luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
16878 commits 1 branch 0 tags 214 MiB
Commit graph

49 commits

Author SHA1 Message Date
Hamid Ghaf 27bb03bbc0
adding copyright header (#19555) 
* adding copyright header

* fix fmt and a test
 2023-03-15 09:00:52 -07:00
Alexander Scheel 881ae5a303
Remove dynamic keys from SSH Secrets Engine (#18874) 
* Remove dynamic keys from SSH Secrets Engine

This removes the functionality of Vault creating keys and adding them to
the authorized keys file on hosts.

This functionality has been deprecated since Vault version 0.7.2.

The preferred alternative is to use the SSH CA method, which also allows
key generation but places limits on TTL and doesn't require Vault reach
out to provision each key on the specified host, making it much more
secure.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove dynamic ssh references from documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove dynamic key secret type entirely

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify changelog language

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add removal notice to the website

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-01-31 16:02:22 -05:00
Lars Lehtonen d8f7dd364a
builtin: deprecate errwrap.Wrapf() throughout (#11430) 
* audit: deprecate errwrap.Wrapf()

* builtin/audit/file: deprecate errwrap.Wrapf()

* builtin/crediential/app-id: deprecate errwrap.Wrapf()

* builtin/credential/approle: deprecate errwrap.Wrapf()

* builtin/credential/aws: deprecate errwrap.Wrapf()

* builtin/credentials/token: deprecate errwrap.Wrapf()

* builtin/credential/github: deprecate errwrap.Wrapf()

* builtin/credential/cert: deprecate errwrap.Wrapf()

* builtin/logical/transit: deprecate errwrap.Wrapf()

* builtin/logical/totp: deprecate errwrap.Wrapf()

* builtin/logical/ssh: deprecate errwrap.Wrapf()

* builtin/logical/rabbitmq: deprecate errwrap.Wrapf()

* builtin/logical/postgresql: deprecate errwrap.Wrapf()

* builtin/logical/pki: deprecate errwrap.Wrapf()

* builtin/logical/nomad: deprecate errwrap.Wrapf()

* builtin/logical/mssql: deprecate errwrap.Wrapf()

* builtin/logical/database: deprecate errwrap.Wrapf()

* builtin/logical/consul: deprecate errwrap.Wrapf()

* builtin/logical/cassandra: deprecate errwrap.Wrapf()

* builtin/logical/aws: deprecate errwrap.Wrapf()
 2021-04-22 11:20:59 -04:00
Brian Kassouf 303c2aee7c
Run a more strict formatter over the code (#11312) 
* Update tooling

* Run gofumpt

* go mod vendor
 2021-04-08 09:43:39 -07:00
Anthony Dong d4267b4250 ssh backend: support at character in role name (#8038) 2020-01-21 11:46:29 +01:00
Jeff Mitchell 9ebc57581d
Switch to go modules (#6585) 
* Switch to go modules

* Make fmt
 2019-04-13 03:44:06 -04:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jim Kalafut d0e2badbae Run goimports across the repository (#6010) 
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
 2019-01-08 16:48:57 -08:00
Vishal Nayak 28e3eb9e2c
Errwrap everywhere (#4252) 
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
 2018-04-05 11:49:21 -04:00
Brian Kassouf 9dba3590ac
Add context to the NewSalt function (#4102) 2018-03-08 11:21:11 -08:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Brian Kassouf 1c190d4bda
Pass context to backends (#3750) 
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
 2018-01-08 10:31:38 -08:00
Jeff Mitchell d25aa9fc21 Don't write salts in initialization, look up on demand (#2702) 2017-05-09 17:51:09 -04:00
Jeff Mitchell 6f6f242061 Add logic to skip initialization in some cases and some invalidation logic 2017-05-05 15:01:52 -04:00
vishalnayak 931c96d1ba ssh: Use temporary file to store the identity file 2016-10-18 12:50:12 -04:00
vishalnayak 5367a7223d Add allowed_roles to ssh-helper-config and return role name from verify call 2016-07-05 11:14:29 -04:00
vishalnayak 30fa7f304b Allow * to be set for allowed_users 2016-05-30 03:12:43 -04:00
vishalnayak 971b2cb7b7 Do not allow any username to login if allowed_users is not set 2016-05-30 03:01:47 -04:00
Jeff Mitchell d3a705f17b Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Jeff Mitchell 9c5ad28632 Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell f3ce90164f WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell f2da5b639f Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell a9155ef85e Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell 29c722dbb6 Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
vishalnayak 9918105404 Vault SSH: Store roles as slice of strings 2015-08-31 17:03:46 -04:00
vishalnayak 5e3f8d53f3 Vault SSH: ZeroAddress CRUD test 2015-08-30 14:20:16 -04:00
vishalnayak dc4f97b61b Vault SSH: Zeroaddress roles and CIDR overlap check 2015-08-29 15:24:15 -04:00
vishalnayak b12a2f0013 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
vishalnayak 702a869010 Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
Jeff Mitchell 5695d57ba0 Merge pull request #561 from hashicorp/fix-wild-cards 
Allow hyphens in endpoint patterns of most backends
 2015-08-21 11:40:42 -07:00
vishalnayak 6c2927ede0 Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell 93ef9a54bd Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
vishalnayak b91ebbc6e2 Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak 9db318fc55 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
vishalnayak 7f9babed2a Vault SSH: CLI embellishments 2015-08-13 16:55:47 -07:00
vishalnayak d670b50e78 Vault SSH: Introduced allowed_users option. Added helpers getKey and getOTP 2015-08-13 14:18:30 -07:00
vishalnayak 2320bfb1e4 Vault SSH: Helper for OTP creation and role read 2015-08-13 11:12:30 -07:00
vishalnayak c11bcecbbb Vault SSH: Mandate default_user. Other refactoring 2015-08-13 10:36:31 -07:00
vishalnayak 8e946f27cc Vault SSH: cidr to cidr_list 2015-08-13 08:46:55 -07:00
vishalnayak 7d3025fd6e Vault SSH: Default lease duration, policy/ to role/ 2015-08-12 17:36:27 -07:00
vishalnayak 330ef396ca Vault SSH: Default lease of 5 min for SSH secrets 2015-08-12 17:10:35 -07:00
vishalnayak 0af97b8291 Vault SSH: uninstall dynamic keys using script 2015-08-06 15:50:12 -04:00
vishalnayak 3dd8fe750d Vault SSH: Script to install dynamic keys in target 2015-08-06 14:48:19 -04:00
vishalnayak c7ef0b95c2 Vault SSH: CRUD test case for OTP Role 2015-07-31 13:24:23 -04:00
vishalnayak 61c9f884a4 Vault SSH: Review Rework 2015-07-29 14:21:36 -04:00
Vishal Nayak 2e7612a149 Vault SSH: admin_user/default_user fix 2015-07-27 15:03:10 -04:00
Vishal Nayak e9f507caf0 Vault SSH: Refactoring 2015-07-27 13:02:31 -04:00
Vishal Nayak b532ee0bf4 Vault SSH: Dynamic Key test case fix 2015-07-24 12:13:26 -04:00
Vishal Nayak e8daf2d0a5 Vault SSH: keys/ designated special path 2015-07-23 18:12:13 -04:00
Renamed from builtin/logical/ssh/path_role_create.go (Browse further)