mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 20:17:00 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,844 Branches 445 Tags 454 MiB
68b40b814c
Commit Graph

1114 Commits

Author SHA1 Message Date
Jeff Mitchell
4cc7694a3a Add the ability to generate root tokens via unseal keys. 2016-01-19 18:28:10 -05:00
Jeff Mitchell
3ecd88bd5c Allow ASCII-armored PGP pub keys to be passed into -pgp-keys. 
Fixes #940
 2016-01-18 17:01:52 -05:00
Jeff Mitchell
0478a4f7c2 Fix read panic when an empty argument is given. 
Fixes #923
 2016-01-12 08:46:49 -05:00
Jeff Mitchell
996cb54b99 Fix up PGP tests from earlier code fixes 2016-01-08 22:21:41 -05:00
Jeff Mitchell
71e320eae8 Lotsa warnings if you choose not to be safe 2016-01-08 17:35:07 -05:00
Jeff Mitchell
839b804e43 Some minor rekey backup fixes 2016-01-08 14:09:40 -05:00
Jeff Mitchell
027c84c62a Add rekey nonce/backup. 2016-01-06 09:54:35 -05:00
Jeff Mitchell
139ab81f58 update init/rekey documentation around keybase entries 2016-01-04 14:17:51 -05:00
Jeff Mitchell
b0f075cc1f Disable cmd/server tests for now so we can get Travis back on track 2015-12-31 08:48:53 -05:00
Jeff Mitchell
5f49615fc1 Remove some outdated comments 2015-12-30 21:00:27 -05:00
Jeff Mitchell
70561c0fe2 Use RenewSelf instead of Renew if the token we're renewing is the same as the client 2015-12-30 14:41:50 -05:00
Nicki Watt
05c9e5b5ad Make token-lookup functionality available via Vault CLI 2015-12-29 20:18:59 +00:00
Jeff Mitchell
f8682021c5 Merge pull request #886 from ooesili/ssh-error-fetching-username 
Stop panic when vault ssh username fetching fails
 2015-12-29 12:17:51 -06:00
Jeff Mitchell
3dec78a4d5 Merge pull request #853 from hashicorp/issue-850 
Make TokenHelper an interface and split exisiting functionality
 2015-12-29 12:01:49 -06:00
Jeff Mitchell
eabfb472ca Merge branch 'master' into f-disable-tls 2015-12-29 12:59:02 -05:00
Nicki Watt
658b99c115 Using LookupSelf() API method instead of raw HTTP call for auth command 2015-12-28 01:38:00 +00:00
Wesley Merkel
59c5ccb36f Stop panic when vault ssh username fetching fails 2015-12-26 15:09:07 -07:00
Wim
fb92a7a802 Fix ipv6 address advertisement 2015-12-22 21:40:36 +01:00
Jeff Mitchell
c15974cbdd Make TokenHelper an interface and split exisiting functionality 
Functionality is split into ExternalTokenHelper, which is used if a path
is given in a configuration file, and InternalTokenHelper which is used
otherwise. The internal helper no longer shells out to the same Vault
binary, instead performing the same actions with internal code. This
avoids problems using dev mode when there are spaces in paths or when
the binary is built in a container without a shell.

Fixes #850 among others
 2015-12-22 10:23:30 -05:00
Jeff Mitchell
88f05bec4d Move telemetry metrics up to fix one possible race, but deeper problems in go-metrics can't be solved with this 2015-12-17 16:38:17 -05:00
Jeff Mitchell
d7cb3c9f94 Allow setting the advertise address via an environment variable. 
Fixes #581
 2015-12-14 21:22:55 -05:00
Jeff Mitchell
6e46e56b21 Ensure advertise address detection runs without a specified HA backend 
Ping #840
 2015-12-14 21:13:27 -05:00
Jeff Mitchell
32bfc884c7 Merge pull request #840 from hashicorp/issue-395 
Allow separate HA physical backend.
 2015-12-14 20:56:47 -05:00
Jeff Mitchell
b1f815d7f8 Address review feedback 2015-12-14 17:58:30 -05:00
Mathias Lafeldt
05f0cde643 Show error if output format is invalid 
Rather than silently using table as a fallback.
 2015-12-14 17:14:22 +01:00
Jeff Mitchell
4f51b6e3c9 Allow separate HA physical backend. 
With no separate backend specified, HA will be attempted on the normal
physical backend.

Fixes #395.
 2015-12-14 07:59:58 -05:00
Jeff Mitchell
55e2417b11 Merge pull request #832 from mlafeldt/yaml-ouput 
Allow to output secrets in YAML format
 2015-12-11 12:04:41 -05:00
Mathias Lafeldt
073e4c872e Allow to output secrets in YAML format 
This can be done with https://github.com/ghodss/yaml, which reuses
existing JSON struct tags for YAML.
 2015-12-10 11:32:31 +01:00
Mathias Lafeldt
459be44363 Output secrets sorted by key 
Instead of printing them in random order each time `vault read` is invoked.
 2015-12-10 10:08:23 +01:00
Armon Dadgar
5c085d3718 server: sanity check value for 'tls_disable' 2015-11-25 11:37:57 -08:00
Jeff Mitchell
f600e3ac29 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell
60697f3c70 Fix unmount help output 2015-11-09 15:23:49 -05:00
Jeff Mitchell
904e1ee600 Print version on startup. 
Fixes #765
 2015-11-09 13:52:55 -05:00
Jeff Mitchell
673c6d726a Move environment variable reading logic to API. 
This allows the same environment variables to be read, parsed, and used
from any API client as was previously handled in the CLI. The CLI now
uses the API environment variable reading capability, then overrides any
values from command line flags, if necessary.

Fixes #618
 2015-11-04 10:28:00 -05:00
Jeff Mitchell
d7f528a768 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Jeff Mitchell
40486da446 Fix cache disabling 2015-10-28 13:05:56 -04:00
voutasaurus
fbf21b5f2d Modifies documentation in output of vault server -dev 
Environment variable setting is different in windows
 2015-10-22 00:48:46 -07:00
Jeff Mitchell
0dbbef1ac0 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Jeff Mitchell
676970574b Allow disabling the physical storage cache with 'disable_cache'. 
Fixes #674.
 2015-10-12 13:00:32 -04:00
Jeff Mitchell
27029d9744 Support and use TTL instead of lease for token creation 2015-10-09 19:52:13 -04:00
Jeff Mitchell
a087e943c7 Fix output of token-create help to use ttl instead of lease 2015-10-09 19:40:30 -04:00
Jeff Mitchell
46a14f6b65 Fix mount-tune CLI output 2015-10-09 16:03:31 -04:00
Jeff Mitchell
843c5353c3 Update CLI help text for init/rekey regarding base64-encoded keys 2015-10-08 11:09:30 -04:00
Jeff Mitchell
41f7cc9406 Adjust warnings message to make it clear they are from the server 2015-10-07 16:18:39 -04:00
Jeff Mitchell
fd2c0f033e Add the ability for warnings to be added to responses. These are 
marshalled into JSON or displayed from the CLI depending on the output
mode. This allows conferring information such as "no such policy exists"
when creating a token -- not an error, but something the user should be
aware of.

Fixes #676
 2015-10-07 16:18:39 -04:00
vishalnayak
02f11cb2da Merge branch 'master' of https://github.com/hashicorp/vault 2015-10-03 00:07:34 -04:00
Jeff Mitchell
5088eb322c Remove use of os/user as it cannot be run with CGO disabled 2015-10-02 18:43:38 -07:00
vishalnayak
25f604f429 Remove format parameter 2015-10-02 14:10:24 -04:00
vishalnayak
bf017d28d1 Github backend: enable auth renewals 2015-10-02 13:33:19 -04:00
Jeff Mitchell
70ce824267 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell
4801922b43 Minor updates to passthrough and additional tests 2015-09-21 16:57:41 -04:00
Jeff Mitchell
7e1c2c62c4 Use 'ttl_seconds' in CLI output so as not to shadow actual 'ttl' parameter 2015-09-21 16:37:37 -04:00
Jeff Mitchell
a782efa308 If there's no lease, output ttl instead of lease_duration 2015-09-21 16:37:37 -04:00
Jeff Mitchell
b0c97f8b8d If lease_duration is not zero, output it even if there is no lease. 2015-09-21 16:37:37 -04:00
Jeff Mitchell
4836e7ca4d Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527 2015-09-18 14:01:28 -04:00
vishalnayak
fee64e16c2 Adding type checking to ensure only BasicUi is affected 2015-09-17 11:37:21 -04:00
vishalnayak
fceaea733e CLI: Avoiding CR when printing specific fields 2015-09-17 10:05:56 -04:00
hendrenj
2925912b6b improve documentation for available log levels 2015-09-16 11:01:33 -06:00
vishalnayak
cd5da08a62 Typo fix 2015-09-11 21:36:20 -04:00
vishalnayak
ec4f6e59b3 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Jeff Mitchell
b9a5a137c0 Address items from feedback. Make MountConfig use values rather than 
pointers and change how config is read to compensate.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
3e713c61ac Push a lot of logic into Router to make a bunch of it nicer and enable a 
lot of cleanup. Plumb config and calls to framework.Backend.Setup() into
logical_system and elsewhere, including tests.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
0df0df2fcb Fix typo 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dd8ac00daa Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell
aadf039368 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dffcf0548e Plumb per-mount config options through API 2015-09-10 15:09:53 -04:00
vishalnayak
140013aebd Vault SSH: Default CIDR for roles 2015-08-27 13:04:15 -04:00
Jeff Mitchell
4c5c82e6f7 Rename config lease_duration parameters to lease_ttl in line with current standardization efforts 2015-08-27 07:50:24 -07:00
Jeff Mitchell
5584a11997 When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes. 2015-08-26 07:59:50 -07:00
Jeff Mitchell
4d877dc4eb Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell
e133536b79 Add support for pgp-keys argument to rekey, as well as tests, plus 
refactor common bits out of init.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell
efccbcd23e Don't store the given public keys in the seal config 2015-08-25 14:52:13 -07:00
Jeff Mitchell
ee10f1a565 Handle people specifying PGP key files with @ in front 2015-08-25 14:52:13 -07:00
Jeff Mitchell
d2023234b9 Add support for "pgp-tokens" parameters to init. 
There are thorough unit tests that read the returned
encrypted tokens, seal the vault, and unseal it
again to ensure all works as expected.
 2015-08-25 14:52:13 -07:00
Jeff Mitchell
f1a301922d Remove cookie authentication. 2015-08-21 19:46:23 -07:00
vishalnayak
47464abd08 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-19 12:16:37 -07:00
Jeff Mitchell
1f0458ffd5 Add -no-verify option to CLI auth command, to avoid decrementing the token use count during auth. 2015-08-18 19:22:17 -07:00
vishalnayak
d6c5031169 Vault SSH: TLS client creation test 2015-08-18 19:00:27 -07:00
vishalnayak
99736663e2 Vault SSH: verify echo test 2015-08-18 16:48:50 -07:00
vishalnayak
71c039d7cd Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-17 18:22:13 -07:00
vishalnayak
d63726b41b Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
Armon Dadgar
e659d93163 command: Fixing setup of client certificates 2015-08-17 12:18:14 -07:00
vishalnayak
a98b3befd9 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
vishalnayak
ffaf80167d Vault SSH: CLI embellishments 2015-08-13 16:55:47 -07:00
vishalnayak
f21c64e874 Vault SSH: Renamed path with mountPoint 2015-08-12 10:30:50 -07:00
vishalnayak
6b86811503 Vault SSH: Fixed constructor of SSH api 2015-08-12 09:56:17 -07:00
vishalnayak
2ac3cabf87 Merging changes from master 2015-08-12 09:28:16 -07:00
Michael S. Fischer
3a05fb70a7 command/meta.go: document environment variables 
Document the environment variables which, if set, can provide default
values for configuration options.

Fixes #476
 2015-08-07 15:13:30 -07:00
Matt Button
907011f8d7 Allow the vault token-create command to specify the token's id 2015-08-07 08:45:34 +00:00
vishalnayak
b5c3624f2e Merging with master 2015-08-06 18:44:40 -04:00
vishalnayak
044a2257e7 Vault SSH: Automate OTP typing if sshpass is installed 2015-08-06 17:00:50 -04:00
vishalnayak
0542fd8389 Vault SSH: uninstall dynamic keys using script 2015-08-06 15:50:12 -04:00
vishalnayak
8dbbb8b8e6 Vault SSH: CRUD test case for OTP Role 2015-07-31 13:24:23 -04:00
Karl Gutwin
1a673ddc0a PR review updates 2015-07-30 13:21:41 -04:00
Karl Gutwin
a87af4e863 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
vishalnayak
9aa02ad560 Vault SSH: Review Rework 2015-07-29 14:21:36 -04:00
Vishal Nayak
11a6c6de12 Vault SSH: Refactoring 2015-07-27 16:42:03 -04:00
Vishal Nayak
6c5548ca7b Vault SSH: Refactoring 2015-07-27 13:02:31 -04:00
Vishal Nayak
0a4854e542 Vault SSH: Dynamic Key test case fix 2015-07-24 12:13:26 -04:00
Vishal Nayak
699862b07a Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-07-23 17:20:34 -04:00
Vishal Nayak
3a1eaf1869 Vault SSH: Support OTP key type from CLI 2015-07-23 17:20:28 -04:00
Armon Dadgar
676f6d4233 server: import sha512. Fixes #448 2015-07-23 13:51:45 -07:00
Karl Gutwin
04c5596822 Avoid unnecessary abbreviation 2015-07-22 23:28:46 -04:00
Karl Gutwin
3ed4f2f9e1 Allow specifying a TLS minimum version 2015-07-22 23:19:41 -04:00
Nate Brown
ba38ab3a58 Git ignore getting in the way 2015-07-14 15:57:06 -07:00
Nate Brown
e83432adb3 Fix travis build 2015-07-14 15:50:29 -07:00
Nate Brown
8f666b8e60 Telemetry object in config 2015-07-14 15:36:28 -07:00
Nate Brown
693f529ae7 Disable hostname prefix for runtime telemetry 2015-07-13 13:17:57 -07:00
Vishal Nayak
47a9f548fe Vault SSH: Refactoring and fixes 2015-07-10 18:44:31 -06:00
Vishal Nayak
dae996c994 Vault SSH: Added comments to ssh_test 2015-07-10 16:59:32 -06:00
Vishal Nayak
eb0f119491 Vault SSH: Backend and CLI testing 2015-07-10 16:18:02 -06:00
Vishal Nayak
c25525a22a Vault SSH: Test case skeleton 2015-07-10 09:56:14 -06:00
Vishal Nayak
6f86d32089 Vault SSH: Made port number configurable 2015-07-06 16:56:45 -04:00
Vishal Nayak
0a59e84cef Vault SSH: Revoking key after SSH session from CLI 2015-07-06 11:05:02 -04:00
Vishal Nayak
280efd28f6 Vault SSH: PR review rework: Formatting/Refactoring 2015-07-02 19:52:47 -04:00
Vishal Nayak
fbaea45101 Vault SSH: PR review rework 2015-07-02 17:23:09 -04:00
Vishal Nayak
57174693ce Vault SSH: replaced concatenated strings by fmt.Sprintf 2015-07-01 20:35:11 -04:00
Vishal Nayak
13ab7fc40b Vault SSH: PR review rework - 1 2015-07-01 11:58:49 -04:00
Vishal Nayak
b821a8e872 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-06-30 18:33:37 -04:00
Vishal Nayak
2163818bd6 Input validations, help strings, default_user support 2015-06-30 18:33:17 -04:00
Armon Dadgar
18a23c9bef command: source general options docs from common source 2015-06-30 12:01:23 -07:00
Karl Gutwin
3a5b8789b8 CLI docs 2015-06-30 09:04:57 -04:00
Karl Gutwin
67993efeb0 Better error messages. 2015-06-30 08:59:38 -04:00
Vishal Nayak
756be6976d Refactoring changes 2015-06-29 22:00:08 -04:00
Karl Gutwin
75861c7c3b Initial sketch for client TLS auth 2015-06-29 15:33:16 -04:00
Vishal Nayak
5da639feff Creating SSH keys and removal of files in pure 'go' 2015-06-26 15:43:27 -04:00
Vishal Nayak
7dbad8386c ssh/lookup implementation and refactoring 2015-06-25 21:47:32 -04:00
Vishal Nayak
4b07eba487 POC: Rework. Doing away with policy file. 2015-06-24 18:13:12 -04:00
Vishal Nayak
9d709bd5a9 SSHs to multiple users by registering the respective host keys 2015-06-19 12:59:36 -04:00
Vishal Nayak
5cd9b7a7d8 merging with master 2015-06-18 20:51:11 -04:00
Vishal Nayak
fe5bb20e92 Roles, key renewal handled. End-to-end basic flow working. 2015-06-18 20:48:41 -04:00
Armon Dadgar
f91b91289c command/read: Ensure only a single argument. Fixes #304 2015-06-18 16:00:41 -07:00
Armon Dadgar
48e7531f79 command/path-help: rename command, better error if sealed. Fixes #234 2015-06-18 15:56:42 -07:00
Armon Dadgar
2772807547 command/write: adding force flag for when no data fields are necessary. Fixes #357 2015-06-18 13:51:06 -07:00
Armon Dadgar
57d1230e6c command/server: fixing output weirdness 2015-06-18 13:48:18 -07:00
Armon Dadgar
0696bc47e0 command/auth: warn earlier about VAULT_TOKEN 2015-06-18 13:48:04 -07:00
Armon Dadgar
ee176b2f5d command/auth: warn about the VAULT_TOKEN env var. Fixes #195 2015-06-17 19:19:02 -07:00
Vishal Nayak
f2ace92e98 Implementation for storing and deleting the host information in Vault 2015-06-17 22:10:47 -04:00
Armon Dadgar
0277cedc8a cmomand/read: strip path prefix if necessary. Fixes #343 2015-06-17 18:33:15 -07:00
Armon Dadgar
70ee1866ca server: graceful shutdown for fast failover. Fixes #308 2015-06-17 18:24:56 -07:00
Vishal Nayak
c1880de3d1 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-06-17 20:34:56 -04:00
Vishal Nayak
fa83fe89f0 Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-17 20:33:03 -04:00
Armon Dadgar
d19b74f78f command/token-create: provide more useful output. Fixes #337 2015-06-17 16:59:50 -07:00
Vishal Nayak
fb866f9059 Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 12:39:49 -04:00
Mitchell Hashimoto
dcc84749d1 command/auth, github: improve cli docs 
/cc @sethvargo
 2015-06-16 10:05:11 -07:00
Seth Vargo
669686f654 Merge pull request #270 from sheldonh/no_export_vault_token 
Don't recommend exporting VAULT_TOKEN
 2015-06-01 11:52:40 -04:00
Armon Dadgar
3f9a3a5811 Merge pull request #278 from Zhann/feature/add_dev_to_server_options_help 
Add help info for -dev flag
 2015-06-01 13:08:50 +02:00
Armon Dadgar
7abe375a9c command/rekey: use same language in rekey as init 2015-06-01 13:08:20 +02:00
Armon Dadgar
b1f64cb521 Merge pull request #273 from hashicorp/unseal-keys-notice 
Change phrasing for unseal key notification
 2015-06-01 13:06:52 +02:00
Steven De Coeyer
fc2400698a Add help info for -dev flag 2015-05-31 18:05:15 +02:00
Chris Bednarski
99325f2a31 Updated phrasing to note restarts, stop, and other sealing scenarios 2015-05-28 17:07:38 -07:00
Chris Bednarski
1e94e05c60 Changed phrasing for unseal key notification 2015-05-28 17:02:09 -07:00
Armon Dadgar
33bc096f43 command/rekey: adding tests 2015-05-28 15:22:42 -07:00
Armon Dadgar
da566a41fd command/rekey: first pass at rekey 2015-05-28 15:08:09 -07:00
Armon Dadgar
4a11980dc1 command/rotate: Adding new rotate command 2015-05-28 10:16:33 -07:00
Sheldon Hearn
c2390f2a29 Don't recommend exporting VAULT_TOKEN 
It's not needed by the dev server (which writes ~/.vault-token),
and breaks the Getting Started guide (e.g. #267).
 2015-05-28 14:39:35 +02:00
Armon Dadgar
db55ac7d74 command/key-status: Adding new key-status command 2015-05-27 18:17:02 -07:00
Armon Dadgar
aa867120b3 Merge pull request #251 from DavidWittman/auth-prompt-without-args 
Prompt for auth token when no args provided
 2015-05-27 11:24:33 -07:00
David Wittman
deccef209c Add test for stdin input 
Shamelessly borrowed this pattern from write_test.go
 2015-05-23 13:23:38 -05:00
David Wittman
d86fe916cb Read from stdin with auth command 2015-05-23 13:23:37 -05:00
Ian Unruh
c6b5d957de Add ability to read raw field from secret 2015-05-22 11:28:23 -07:00
Armon Dadgar
bb6addc58f command/renew: typo fix. Fixes #240 2015-05-21 11:03:25 -07:00
David Wittman
9797143038 Prompt for auth token when no args provided 
This makes `vault auth` work as documented:

> If no -method is specified, then the token is expected. If it is not
> given on the command-line, it will be asked via user input. If the
> token is "-", it will be read from stdin.
 2015-05-20 22:10:02 -05:00
Armon Dadgar
b474fa6dc5 server: Minor copy change 2015-05-20 17:49:16 -07:00
Armon Dadgar
628e102419 Merge pull request #222 from DavidWittman/config-backend-check 
Fail gracefully if a physical backend is not supplied
 2015-05-20 17:47:45 -07:00
Armon Dadgar
61f2e86f4e command/listener: Request TLS client cert. Fixes #214 2015-05-20 16:01:40 -07:00
Ian Unruh
045b5a9c84 Improve unseal CLI message 2015-05-19 00:34:18 -07:00
David Wittman
792e3a26f4 Fail gracefully if a phys backend is not supplied 2015-05-18 22:55:12 -05:00
Seth Vargo
c47ecbc9d3 Use strconv.ParseBool 2015-05-15 16:41:30 -04:00
Seth Vargo
5c93047642 Explicitly check if tls_disable == 1 2015-05-15 16:39:30 -04:00
Emil Hessman
17b599d233 command/token: add Env to Helper 
Specify environment variables on the Helper rather than on
the command line.

Fixes command/token test failures on Windows.
 2015-05-12 07:22:38 +02:00
Mitchell Hashimoto
a07bd713ca Rename skip verify env 2015-05-11 11:27:54 -07:00
Mitchell Hashimoto
51a806b266 Merge pull request #181 from jefferai/fix-ca-path-walk 
Fix CA path walking, and add TLS-related env vars.
 2015-05-11 11:26:47 -07:00
Mitchell Hashimoto
a3348b090a command: fix tests 2015-05-11 11:25:45 -07:00
Armon Dadgar
d9c5a691c8 command/token: Use cmd on windows instead of sh 2015-05-11 11:08:08 -07:00
Mitchell Hashimoto
6be7303053 command/*: -tls-skip-verify [GH-130] 2015-05-11 11:01:52 -07:00
Jeff Mitchell
e5d56747fd This adds one bugfix and one feature enhancement. 
Bugfix: When walking a given CA path, the walk gives both files and
directories to the function. However, both were being passed in to be
read as certificates, with the result that "." (the given directory for
the CA path) would cause an error. This fixes that problem by simply
checking whether the given path in the walk is a directory or a file.

Feature enhancement: VAULT_CACERT, VAULT_CAPATH, and VAULT_INSECURE now
perform as expected.
 2015-05-11 17:58:56 +00:00
Mitchell Hashimoto
8d79697948 command/meta: don't read token file if token is already set [GH-162] 2015-05-11 10:31:14 -07:00
Seth Vargo
f916e112c9 Make the VAULT_TOKEN and VAULT_ADDR copy-pastable in dev mode 
This allows someone to quickly start a dev mode server and hit the ground
running without the need to copy-paste twice.
 2015-05-07 18:32:40 -04:00
Armon Dadgar
f8cd8c9d0c Merge pull request #139 from fubar-coder/master 
Escape backslash to allow usage of dev server on Windows using MinGW
 2015-05-06 11:05:06 -07:00
Armon Dadgar
7153f9b216 Merge pull request #133 from hashicorp/f-advertise 
Attempt advertise address detection
 2015-05-04 12:13:45 -07:00
Mark Junker
e28293368a Escape backslash to allow usage of dev server on Windows using MinGW (partially fixes issue #95) 2015-05-04 09:20:40 +02:00
A.I
f42a100d03 Fix lease_renewable output 2015-05-02 19:58:48 -07:00
Armon Dadgar
942e0ecf7d command/server: Attempt advertise address detection 2015-05-02 15:57:40 -07:00
Mitchell Hashimoto
8c7771f299 Merge pull request #82 from DavidWittman/75-auth-revoked-token 
Check for invalid token when authing via cli
 2015-05-02 13:20:57 -07:00
Mitchell Hashimoto
8b961490cd command/format: add lease_renewable to output 2015-05-02 13:11:40 -07:00
David Wittman
e4ffd4ac27 Check for invalid token when authing via cli 
If a token does not exist, the Read request returns without an
error, but the secret returned is `nil`, so we need to check for
that.

Closes #75
 2015-04-28 21:50:51 -05:00
Mitchell Hashimoto
e2aa51c22b command/server: fix one race condition 2015-04-28 19:11:46 -07:00
Mitchell Hashimoto
a0376a20f0 command/server: disable mlock in dev mode 2015-04-28 15:11:39 -07:00
Mitchell Hashimoto
4d51d0f0f4 command/server: allow disabling mlock 2015-04-28 15:09:30 -07:00
Mitchell Hashimoto
e3c9a4cf4c command/server: warning if no mlock 2015-04-28 15:04:40 -07:00
Mitchell Hashimoto
283d09476a command/token: use executable path to find token helper [GH-60] 2015-04-28 14:52:55 -07:00
Matt Haggard
6185fe119a Update server.go 
Did you mean "talking?"  Or something else?
 2015-04-28 14:01:45 -06:00
Mitchell Hashimoto
bacbf6c082 command: support custom CAs 2015-04-28 09:36:03 -07:00
Mitchell Hashimoto
939123c86e command/*: lets try to remove this before 0.1.0 2015-04-28 09:20:42 -07:00
Mitchell Hashimoto
d1054ceda9 command/*: more TODO removal 2015-04-28 09:15:38 -07:00
Mitchell Hashimoto
128eea13f6 command/*: fix spacing 2015-04-28 09:15:21 -07:00
Mitchell Hashimoto
9816427b37 command/* fill in the addr 2015-04-28 09:13:32 -07:00
Armon Dadgar
0bf96348dc command/server: Catch error from core initialization. Fixes #42 2015-04-27 21:29:40 -07:00
Armon Dadgar
72d4bddf9d command/write: test output 2015-04-27 15:08:03 -07:00
Armon Dadgar
f2fe8dac79 command/write: handle writes with output 2015-04-27 14:55:43 -07:00
Armon Dadgar
5aee91ccb9 command: refactor to share output formating code 2015-04-27 14:55:29 -07:00
Jack Pearkes
226135dbf0 command/init: minor output text fix 2015-04-22 11:48:07 -07:00
Mitchell Hashimoto
dae11264ee command/status: no weird indentintg 2015-04-21 20:11:15 +02:00
Armon Dadgar
0d066ca8e7 command/status: refactor to improve output 2015-04-20 13:37:32 -07:00
Armon Dadgar
018e07cbd3 command/status: improve output when sealed 2015-04-20 12:21:35 -07:00
Armon Dadgar
126a2ebd16 command/status: improve output when sealed 2015-04-20 12:19:25 -07:00
Armon Dadgar
e4285526b2 command: Rename seal-status to status 2015-04-20 12:11:21 -07:00
Armon Dadgar
da490b3bd7 command: Adding HA status 2015-04-20 12:08:54 -07:00
Mitchell Hashimoto
6e9a966e77 command/token-create: add display name and one time use 2015-04-19 18:08:08 -07:00
Mitchell Hashimoto
be5d8d0a29 command/token-renew 2015-04-19 18:04:01 -07:00
Mitchell Hashimoto
42743eb109 command/policy-delete 2015-04-19 16:36:11 -07:00
Mitchell Hashimoto
57be6d86d5 command/read: handle 404s 2015-04-18 22:05:08 -07:00
Mitchell Hashimoto
bac7049996 command/server: can set advertise addr 2015-04-17 12:56:31 -07:00
Mitchell Hashimoto
75a319d767 command/server: config for setting stats addresses 2015-04-17 12:56:31 -07:00
Mitchell Hashimoto
b5fbc293b3 command/server: not HA possibilities when starting 2015-04-17 12:56:31 -07:00
Armon Dadgar
b25125f167 command/server: Enable telemetry. cc: @mitchellh 2015-04-14 18:44:09 -07:00
Mitchell Hashimoto
c359ba05f0 command/read: output the duration 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
4faf951f03 command/renew 2015-04-13 20:42:07 -07:00
Armon Dadgar
723860fa96 command: Set minimum TLS version to 1.2 2015-04-13 19:09:44 -07:00
Mitchell Hashimoto
dfcc241d1f command/unseal: update error message 2015-04-12 18:41:42 -07:00
Mitchell Hashimoto
a1adebf411 command/unseal: can accept key from command-line 2015-04-12 18:39:41 -07:00
Mitchell Hashimoto
b1be8e9ee8 command/meta: can force config 2015-04-12 17:51:38 -07:00
Mitchell Hashimoto
46cfb9eb97 command: can force address 2015-04-12 17:30:19 -07:00
Mitchell Hashimoto
1296128ae9 command/revoke: rename vars to leaseId 2015-04-10 20:49:10 -07:00
Mitchell Hashimoto
c30d877fa4 rename vault id to lease id all over 2015-04-10 20:35:14 -07:00
Armon Dadgar
9f577b39b4 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Mitchell Hashimoto
969098d686 command/auth: should let <1 args go through 2015-04-07 23:53:45 -07:00
Mitchell Hashimoto
a668846932 command/auth: unify 2015-04-07 23:29:49 -07:00
Mitchell Hashimoto
f6545f52ad command/audit-enable 2015-04-07 22:42:04 -07:00
Mitchell Hashimoto
574050b53f helper/kv-builder 2015-04-07 22:30:25 -07:00
Mitchell Hashimoto
75d72619f8 command/audit-disable 2015-04-07 18:23:50 -07:00
Mitchell Hashimoto
77139d9a8c command/audit-list 2015-04-07 18:19:44 -07:00
Mitchell Hashimoto
160aeccb03 command/token-revoke 2015-04-07 14:36:17 -07:00
Mitchell Hashimoto
1ccf891cf2 command/token-create: test 2015-04-07 14:22:18 -07:00
Mitchell Hashimoto
706e914ebf command/token-create 2015-04-07 14:20:18 -07:00
Mitchell Hashimoto
7a54437355 command/delete 2015-04-07 11:15:20 -07:00
Mitchell Hashimoto
6c6480dc4f command/remount 2015-04-07 10:46:47 -07:00
Mitchell Hashimoto
a241dac1f5 command/unmount: better output 2015-04-07 10:39:17 -07:00
Mitchell Hashimoto
490dd80a25 command/unmount 2015-04-07 10:38:51 -07:00
Mitchell Hashimoto
8f85830497 command/server: env var for dev mode 2015-04-06 10:28:17 -07:00
Mitchell Hashimoto
e4f0563dd4 credential/github: CLI handler 2015-04-06 09:53:43 -07:00
Mitchell Hashimoto
cc01f79c79 command/auth: test for other methods 2015-04-06 09:40:47 -07:00
Mitchell Hashimoto
e8fcb9e5b6 command/auth: add -method-help flag 2015-04-06 09:38:16 -07:00
Mitchell Hashimoto
cc202f9208 command/unseal: print newline after reading password 2015-04-06 09:34:08 -07:00
Mitchell Hashimoto
3e4a8a926e command/auth: framework for supporting more auth methods 2015-04-05 20:50:18 -07:00
Mitchell Hashimoto
2b12d51d70 builtin/audit: add file audit 2015-04-04 18:10:25 -07:00
Mitchell Hashimoto
d5d63ede9f command/server: tests 2015-04-04 17:43:20 -07:00
Mitchell Hashimoto
d446659956 command/server: log levels 2015-04-04 12:11:10 -07:00
Mitchell Hashimoto
a196d194a1 command/server: cleaner output 2015-04-04 12:06:41 -07:00
Mitchell Hashimoto
8e39a1e7d8 command/help 2015-04-02 22:42:05 -07:00
Mitchell Hashimoto
83d0f13a68 Revert "command/policy" 
This reverts commit da81ab3b4c.
 2015-04-01 23:07:49 -07:00
Mitchell Hashimoto
da81ab3b4c command/policy 2015-04-01 23:02:03 -07:00
Mitchell Hashimoto
6d8502c7d8 command/policy-write 2015-04-01 23:00:15 -07:00
Mitchell Hashimoto
79995a4496 command/policies: read a single policy 2015-04-01 18:50:43 -07:00
Mitchell Hashimoto
4930e3885d command/policy-list 2015-04-01 18:46:32 -07:00
Mitchell Hashimoto
c6cfac1ff8 command/auth-disable 2015-04-01 17:14:11 -07:00
Mitchell Hashimoto
1e6bc65763 command/auth-enable 2015-04-01 17:09:11 -07:00
Mitchell Hashimoto
9751f8c963 command/mounts: columnize 2015-04-01 17:01:10 -07:00
Mitchell Hashimoto
def17c5f73 command/read 2015-04-01 16:44:20 -07:00
Mitchell Hashimoto
515bd7b75b command/server: support CredentialBackends 2015-04-01 15:48:13 -07:00
Mitchell Hashimoto
ba2b05db52 command/read: better UX on vault read 2015-03-31 20:50:05 -07:00
Mitchell Hashimoto
02f3f065c9 command/revoke: prefix 2015-03-31 19:33:16 -07:00
Mitchell Hashimoto
ea234d9cbf command/revoke: revoke 2015-03-31 19:21:02 -07:00
Mitchell Hashimoto
4cbe26b726 misc typos 2015-03-31 17:27:04 -07:00
Mitchell Hashimoto
456c4b0b21 command/write: new format 2015-03-31 17:16:26 -07:00
Mitchell Hashimoto
9198a6687a command/server: dev mode 2015-03-31 16:44:47 -07:00
Mitchell Hashimoto
d803e0eadb command/mount 2015-03-31 16:29:04 -07:00
Mitchell Hashimoto
e8a692898c command/auth: validate the token 2015-03-31 15:22:52 -07:00
Mitchell Hashimoto
edde6ed160 command/seal: test should use the token 2015-03-31 11:46:55 -07:00
Mitchell Hashimoto
c6fc00c8f6 command/seal 2015-03-30 23:39:56 -07:00
Mitchell Hashimoto
5102c89221 command/meta: tests passing 2015-03-30 23:30:30 -07:00
Mitchell Hashimoto
838843e48c command/auth: add newline so reading token doesn't output 2015-03-30 23:24:41 -07:00
Mitchell Hashimoto
ca2986694c command/meta: add token to client if we have it 2015-03-30 23:10:59 -07:00
Mitchell Hashimoto
4b48996a41 command/auth: tests work wihtout vault installed 2015-03-30 11:07:31 -07:00
Mitchell Hashimoto
a6b9e87350 command/auth: setting tokens works 2015-03-30 10:55:41 -07:00
Mitchell Hashimoto
8e427cc3d4 command: load configuration 2015-03-30 10:25:24 -07:00
Mitchell Hashimoto
9abd4e4ec5 command/token: HelperPath 2015-03-30 10:11:17 -07:00
Mitchell Hashimoto
4b35cbccb6 token/disk: implement unencrypted disk store 2015-03-30 09:21:59 -07:00
Mitchell Hashimoto
224f788123 command/token: helper to read/write tokens from a helper 2015-03-29 17:42:26 -07:00
Mitchell Hashimoto
9d8d24f7fb command/auth: boilerplate 2015-03-29 16:42:45 -07:00
Mitchell Hashimoto
b89ac8e3c5 command/init: show root token 2015-03-29 16:25:53 -07:00
Mitchell Hashimoto
39f2da0fbe command: unit tests pass 2015-03-29 16:20:34 -07:00
Armon Dadgar
06e30b425e Fixing compilation errors due to API change 2015-03-24 16:20:05 -07:00
Mitchell Hashimoto
ac8570c809 main: enable AWS backend 2015-03-20 19:32:18 +01:00
Mitchell Hashimoto
92a7a763f4 command/mounts 2015-03-15 21:28:31 -07:00
Mitchell Hashimoto
4f8323cb03 command/read 2015-03-15 20:52:28 -07:00
Mitchell Hashimoto
f11c8febad command/meta: VAULT_ADDR to set the addr via env var 2015-03-15 20:41:36 -07:00
Mitchell Hashimoto
f93f1198d5 command/write: can write arbitrary data from stdin 2015-03-15 20:40:12 -07:00
Mitchell Hashimoto
8093f94c65 command/write 2015-03-15 20:35:33 -07:00
Mitchell Hashimoto
2d92c2ee10 fix all tests 2015-03-15 17:10:33 -07:00
Mitchell Hashimoto
4679dd6ada command/unseal: tests 2015-03-13 20:17:55 -07:00
Mitchell Hashimoto
db91352a52 website: imageoptim 2015-03-13 12:58:21 -07:00
Mitchell Hashimoto
e881439d0b command/seal-status 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
8de077810e command/init: tests 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
fb5530d0e0 command/init: make the output a little nicer 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
6b83c937d4 command/init 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
fcc6646a19 command/server: initial working 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
cf259c3f22 command/sever: copy the TCP keep alive listener 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
9564f8bcc2 command/server: support TLS 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
69d28396ca command/server: tcp listener 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
279a1b13d6 command/server: load config from flags 2015-03-12 15:30:07 -07:00
Mitchell Hashimoto
2bbd5fa66e command/server: add config loading 2015-03-12 15:21:11 -07:00
Mitchell Hashimoto
d7606d13d5 command/get,put 2015-03-04 11:08:13 -08:00
Mitchell Hashimoto
d8ec17588c command/seal 2015-03-04 08:56:10 -08:00
Mitchell Hashimoto
c0557579da command/unseal: forward error along 2015-03-04 00:35:02 -08:00
Mitchell Hashimoto
205857be65 helper/password: for reading passwords securely 2015-03-04 00:31:35 -08:00
Mitchell Hashimoto
a513240662 command/unseal 2015-03-03 23:57:23 -08:00
Mitchell Hashimoto
0210df0516 command/auth: document the serer options 2015-03-03 23:52:54 -08:00
Mitchell Hashimoto
4a916d9454 command/meta: server options 2015-03-03 23:49:37 -08:00
Mitchell Hashimoto
2800987dd4 command/auth 2015-03-03 23:34:32 -08:00
Mitchell Hashimoto
9cbbe58253 command: version test 2015-03-03 23:14:54 -08:00
Mitchell Hashimoto
a5c076851b scripts 2015-03-03 23:14:18 -08:00
Mitchell Hashimoto
0099f62efa basic main boilerplate stuff 2015-03-03 23:03:24 -08:00