Sean Malloy
7e9ec5afb4
Fix GCP auth docs typo ( #5017 )
...
The bound_bound_service_accounts parameter does not exist. The correct
spelling is bound_service_accounts.
2018-07-31 10:57:34 -04:00
Chris Hoffman
083157cb24
adding environment to azure auth docs ( #5004 )
2018-07-27 08:33:20 -04:00
Chris Hoffman
d02284657e
adding missing properties ( #5003 )
2018-07-27 08:19:12 -04:00
Chris Hoffman
b37c05cf64
updating azure auth plugin and docs ( #4975 )
2018-07-23 10:00:44 -04:00
Tomohisa Oda
9ff2081e8b
add sequelize-vault to third-party tools ( #4945 )
2018-07-17 21:45:37 -07:00
dmicanzerofox
a3d067c00b
PKI Tidy Revocation List optionally Tidy Revoked Certs that are Unexpired ( #4916 )
2018-07-13 09:32:32 -04:00
Seth Vargo
a379989da4
Update GCP docs ( #4898 )
...
* Consistently use "Google Cloud" where appropriate
* Update GCP docs
This updates the GCP docs to use the new updated fields that will be
present in the next release of the plugin as well as fixes up some
inconsistencies between the GCP docs and other auth method
documentation.
2018-07-11 15:52:22 -04:00
Jeff Mitchell
2322eabc68
Add jwt auth docs ( #4891 )
2018-07-11 15:08:49 -04:00
Jeff Mitchell
935c045cfa
Fix permitted dns domain handling ( #4905 )
...
It should not require a period to indicate subdomains being allowed
Fixes #4863
2018-07-11 12:44:49 -04:00
Seth Vargo
408fc1eac0
Properly capitalize H in GitHub ( #4889 )
...
It's really bothering me, sorry.
2018-07-10 08:11:03 -07:00
Jeff Mitchell
bfb7ba3843
Remove vault.rocks from some that were missed
2018-07-10 10:47:30 -04:00
Jeff Mitchell
8f45bc69ba
Fix tuning visibility in CLI ( #4827 )
...
The API elides the value if it's empty, but empty has meaning. This adds
"hidden" as an option which is fundamentally identical to the default.
2018-07-02 12:13:25 -04:00
Chris Hoffman
6f5b8c0e6f
adding sample request to key status api docs ( #4853 )
2018-06-29 09:17:51 -04:00
Becca Petrin
73cbbe2a9f
Add bound cidrs to tokens in AppRole ( #4680 )
2018-06-19 22:57:11 -04:00
Becca Petrin
d9ac83569b
clarify aws role tag doc ( #4797 )
2018-06-19 15:59:57 -07:00
Becca Petrin
71977637d4
Update Active Directory secret engine docs ( #4788 )
...
* active directory rotate root docs
* update doc
2018-06-19 09:11:46 -07:00
Jeff Mitchell
cffb1183a8
Database updates ( #4787 )
...
* Database updates
* Add create/update distinction for connection config
* Add create/update distinction for role config
* Add db name and revocation statements to leases to give revocation a
shot at working if the role has been deleted
Fixes #3544
Fixes #4782
* Add create/update info to docs
2018-06-19 11:24:28 -04:00
Mr Talbot
5551a63221
pki: add ext_key_usage to mirror key_usage and add to sign-verbatim ( #4777 )
...
* pki: add ext_key_usage parameter to role
* pki: add key_usage and ext_key_usage parameter to sign-verbatim
* pki: cleanup code as per comments
2018-06-15 18:20:43 -04:00
Jeff Mitchell
91ca3d4b7f
Add URI SANs ( #4767 )
2018-06-15 15:32:25 -04:00
Jeff Mitchell
43d9ae5c0a
Update index.html.md
...
Fixes #4763
2018-06-14 10:19:38 -04:00
Brian Kassouf
1b77db5138
Update replication status ( #4761 )
...
* Update replication-performance.html.md
* Update replication-dr.html.md
* Update replication.html.md
* Update replication-dr.html.md
* Update replication-dr.html.md
* Update replication-performance.html.md
* Update replication.html.md
2018-06-13 16:43:39 -07:00
Eli Oxman
68ce3bed34
Add async python client to docs ( #4698 )
2018-06-05 10:23:56 -04:00
Becca Petrin
9228659c5c
add formatter to ad docs ( #4653 )
2018-05-29 16:47:46 -07:00
Jeff Mitchell
bde0bda710
Merge pull request #4600 from hashicorp/rekey-verification
...
Rekey verification, allowing new key shares to be confirmed before committing the new key.
2018-05-29 15:00:07 -04:00
Becca Petrin
606889f005
Docs for the upcoming Active Directory secrets engine ( #4612 )
2018-05-29 08:49:09 -07:00
Jeff Mitchell
bd0ac25eb9
Merge branch 'master' into rekey-verification
2018-05-29 10:19:57 -04:00
Becca Petrin
12976bf60e
add userpass note on bound cidrs ( #4610 )
2018-05-25 14:35:09 -04:00
Jeff Mitchell
52cb8234a6
Changelogify and fix some minor website bits
2018-05-25 10:39:23 -04:00
Nicholas Jackson
17460461a0
Breakout parameters for x.509 certificate login ( #4463 )
2018-05-25 10:34:46 -04:00
nelson
196d054f70
Update kv-v2.html.md ( #4614 )
...
correct the payload format for "Configure the KV Engine" and "Update Metadata"
2018-05-24 12:44:44 -04:00
Chris Hoffman
d066c4a2a8
remove incorrect parameter
2018-05-23 08:58:27 -04:00
Jeff Mitchell
635fd18bf6
Minor website doc updates
2018-05-22 15:12:12 -04:00
Chris Hoffman
ae43f2c25e
adding options information to mount endpoint ( #4606 )
2018-05-21 16:39:43 -04:00
Jeff Mitchell
3e0dbc5ea7
Remove dupe website text
2018-05-21 16:30:45 -04:00
Jeff Mitchell
8ad0bbbc44
Address feedback
2018-05-21 16:13:38 -04:00
Jeff Mitchell
27ab8d1a20
Add verification documentation
2018-05-21 12:00:36 -04:00
Jeff Mitchell
c737778c8d
Make description of prehashed a bit more friendly
2018-05-21 09:08:22 -04:00
Jeff Mitchell
3a568b6175
Update key_type parameter description
2018-05-19 12:20:37 -04:00
Kevin Paulisse
6d93ea4d77
Docs: Clarify that revoking token revokes dynamic secrets ( #4592 )
2018-05-18 23:27:53 -07:00
Jeff Mitchell
5a35dac726
Add missing drsecondarycode to health API docs
2018-05-18 12:39:13 -04:00
Jeff Mitchell
30dc66221c
Flip documented resolve_aws_unique_id value
...
Fixes #4583
2018-05-18 12:05:52 -04:00
Jim Kalafut
5dcfc63ee6
Fix GCP API parameter docs
2018-05-17 08:54:25 -07:00
Andrew Slattery
3bd38517eb
Update KV response code ( #4568 )
...
Creating/Updating a secret in KV-V2 produces a status code `200` with a response body of `application/json`, whereas the previous documentation notated a `204 (empty body)` expected response code.
2018-05-17 08:46:19 -07:00
Jeff Mitchell
ec876c21b3
Update website ldap url text
2018-05-16 11:58:10 -04:00
Seth Vargo
a4fa046730
Update GCP secrets to be example-driven ( #4539 )
...
👍
2018-05-10 16:58:22 -04:00
Becca Petrin
76c717b081
Restrict cert auth by CIDR ( #4478 )
2018-05-09 15:39:55 -07:00
Jeff Mitchell
274732733e
Clarify that rotate requires sudo
2018-05-09 10:19:35 -04:00
Jacob Friedman
67b8d3dc40
Changed DR docs page to fix generating secondary DR token ( #4521 )
...
The docs for how to create secondary DR tokens were incorrect, which caused issues at a customer. I fixed the documentation with the proper syntax and formatting, which I copied from the perf replication docs (after changing endpoints). Can someone take a quick look for me?
2018-05-08 13:35:48 -07:00
vishalnayak
f95a913bd5
docs: s/entity/group-alias
2018-05-08 16:32:35 -04:00
Jeff
9b9be9622a
Typo ( #4505 )
2018-05-03 13:37:44 -07:00
Laura Uva
cef1b3b75c
Payload key should be dr_operation_token ( #4498 )
2018-05-02 18:35:51 -07:00
Nándor István Krácser
9cf56fe0df
Fix mapping read paths ( #4448 )
2018-04-25 09:22:30 -04:00
vishalnayak
94f28e3c24
Merge branch 'master-oss' into approle-local-secretid
2018-04-24 16:17:56 -04:00
Brian Shumate
c35fe4e6f0
Update curl commands / replace invalid '--payload' flag ( #4440 )
2018-04-24 11:20:29 -04:00
vishalnayak
6b7a042003
error on enable_local_secret_ids update after role creation
2018-04-23 17:05:53 -04:00
vishalnayak
97d146ca69
update docs
2018-04-23 16:54:23 -04:00
Jeff Mitchell
6d95b4d266
Add the ability to restrict token usage by IP. Add to token roles. ( #4412 )
...
Fixes #815
2018-04-21 10:49:16 -04:00
vishalnayak
da1d68969c
docs: update accessor lookup response
2018-04-17 11:52:58 -04:00
vishalnayak
6e827d2b27
docs: update token lookup response
2018-04-17 11:40:00 -04:00
Sohex
efd0023d89
Update index.html.md ( #4372 )
...
Remove duplicate of max_ttl description from end of period description under create role parameters.
2018-04-17 11:05:50 -04:00
Calvin Leung Huang
7ba953b969
Add docs for internal UI mounts endpoint ( #4369 )
...
* Add docs for internal UI mounts endpoint
* Update description section
2018-04-16 12:13:58 -04:00
Jeff Mitchell
530121c655
Add ability to disable an entity ( #4353 )
2018-04-13 21:49:40 -04:00
Jeff Mitchell
99cf5c6054
Fix token store role documentation around explicit max ttl
2018-04-13 09:59:12 -04:00
Brian Kassouf
a8b8ca136e
KV: Update 'versioned' naming to 'v2' ( #4293 )
...
* Update 'versioned' naming to 'v2'
* Make sure options are set
* Fix description of auth flag
* Review feedback
2018-04-09 09:39:32 -07:00
Chris Hoffman
f6a3a76f25
Docs for configuration UI headers ( #4313 )
...
* adding /sys/config/ui headers
* adding /sys/config/ui headers
2018-04-09 12:21:02 -04:00
Chris Hoffman
19f9f6ee89
Root Credential Rotation Docs ( #4312 )
...
* updating root credential docs
* more docs updates
* more docs updates
2018-04-09 12:20:29 -04:00
Matthew Irish
cff34e983f
UI - pki updates ( #4291 )
...
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
2018-04-08 21:09:29 -05:00
Brian Kassouf
62ce5ec91d
Versioned K/V docs ( #4259 )
...
* Work on kv docs
* Add more kv docs
* Update kv docs
* More docs updates
* address some review coments
2018-04-03 23:22:41 -07:00
Jeff Mitchell
f5ba4796f5
Case insensitive behavior for LDAP ( #4238 )
2018-04-03 09:52:43 -04:00
Vishal Nayak
96fc0c2509
Update group alias by ID ( #4237 )
...
* update group alias by id
* update docs
2018-04-02 10:42:01 -04:00
Vishal Nayak
ab3579aeb6
add entity merge API to docs ( #4234 )
2018-04-01 12:59:57 -04:00
Jeff Mitchell
2f90e0c2e1
Merge branch 'master-oss' into 0.10-beta
2018-03-27 12:40:30 -04:00
Yoko
d03056eed3
Update Github auth method API reference ( #4202 )
...
* Update Github auth method API reference
* Replaced vault.rocks in API
2018-03-26 16:56:14 -07:00
Seth Vargo
0b827774ae
Drop vault.rocks ( #4186 )
2018-03-23 11:41:51 -04:00
Chris Hoffman
b7ef4a3a6f
adding Azure docs ( #4185 )
...
Adding Azure Auth Method docs
2018-03-22 18:28:42 -04:00
Brian Kassouf
ad383e911f
Update kv backend and add some docs ( #4182 )
...
* Add kv backend
* Move kv in apha order
* Update kv backend and add some docs
2018-03-21 23:10:05 -04:00
Calvin Leung Huang
25792df5a9
Passthrough request headers ( #4172 )
...
* Add passthrough request headers for secret/auth mounts
* Update comments
* Fix SyncCache deletion of passthrough_request_headers
* Remove debug line
* Case-insensitive header comparison
* Remove unnecessary allocation
* Short-circuit filteredPassthroughHeaders if there's nothing to filter
* Add whitelistedHeaders list
* Update router logic after merge
* Add whitelist test
* Add lowercase x-vault-kv-client to whitelist
* Add back const
* Refactor whitelist logic
2018-03-21 19:56:47 -04:00
emily
f9b6f4b1c5
Docs for Vault GCP secrets plugin ( #4159 )
2018-03-21 15:02:38 -04:00
Brian Shumate
1fcf0c6a38
Docs: update formatting / heading ( #4175 )
...
- Correct Generate Disaster Recovery Operation Token heading level
- Tighten up formatting/trailing spaces
2018-03-21 10:14:52 -04:00
Josh Soref
73b1fde82f
Spelling ( #4119 )
2018-03-20 14:54:10 -04:00
Jason Martin
b3e5ec865d
README Spelling error ( #4165 )
2018-03-20 11:45:56 -04:00
Jeff Mitchell
9d030aaf37
Note that you can set a CA chain when using set-signed.
...
Fixes #2246
2018-03-19 19:44:07 -04:00
Jacob Crowther
35ccbe504c
Add Cryptr to related tools ( #4126 )
2018-03-19 14:46:54 -04:00
Jeff Mitchell
3a5e1792c0
Update path-help to make clear you shouldn't put things in the URL.
...
Remove from website docs as those have been long deprecated.
2018-03-19 11:50:16 -04:00
Joel Thompson
3e2006eb13
Allow non-prefix-matched IAM role and instance profile ARNs in AWS auth backend ( #4071 )
...
* Update aws auth docs with new semantics
Moving away from implicitly globbed bound_iam_role_arn and
bound_iam_instance_profile_arn variables to make them explicit
* Refactor tests to reduce duplication
auth/aws EC2 login tests had the same flow duplicated a few times, so
refactoring to reduce duplication
* Add tests for aws auth explicit wildcard constraints
* Remove implicit prefix matching from AWS auth backend
In the aws auth backend, bound_iam_role_arn and
bound_iam_instance_profile_arn were ALWAYS prefix matched, and there was
no way to opt out of this implicit prefix matching. This now makes the
implicit prefix matching an explicit opt-in feature by requiring users
to specify a * at the end of an ARN if they want the prefix matching.
2018-03-17 21:24:49 -04:00
Joel Thompson
39dc981301
auth/aws: Allow binding by EC2 instance IDs ( #3816 )
...
* auth/aws: Allow binding by EC2 instance IDs
This allows specifying a list of EC2 instance IDs that are allowed to
bind to the role. To keep style formatting with the other bindings, this
is still called bound_ec2_instance_id rather than bound_ec2_instance_ids
as I intend to convert the other bindings to accept lists as well (where
it makes sense) and keeping them with singular names would be the
easiest for backwards compatibility.
Partially fixes #3797
2018-03-15 09:19:28 -07:00
Brian Nuszkowski
76be90f384
Add PKCS1v15 as a RSA signature and verification option on the Transit secret engine ( #4018 )
...
Option to specify the RSA signature type, in specific add support for PKCS1v15
2018-03-15 09:17:02 -07:00
Jeff Mitchell
59b3e28151
Make the API docs around ed25519 more clear about what derivation means for this key type
2018-03-15 11:59:50 -04:00
Calvin Leung Huang
3108860d4b
Audit HMAC values on AuthConfig ( #4077 )
...
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs
* docs: Add ttl params to auth enable endpoint
* Rewording of go string to simply string
* Add audit hmac keys as CLI flags on auth/secrets enable
* Fix copypasta mistake
* Add audit hmac keys to auth and secrets list
* Only set config values if they exist
* Fix http sys/auth tests
* More auth plugin_name test fixes
* Pass API values into MountEntry's config when creating auth/secrets mount
* Update usage wording
2018-03-09 14:32:28 -05:00
Vishal Nayak
527eb418fe
approle: Use TypeCommaStringSlice for BoundCIDRList ( #4078 )
...
* Use TypeCommaStringSlice for Approle bound_cidr_list
* update docs
* Add comments in the test
2018-03-08 17:49:08 -05:00
Calvin Leung Huang
e2fb199ce5
Non-HMAC audit values ( #4033 )
...
* Add non-hmac request keys
* Update comment
* Initial audit request keys implementation
* Add audit_non_hmac_response_keys
* Move where req.NonHMACKeys gets set
* Minor refactor
* Add params to auth tune endpoints
* Sync cache on loadCredentials
* Explicitly unset req.NonHMACKeys
* Do not error if entry is nil
* Add tests
* docs: Add params to api sections
* Refactor audit.Backend and Formatter interfaces, update audit broker methods
* Add audit_broker.go
* Fix method call params in audit backends
* Remove fields from logical.Request and logical.Response, pass keys via LogInput
* Use data.GetOk to allow unsetting existing values
* Remove debug lines
* Add test for unsetting values
* Address review feedback
* Initialize values in FormatRequest and FormatResponse using input values
* Update docs
* Use strutil.StrListContains
* Use strutil.StrListContains
2018-03-02 12:18:39 -05:00
Jeff Mitchell
49068a42be
Document primary_email in Okta mfa path
2018-03-02 11:54:21 -05:00
Jeff Mitchell
8fe24dec0a
Actually add PingID to the index of API pages
2018-03-02 11:49:48 -05:00
Joel Thompson
e4949d644b
auth/aws: Allow lists in binds ( #3907 )
...
* auth/aws: Allow lists in binds
In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
2018-03-02 11:09:14 -05:00
Vishal Nayak
2646ed5e2a
update sys/capabilities docs ( #4059 )
2018-03-01 11:42:39 -05:00
Jeff Mitchell
5034ae2dcb
Add the ability to use multiple paths for capability checking ( #3663 )
...
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).
Fixes #3336
* Added tests
* added 'paths' field
* Update docs
* return error if paths is not supplied
2018-03-01 11:14:56 -05:00
vishalnayak
4b0f27923f
ssh: clarify optional behavior of cidr_list
2018-02-24 06:55:55 -05:00
Chris Hoffman
a2e816321e
adding LIST for connections in database backend ( #4027 )
2018-02-22 15:27:33 -05:00
Jeff Mitchell
9c2ad5c4ec
Fix formatting on sys/health docs
2018-02-22 10:52:12 -05:00
Calvin Leung Huang
a06243bf8d
Add description param on tune endpoints ( #4017 )
2018-02-21 17:18:05 -05:00