2dc468f4d1
* auth/aws: Make identity alias configurable This is inspired by #4178, though not quite exactly what is requested there. Rather than just use RoleSessionName as the Identity alias, the full ARN is uses as the Alias. This mitigates against concerns that an AWS role with an insufficiently secured trust policy could allow an attacker to generate arbitrary RoleSessionNames in AssumeRole calls to impersonate anybody in the Identity store that had an alias set up. By using the full ARN, the owner of the identity store has to explicitly trust specific AWS roles in specific AWS accounts to generate an appropriate RoleSessionName to map back to an identity. Fixes #4178 * Respond to PR feedback * Remove CreateOperation Response to PR feedback |
||
|---|---|---|
| .. | ||
| data | ||
| scripts | ||
| source | ||
| config.rb | ||
| Gemfile | ||
| Gemfile.lock | ||
| LICENSE.md | ||
| Makefile | ||
| packer.json | ||
| README.md | ||
| redirects.txt | ||
Vault Website
This subdirectory contains the entire source for the Vault Website. This is a Middleman project, which builds a static site from these source files.
Contributions Welcome!
If you find a typo or you feel like you can improve the HTML, CSS, or JavaScript, we welcome contributions. Feel free to open issues or pull requests like any normal GitHub project, and we'll merge it in.
Running the Site Locally
Running the site locally is simple. Clone this repo and run make website.
Then open up http://localhost:4567. Note that some URLs you may need to append
".html" to make them work (in the navigation).