vault

mirror of https://github.com/hashicorp/vault.git synced 2025-11-06 19:31:09 +01:00

Author	SHA1	Message	Date
Vault Automation	1fd1cb4536	VAULT-40297 log warning when using allowed/denied params (#10444 ) (#10483 ) * log warning when using allowed/denied params * add changelog Co-authored-by: Bruno Oliveira de Souza <bruno.souza@hashicorp.com>	2025-10-29 16:46:28 -03:00
Vault Automation	0e6dc73772	UI: fix PKI certificate `key_usage` parsing and add extended key flags to role form (#10416 ) (#10479 ) * fix parsing of key_usage VAULT-40303 * VAULT-40220 add extended key usage flags and test coverage * add test coverage * add changelog * fix mislabeled role parameter * update tests * VAULT-40219 link jira * update changelog text Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>	2025-10-29 18:47:57 +00:00
Vault Automation	e67da36b58	Allow sign-verbatim to handle CSRs with basic constraints extension where isCA=false (#10466 ) (#10474 )	2025-10-29 15:09:28 +00:00
Vault Automation	8346f0638c	UI: update aws generate credential form inputs to rely on credentialType (#10045 ) (#10351 ) * update aws generate credential form inputs to rely on credentialType * update tests * show credential type + style updates * Update ui/app/components/generate-credentials.ts * update test, naming and help text * add changelog * rename changelog --------- Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com> Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>	2025-10-27 11:41:57 -05:00
Vault Automation	6a9329d8a6	VAULT-39876 Add sys/reporting/scan to Vault, allowing an output of files with paths and names of Vault secrets (#10068 ) (#10323 ) * VAULT-39876 sys/reporting/scan for KV secrets * make fmt * changelog * stray t.log * typo * fix race probably * Bug fix, add local mount * remove comment * bolster external tests Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>	2025-10-22 21:02:07 +00:00
Vault Automation	da1203b3b2	UI: add redirect for legacy secrets path (#10227 ) (#10230 ) * add redirect for legacy secrets path * adding changelog Co-authored-by: Dan Rivera <dan.rivera@hashicorp.com>	2025-10-22 11:41:31 -04:00
Vault Automation	3457992a63	[UI] - disable scarf for this package (#10265 ) (#10276 ) * disable scarf for this package * add changelog * use correct changelog format Co-authored-by: Evan Moncuso <46458931+emoncuso@users.noreply.github.com>	2025-10-21 16:29:30 -07:00
Vault Automation	8d07273d14	fix: cache aws auth client by account id (#9981 ) (#10107 ) * fix aws auth client cache to use accound ID * return error if no sts config found * cache ec2 clients by account ID, region, and role * add changelog * fix log syntax Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>	2025-10-21 12:24:59 -07:00
Vault Automation	378e96f010	Change tokenutil alias_metadata to populate alias custom metadata. (#10199 ) (#10202 ) Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>	2025-10-17 18:06:51 +00:00
Vault Automation	78dda112b9	Vault-39164/Handle log_requests_level empty-string or off with SIGHUP (#9056 ) (#10197 ) * handle log_requests_level empty string or off with SIGHUP * Update vault/core.go * add unit test and update comment on ReloadLogRequest to indicate different than first config read * test coverage for FinalizeInFlightReqData changes * changelog --------- Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-10-17 11:51:48 -06:00
Vault Automation	ca38d1e4cc	VAULT-39752 adding int check (#9870 ) (#10114 ) * adding int check * change to assertion rather than reflect. * adding changelog * grammar * adding tests as an example * removing excessive testing * fixing test for leases and expected values * adding godoc Co-authored-by: JMGoldsmith <spartanaudio@gmail.com>	2025-10-15 09:18:05 +02:00
Vault Automation	368864f249	Add changelog entry for PKI-only certificate counts metrics and API. (#10124 ) (#10131 ) Co-authored-by: Victor Rodriguez <vrizo@hashicorp.com>	2025-10-14 19:56:52 +00:00
Vault Automation	79bab3edd1	Backport UI Fix: UI permissions banner and side bar nav gating respect Vault glob semantics (+, deny precedence) into ce/main (#9800 ) * UI Fix: UI permissions banner and side bar nav gating respect Vault glob semantics (+, deny precedence) (#9522) * add in empty states when no permissions error but no list values found. * wip * wip cont. * a lot closer... I think * looking good, now to smoke test (Again) * welp revert fix to adapter that borked it. * add changelog * test coverage—a lot * fix some issues with root vs fallback show sidebar nav * address pr comments and clean up comments and left over duplicate methods in permission service * Apply suggestion from @hellobontempo Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> * add resultant-acl in canary paths * remove from canary and use capability check instead inside permissionsBanner * clean up * fix merge things --------- Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> * add conditional for enterprise vs ce --------- Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com> Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> Co-authored-by: Angel Garbarino <argarbarino@gmail.com>	2025-10-14 10:30:41 -06:00
Vault Automation	5d05b1d023	VAULT-35084, VAULT-36948, VAULT-36952: Small tasks left over from the recovery work (#10083 ) (#10101 ) * small tasks left over from the recovery work * changelog * fix test Co-authored-by: miagilepner <mia.epner@hashicorp.com>	2025-10-14 09:36:20 +00:00
Vault Automation	f07b613f0a	UI: Client cout usage dashboard GA improvements (#10062 ) (#10096 ) * add clarifying text for client_first_used_time * add test coverage * add changelog * add conditional so export request only made on enterprise * add enterprise note to last changelog * revert change that rendered date range edit after query * move button to match other filter designs * fix route typo and add path to error message * add test coverage * update test assertions Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>	2025-10-13 23:51:49 +00:00
Vault Automation	e4309c0e18	UI: Fix auth form when token is the preferred type for a namespace (#9944 ) (#10070 ) * normalize token type for ns_token auth mounts * add changelog * also check type is supported in route and add test coverage * Apply suggestion from @hellobontempo * update test coverage to expect array * update tests Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>	2025-10-10 13:58:02 -07:00
Vault Automation	8e5f00bd96	UI: Reduce requests to the activity export API. (#9890 ) (#10049 ) * move request to parent * add changelog * add test * use refresh instead() Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>	2025-10-10 11:57:01 -07:00
Vault Automation	68d559dd6e	SDK rotation changes (#9942 ) (#10025 ) Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com>	2025-10-10 12:23:51 -04:00
Vault Automation	a48ab79f28	Manual Install of azure secrets enterprise plugin (#9990 ) (#10006 ) * install azure secrets enterprise plugin * updates * rename changelog file and added more details * Use v0.24.0+ent tag from azure secrets enterprise * changes * changes * remove azure enterprise from ce go.mod Co-authored-by: Jaired Jawed <jaired.jawed@hashicorp.com>	2025-10-09 02:28:50 +00:00
Robert	daa3fc79a0	Backport Update vault-plugin-secrets-openldap to v0.17.0 into ce/main (#9987 ) * Update vault-plugin-secrets-openldap to v0.17.0 (#9936) (#9939) * Update vault-plugin-secrets-openldap to v0.17.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> * go mod tidy --------- Co-authored-by: Vault Automation <github-team-secure-vault-core@hashicorp.com> Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>	2025-10-08 11:46:31 -07:00
Vault Automation	85aa2c3dd0	go: bump .go-version to 1.25.2 on main (#9986 ) (#9991 ) * go: bump .go-version to 1.25.2 * go: handle changes to net/url parsing enforcement in Go 1.25.2 The fixes for CVE-2025-47912 (https://go.dev/issue/75678) change behavior when parsing invalid IPv4 addresses. Update the test to for these changes. Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>	2025-10-08 12:19:16 -06:00
Vault Automation	fc2900b149	Backport #9979 , add changelog for vault-plugin-auth-spiffe v0.1.1 update Co-authored-by: Steven Clark <steven.clark@hashicorp.com>	2025-10-08 12:02:27 -04:00
Vault Automation	404d872a3c	Backport [VAULT-39647] Add a CE version of possiblyForwardPendingLoginMFASecretWrite function into ce/main (#9913 ) * Add PR secondary support for login MFA TOTP self-enrollment workflow (#9616) * [VAULT-38058] Add missing error return statement in possiblyForwardPendingLoginMFASecretWrite (#9840) * [VAULT-38058] Add missing error return statement in possiblyForwardPendingLoginMFASecretWrite * Add a changelog entry * Update vault/login_mfa.go Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com> * Update vault/login_mfa.go * Update vault/login_mfa.go * Fix the linter --------- Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com> * [VAULT-39647] Add a CE version of possiblyForwardPendingLoginMFASecretWrite function (#9912) * Delete ENT files * go mod tidy Signed-off-by: Ryan Cragun <me@ryan.ec> --------- Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com> Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com> Co-authored-by: Ryan Cragun <me@ryan.ec>	2025-10-07 15:52:50 -07:00
Vault Automation	dbf2aa5734	Update vault-plugin-secrets-gcp to v0.23.0 (#9946 ) (#9951 ) * Update vault-plugin-secrets-gcp to v0.23.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>	2025-10-07 13:45:18 -07:00
Vault Automation	66855cb69a	Update vault-plugin-database-couchbase to v0.15.0 (#9791 ) (#9798 ) * Update vault-plugin-database-couchbase to v0.15.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Zlaticanin <60530402+Zlaticanin@users.noreply.github.com>	2025-10-07 13:40:51 -07:00
Vault Automation	7efe8aa99b	Fix seal rewrap running unnecessarily (#9466 ) (#9895 ) Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>	2025-10-07 07:24:17 -04:00
Vault Automation	f7cdadc610	Update vault-plugin-database-redis to v0.7.0 (#9888 ) (#9891 ) * Update vault-plugin-database-redis to v0.7.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>	2025-10-06 13:17:39 -07:00
Vault Automation	7186ef5e38	Backport Update vault-plugin-database-elasticsearch to v0.19.0 into ce/main (#9812 ) * Update vault-plugin-database-elasticsearch to v0.19.0 (#9788) * Update vault-plugin-database-elasticsearch to v0.19.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Zlaticanin <60530402+Zlaticanin@users.noreply.github.com> * go mod tidy --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Zlaticanin <60530402+Zlaticanin@users.noreply.github.com> Co-authored-by: Milena Zlaticanin <Milena.Zlaticanin@ibm.com>	2025-10-06 09:33:21 -07:00
Vault Automation	05d44c55c9	Backport Update vault-plugin-secrets-gcpkms to v0.22.0 into ce/main (#9869 ) * Update vault-plugin-secrets-gcpkms to v0.22.0 (#9868) * Update vault-plugin-secrets-gcpkms to v0.22.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> * Update go.mod * Update go.sum --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Jaired Jawed <jaired.jawed@hashicorp.com>	2025-10-06 09:29:50 -07:00
Vault Automation	3f43f96c04	Backport Update vault-plugin-database-snowflake to v0.15.0 into ce/main (#9865 ) Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Kay Craig <kay.craig@hashicorp.com>	2025-10-06 10:46:10 -04:00
Vault Automation	23fd7533aa	Add root rotation for snowflake database secrets keypair configurations (#9432 ) (#9851 ) * Initial implementation * Use rotation_statements, handle both password and private_key * Remove debug prints * Merge in main * Remove duplicated error text * Rename keypair root rotation function * Use NewRotateRootCredentialsWALPasswordEntry * Add changelog file * Move back to original file for now, for review * put generatePassword into function * Fix names, call helper for generatePassword * Generalize the rotation flow and keypair path * Fix conditional check, remove new file * Fix changelog * Add test file * Fix username check var name * Fix name variable * Return an error when both fields are set during rotation, and return an error if somehow walEntry is nil * Fix test godoc * Remove print * change rotated key bits to 4096 Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>	2025-10-03 21:34:42 +00:00
Vault Automation	45e3f36c28	Update vault-plugin-secrets-azure to v0.23.0 (#9838 ) (#9844 ) * Update vault-plugin-secrets-azure to v0.23.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>	2025-10-03 17:01:57 -04:00
Vault Automation	8050bab6b6	Add changelog for cumulative namespace API (#9833 ) (#9843 ) * add changelog * rename changelog * add API path * Update changelog/_9833.txt --------- Co-authored-by: Jenny Deng <jenny.deng@hashicorp.com> Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>	2025-10-03 12:48:43 -07:00
Vault Automation	bddc79aeaa	Update vault-plugin-auth-kubernetes to v0.23.0 (#9834 ) (#9842 ) * Update vault-plugin-auth-kubernetes to v0.23.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>	2025-10-03 19:29:33 +00:00
Vault Automation	f4a167aaf2	Backport Update vault-plugin-database-mongodbatlas to v0.16.0 into ce/main (#9830 ) Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com> Co-authored-by: Kay Craig <kay.craig@hashicorp.com>	2025-10-03 15:07:42 -04:00
Vault Automation	b5d4bc7430	Update vault-plugin-secrets-mongodbatlas to v0.16.0 (#9817 ) (#9831 ) Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com>	2025-10-03 14:25:37 -04:00
Vault Automation	533d2b91f3	Update vault-plugin-secrets-alicloud to v0.21.0 (#9813 ) (#9836 ) * Update vault-plugin-secrets-alicloud to v0.21.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>	2025-10-03 18:18:11 +00:00
Vault Automation	483ce43496	Update vault-plugin-auth-jwt to v0.25.0 (#9821 ) (#9832 ) * Update vault-plugin-auth-jwt to v0.25.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Jaired Jawed <jaired.jawed@hashicorp.com>	2025-10-03 11:16:54 -07:00
Vault Automation	e9be9875ba	Backport Update vault-plugin-auth-oci to v0.20.0 into ce/main (#9825 ) * Update vault-plugin-auth-oci to v0.20.0 (#9824) * Update vault-plugin-auth-oci to v0.20.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> * Update go.mod * Update go.sum --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Jaired Jawed <jaired.jawed@hashicorp.com>	2025-10-03 09:48:09 -07:00
Vault Automation	67d6f3816e	Update vault-plugin-secrets-kv to v0.25.0 (#9805 ) (#9818 ) * Update vault-plugin-secrets-kv to v0.25.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Zlaticanin <60530402+Zlaticanin@users.noreply.github.com>	2025-10-03 09:47:53 -07:00
Vault Automation	62c3035a41	Update vault-plugin-auth-cf to v0.22.0 (#9797 ) (#9815 ) Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com>	2025-10-03 12:40:30 -04:00
Vault Automation	ba70dc45c3	Update vault-plugin-database-redis-elasticache to v0.8.0 (#9789 ) (#9806 ) * Update vault-plugin-database-redis-elasticache to v0.8.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Zlaticanin <60530402+Zlaticanin@users.noreply.github.com>	2025-10-03 09:40:18 -07:00
Vault Automation	1a82b8634d	Update vault-plugin-auth-kerberos to v0.16.0 (#9822 ) (#9823 ) * Update vault-plugin-auth-kerberos to v0.16.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>	2025-10-03 00:53:36 -07:00
Vault Automation	2cc9c6a773	Backport Update vault-plugin-auth-gcp to v0.22.0 into ce/main (#9819 ) * Update vault-plugin-auth-gcp to v0.22.0 (#9810) * Update vault-plugin-auth-gcp to v0.22.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> * fixing up merge git fetch origin git diff origin/ce/main -- go.mod > reverse.diff cat reverse.diff \| patch -p1 --reverse go get github.com/hashicorp/vault-plugin-auth-gcp@v0.22.0 go mod tidy --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>	2025-10-03 00:09:28 +00:00
Vault Automation	8041281f3c	Backport Update vault-plugin-secrets-terraform to v0.13.0 into ce/main (#9814 ) Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Vinay Gopalan <vinay@hashicorp.com>	2025-10-02 21:57:13 +00:00
Vault Automation	dce7d8a884	Backport Update vault-plugin-secrets-kubernetes to v0.12.0 into ce/main (#9811 ) * Update vault-plugin-secrets-kubernetes to v0.12.0 (#9808) * Update vault-plugin-secrets-kubernetes to v0.12.0 * Add changelog --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> * manually updating secrets/kubernetes git diff origin/ce/main -- go.mod > reverse.diff cat reverse.diff \| patch -p1 --reverse go get github.com/hashicorp/vault-plugin-secrets-kubernetes@v0.12.0 go mod tidy --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>	2025-10-02 21:35:04 +00:00
Vault Automation	0c3dcbc30e	Backport Update vault-plugin-auth-azure to v0.22.0 into ce/main (#9782 ) Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: Kay Craig <kay.craig@hashicorp.com> Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com>	2025-10-02 14:35:32 -04:00
Vault Automation	732c1e590d	Backport secrets/database: escape usernames/passwords in self-managed static roles, unless disable_escaping is set into ce/main (#9732 ) Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com> Co-authored-by: Kay Craig <kay.craig@hashicorp.com>	2025-10-02 12:52:49 -04:00
Vault Automation	0ad5ebc1bd	Backport Update vault-plugin-auth-alicloud to v0.22.0 into ce/main (#9767 ) * Update vault-plugin-auth-alicloud to v0.22.0 (#9763) Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com> * go mod tidy --------- Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com> Co-authored-by: kpcraig <3031348+kpcraig@users.noreply.github.com> Co-authored-by: Kay Craig <kay.craig@hashicorp.com>	2025-10-02 11:48:47 -05:00
Vault Automation	0adb749a82	Check rate limits before doing json limits checking (#9688 ) (#9775 ) * update the order of the requests handlers * switch back to maxrequestsize, prevent the error by restricting the buffer size * add test Co-authored-by: miagilepner <mia.epner@hashicorp.com>	2025-10-02 09:30:31 +00:00

1 2 3 4 5 ...

2537 Commits