luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/api
History
Scott Miller 25960fd034
Add the ability to unseal using recovery keys via an explicit seal option. (#18683) 
* wip

* wip

* Got it 'working', but not happy about cleanliness yet

* Switch to a dedicated defaultSeal with recovery keys

This is simpler than trying to hijack SealAccess as before.  Instead, if the operator
has requested recovery unseal mode (via a flag in the seal stanza), we new up a shamir
seal with the recovery unseal key path instead of the auto seal.  Then everything proceeds
as if you had a shamir seal to begin with.

* Handle recovery rekeying

* changelog

* Revert go.mod redirect

* revert multi-blob info

* Dumb nil unmarshal target

* More comments

* Update vault/seal.go

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Update changelog/18683.txt

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* pr feedback

* Fix recovery rekey, which needs to fetch root keys and restore them under the new recovery split

* Better comment on recovery seal during adjustSealMigration

* Make it possible to migrate from an auto-seal in recovery mode to shamir

* Fix sealMigrated to account for a recovery seal

* comments

* Update changelog/18683.txt

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Address PR feedback

* Refactor duplicated migration code into helpers, using UnsealRecoveryKey/RecoveryKey where appropriate

* Don't shortcut the reast of seal migration

* get rid of redundant transit server cleanup

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
 		2023-01-24 14:57:56 -06:00
..
auth Update vault and api/auth submodules to use api/v1.8.3 (#18773) 2023-01-20 11:44:03 -05:00
test-fixtures Add More TLS Tests and Verification of TLS Root Certificate (#11300) 2021-04-12 08:39:40 -07:00
README.md Developer Quickstart docs improvements (#16199) 2022-06-30 08:50:35 -07:00
api_test.go Add HTTP PATCH support to KV (#12687) 2021-10-13 15:24:31 -04:00
auth.go [Vault-5248] MFA support for api login helpers (#14900) 2022-04-15 11:13:15 -07:00
auth_test.go [Vault-5248] MFA support for api login helpers (#14900) 2022-04-15 11:13:15 -07:00
auth_token.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
client.go Remove timeout logic from ReadRaw functions and add ReadRawWithContext (#18708) 2023-01-17 15:41:59 -05:00
client_test.go Added flag and env var which will disable client redirection (#17352) 2022-09-30 09:29:37 +01:00
go.mod Update x/crypto + x/net (#18794) 2023-01-23 19:11:04 +00:00
go.sum Update x/crypto + x/net (#18794) 2023-01-23 19:11:04 +00:00
help.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
kv.go Add a sentinel error for missing KV secrets (#16699) 2022-08-12 19:29:42 -04:00
kv_test.go Fix for KV_V2 Custom Metadata Bug (#17395) 2022-10-05 16:43:54 -07:00
kv_v1.go Add a sentinel error for missing KV secrets (#16699) 2022-08-12 19:29:42 -04:00
kv_v2.go Fix for KV_V2 Custom Metadata Bug (#17395) 2022-10-05 16:43:54 -07:00
lifetime_watcher.go update gofumpt to 0.3.1 and reformat the repo (#17055) 2022-09-07 17:31:20 -07:00
logical.go Remove timeout logic from ReadRaw functions and add ReadRawWithContext (#18708) 2023-01-17 15:41:59 -05:00
output_policy.go Global flag that outputs minimum policy HCL required for an operation (#14899) 2022-04-27 16:35:18 -07:00
output_string.go refactor: replace strings.Replace with strings.ReplaceAll (#15392) 2022-08-03 15:22:48 -04:00
plugin_helpers.go Revert "Add mount path into the default generated openapi.json spec (#17926)" (#18617) 2023-01-10 11:16:59 -05:00
plugin_helpers_test.go Global flag that outputs minimum policy HCL required for an operation (#14899) 2022-04-27 16:35:18 -07:00
renewer_test.go TestLifetimeWatcher: Address race condition in test assertions (#15969) 2022-06-14 09:44:51 -04:00
request.go Fix SRV Lookups (#8520) 2020-03-11 14:22:58 +01:00
request_test.go Clean up request logic and use retryable's more efficient handling (#4670) 2018-06-01 09:12:43 -04:00
response.go VAULT-1303 when a request to vault fails, show namespace if set (#12196) 2021-07-30 12:32:05 -04:00
secret.go Vault 9800 Fix vault read handling for endpoints with no top-level data object (#17913) 2022-11-17 10:51:37 -08:00
ssh.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
ssh_agent.go update gofumpt to 0.3.1 and reformat the repo (#17055) 2022-09-07 17:31:20 -07:00
ssh_agent_test.go Run a more strict formatter over the code (#11312) 2021-04-08 09:43:39 -07:00
sys.go api: separate sys out further 2015-03-11 17:46:41 -05:00
sys_audit.go update gofumpt to 0.3.1 and reformat the repo (#17055) 2022-09-07 17:31:20 -07:00
sys_auth.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_capabilities.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_config_cors.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_generate_root.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_hastatus.go Add autopilot automated upgrades and redundancy zones (#15521) 2022-05-20 16:49:11 -04:00
sys_health.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_init.go Add the ability to unseal using recovery keys via an explicit seal option. (#18683) 2023-01-24 14:57:56 -06:00
sys_leader.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_leases.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_mfa.go [Vault-5248] MFA support for api login helpers (#14900) 2022-04-15 11:13:15 -07:00
sys_monitor.go api/monitor: Adding log format to monitor command and debug (#15536) 2022-05-24 13:10:53 -04:00
sys_mounts.go Vault 8305 Prevent Brute Forcing in Auth methods : Setting user lockout configuration (#17338) 2022-11-01 11:02:07 -07:00
sys_mounts_test.go Plugins: Consistently use plugin_version (#17171) 2022-09-20 12:35:50 +01:00
sys_plugins.go Plugins: Add -version flag to 'vault plugin info' (#17454) 2022-10-07 15:28:15 +01:00
sys_plugins_test.go Plugins: Add -version flag to 'vault plugin info' (#17454) 2022-10-07 15:28:15 +01:00
sys_policy.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_raft.go Add autopilot automated upgrades and redundancy zones (#15521) 2022-05-20 16:49:11 -04:00
sys_rekey.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_rotate.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00
sys_seal.go VAULT-8703 Add warning for dangerous undocumented overrides, if used, in status response (#17855) 2022-11-09 11:04:36 -05:00
sys_stepdown.go Replace http method strings with net/http constants (#14677) 2022-03-24 13:58:03 -04:00

README.md

Vault API

This provides the github.com/hashicorp/vault/api package which contains code useful for interacting with a Vault server.

For examples of how to use this module, see the vault-examples repo. For a step-by-step walkthrough on using these client libraries, see the developer quickstart.

GoDoc