mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 03:57:01 +02:00
Code Issues Projects Releases Wiki Activity
7,543 Commits 2,844 Branches 445 Tags 454 MiB
29551c0b1b
Commit Graph

220 Commits

Author SHA1 Message Date
Jeff Mitchell
32a7503b89
Cross reference pki/cert in a few places. 2017-12-11 11:10:28 -05:00
Mohsen
77fc89088d Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Calvin Leung Huang
a9e7dbb7b4
Support MongoDB session-wide write concern (#3646) 
* Initial work on write concern support, set for the lifetime of the session

* Add base64 encoded value support, include docs and tests

* Handle error from json.Unmarshal, fix test and docs

* Remove writeConcern struct, move JSON unmarshal to Initialize

* Return error on empty mapping of write_concern into mgo.Safe struct
 2017-12-05 15:31:01 -05:00
Laura Uva
291edb9746 Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key (#3632) 2017-12-04 12:12:58 -05:00
Brian Shumate
61eac778cc Docs: Update /sys/policies/ re: beta refs to address #3624 (#3629) 2017-12-04 12:10:26 -05:00
Jeff Mitchell
a898bd272d
Remove beta notice 2017-12-04 08:25:16 -08:00
crdotson
9692cde57f Fix spelling (#3609) 
changed "aomma" to "comma"
 2017-12-04 10:53:58 -05:00
csawyerYumaed
e2cdbf4913 update relatedtools, add Goldfish UI. (#3597) 
Add link to Goldfish a  web UI for Vault.
 2017-12-04 10:51:16 -05:00
Paul Pieralde
3b56130f10 Fix docs for Transit API (#3588) 2017-12-04 10:34:05 -05:00
Jeff Mitchell
14b43deb05 Update cassandra docs with consistency value. 
Fixes #3361
 2017-12-02 14:18:23 -05:00
Nicolas Corrarello
ea66973fcb
Fix docs up to current standards 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:53:42 +00:00
Nicolas Corrarello
12e77fac51
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello
a3df394134
Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Vishal Nayak
0f8e4c826c
docs: encryption/decryption now supports asymmetric keys (#3599) 2017-11-21 12:25:28 -05:00
Vishal Nayak
0fccc908d0
Docs: Remove 'none' as algorithm options (#3587) 2017-11-15 09:09:45 -05:00
Brian Kassouf
f67feaea20
Add token_reviewer_jwt to the kubernetes docs (#3586) 2017-11-14 13:27:09 -08:00
Chris Hoffman
95d4f68d26
adding licensing docs (#3585) 2017-11-14 16:15:09 -05:00
Paul Pieralde
ce49d77f86 Docs change for Policy API (#3584) 
vault 0.9.0 deprecated the term `rules` in favor of the
term `policy` in several of the /sys/policy APIs.

The expected return state of 200 SUCCESS_NO_DATA only happens
if the `policy` term is used. A response including the
deprecation notice and a 204 SUCCESS_WITH_DATA status code
is returned when `rules` is applied.
 2017-11-14 14:26:26 -05:00
Jeff Mitchell
f056cf9119 Sync docs 2017-11-14 06:13:11 -05:00
Vishal Nayak
b659e94a3b
API refactoring and doc updates (#3577) 
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
 2017-11-13 20:59:42 -05:00
Vishal Nayak
31484b7d55
transit doc update (#3564) 2017-11-09 16:17:54 -05:00
Calvin Leung Huang
b9348ebf4c Add docs for /sys/rekey-recovery-key (#3520) 2017-11-08 14:22:30 -05:00
Paul Pieralde
91d2c05a34 Doc fix for Create/Update Token API (#3548) 
`orphan` is intended to be default to False. Docs indicate this
is default to True. Simple change to update the docs only.
 2017-11-07 18:06:44 -05:00
Joel Thompson
50aa3d9e1f auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Chris Hoffman
cbe172fb65 minor cleanup 2017-11-06 16:34:20 -05:00
Gregory Reshetniak
81e18aeccd added AWS enpoint handling (#3416) 2017-11-06 13:31:38 -05:00
Calvin Leung Huang
447d13ec39
Add note on support for using rec keys on /sys/rekey (#3517) 2017-11-06 12:18:15 -05:00
Jeff Mitchell
33cf98026e
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Nicolas Corrarello
f9c30bff20
Updated documentation 2017-11-06 15:13:50 +00:00
Calvin Leung Huang
22e156712c
Update SSH list roles docs (#3536) 2017-11-03 18:00:46 -04:00
Vishal Nayak
d5ad857a86
Capabilities responds considering policies on entities and groups (#3522) 
* Capabilities endpoint will now return considering policies on entities and groups

* refactor the policy derivation into a separate function

* Docs: Update docs to reflect the change in capabilities endpoint
 2017-11-03 11:20:10 -04:00
Vishal Nayak
4d3b3bed08
docs: s/persona/alias (#3529) 2017-11-03 11:17:59 -04:00
Vishal Nayak
ced60dbc0c
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend (#3489) 
* encrypt/decrypt/sign/verify RSA

* update path-help and doc

* Fix the bug which was breaking convergent encryption

* support both 2048 and 4096

* update doc to contain both 2048 and 4096

* Add test for encrypt, decrypt and rotate on RSA keys

* Support exporting RSA keys

* Add sign and verify test steps

* Remove 'RSA' from PEM header

* use the default salt length

* Add 'RSA' to PEM header since openssl is expecting that

* export rsa keys as signing-key as well

* Comment the reasoning behind the PEM headers

* remove comment

* update comment

* Parameterize hashing for RSA signing and verification

* Added test steps to check hash algo choice for RSA sign/verify

* fix test by using 'prehashed'
 2017-11-03 10:45:53 -04:00
Vishal Nayak
7ca73556e4
docs: Add config/ca delete operation (#3525) 2017-11-03 06:19:21 -04:00
Nicolas Corrarello
3a0d7ac9a6 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Jeff Mitchell
bba371c7de Fix C&P in docs. 
Fixes #3454
 2017-10-27 16:43:26 -04:00
Christophe Tafani-Dereeper
f8e6f9ed70 Correct typos in the sys/raw documentation (#3484) 2017-10-24 10:33:57 -04:00
Seth Vargo
50caac0bb6
More naming cleanup 2017-10-24 09:35:03 -04:00
Seth Vargo
e118a16f63
Oops typo 2017-10-24 09:34:30 -04:00
Seth Vargo
94fdc0e7d2
Update k8s documentation 2017-10-24 09:34:12 -04:00
Seth Vargo
23d1d9a1ac
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo
39097c80d6
Remove ?list examples 
They are documented in the overall API section, but people should get used to seeing LIST as a verb
 2017-10-24 09:32:15 -04:00
Seth Vargo
b8e4b0d515
Standardize on "auth method" 
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
 2017-10-24 09:32:15 -04:00
Seth Vargo
9b18a8ab20
Document mount types/values 2017-10-24 09:28:05 -04:00
Chris Hoffman
49df3d67e5 copying general purpose tools from transit backend to /sys/tools (#3391) 2017-10-20 10:59:17 -04:00
blazindragon
aafaf1cf87 Correct typo: DELET to DELETE (#3452) 2017-10-13 10:11:04 -04:00
Jeremy Voorhis
333bd83a3f Implement signing of pre-hashed data (#3448) 
Transit backend sign and verify endpoints now support algorithm=none
 2017-10-11 11:48:51 -04:00
Martins Sipenko
095017a364 Fix docs (#3449) 2017-10-11 11:29:26 -04:00
Brendan
6ecbad6c62 Update index.html.md (#3433) 
Fixed typo in json property used to create custom secret_id
 2017-10-11 09:25:43 -04:00
emily
ea412e52b7 add GCP APIs that need to be enabled to GCP auth docs, small doc fixes (#3446) 2017-10-11 09:18:32 -04:00
Nicolas Corrarello
c99b741bed A few simple fixes for the Github API docs (#3432) 2017-10-06 06:13:47 -04:00
Daniel DeFisher
57b8871e58 upgrade ldap api docs to refrect 0.8.3 change to returned json of policies (#3421) 2017-10-04 15:40:28 -04:00
Jeff Mitchell
04e8d163ba Allow entering PKI URLs as arrays. (#3409) 
Fixes #3407
 2017-10-03 16:13:57 -04:00
Nicolas Corrarello
b581716b75 Updated API Docs with the Global Token Parameter 2017-09-29 11:23:47 +01:00
Alex Dadgar
b314c13882 Fix spelling errors (#3390) 2017-09-28 07:54:40 -04:00
Paulo Ribeiro
b8082675e8 Fix grammatical error (#3395) 
Also changed capitalization for consistency.
 2017-09-28 06:28:48 -04:00
Brian Kassouf
539cb262f1 Kubernetes Docs Update (#3386) 
* Update Kubnernetes Docs

* Add a note about alpha clusters on GKE

* Fix JSON formatting

* Update kubernetes.html.md

* Fix a few review comments
 2017-09-27 14:02:18 -07:00
Vishal Nayak
5d805a252e docs: Added certificate deletion operation API (#3385) 2017-09-26 20:28:52 -04:00
Nicolas Corrarello
bc1ea9af53 Adding Nomad Secret Backend API documentation 2017-09-21 09:18:35 -05:00
Brian Kassouf
4fb3f163ee Kubernetes auth (#3350) 
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a942.

* Update the vendored directory
 2017-09-19 09:27:26 -05:00
Calvin Leung Huang
7e21bb3b5e Clarify backup data that is being stored (#3345) 2017-09-19 07:44:34 -05:00
emily
08c2e2ce44 Add GCE docs for GCP Auth Backend (#3341) 2017-09-19 07:44:05 -05:00
Bruno Miguel Custódio
14714f399a Fix a few quirks in the GCP auth backend's docs. (#3322) 2017-09-19 07:41:41 -05:00
Laura Uva
0f71b482d8 Updated https://www.vaultproject.io/api/system/replication-dr.html#generate-dr-secondary-token to be a POST rather than GET. This was reported by a customer and I confirmed that this should be a logical.UpdateOperation rather than ReadOperation (24f2b961fd/vault/replication_api.go (L121)). (#3342) 2017-09-15 16:19:16 -04:00
Chris Hoffman
010575cb60 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman
3aa68c0034 Adding support for base_url for Okta api (#3316) 
* Adding support for base_url for Okta api

* addressing feedback suggestions, bringing back optional group query

* updating docs

* cleaning up the login method

* clear out production flag if base_url is set

* docs updates

* docs updates
 2017-09-15 00:27:45 -04:00
Chris Hoffman
4a8c33cca3 Disable the sys/raw endpoint by default (#3329) 
* disable raw endpoint by default

* adding docs

* config option raw -> raw_storage_endpoint

* docs updates

* adding listing on raw endpoint

* reworking tests for enabled raw endpoints

* root protecting base raw endpoint
 2017-09-15 00:21:35 -04:00
Paul Pieralde
7cb3ff1fb8 Fixed docs to reflect correct HTTP method for /sys/config/auditing endpoing (#3331) 
Updated documentation to reflect "Read Single Audit Request Header" endpoint is GET-based.
 2017-09-13 11:59:27 -07:00
Jeff Mitchell
f970aea9f8 Change behavior of TTL in sign-intermediate (#3325) 
* Fix using wrong public key in sign-self-issued

* Change behavior of TTL in sign-intermediate

This allows signing CA certs with an expiration past the signer's
NotAfter.

It also change sign-self-issued to replace the Issuer, since it's
potentially RFC legal but stacks won't validate it.

Ref: https://groups.google.com/d/msg/vault-tool/giP69-n2o20/FfhRpW1vAQAJ
 2017-09-13 11:42:45 -04:00
Chris Hoffman
ef89549f11 remove token header from login samples (#3320) 2017-09-11 18:14:05 -04:00
Jose Diaz-Gonzalez
157f2a7741 fix: add missing comma to payload (#3308) 2017-09-11 12:03:43 -04:00
Calvin Leung Huang
38be34423c Fix cassandra tests, explicitly set cluster port if provided (#3296) 
* Fix cassandra tests, explicitly set cluster port if provided

* Update cassandra.yml test-fixture

* Add port as part of the config option, fix tests

* Remove hostport splitting in cassandraConnectionProducer.createSession

* Include port in API docs
 2017-09-07 23:04:40 -04:00
Paul Pieralde
33579a84b4 Fix docs for Certificate authentication (#3301) 
Fix discrepencies in the documentation for TLS Certificate
authentication. The Delete CRL method has a misleading title and
description.
 2017-09-07 10:28:14 -04:00
Paul Pieralde
3f94258789 Fixed small typo in RabbitMQ secret backend. (#3300) 
Fixed `name` param for the Delete Role API in the RabbitMQ secret backend.
 2017-09-07 10:00:32 -04:00
Jeff Mitchell
4f3dfb22cf Fix compile after dep update 2017-09-05 18:18:34 -04:00
Eugene Bekker
176bf9305a Fixing the response sample for reading a plugin (#3278) 
The plugin config data properties are returned immediately within the response's `data` object.
 2017-09-01 08:34:54 -04:00
Jeff Mitchell
4ad96d9513 Add pki/root/sign-self-issued. (#3274) 
* Add pki/root/sign-self-issued.

This is useful for root CA rolling, and is also suitably dangerous.

Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.

* Add tests
 2017-08-31 23:07:15 -04:00
Calvin Leung Huang
d10075e0fd Normalize plugin_name option for mount and enable-auth (#3202) 2017-08-31 12:16:59 -04:00
Chris Hoffman
e54a3dbe47 Updating Okta lib for credential backend (#3245) 
* migrating to chrismalek/oktasdk-go Okta library

* updating path docs

* updating bool reference from config
 2017-08-30 22:37:21 -04:00
Joel Thompson
c641938cef auth/aws: Allow wildcard in bound_iam_principal_id (#3213) 2017-08-30 17:51:48 -04:00
djboris9
76e3ffc58f Fix API/AUTH/AppRole doc issue concerning bound_cidr_list (#3205) 
This patch fixes a little documentation issue.
bind_cidr_list doesn't exist as parameter to AppRole creation. It should be "bound_cidr_list".
In "path-help" it is documented correctly.
 2017-08-29 12:37:20 -04:00
Hamza Tümtürk
ae825401e1 Add missing code ending to Sample Payload (#3239) 2017-08-25 12:34:12 -04:00
Jon Benson
542d4cda62 Fix typo (#3237) 2017-08-25 09:51:33 -04:00
Chris Hoffman
950eaeea55 fix docs formatting 2017-08-24 11:23:26 -04:00
Chris Hoffman
a7105536d6 Add GET variant on LIST endpoints (#3232) 2017-08-23 17:59:22 -04:00
Yaroslav Lukyanov
1c3f2e8699 add new php client to the doc (#3206) 2017-08-21 13:07:03 -04:00
Paulo Ribeiro
e4c87052ab Fix typo in AppRole API page (#3207) 2017-08-18 10:46:29 -04:00
Jeff Mitchell
7c6e18d71e plugins/backend/reload -> plugins/reload/backend (#3186) 2017-08-16 12:40:38 -04:00
Calvin Leung Huang
527e23411d Fix plugin docs (#3185) 
* Fix plugin docs

* Add plugin_name to auth endpoint
 2017-08-16 12:36:46 -04:00
Jeff Mitchell
5d37bd54ef Remove erroneous flag from hmac docs 2017-08-16 11:27:39 -04:00
Jeff Mitchell
a7f3f40f9e * Add ability to specify a plugin dir in dev mode (#3184) 
* Change (with backwards compatibility) sha_256 to sha256 for plugin
registration
 2017-08-16 11:17:50 -04:00
emily
376bd88479 Initial GCP auth backend documentation (#3167) 2017-08-15 22:03:04 -04:00
Jeff Mitchell
443df65ae5 Add PingID MFA docs (#3182) 2017-08-15 22:01:34 -04:00
Brian Kassouf
1691a3756a Oracle plugin docs (#3131) 
* Add oracle database docs

* Add oracle database docs

* Fix commas in json output

* Update oracle.html.md
 2017-08-15 17:24:01 -07:00
Jeff Mitchell
e6b43f7278 Add permitted dns domains to pki (#3164) 2017-08-15 16:10:36 -04:00
Jeff Mitchell
2946d133af Make PKI root generation idempotent-ish and add delete endpoint. (#3165) 2017-08-15 14:00:40 -04:00
Johan Haals
109d727550 Update libraries (#3160) 
* Remove vault-java which has better alternatives.
* Add ansible-vault, a zero dependency
[lookup-plugin](http://docs.ansible.com/ansible/latest/playbooks_lookups.html) for ansible
 2017-08-14 20:28:11 -04:00
vishalnayak
db646c2c7a docs: Fix the default value for 'generate_signing_key' 2017-08-14 12:39:11 -04:00
Tony Cai
4bbaaac6b2 Removed unused parameter from docs (#3152) 
According to #3116, it seems like this parameter isn't used. I couldn't trigger any differences by playing around with transit signing function, and could not find anything in the source code that actually parses this param. Presumably, it is unused?
 2017-08-11 20:57:06 -04:00
Jeff Mitchell
9943ded915 Fix broken url in replication performance docs 2017-08-11 16:03:05 -04:00