mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-08 23:57:01 +02:00
Code Issues Projects Releases Wiki Activity
1,647 Commits 2,837 Branches 445 Tags 443 MiB
67b705565e
Commit Graph

61 Commits

Author SHA1 Message Date
vishalnayak
2ac3cabf87 Merging changes from master 2015-08-12 09:28:16 -07:00
vishalnayak
18db544d26 Vault SSH: Website doc v1. Removed path_echo 2015-08-12 09:25:28 -07:00
Erik Kristensen
d877b713e9 initial pass at JWT secret backend 2015-08-06 17:49:44 -06:00
Fabian Ruff
d2074132aa fix doc for pki/revoke API 2015-07-29 14:28:12 +02:00
Justin LaRose
e697b7c057 Cassandra secret backend doc update for connection config - "hosts" instead of "host" 2015-07-23 03:07:29 -04:00
Armon Dadgar
dc5ecc3eed website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar
c062345146 secret/transit: address PR feedback 2015-07-05 19:58:31 -06:00
Armon Dadgar
5838f8da50 website: document derived keys in secret/transit 2015-07-05 14:47:16 -07:00
Jeff Mitchell
035c430eb2 Address some issues from code review. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:27:23 -04:00
Jeff Mitchell
1faaf20b92 A Cassandra secrets backend. 
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:04:01 -04:00
Jeff Mitchell
d8ed14a603 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell
435aefc072 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Jeff Mitchell
23ba605068 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00
Armon Dadgar
ba24d891fd website: document transit upsert behavior 2015-06-17 18:51:58 -07:00
Armon Dadgar
7c31e29295 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Jeff Mitchell
79164f38ad Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Ryan Currah
35f1cfeb77 Do not output the trailing newline in encoding. 
Added -n to echo command to prevent newlines from showing up in encoding.
 2015-06-13 12:03:57 -04:00
Jeff Mitchell
067fbc9078 Fix a docs-out-of-date bug. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-12 16:33:00 -04:00
Jeff Mitchell
0ee9735a5a Fix some out-of-date examples. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 21:17:05 -04:00
Jeff Mitchell
20ac7a46f7 Add acceptance tests 
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Jeff Mitchell
530b67bbb9 Initial PKI backend implementation. 
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Armon Dadgar
9b879d3434 Merge pull request #263 from sheldonh/iam-policy 
List IAM permissions required by root credentials
 2015-06-01 13:16:51 +02:00
Armon Dadgar
35b10a7a9a Merge pull request #261 from jsok/consul-lease 
Add ability to configure consul lease durations
 2015-06-01 13:04:28 +02:00
Chad Whitacre
adb777cc0f Provide missing verb 2015-05-31 17:19:34 -04:00
certifiedloud
2521e90ef7 replaced confusing term 'physical' with 'storage'. 2015-05-27 14:44:17 -06:00
Sheldon Hearn
5a28f0bcbd Missed a few IAM permissions 2015-05-27 16:42:12 +02:00
Sheldon Hearn
7cba6f84de List IAM permissions required by root credentials 2015-05-27 16:28:24 +02:00
Jonathan Sokolowski
b872babb7b website: Update /consul/roles/ parameters 2015-05-27 09:54:15 +10:00
Armon Dadgar
2d9b12b853 website: Document overwrite behavior. Fixes #182 2015-05-11 10:58:29 -07:00
Mitchell Hashimoto
9f9527ddc3 Merge pull request #54 from pborreli/typos 
website: fixed typos
 2015-04-28 11:37:49 -07:00
Emil Hessman
4079905682 website: merge 2015-04-28 20:36:27 +02:00
Pascal Borreli
bbd3ce341a Fixed typos 2015-04-28 19:36:16 +01:00
Emil Hessman
79b098b89e website: address minor doc typos 2015-04-28 20:32:04 +02:00
Andrew Williams
cfe60c4846 website: fix small typo 2015-04-28 13:21:44 -05:00
Mat Elder
680f55aee6 msyql to consul on consul backend docs 2015-04-28 14:11:42 -04:00
Armon Dadgar
2bcba24561 website: remove TODO from transit quickstart 2015-04-27 14:58:53 -07:00
Armon Dadgar
478a5965ee secret/aws: Using roles instead of policy 2015-04-27 14:20:28 -07:00
Armon Dadgar
aaf10cd624 Do not root protect role configurations 2015-04-27 14:07:20 -07:00
Armon Dadgar
3330d43d44 secret/postgres: secret/mysql: roles endpoints root protected 2015-04-27 14:04:10 -07:00
Armon Dadgar
f159750509 secret/consul: replace policy with roles, and prefix the token path 2015-04-27 13:59:56 -07:00
Armon Dadgar
d425ca22df secret/transit: rename policy to keys 2015-04-27 13:52:47 -07:00
Armon Dadgar
b80f3e4e06 website: API consistency 2015-04-27 12:30:46 -07:00
Armon Dadgar
26b5dc20c6 website: aws API 2015-04-27 12:26:23 -07:00
Armon Dadgar
27902b1d06 website: make PG quickstart like MySQL 2015-04-27 12:16:07 -07:00
Armon Dadgar
fd00322981 website: adding postgresql API docs 2015-04-27 11:17:13 -07:00
Armon Dadgar
e44fd556a8 website: document Consul APIs 2015-04-27 11:08:47 -07:00
Seth Vargo
6b62366d2b Add Quick Start for Postgresql 2015-04-27 09:30:21 -04:00
Seth Vargo
ad8f1f3659 Add Quick Start for AWS 2015-04-27 09:29:16 -04:00
Armon Dadgar
e7298e1169 website: start consul api 2015-04-26 22:03:38 -07:00
Armon Dadgar
d6a1344bfd website: consul quickstart 2015-04-26 22:03:38 -07:00