mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-22 07:01:09 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,844 Branches 445 Tags
Commit Graph

1798 Commits

Author SHA1 Message Date
Vishal Nayak
ee22bb4f29 Merge pull request #1897 from hashicorp/secret-id-accessor-locks 
Safely manipulate secret id accessors
 2016-09-19 11:37:38 -04:00
vishalnayak
c44f1c9817 s/GetOctalFormatted/GetHexFormatted 2016-09-16 17:47:15 -04:00
Jeff Mitchell
6f6d1f7237 Rename GetOctalFormatted and add serial number to ParsedCertBundle. Basically a noop. 2016-09-16 11:05:43 -04:00
vishalnayak
32a8ab3cc7 Safely manipulate secret id accessors 2016-09-15 18:13:50 -04:00
Vishal Nayak
f3306fdb31 Merge pull request #1886 from hashicorp/approle-upgrade-notes 
upgrade notes entry for approle constraint and warning on role read
 2016-09-15 12:14:01 -04:00
vishalnayak
7d4edbde69 check for nil role 2016-09-15 12:10:40 -04:00
vishalnayak
9fb11c4403 Address review feedback 2016-09-15 11:41:52 -04:00
vishalnayak
55c6c0da73 s/disableReauthenticationNonce/reauthentication-disabled-nonce 2016-09-15 11:29:02 -04:00
vishalnayak
e9c8555d12 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak
097e6031c6 Added comment 2016-09-14 18:27:35 -04:00
vishalnayak
daf7c63225 Disable reauthentication if nonce is explicitly set to empty 2016-09-14 17:58:00 -04:00
vishalnayak
ddb0639a13 address review feedback 2016-09-14 14:28:02 -04:00
vishalnayak
fb04d06b9b Remove the client nonce being empty check 2016-09-14 14:28:02 -04:00
vishalnayak
2de4c8bef2 Generate the nonce by default 2016-09-14 14:28:02 -04:00
vishalnayak
5e7e30e33c address review feedback 2016-09-14 12:08:35 -04:00
vishalnayak
75615d9d56 Use constant time comparisons for client nonce 2016-09-13 20:12:43 -04:00
vishalnayak
dbb3f49438 Address review feedback 2016-09-13 18:30:04 -04:00
Jeff Mitchell
ea4fcb2927 Only use running state for checking if instance is alive. (#1885) 
Fixes #1884
 2016-09-13 18:08:05 -04:00
vishalnayak
de334d1688 upgrade notes entry for approle constraint and warning on role read 2016-09-13 17:44:07 -04:00
vishalnayak
166d67c0a8 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00
Jeff Mitchell
cf05edaf18 Allow encrypting empty ciphertext values. (#1881) 
Replaces #1874
 2016-09-13 12:00:04 -04:00
vishalnayak
f563f38748 Use uuid.GenerateRandomBytes 2016-09-09 14:17:09 -04:00
vishalnayak
70246395d6 Not exposing structs from the backend's package 2016-09-01 11:57:28 -04:00
Jeff Mitchell
201cd2e1f7 Use unexported kdf const names 2016-08-31 07:19:58 -04:00
Vishal Nayak
763ab83d34 Merge pull request #1799 from hashicorp/fix-role-locking 
approle: fix racy updates problem for roles
 2016-08-30 16:46:40 -04:00
vishalnayak
7c743ecd0a Address review feedback 2016-08-30 16:36:58 -04:00
Jeff Mitchell
9a97f436ef Use hkdf for transit key derivation for new keys (#1812) 
Use hkdf for transit key derivation for new keys
 2016-08-30 16:29:09 -04:00
vishalnayak
edd7b3deb5 approle: fix racy updates problem for roles 2016-08-30 16:11:14 -04:00
vishalnayak
8cc5cdb746 STS path field description update 2016-08-30 10:53:21 -04:00
vishalnayak
39b75c6ae9 Added UpdateOperation to logical AWS STS path 2016-08-30 10:30:13 -04:00
Vishal Nayak
fb775993f3 Merge pull request #1804 from hashicorp/issue-1800 
Mark STS secrets as non-renwable
 2016-08-29 11:46:19 -04:00
navinanandaraj
7fbdf927c1 Fixes #1801 Reuse Cassandra session object for create creds (#1802) 2016-08-28 17:32:41 -04:00
Jeff Mitchell
9cd4243362 Mark STS secrets as non-renwable 
Ping #1800
 2016-08-28 14:27:56 -04:00
Jeff Mitchell
a542df0173 Derive nonce fully in convergent mode (#1796) 
Ping #1794
 2016-08-26 17:01:56 -04:00
Jeff Mitchell
c9aa308804 Use key derivation for convergent nonce. (#1794) 
Use key derivation for convergent nonce.

Fixes #1792
 2016-08-26 14:11:03 -04:00
Jeff Mitchell
c2f3c465d3 Decode secret internal data into struct and fix type assertion. (#1781) 2016-08-24 15:04:04 -04:00
Jeff Mitchell
6beadc1e1c Merge pull request #1755 from hashicorp/logxi 
Convert to logxi
 2016-08-21 19:28:18 -04:00
Jeff Mitchell
68345eb770 Convert to logxi 2016-08-21 18:13:37 -04:00
vishalnayak
7d772e445f Extract out common code 2016-08-21 15:46:11 -04:00
vishalnayak
1a62fb64c2 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell
357ecb4dfe gofmt 2016-08-19 16:48:32 -04:00
vishalnayak
0fbc9b1d7b Pretty print the warning 2016-08-18 16:09:10 -04:00
vishalnayak
a57588303d Use shortestTTL value during renewals too 2016-08-18 15:43:58 -04:00
vishalnayak
eac454a385 When TTL is not set, consider the system default TTL as well 2016-08-18 15:37:59 -04:00
vishalnayak
22e4577725 aws-ec2: se max_ttl when ttl is not set, during login 2016-08-18 15:16:32 -04:00
Jeff Mitchell
e65b48a7e4 Actually show the error occurring if a file audit log can't be opened 2016-08-15 16:26:36 -04:00
Jeff Mitchell
6eca449261 Parameter change 
Both revocation times are UTC so clarify via parameter name that it's just a formatting difference. Also leave as a time.Time here, as it automatically marshals into RFC3339.
 2016-08-14 21:43:57 -04:00
Jeff Mitchell
5a12143f16 Cleanup 2016-08-13 11:52:09 -04:00
Jeff Mitchell
f0e0f960ca Ensure utc value is not zero before adding 2016-08-13 11:50:57 -04:00
Jeff Mitchell
8fd8ae7330 Ensure values to be encoded in a CRL are in UTC. This aligns with the 
RFC. You might expect Go to ensure this in the CRL generation call,
but...it doesn't.

Fixes #1727
 2016-08-13 08:40:09 -04:00