mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-31 03:21:11 +02:00
Code Issues Projects Releases Wiki Activity
7,782 Commits 2,839 Branches 446 Tags
Commit Graph

7782 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeff Mitchell
5de04e1810 Merge pull request #927 from urq/feature-sts 
Adding STS to the aws backend
 2016-01-21 15:43:39 -05:00
Devin Christensen
b874846837 Merge 'upstream/master' into postgres_physical 2016-01-21 13:04:27 -07:00
Dmitriy Gromov
df65547eca STS now uses root vault user for keys 
The secretAccessKeysRevoke revoke function now asserts that it is
not dealing with STS keys by checking a new internal data flag. Defaults
to IAM when the flag is not found.

Factored out genUsername into its own function to share between STS and
IAM secret creation functions.

Fixed bad call to "WriteOperation" instead of "UpdateOperation" in
aws/backend_test
 2016-01-21 15:04:16 -05:00
Dmitriy Gromov
ea1e29fa33 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov
e13f58713e documenting the new aws/sts endpoint 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
b37a963841 Removing debug print statement from sts code 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
6f50cd9439 Fixed duration type and added acceptance test for sts 2016-01-21 14:05:10 -05:00
Dmitriy Gromov
522e8a3450 Configurable sts duration 2016-01-21 14:05:09 -05:00
Jack DeLoach
d206599b80 Add STS path to AWS backend. 
The new STS path allows for obtaining the same credentials that you would get
from the AWS "creds" path, except it will also provide a security token, and
will not have an annoyingly long propagation time before returning to the user.
 2016-01-21 14:05:09 -05:00
Jeff Mitchell
4fc58e8b41 Merge pull request #895 from nickithewatt/aws-prexisting-policies 
Allow use of pre-existing policies for AWS users
 2016-01-21 13:23:37 -05:00
Jeff Mitchell
034d78cbb5 Add generate-root info to changelog 2016-01-21 12:37:26 -05:00
Jeff Mitchell
55212cffa3 Merge pull request #915 from hashicorp/generate-root 
Add the ability to generate root tokens via unseal keys.
 2016-01-21 12:31:37 -05:00
Jeff Mitchell
2c4da115ff Add -decode flag verification 2016-01-21 12:18:57 -05:00
Devin Christensen
a2b1b697a0 Remove DDL statements from the code 2016-01-20 18:52:49 -07:00
Devin Christensen
1886fe81f9 Remove superfluous comparison 2016-01-20 17:05:21 -07:00
Devin Christensen
6002154cb6 Ensure rows.Close() is called in List 2016-01-20 17:02:23 -07:00
Devin Christensen
fb55a46d81 Prefer TEXT over VARCHAR 
From the PostgreSQL docs
(http://www.postgresql.org/docs/9.4/static/datatype-character.html):

 > Tip: There is no performance difference among these three types,
 > apart from increased storage space when using the blank-padded type,
 > and a few extra CPU cycles to check the length when storing into a
 > length-constrained column. While character(n) has performance
 > advantages in some other database systems, there is no such advantage
 > in PostgreSQL; in fact character(n) is usually the slowest of the
 > three because of its additional storage costs. In most situations
 > text or character varying should be used instead.
 2016-01-20 16:56:46 -07:00
Devin Christensen
3d7a81f226 Use native upsert when available 2016-01-20 10:47:54 -07:00
Jeff Mitchell
e816b9d477 Pull out setting the root token ID; use the new ParseUUID method in 
go-uuid instead, and revoke if there is an error.
 2016-01-19 19:44:33 -05:00
Jeff Mitchell
152f4a9391 Fix lost code after rebase 2016-01-19 19:19:07 -05:00
Devin Christensen
5bea0d9731 Add support for PostgreSQL as a physical backend 2016-01-19 17:00:09 -07:00
Jeff Mitchell
e9538f1441 RootGeneration->GenerateRoot 2016-01-19 18:28:10 -05:00
Jeff Mitchell
a25514d4f7 Address most of the review feedback 2016-01-19 18:28:10 -05:00
Jeff Mitchell
4cc7694a3a Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell
60303244bc Merge pull request #943 from imjorge/patch-1 
/encryption key/master key/
 2016-01-19 12:51:45 -07:00
Jorge Ferreira
ed5de6b33a /encryption key/master key/ 2016-01-19 15:42:50 +00:00
Chi Vinh Le
555834f83d Cleanly close SSH connections 2016-01-19 07:59:08 +01:00
Jeff Mitchell
3d7947b05b changelog++ 2016-01-18 17:05:51 -05:00
Jeff Mitchell
aa9da9aa64 Merge pull request #941 from hashicorp/armored-pgp-keys 
Allow ASCII-armored PGP pub keys to be passed into -pgp-keys.
 2016-01-18 15:03:08 -07:00
Jeff Mitchell
3ecd88bd5c Allow ASCII-armored PGP pub keys to be passed into -pgp-keys. 
Fixes #940
 2016-01-18 17:01:52 -05:00
Jeff Mitchell
0e2a0cd5b5 Merge pull request #937 from hashicorp/cubbyhole-existence-check 
Implement existence check for cubbyhole
 2016-01-16 17:35:38 -07:00
Jeff Mitchell
d1c8800676 Implement existence check for cubbyhole 2016-01-16 19:35:11 -05:00
Jeff Mitchell
56c9148b5b changelog++ 2016-01-16 18:03:58 -05:00
Jeff Mitchell
34a35fd58f Merge pull request #936 from hashicorp/cubbyhole-def-policy 
Use capabilities rather than policies in default policy. Also add cub…
 2016-01-16 18:03:03 -05:00
Jeff Mitchell
280fc12c85 Use capabilities rather than policies in default policy. Also add cubbyhole to it. 2016-01-16 18:02:31 -05:00
Jeff Mitchell
47503076f2 Move rekey to its own files for cleanliness 2016-01-14 17:01:04 -05:00
Jeff Mitchell
427a0f054b Merge pull request #932 from hashicorp/rekey-PUT 
Remove need for PUT in rekey. We've decided that POST and PUT are to
 2016-01-14 16:53:14 -05:00
Jeff Mitchell
887085afbf Remove need for PUT in rekey. We've decided that POST and PUT are to 
stay as synonyms for writes, so there's no reason to limit it for this
operation.
 2016-01-14 16:52:34 -05:00
Seth Vargo
3c2b29d528 Do not use compressed javascripts 
Minifier gets really confused when you give it already-compressed
javascript.
 2016-01-14 15:00:41 -05:00
Jeff Mitchell
4f9e1e9843 Keep ordering consistent in config doc, and put HA backends first 2016-01-14 13:55:53 -05:00
Jeff Mitchell
ee7add27d7 Merge pull request #931 from hashicorp/sethvargo/deploy 
Add scripts to deploy via Atlas
 2016-01-14 13:47:57 -05:00
Seth Vargo
7d759586b1 Add scripts to deploy via Atlas 2016-01-14 13:42:53 -05:00
Seth Vargo
9e14bb66f2 Use HTTPS + www where appropriate 2016-01-14 13:42:47 -05:00
Seth Vargo
128805a359 ImageOptim 2016-01-14 13:42:34 -05:00
Seth Vargo
f214841d20 Fix image asset URLs 2016-01-14 13:42:28 -05:00
Seth Vargo
abf2c9f9bd Remove Heroku stuff 2016-01-14 13:42:13 -05:00
Jeff Mitchell
fc41309120 Version 0.4.1 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWls/HAAoJEFGFLYc0j/xMarQH/i6rW+wLm9DadkFV23jwjttt
 TRumTPDoBxHQDoB0wkC4CmA8UiZnzc68o5OlxisC8KAz/89HWZf8sUDxkOSY1vUX
 BGDkiv+KF6LiDRAdDyIqK6PYUkKHaJgue9Vnwu5+1iRv1sjK5PyPb992Wmt/DtOM
 nRn8Hn5qmmDCUm79TKXpZNMs/CRx21VM7q2Sm139kLzTr0Qg2Oyxcp3mB8TR7LtV
 ATdMQ//HzL/tGJ6Yw7zkgZzdf7EMFFO1SSVqAzqag6kqNqwjvmDGrQaTzkdl7anv
 72zMXqVcryeSL6DRZuR+OrHs63aaoTwIXcqO56nBrZ1NAEqkI0oCcvDZNLt7yi4=
 =YCXl
 -----END PGP SIGNATURE-----

Merge tag 'v0.4.1'

Version 0.4.1
 2016-01-14 09:57:21 -05:00
Jeff Mitchell
1a807d58cb
Cut version 0.4.1 v0.4.1 2016-01-13 17:29:16 -05:00
Jeff Mitchell
3ba925b379 Bump values to 0.4.1 2016-01-13 17:28:17 -05:00
Jeff Mitchell
21f91f73bb Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00