge PR #10010: Rate Limit Quotas: Allow Exempt Paths to be Configurable 2020-10-16 14:58:19 -04:00
Jimmy Merritello 767c3cd29f
Update HSM version w/ waypoint (#10154) 2020-10-15 12:55:20 -04:00
Peter Souter feaafb2c3a
Adds note that it requires a PEM-encoded file (#10145) 2020-10-14 16:43:07 -07:00
Jimmy Merritello 4d9a2c44ca
[Website] Bump HSM version (#10149)
* Bump HSM version

* Updated pkg
2020-10-14 14:32:48 -04:00
Jim Kalafut a23ed17806
Add GCS storage change to 1.5.0 upgrade guide (#10139) 2020-10-14 07:34:47 -07:00
Hridoy Roy 771da35261
upgrade docs for new telemetry [VAULT-672] (#10137)
* upgrade docs for new telemetry

* Update telemetry.mdx

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-10-14 06:52:23 -07:00
Connor 8b1a3301f0
Add telemetry for LRU cache (#10079)
Vault creates an LRU cache that is used when interacting with the
physical backend. Add telemetry when the cache is hit, missed, written
to and deleted from. Use the MetricSink from ClusterMetrics
2020-10-13 10:11:54 -05:00
Calvin Leung Huang 95c5f60055
docs/ssh: update algorithm_signer param after #9824 (#10126) 2020-10-09 15:42:11 -07:00
Jimmy Merritello ec133d98a2
Add new HashiStackMenu (#10105) 2020-10-09 12:15:38 -04:00
James Connor 86e79f6f26
lease_renewable false on STS AWS credentials (#10115)
See #1804
2020-10-08 10:25:01 -07:00
Peter Souter c48ec9cfc3
Adding note about commands that are root only (#10098)
* We don’t specifically note anywhere that these 
have to be run from root, so makes sense to add
2020-10-08 09:46:43 -07:00
Martin Baillie 09aa3dfa6c
Add reference to community GitHub secrets plugin (#10111) 2020-10-08 09:45:42 -07:00
Josh Black 088c6c7364
Add API docs for sys/monitor (#9968) 2020-10-07 11:53:07 -07:00
Josh Black 3e278b33dc
Clarify docs around audit non-hmac request and response keys (#10018) 2020-10-06 10:43:32 -07:00
Michel Vocks dc5a0da770
Pull latest raft updates (#10055)
* Implement raft peers metric

* Remove old peers metric

* Update vault raft dependency

* Add peer_id docs
2020-10-05 16:36:48 +02:00
Meggie da82b2096d
Adding an UG note on primary_cluster_addr behavior (#10071) 2020-10-02 13:25:09 -04:00
Troy Fluegge 2b9b41115a
Update index.mdx (#10064)
Reworded disable_mlock to remove confusion regarding what is acceptable for production deployments.  Disabling mlock is alright for production given the additional security recommendations are implemented.  Disabling mlock is also recommended for integrated storage
2020-10-01 15:31:03 -07:00
Aleksandr Bezobchuk a3cfa7c447
Merge PR #10059: Port OSS changes from #1497 2020-10-01 15:15:20 -04:00
Andy Assareh ab7cd4f8db
corrected typo in "certificate" (#9916) 2020-09-28 17:39:01 -07:00
Andy Assareh 818120b401
corrected a missing noun (#9917) 2020-09-28 17:38:39 -07:00
Wacław Schiller 5d419f73c3
Minor fix to audit documentation (#10047) 2020-09-28 16:04:45 -07:00
Theron Voran 2ba19c3f16
Update k8s auth docs for new parameter (#9992)
Adds info about the disable_local_ca_jwt parameter.

Co-authored-by: Clint <catsby@users.noreply.github.com>
2020-09-25 11:17:28 -07:00
Meggie 44b255ab61
Updating version for website to 1.5.4 (#10040) 2020-09-25 13:50:09 -04:00
Hridoy Roy a20fe5c066
moved the documentation to kv2 page (#10017)
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-09-22 11:58:00 -07:00
Lauren Voswinkel 15e608c0ed
Update AD secret engine docs for root cred rotation (#9990) 2020-09-21 16:21:14 -07:00
Meggie 9190860cc0
docs: Change sidebar labeling to use Integrated Storage (#10002)
I changed some verbiage in the page as well.
2020-09-21 15:55:36 -04:00
Mike Green 9eb1fb1df4
minor only ha_storage clarification (#10001) 2020-09-21 13:06:03 -04:00
Sebin John 9b3e244e40
Fix doc formatting. (#9994) 2020-09-21 10:01:43 -07:00
acahn 795b118941
Update index.mdx (#9950)
MongoDB Atlas Language modernization update
2020-09-16 12:02:34 -07:00
Lauren Voswinkel 5740e1ff9e
5844 AWS Root Credential Rotation (#9921)
* strip redundant field type declarations

* root credential rotation for aws creds plugin

* Change location of mocks awsutil and update methods that no longer exist

* Update website/pages/docs/auth/aws.mdx

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk version to get the awsutil mock file

* Re-vendor modules to pass CI

* Use write lock for the entirety of AWS root cred rotation

* Update docs for AWS root cred rotation for clarity

Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-09-15 15:26:56 -07:00
Scott Miller 4062c8a5c3
Add a note on performance and availability to the HSM behavior docs (#9923) 2020-09-14 11:28:23 -05:00
Jason O'Donnell 9a9d886a2d
doc: add VAULT_DISABLE_MLOCK env (#9933) 2020-09-11 13:57:09 -04:00
Alexander Bezobchuk 444f2b5469
Merge PR #9922: Document rate limit list API 2020-09-11 08:54:21 -04:00
Mike Green 8d3b8440e8
Docs: Add that vault deletes IAM user (#9919) 2020-09-10 15:23:41 -07:00
Jim Kalafut 51a1ccea1c
Update upgrade guides for latest releases (#9908) 2020-09-08 16:53:43 -07:00
Kevin Pruett 7da4317b49
Integrate @hashicorp/react-search into layout (#9868) 2020-09-08 14:17:36 -07:00
Jeff Escalante 33cf45440a
improve mobile styling for columns component (#9899) 2020-09-04 15:12:01 -07:00
Jason O'Donnell fe7229028f
docs: add required/optional to kerberos autoauth config (#9897)
* docs: add required/optional to kerberos autoauth config

* Remove double space
2020-09-04 17:20:21 -04:00
Mark Gritter f12719fbde
Add upgrade note about the KV metric crash. (#9882)
Co-authored-by: swayne275 <swayne275@gmail.com>
2020-09-02 22:19:09 -05:00
Calvin Leung Huang 63d484b831
docs: fix URL for plugin portal mdx page (#9885) 2020-09-02 17:20:00 -07:00
Calvin Leung Huang 744623746a
docs: add a plugin portal page (#9590)
* docs: add a plugins directory page

* docs: remove divs on the plugins directory page

* add columns

* tag component

* docs: use tags on plugins directory

* docs: revert tags on plugins directory for now

* fix header for official plugins

* add note on submission for community plugins

* s/plugins directory/plugin portal/

* move portal page into docs section

* tag oracle db as external, fix kerberos misspelling

* include gh issue template as submission form

Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2020-09-02 16:25:06 -07:00
Theron Voran 4fa8cc422a
Updating the vault injector connectivity docs (#9783)
Adding more detail about connectivity requirements, noting that
masters sometimes need to connect to workers on :8080, and
considerations when Vault is running outside of Kubernetes.
2020-09-02 14:07:31 -07:00
Jason O'Donnell d10a000e2f
docs: add injector tls setup (#9871)
* docs: add injector tls setup

* Add missing prompts

* Grammar

* fix sidebar

* Update website/pages/docs/platform/k8s/helm/examples/injector-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/pages/docs/platform/k8s/helm/examples/injector-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Update website/pages/docs/platform/k8s/helm/examples/injector-tls.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Move note before command

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-09-02 11:36:21 -04:00
Meggie 31a52a7a05
Update version.js (#9858) 2020-08-31 13:27:49 -04:00
Jason O'Donnell b2110a2e87
docs: add ldap ppolicy to enforce password hashing (#9856)
* docs: add ldap ppolicy to enforce password hashing

* formatting

* grammar

* Clarify password policy doc
2020-08-31 13:05:27 -04:00
Jim Kalafut b61f080daf
Update docs to add EdDSA to supported algorithms (#9854) 2020-08-29 10:30:05 -07:00
Calvin Leung Huang 0d723e54a9
docs: add tls settings on cert auto-auth's config page (#9848) 2020-08-27 19:21:32 -07:00
Michael Ethridge a71798a445
TLS Cert Authentication example updates (#9735)
* TLS Cert Authentication example updates

- Updated the Cert Auth example description to clarify which CA
should issue the certificate.
- Removed `-ca-cert` parameter from examples as this caused
confusion.  Is this the auth CA or the CA of the listener?

* Return CA parameter to examples, add Note

- Returned CA parameter to login examples
- Added note above examples to explain which CA is being used in CLI
- Updated examples in API doc to use httpS
- Added note above login example to explain wich CA is being used

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-08-27 17:47:16 -07:00
Jim Kalafut ba1adb6d22
Update Known Issues (#9847)
Provide information about AWS IAM fix versions.
2020-08-27 16:48:44 -07:00
Austin Gebauer b96f073e23
docs: fixes rollback_statements description and some punctuation (#9836) 2020-08-26 16:49:17 -07:00
Scott Miller 4c4fb54806
Aws auth fixes (#9825)
* Bring over PSIRT-37 changes from ENT

* Add additional allowed headers

* Already had this one

* Change to string slice comma separated parsing

* Add allowed_sts_header_values to read output

* Only validate AWS related request headers

* one per line

* Import ordering

* Update test

* Add X-Amz-Credential

* Reorder imports
2020-08-25 17:37:59 -05:00
Jason O'Donnell 052dea6e57
doc: update vault-helm to 0.7.0 (#9810)
* doc: update vault-helm to 0.7.0

* Fix typo in agent image

* Remove doc from sidebar

* Update website/pages/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Clint <catsby@users.noreply.github.com>

* Update website/pages/docs/platform/k8s/helm/configuration.mdx

Co-authored-by: Clint <catsby@users.noreply.github.com>

* Add note about prometheus

Co-authored-by: Clint <catsby@users.noreply.github.com>
2020-08-24 19:03:36 -04:00
Jason O'Donnell dfd5e2d532
vault-k8s: add new annotations for 0.5.0 (#9804)
* vault-k8s: add new annotations for 0.5.0

* feedback revision
2020-08-24 13:20:29 -04:00
Jim Kalafut 8815905114
Add Known Issue for AWS IAM logins (#9798)
* Add Known Issue for AWS IAM logins

* Add note about license issue
2020-08-21 15:21:56 -07:00
Andy Baran dffd0dfa4b
K8s docs cross reference (#9795)
* add links to commonly reference Learn site docs

* fixed markdown links

* Moved Deployment Guide to "Guides" subs section
2020-08-21 15:03:01 -04:00
Mark Gritter 6cd00407ad
Add vault.metrics.collection.* metrics to documentation. (#9796) 2020-08-21 13:27:30 -05:00
Meggie 275a34476c
Updates for 1.5.1, 1.4.4, 1.3.8, and 1.2.5 (#9793)
* Updates for 1.5.1, 1.4.4, 1.3.8, and 1.2.5

* Recommend against using these versions

* Re-running checks

* Update docs-navigation.js
2020-08-20 18:57:44 -04:00
ncabatoff 7f7ac71746
Document allowed_domains_template. (#9751) 2020-08-20 09:54:52 -04:00
ncabatoff f20f3747c7
New seal migration strategy doesn't work in 1.4. (#9765) 2020-08-20 09:54:28 -04:00
Junya Ogasawara 0a13195450
Reduce a required permission for OIDC with AzureAD (#9785)
`Group.Read.All` is too permissive policy to achieve external groups
feature. `GroupMembers.Read.All` is enough for that purpose.

MicroSoft Graph API Permission reference follows
https://docs.microsoft.com/en-us/graph/permissions-reference#application-permissions-23
2020-08-20 00:00:31 -07:00
Martin Hristov ac36da333d
Add note for AD domain usernames in MSSQL (#9743)
Adding a note that `vaultuser` might be part of the AD domain like `DOMAIN\vaultuser`.
2020-08-18 10:35:21 -06:00
Tom Proctor ba9d1b6fbf
Couchbase database plugin documentation (#9764) 2020-08-18 15:57:18 +01:00
Lauren Voswinkel b2a106a931
Add a section to the MySQL secrets plugin docs about x509 (#9757) 2020-08-17 16:29:51 -07:00
arnis fd6e0eb543
Update documentation for MySQL Secrets Engine (#9671)
* Update documentation for MySQL Secrets Engine

Update documentation for MySQL Database Secrets Engine to reflect changes introduced with https://github.com/hashicorp/vault/pull/9181

* Empty Commit to re-trigger tests

Co-authored-by: Lauren Voswinkel <lvoswinkel@hashicorp.com>
2020-08-17 15:30:33 -07:00
Michael Golowka edc40a1767
Correctly mark Cassandra as not supporting static roles (#9750) 2020-08-17 14:36:32 -06:00
Theron Voran f0f576f5bf
Restoring the example policies for blocking sha1 (#9677)
(In the transit api-docs)
2020-08-17 10:30:06 -07:00
ncabatoff 893e15bdbf
Document the new SSH signing algorithm option. (#9197) 2020-08-17 13:03:44 -04:00
Scott Miller 5b003b06f8
Trail of bits 018 (#9674)
* TOB-018 remediation

* Make key derivation an optional config flag, off by default, for backwards compatibility

* Fix unit tests

* Address some feedback

* Set config on unit test

* Fix another test failure

* One more conf fail

* Switch one of the test cases to not use a derive dkey

* wip

* comments
2020-08-17 11:36:16 -05:00
Alexander Bezobchuk f873863263
Merge PR #9667: Rate Limit Backoff 2020-08-16 22:09:18 -04:00
Meggie ca65131543
Added upgrade guidance on mount -> path filters (#9712) 2020-08-12 10:54:56 -04:00
Austin Gebauer 00a0d043be
docs: fix sentence in vault debug command (#9725) 2020-08-11 20:24:37 -07:00
Jeff Escalante a28209ad6d
small change to make github star count display correctly (#9718) 2020-08-11 17:06:23 -04:00
Kyle MacDonald eb923f30b1
website: update favicon refs (#9713) 2020-08-11 13:56:25 -04:00
Geoffrey Grosenbach 967d9b85da
Updates URLs to match new paths at Learn (#9679)
Previous URLs which included a track in the querystring now go to standard paths instead.
2020-08-10 13:40:09 -07:00
Tom Proctor 494cdf5bcb
Add docs for OpenLDAP plugin's new AD schema (#9619) 2020-08-10 10:24:38 +01:00
Mark Gritter 3a9619fb05
Add explanation of "keys" field. (#9676) 2020-08-07 12:11:11 -05:00
ncabatoff b01fda0e04
Add docs for CSR signing. (#8899) 2020-08-07 10:45:12 -04:00
Austin Gebauer db9993335c
docs: fixes environment variable in azure secrets config API (#9678) 2020-08-06 17:11:18 -07:00
Zalary Young 5100624d5c
Merge PR #9628: add audit_non_hmac_request_keys to payload example for tune 2020-08-06 15:27:03 -04:00
Scott Miller 6cf859632a
Remove weird TTL special case documentation from cubbyhole (#9669) 2020-08-05 16:20:24 -05:00
aphorise c9fb408b60
Docs - /system/unseal Typo - Resolves: #9659 (#9660) 2020-08-05 08:33:47 -04:00
Jim Kalafut 9b3719d9ce
Update OpenLDAP docs (#9648)
Add link to API docs.
2020-07-31 17:25:27 -07:00
Andy Assareh 76894f7dcb
curl command incorrect: ---header should be --header (#9643) 2020-07-30 14:55:42 -07:00
Austin Gebauer 837ec00859
docs: fix gcpkms steps for asymmetric decryption and asymmetric signing (#9638) 2020-07-30 10:50:23 -07:00
Mark Gritter 51b6dfb097
Add new page documenting limits. (#9592)
* Add new page documenting limits.
* Add some identity metrics not previously documented.
* Updated limits based on compression experiments.
* Add Transit key rotation limits, and link to Transform size limit.
2020-07-29 16:18:04 -05:00
Alexander Bezobchuk 1e262e5648
Merge PR #9581: Rate Limit Quota Headers 2020-07-29 15:15:05 -04:00
Michael Golowka 1bd4502b92
Mark MongoDB Atlas as supporting static creds (#9624)
Also fixes some links that are not rendering properly with a newline
between the text and the link.
2020-07-29 11:39:53 -06:00
Austin Gebauer 082a034cfa
docs: add missing parameters to the gcpkms key create/update API (#9612) 2020-07-28 13:53:27 -07:00
Jeff Escalante 290c6d7187
Fix broken links in website footer (#9613)
* add security page and press kit

* github link correction
2020-07-28 16:22:35 -04:00
ncabatoff 43d8c304c5
Remove obsolete kms->shamir warning. Add warning about taking a backup. (#9614) 2020-07-28 16:13:57 -04:00
Jim Kalafut 70d964d420
Update OIDC docs (#9599)
Clarify that verbose logging is to the server logs.
2020-07-27 08:51:59 -07:00
ncabatoff c3c253e76c
Add upgrade note for okta issue. (#9587) 2020-07-27 11:36:17 -04:00
Scott Miller 8a5b97198c
Fix navigation for the Sentinel config and clarify module usage (#9588) 2020-07-27 09:52:46 -05:00
Austin Gebauer cca5bb3ba6
docs: fix sentence in gcp secrets by removing unneeded word (#9585) 2020-07-24 07:36:06 -07:00
Yoko 39fb31559f
Add cross-referencing links to learn tutorials (#9562)
* Add cross-referencing link to learn

* Fix grammar

* Update website/pages/docs/concepts/password-policies.mdx

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
2020-07-23 07:56:00 -07:00
Michael Golowka 295b0573c1
Docs: Update MongoDB to support root credential rotation (#9559)
* Update MongoDB to support root credential rotation
2020-07-22 14:56:11 -06:00
Mark Gritter 5fc28fe65a
Fix links to documentation. (#9570)
* Fix links to documentation.
* Add 1.5.0 upgrade nodes to navigation.
2020-07-22 15:55:41 -05:00
ncabatoff 645e8b6521
Add upgrade note for #9555. (#9569) 2020-07-22 16:24:06 -04:00
Mark Gritter 5d9a1caba1
Add upgrade note for #9553. (#9563)
* Add upgrade note for #9553.
* Note that these are metrics introduced in 1.5.0.
* Added link to docs.
2020-07-22 14:47:48 -05:00
Alexander Bezobchuk f3587c341b
Merge PR #9089: Initial 1.5.0 Upgrade Doc 2020-07-22 15:23:02 -04:00
Austin Gebauer 56bc00bed8
Adds documentation for OIDC provider specific extension for G Suite (#9454)
* docs: adds documentation for JWT/OIDC google provider specific handling

* use may instead of will for identity group alias association

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>

* adds missed parentheses

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>

* adds missed parentheses

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>

* reword sentence referring to key file for Google service account

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* add styles to emphasize security step

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-07-22 12:18:58 -07:00
Scott Miller 068e080c27
Add sentinel configuration stanza documentation to OSS (#9558) 2020-07-22 13:07:51 -05:00
Alexander Bezobchuk b642b1ddd7
Merge PR #9544: docs: add pages to sidebar 2020-07-22 09:28:56 -04:00
Meggie 692200c47b
Link to release notes on downloads page (#9546)
* Link to release notes on downloads page

* Per Jeff E's comment linking to index
2020-07-21 18:11:32 -04:00
Austin Gebauer 66c8032fb5
docs: specify which JWT/OIDC role params support JSON pointer syntax in API docs (#9518) 2020-07-21 11:20:10 -07:00
Austin Gebauer 87172c3fbb
docs: changes the default alias names in the GCP auth API docs to role_id for both IAM and GCE (#9494) 2020-07-21 10:22:24 -07:00
Jason O'Donnell a3e0620cd4
doc: add k8s probe notes to helm doc (#9543) 2020-07-21 12:40:43 -04:00
Meggie 259aa74728
docs: add release notes (#9540)
* Create nav for release notes

* Update 1.5.0.mdx

Initial release notes

* Update 1.5.0.mdx

Minor edits

* Update 1.5.0.mdx

Made a small grammatical edit

* Update 1.5.0.mdx

Changed a period to a colon

* Update 1.5.0.mdx

Some minor formatting changes

* Update 1.5.0.mdx

Changes to the Splunk app description

* Update 1.5.0.mdx

Small change to the vault monitor command description

* Update 1.5.0.mdx

Small change to the description of the vault monitor command

* Update 1.5.0.mdx

Added link to the Splunk app for Monitoring Vault

* Updating version

* Capitalization consistency

Co-authored-by: Andy Manoske <andy@hashicorp.com>
Co-authored-by: Darshana Sivakumar <darshana10@gmail.com>
2020-07-21 12:23:03 -04:00
Jason O'Donnell 13cc4295b5
doc: remove beta warnings for openshift (#9541) 2020-07-21 10:43:41 -04:00
Scott Miller fdb2fc612e
API and upgrade docs for global plugin reload (#9487) 2020-07-17 13:39:24 -05:00
Austin Gebauer 6bc9696a51
Replaces storage backend with secrets engine in the gcp secrets docs (#9511) 2020-07-16 17:43:47 -07:00
Alexander Bezobchuk ea13485c7d
Merge PR #9502: Resource Quotas: Remove 'burst' Param from Rate Limiter 2020-07-16 14:34:43 -04:00
Vishal Nayak 4e4cb5289a
Fetch quota by name before updating it (#9466)
* Fix quotas update

* Update doc
2020-07-15 13:25:00 -04:00
Mike Jarmy 11b10f21b7
Update the seal migration docs (#9432)
* update the seal migration docs

* Update website/pages/docs/concepts/seal.mdx

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
2020-07-15 11:55:28 -04:00
Meggie f5a81882b5
Add RC note on downloads page (#9473) 2020-07-13 18:43:30 -04:00
Theron Voran a7522738b9
docs: Updating vault-helm service_registration docs (#9417)
* Adding notes about ingress and route requirements

Specifically that they require vault 1.4 with service_registration
enabled. Also removed a stray block about extraVolumes.
2020-07-10 13:02:51 -07:00
Michael Golowka 23a3375f98
Add links to API docs (#9442) 2020-07-10 12:55:43 -06:00
Mark Gritter ca21cb93df
Documentation fixes on metric names (#9419)
Make the names of WAL metrics exactly match their implementation.
Add `vault` prefix to be consistent everywhere.

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
2020-07-08 13:16:42 -05:00
Larry Eichenbaum f5fcf04a73
Document OSS->ENT upgrade process (#9414) 2020-07-08 09:17:27 -04:00
Michael Golowka 6d86988d0b
Update GCP auth docs with warning about token impersonation (#9418) 2020-07-07 17:09:12 -06:00
Alexander Bezobchuk a282864793
Merge PR #9342: Resource Quotas Doc 2020-07-07 11:42:01 -04:00
Jeff Escalante dcc05e8aed
learn -> tutorials in subnav (#9391) 2020-07-06 18:47:59 -04:00
Trishank Karthik Kuppusamy 94b4545a69
Merge PR #9388: Update tokens.mdx 2020-07-06 09:22:50 -04:00
DevOps Rob 230656ccf4
adding a note to the docs to make it clear that the token needs to be unlimited to create child tokens (#9397) 2020-07-03 09:00:14 -07:00
Meggie 866576cde8
Changing changelog headers and update version (#9393) 2020-07-02 19:46:41 -04:00
Jeff Escalante a3371f6242
🌷Website Maintenance (#9140)
* another round of maintenance

- apply stylelint
- run eslint across all files
- remove unneeded font import
- add jsconfig and import from absolute pahts
- remove unneeded experimental nextjs config
- update all dependencies

* refreshing with the latest dep updates
2020-07-02 14:24:34 -04:00
Geoffrey Grosenbach 93b37de1bc
Mention Linux packages on install page (#9314)
* Update install docs to mention Linux packages

We now build packages for Debian, Ubuntu, CentOS, etc. This removes language
about "we have no plans to build packages" and adds links to step by step guides
for adding a GPG key and the official repository.

* Fix URL to Learn Vault install page

A Linux section previously existed but now it is in the general install section.

* Fix Markdown for multi-step compile from source

The steps were previously marked up as an ordered list but the numbers didn't
display correctly. This outdents the code so it's a series of paragraphs instead
of an ordered list.
2020-07-02 13:51:02 -04:00
Roger Berlind 15d8ed3f82
request.connection.remote_addr only has IP (#9326)
* request.connection.remote_addr only has IP

The request.connection.remote_addr property exposed to Sentinel only has an IP.
It does not include a port.
I tested this in a policy with `print("remote address:", request.connection.remote_addr)` and got back 150.10.0.26.

* Update website/pages/docs/enterprise/sentinel/properties.mdx

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-07-02 10:47:44 -07:00
Josh Black 44a7e3661d
Update replication status API docs with new fields (#9215) 2020-06-29 15:11:17 -07:00
Josh Black dc2b5c1830
Add docs for vault monitor (#9218) 2020-06-29 12:23:31 -07:00
Theron Voran 06700a7110
Adding docs for azure-specific handling in jwt-oidc (#9287)
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
2020-06-29 10:46:41 -07:00
Vitaly Velikodny 1bb9992c92
fix #8092: add the note to docs about impossible to create a custom token with 's.' prefix (#8195)
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-06-29 12:20:23 -04:00
Josh Black 6306faa3d2
Update documentation with more details for allowed_parameters (#9279) 2020-06-29 09:01:33 -07:00
Kevin Pruett 4a48b57546
Add Algolia indexing script to CI (#9332) 2020-06-29 16:39:08 +01:00
Vishal Nayak c6876fe00f
Resource Quotas: Rate Limiting (#9330) 2020-06-26 17:13:16 -04:00
Theron Voran 505bb596d3
docs: default for the auth-path annotation (#9313)
Updating the default for the auth-path annotation in the k8s injector
docs.
2020-06-25 09:36:23 -07:00
Jason O'Donnell 9a19916d53
doc: update vault helm enterprise image examples (#9299)
* doc: update vault helm enterprise image examples

* fix tar reference
2020-06-23 16:20:34 -04:00
Calvin Leung Huang c45bdca0b3
raft: add support for using backend for ha_storage (#9193)
* raft: initial work on raft ha storage support

* add note on join

* add todo note

* raft: add support for bootstrapping and joining existing nodes

* raft: gate bootstrap join by reading leader api address from storage

* raft: properly check for raft-only for certain conditionals

* raft: add bootstrap to api and cli

* raft: fix bootstrap cli command

* raft: add test for setting up new cluster with raft HA

* raft: extend TestRaft_HA_NewCluster to include inmem and consul backends

* raft: add test for updating an existing cluster to use raft HA

* raft: remove debug log lines, clean up verifyRaftPeers

* raft: minor cleanup

* raft: minor cleanup

* Update physical/raft/raft.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update vault/ha.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update vault/ha.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update vault/logical_system_raft.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update vault/raft.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update vault/raft.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* address feedback comments

* address feedback comments

* raft: refactor tls keyring logic

* address feedback comments

* Update vault/raft.go

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* Update vault/raft.go

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* address feedback comments

* testing: fix import ordering

* raft: rename var, cleanup comment line

* docs: remove ha_storage restriction note on raft

* docs: more raft HA interaction updates with migration and recovery mode

* docs: update the raft join command

* raft: update comments

* raft: add missing isRaftHAOnly check for clearing out state set earlier

* raft: update a few ha_storage config checks

* Update command/operator_raft_bootstrap.go

Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

* raft: address feedback comments

* raft: fix panic when checking for config.HAStorage.Type

* Update vault/raft.go

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* Update website/pages/docs/commands/operator/raft.mdx

Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>

* raft: remove bootstrap cli command

* Update vault/raft.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* Update vault/raft.go

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

* raft: address review feedback

* raft: revert vendored sdk

* raft: don't send applied index and node ID info if we're HA-only

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-06-23 12:04:13 -07:00
Mark Gritter 6bd17d7e91
Document new and previously undocumented telemetry metrics: (#9283)
usage metrics
 vault.route.*
 vault.core.unsealed
2020-06-23 13:49:45 -05:00
Calvin Leung Huang 4a5bef48c4
docs: add additional info around transform for tweak and template type (#9203) 2020-06-23 10:32:54 -07:00
Austin Gebauer 965f95239a
docs: clarify when plugin executables must also be given mlock syscall ability (#9275) 2020-06-22 10:05:15 -07:00
Johnathan Schmidt ab4e072bb6
Add the static-roles feature for MSSQL (#9062) 2020-06-19 23:01:06 -07:00
Michael Golowka 7502813335
Add password_policy field to Azure docs (#9249)
* Add password_policy field
* Updated vault-plugin-secrets-azure to v0.6.1
* A bunch of other libraries also got updated at the same time because of the plugin update
2020-06-18 13:25:59 -06:00
Calvin Leung Huang 2e7e63f78c
docs: add sample revocation for mongodb (#9245) 2020-06-17 08:25:56 -07:00
Scott Miller 632c86ecc1
Add new Telemetry config options (#9238)
* Add new Telemetry config options

Add cluster_name, maximum_gauge_cardinality, and usage_gauge_period
configuration options to the config stanza.

Update unit tests.

Document.

Co-authored-by: Mark Gritter <mgritter@hashicorp.com>
2020-06-17 10:07:33 -05:00
Jason O'Donnell e8db47f92d
docs/agent: add overview for consul template fetches (#9227)
* docs/vault-k8s: add overview for consul template fetches

* Add dynamic role link

* move to agent documentation, add link

* fix typo in certificate doc

* fix note about leased secrets

* update secret vs token, add note to pki

* add more secret vs token notes

* add note about caching
2020-06-15 15:49:35 -04:00
Austin Gebauer d9fbd04a33
docs: fix typo in gcp and gcpkms secrets (#9228) 2020-06-15 11:57:51 -07:00
Matt Whiteley 922f9374c6
Fix typo (#9217)
correct parameter is `leader_ca_cert_file`
2020-06-15 14:36:15 -04:00
Michael Golowka 1a8b7765bc
Add password policies to Active Directory secret engine (#9144)
* Also updates AD docs to reflect password policies
2020-06-15 10:36:17 -06:00
Jim Kalafut 320e9ecb92
Minor transform docs rewording (#9223) 2020-06-14 20:53:36 -07:00
Roman Iuvshyn 889c9d6f06
add disable_iss_validation option to k8s auth docs (#9142) 2020-06-11 19:02:20 -07:00
Michael Golowka a89f09802d
Integrate password policies into RabbitMQ secret engine (#9143)
* Add password policies to RabbitMQ & update docs
* Also updates some parts of the password policies to aid/fix testing
2020-06-11 16:08:20 -06:00
ncabatoff 9cc77b94a8
Clarify cache setting. (#9204) 2020-06-11 16:20:36 -04:00
Jeff Hemmen 7a2eabde69
Simple typos (#9119) 2020-06-11 14:22:49 -04:00
Andy Assareh e8a36eb752
replacing "a key usage mode" as it is confusing (#9194)
Since the context of this page is transit and encryption keys, the use of the word "key" to mean effectively common seems ill advised. Proposing an alternative wording.
2020-06-11 07:50:31 -04:00
Mike Wickett 5ca6057295
website: remove whitepaper link from subnav (#9190) 2020-06-10 16:01:23 -04:00
Theron Voran e1a432a167
AWS: Add iam_groups parameter to role create/update (#8811)
Allows vault roles to be associated with IAM groups in the AWS
secrets engine, since IAM groups are a recommended way to manage
IAM user policies. IAM users generated against a vault role will
be added to the IAM Groups. For a credential type of
`assumed_role` or `federation_token`, the policies sent to the
corresponding AWS call (sts:AssumeRole or sts:GetFederation) will
be the policies from each group in `iam_groups` combined with the
`policy_document` and `policy_arns` parameters.

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
2020-06-09 16:56:12 -07:00
ncabatoff 315d1ba9c5
Explain what lease tidy does. (#9178) 2020-06-09 16:54:06 -04:00
joe miller 15661719fa
document all of the supported elliptic curves (#8722) 2020-06-08 11:26:56 -04:00
Rob Taylor 76e78605a9
Fixed minor typo in secrets documentation page (#8856) 2020-06-08 11:17:26 -04:00
Frederic Hemberger 4e13db3912
[docs/telemetry] Unnecessary comma in HCL example (#8817) 2020-06-08 11:07:28 -04:00
Rob Jackson 38ca50cdd9
update to include vault_format (#8876) 2020-06-08 10:40:03 -04:00
Tomas Bäckman 6e97db6d68
Add note about flag -target=recovery for auto-unseal mode (#9163) 2020-06-08 09:26:49 -04:00
Austin Gebauer bf2ce8d1cb
docs: fix port number in curl command for aws rotate root iam creds (#9157) 2020-06-05 16:00:49 -07:00
Calvin Leung Huang 0565e28592
docs: document raft and mlock interaction (#9093)
* docs: document raft and mlock interaction

* docs: expand on mlock issue when raft is used

* Update website/pages/docs/configuration/index.mdx

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>

Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
2020-06-05 15:02:55 -07:00
Scott Miller e2d5d92b77
Github markdown doesn't use "^" for superscript, have to be explicit (#9156) 2020-06-05 16:55:33 -05:00
Scott Miller f8f4ae4ab2
Document and give an example of the input size limits when using the FF3-1 transform. (#9151)
* Document and give an example of the input size limits when using the FF3-1
transform.
2020-06-05 07:45:18 -05:00
Jason O'Donnell e0e29a9586
docs/k8s: Add OpenShift K8s beta documentation (#9135)
* doc/k8s: add OpenShift examples

* Update requirements

* Update website/pages/docs/platform/k8s/helm/openshift.mdx

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* Fix ha example

* Fix ha doc

* Update image references

* Fix formatting

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
2020-06-03 15:10:37 -04:00
Dave D'Amico a60ba90a20
updated 1.3.2 and 1.4.0 upgrade guides to note AWS STS region issue fixed in 1.4.1 (#9137) 2020-06-03 10:27:45 -07:00
Theron Voran 7622bee530
Docs updates for vault-helm 0.6.0 release (#9116)
* Docs updates for vault-helm 0.6.0 release

* added openshift and postStart values

* noting that openshift support is a beta feature
2020-06-03 11:44:32 -04:00
Theron Voran fa17e22050
Docs updates for vault-k8s 0.4.0 (#9107)
* Adding changes for vault-k8s 0.4.0

* add note about run-as-same-user rejecting root
2020-06-03 10:06:20 -04:00
Brian Kassouf fbd9fd4510
Fix upgrade guide (#9133) 2020-06-02 16:27:19 -07:00
Michael Golowka 5ca4d819d1
Update OpenLDAP Secrets Docs with Password Policies (#9088)
* Update OpenLDAP docs to use password policies
2020-06-02 11:34:01 -06:00
Michael Golowka bd587da491
Add docs for password policies (#8974)
* Add docs for password policies
2020-06-02 11:12:22 -06:00
Alexander Bezobchuk 9dd67cbeb6
Merge PR #9027: Integrated Storage (Raft): Add Support for max_entry_size Config 2020-06-01 10:17:24 -04:00
dddugan a098e313a9
correct sockaddr.is_contained example (#9104)
Syntax for sockaddr.is_contained should be outer, inner - i.e. range, IP. See https://docs.hashicorp.com/sentinel/imports/sockaddr/ for reference.
2020-05-29 10:51:31 -07:00
Jeff Escalante 0e3229a3d8
add missing styles for mdx components (#9103) 2020-05-29 13:29:24 -04:00
ncabatoff 9987b71a36
Update seal docs to reflect 1.3 changes. (#9086) 2020-05-29 13:28:03 -04:00
Christophe Drevet-Droguet 932c1834cc
ssh certificate signing: fix documentation of extensions (#8859) 2020-05-29 13:23:19 -04:00
Elthariel 3a07bd0bc4
doc: Add an example of templated policy using k8s metadata (#9101) 2020-05-28 17:54:56 -07:00
ncabatoff d8c52a4b44
Add note regarding LDAP regression. (#9038) 2020-05-27 12:29:30 -04:00
Thomas L. Kula 3ce9615992
Allow auto_auth with templates without specifying a sink (#8812)
For situations where you want the Vault agent to handle one or more templates but do not require the acquired credentials elsewhere.

Modify the logic in SyncServer so that if there are no sinks, ignore any new credentials. Since SyncServer is responsible for shutting down the agent, make sure it still properly shuts down in this new situation.

Solves #7988
2020-05-26 13:52:14 -04:00
ncabatoff 175bff872c
Add some notes on what tidy does and how to see if your cluster can handle it (#9036) 2020-05-26 09:19:36 -04:00
Jim Kalafut a9d7d34ede
Update release notes (#9064) 2020-05-21 18:51:19 -07:00
Mike Jarmy 95055d7409
update website for 1.4.2 (#9063) 2020-05-21 16:34:03 -04:00
Jeff Escalante 8eed94b072
🌷 Docs Website Maintenance (#8985)
* website maintenance round
* improve docs, revert bug workaround as it was fixed
* boost memory
* remove unnecessary code
2020-05-21 13:18:17 -04:00
Lauren Voswinkel 8fc08f8c91
Require TLS or plaintext flagging in MySQL configuration (#9012)
* Adds a safety switch to configuration files.

This requires a user to either use TLS, or acknowledge that they are sending
credentials over plaintext.

* Warn if plaintext credentials will be passed

* Add true/false support to the plaintext transmission ack

* Updated website docs and ensured ToLower is used for true comparison
2020-05-21 09:09:37 -07:00
Jason O'Donnell 4b2a72c616
doc: clarify token helper intro (#9058) 2020-05-21 10:11:32 -04:00