mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-16 19:47:02 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,843 Branches 445 Tags 454 MiB
68b40b814c
Commit Graph

446 Commits

Author SHA1 Message Date
Brian Kassouf
78b27fa765 Add API docs 2017-05-03 02:13:07 -07:00
Brian Kassouf
85967cb5a8 Add custom plugins docs page 2017-05-03 00:01:28 -07:00
Brian Kassouf
2be2e4c74e Update docs for the database backend and it's plugins 2017-05-02 22:24:31 -07:00
Jeff Mitchell
d300c23597 Add website skeleton 2017-05-02 16:26:32 -04:00
Jeff Mitchell
cb0b22031d Update index.html.md 2017-04-18 15:50:44 -04:00
Jon Benson
32854c8066 Fix sentence - remove "and" 2017-04-17 19:35:04 -07:00
Jeff Mitchell
bdc3002d56 Update SSH docs to indicate deprecation of dynamic key type 2017-04-17 11:11:05 -04:00
Jeff Mitchell
8e2b8ff1df Add some extra documentation around ssh-keygen -L to see signed cert 
info.

Ping #2569
 2017-04-13 15:23:27 -04:00
Jeff Mitchell
14c0000169 Update SSH CA documentation 
Fixes #2551
Fixes #2569
 2017-04-07 11:59:25 -04:00
Emre Erkunt
c7e9377000 Fixed an example on aws backend documentation about an iam profile. (#2522) 2017-04-04 09:03:27 -07:00
Jeff Mitchell
251da1bcdc Update SSH docs to note that host key verification is not performed. 2017-04-03 10:43:41 -04:00
Vishal Nayak
cf0fb2119f docs: Elaborate the steps for SSH CA backend with 'sshd_config' changes (#2507) 2017-03-19 18:52:15 -04:00
Seth Vargo
0fe2e84e3a
Update titles 2017-03-17 14:37:01 -04:00
Seth Vargo
f64bf8d183
/docs/http -> /api 2017-03-17 14:06:03 -04:00
Seth Vargo
d873469210
Use relative links 2017-03-16 12:04:36 -07:00
Seth Vargo
501cf5d065
Break out API documentation for secret backends 2017-03-16 09:47:06 -07:00
Mike Okner
6f84f7ffd0 Adding allow_user_key_ids field to SSH role config (#2494) 
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
 2017-03-16 08:45:11 -04:00
Jeff Mitchell
688104e69a Allow roles to specify whether CSR SANs should be used instead of (#2489) 
request values. Fix up some documentation.

Fixes #2451
Fixes #2488
 2017-03-15 14:38:18 -04:00
Stanislav Grozev
e9086bd85f Remove superfluous argument from SSH CA docs 2017-03-14 10:21:48 -04:00
Stanislav Grozev
5f3397bff5 Reads on ssh/config/ca return the public keys 
If configured/generated.
 2017-03-14 10:21:48 -04:00
Stanislav Grozev
d22796c644 If generating an SSH CA signing key - return the public part 
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
 2017-03-14 10:21:48 -04:00
Vishal Nayak
9af1ca3d2c doc: ssh allowed_users update (#2462) 
* doc: ssh allowed_users update

* added some more context in default_user field
 2017-03-09 10:34:55 -05:00
vishalnayak
4731754077 doc: ssh markdown alignments 2017-03-08 21:58:12 -05:00
Jeff Mitchell
e8e1905c96 Some minor ssh docs updating 2017-03-02 16:47:21 -05:00
Will May
ffb5ee7fda Changes from code review 2017-03-02 14:36:13 -05:00
Will May
f9d853f7f0 Allow internal generation of the signing SSH key pair 2017-03-02 14:36:13 -05:00
Vishal Nayak
d30a833db7 Rework ssh ca (#2419) 
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
 2017-03-01 15:50:23 -05:00
Will May
59397250da Changes from code review 
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
 2017-03-01 15:19:18 -05:00
Will May
1d59b965cb Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00
Vishal Nayak
e3016053b3 PKI: Role switch to control lease generation (#2403) 
* pki: Make generation of leases optional

* pki: add tests for upgrading generate_lease

* pki: add tests for leased and non-leased certs

* docs++ pki generate_lease

* Generate lease is applicable for both issuing and signing

* pki: fix tests

* Address review feedback

* Address review feedback
 2017-02-24 12:12:40 -05:00
Jeff Mitchell
5e5d9baabe Add Organization support to PKI backend. (#2380) 
Fixes #2369
 2017-02-16 01:04:29 -05:00
Tommy Murphy
214cd65d55 docs: transit parameter is actually deletion_allowed (#2356) 2017-02-09 15:10:28 -05:00
Brian Vans
32d5d88119 Fixing a few typos in the docs (#2344) 2017-02-07 11:55:29 -05:00
Vishal Nayak
a9121ff733 transit: change batch input format (#2331) 
* transit: change batch input format

* transit: no json-in-json for batch response

* docs: transit: update batch input format

* transit: fix tests after changing response format
 2017-02-06 14:56:16 -05:00
Vishal Nayak
3797666436 Transit: Support batch encryption and decryption (#2143) 
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
 2017-02-02 14:24:20 -05:00
Chris Hoffman
ad6f815308 Minor transit docs fixes 2017-01-23 22:26:38 -05:00
joe miller
90e32515ea allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman
43bae79d01 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
Erwin de Keijzer
7e27ca924d Fixed rabbitmq documentation 
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
 2017-01-13 08:54:04 +01:00
Matthew Irish
231f00dff2 Transit key actions (#2254) 
* add supports_* for transit key reads

* update transit docs with new supports_* fields
 2017-01-11 10:05:06 -06:00
Elan Ruusamäe
cfbf8bd623 add unix socket example as well (#2193) 2016-12-16 05:13:35 -05:00
Elan Ruusamäe
31e655d597 Update index.html.md (#2191) 
add DSN as link to go-sql-driver/mysql to know the syntax
 2016-12-16 03:37:54 -05:00
Dan Gorst
4835df609d Minor documentation tweak (#2127) 
Should be arn, not policy - latter will error as that assume an inline policy json document
 2016-11-24 07:36:46 -08:00
Jeff Mitchell
6165c3e20f Update docs to fix #2102 2016-11-22 12:19:22 -05:00
Joel Thompson
523de6b4d2 Add information on HMAC verification to transit docs (#2062) 2016-11-07 13:44:14 -05:00
vishalnayak
8293b19a98 Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
Chris Hoffman
4406a39da2 Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
Vishal Nayak
24ab1610f6 Merge pull request #2010 from rajanadar/patch-5 
doc: add doc for the GET lease settings api
 2016-10-18 09:39:23 -04:00
Raja Nadar
a0bb983132 fix indentation 2016-10-15 22:58:25 -07:00
Raja Nadar
b3dd87bb59 doc: add doc for the GET lease settings api 
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
 2016-10-15 22:43:50 -07:00
Raja Nadar
4321c51c83 doc: add consistency field in get-role response 2016-10-15 01:15:58 -07:00
Jeff Mitchell
37df43d534 Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
Vishal Nayak
4ffd3ec392 Merge pull request #1957 from hashicorp/website-list-userpass 
Added user listing endpoint to userpass docs
 2016-10-04 14:10:49 -04:00
vishalnayak
6b0be2d5c4 Added user listing endpoint to userpass docs 2016-09-30 15:47:33 -04:00
Jeff Mitchell
ff8b570394 Update text around cubbyhole/response 2016-09-29 17:44:15 -04:00
Chris Stevens
32f883acd9 Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection" 
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.

The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
 2016-09-29 14:05:47 -05:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Chris Hoffman
44774c99de Small consul doc fix 2016-09-28 15:11:39 -04:00
Laura Bennett
4cfe098ce4 Merge pull request #1931 from hashicorp/cass-consistency 
Adding consistency into cassandra
 2016-09-27 21:12:02 -04:00
Chris Hoffman
10c8024fa3 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett
6fb9364260 typo correction 2016-09-27 16:38:27 -04:00
Laura Bennett
ae97f14ebd updates to the documents 2016-09-27 16:36:20 -04:00
Jeff Mitchell
8482118ac6 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Chris Hoffman
cd567eb480 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Raja Nadar
0087541e6f doc: change invalid otp response code to 400 (#1863) 
invalid otp response code is 400 bad request.
 2016-09-08 11:13:13 -04:00
Raja Nadar
f42f765ec4 doc: fixing field name to security_token (#1850) 
response field is security_token, not secret_token.
 2016-09-03 22:40:57 -04:00
Andrew Backhouse
f8c49840fa Update index.html.md (#1819) 
Corrected a minor spelling error.
 2016-08-31 10:02:43 -04:00
Jeff Mitchell
976876ac4b Update website with POST STS path 2016-08-30 10:37:55 -04:00
Jeff Mitchell
1a3d2b6c51 update docs 2016-08-26 17:52:42 -04:00
Jeff Mitchell
c9aa308804 Use key derivation for convergent nonce. (#1794) 
Use key derivation for convergent nonce.

Fixes #1792
 2016-08-26 14:11:03 -04:00
Jeff Mitchell
84cd3c20b3 Remove context-as-nonce, add docs, and properly support datakey 2016-08-07 15:53:40 -04:00
Jeff Mitchell
503a13b17b Remove erroneous information about some endpoints being root-protected 2016-08-04 16:08:54 -04:00
Cameron Stokes
1b66c6534c ~secret/aws: env variable and IAM role usage 2016-08-04 13:02:07 -07:00
Jeff Mitchell
6ce0f86c0f Update DB docs with new SQL specification options 2016-08-03 15:45:56 -04:00
Chris Hoffman
87b4514f44 Missing prefix on roles list 2016-07-29 11:31:26 -04:00
Laura Bennett
c6cc73b3bd Merge pull request #1635 from hashicorp/mysql-idle-conns 
Added maximum idle connections to mysql to close hashicorp/vault#1616
 2016-07-20 15:31:37 -04:00
Laura Bennett
33ed1ffd58 minor formatting edits 2016-07-20 14:42:52 -04:00
Jeff Mitchell
a8a2886538 Merge pull request #1604 from memory/mysql-displayname-2 
concat role name and token displayname to form mysql username
 2016-07-20 14:02:17 -04:00
Nathan J. Mehl
e824f6040b use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Laura Bennett
7c2c30e5ae update documentation for idle connections 2016-07-20 12:50:07 -04:00
Nathan J. Mehl
83635c16b6 respond to feedback from @vishalnayak 
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
 2016-07-20 06:36:51 -07:00
Matt Hurne
0a55ca674b mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease 2016-07-19 12:46:54 -04:00
Nathan J. Mehl
417cf49bb7 allow overriding the default truncation length for mysql usernames 
see https://github.com/hashicorp/vault/issues/1605
 2016-07-12 17:05:43 -07:00
Matt Hurne
2c3b5513df mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages 2016-07-07 23:09:45 -04:00
Matt Hurne
f2a3471f37 Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required 2016-07-07 22:34:00 -04:00
Matt Hurne
a130c7462a mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON 2016-07-07 22:31:35 -04:00
Matt Hurne
2b5b56febd mongodb secret backend: Update documentation 2016-07-05 09:50:23 -04:00
Matt Hurne
7571487c7f Merge branch 'master' into mongodb-secret-backend 2016-07-01 20:39:13 -04:00
Mark Paluch
895eac0405 Address review feedback. 
Switch ConnectTimeout to framework.TypeDurationSecond  with a default of 5. Remove own parsing code.
 2016-07-01 22:26:08 +02:00
Mark Paluch
f85b2b11d3 Support connect_timeout for Cassandra and align timeout. 
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration.  Also align the timeout to 5 seconds which is the default for the Python and Java drivers.

Fixes #1538
 2016-07-01 21:22:37 +02:00
Matt Hurne
f55955c2d8 Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl' 2016-06-30 09:57:43 -04:00
Matt Hurne
4c97b1982a Add mongodb secret backend 2016-06-29 08:33:06 -04:00
Jeff Mitchell
d46eba8a42 Update PKI docs with key_usge info 2016-06-23 11:07:17 -04:00
vishalnayak
c37ef12834 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
Jeff Mitchell
1c15a56726 Add convergent encryption option to transit. 
Fixes #1537
 2016-06-20 13:17:48 -04:00
Mark Paluch
10ea4bf8d4 Fix RabbitMQ documentation 
Change parameter `uri` to `connection_uri` in code example.
 2016-06-19 17:45:30 +02:00
vishalnayak
75937956aa RabbitMQ docs++ 2016-06-14 10:22:30 -04:00
Jeff Mitchell
5b7e6804e1 Add updated wrapping information 2016-06-14 05:59:50 +00:00
Jeff Mitchell
7479621705 Don't check parsability of a ttl key on write. 
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.

The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.

Fixes #1505
 2016-06-08 20:14:36 -04:00
Laura Bennett
8fb5ca046c url fix 2016-06-08 14:53:33 -04:00
Laura Bennett
2b3f6d59a5 Updates for pki/certs list functionality 2016-06-08 14:37:57 -04:00
Vishal Nayak
8b15722fb4 Merge pull request #788 from doubledutch/master 
RabbitMQ Secret Backend
 2016-06-08 10:02:24 -04:00
vishalnayak
ab017967e4 Provide option to disable host key checking 2016-06-01 11:08:24 -04:00
vishalnayak
8ae663f498 Allow * to be set for allowed_users 2016-05-30 03:12:43 -04:00
vishalnayak
c945b8b3f2 Do not allow any username to login if allowed_users is not set 2016-05-30 03:01:47 -04:00
Kevin Pike
493f69c657 Update rabbitmq lease docs 2016-05-20 23:28:41 -07:00
Jeff Mitchell
205ba863ea Add cubbyhole wrapping documentation 2016-05-19 13:33:51 -04:00
Jeff Mitchell
8c3e9c4753 Merge pull request #1318 from steve-jansen/aws-logical-assume-role 
Add sts:AssumeRole support to the AWS secret backend
 2016-05-19 12:17:27 -04:00
Sean Chittenden
339c0a4127
Speling police 2016-05-15 09:58:36 -07:00
Jeff Mitchell
9de0ea081a Don't revoke CA certificates with leases. 2016-05-09 19:53:28 -04:00
Steve Jansen
69740e57e0 Adds sts:AssumeRole support to the AWS secret backend 
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
 2016-05-05 23:32:41 -04:00
Sean Chittenden
8611270e58 Wordsmith the docs around the list command. 
Prompted by: feedback from conference attendees at PGConf '16
 2016-04-20 18:13:58 -04:00
Kevin Pike
a557bdebcc Remove example parameters 2016-04-08 09:49:10 -07:00
Kevin Pike
862afdb355 Support verify_connection flag 2016-04-08 09:44:15 -07:00
Kevin Pike
9733770010 Fix RabbitMQ documentation 
PostgreSQL -> RabbitMQ
 2016-04-08 09:30:20 -07:00
Kevin Pike
ae6b145b6f Fix RabbitMQ URLs 2016-04-08 09:29:00 -07:00
Kevin Pike
a20f2bc6bd Merge branch 'master' of github.com:doubledutch/vault 2016-04-08 09:25:28 -07:00
Jeff Mitchell
9803b9fceb Merge pull request #1293 from gliptak/patch-2 
Correct typo in base64 parameters
 2016-04-05 09:38:00 -04:00
Gábor Lipták
6ce11ee680 Correct typo in base64 parameters 2016-04-05 09:20:43 -04:00
Gábor Lipták
bda3af7dbb Update transit read key output 2016-04-05 09:16:47 -04:00
Jeff Mitchell
bfae0223da Merge pull request #1290 from steve-jansen/patch-2 
Adds note on GH-1102 fix to secret/aws doc
 2016-04-05 08:37:39 -04:00
Steve Jansen
03da496bd2 Adds note on GH-1102 fix to secret/aws doc 
Add note related to #1102, which leads to a non-obvious AWS error message on 0.5.0 or earlier.
 2016-04-04 21:30:41 -04:00
Steve Jansen
64b472dc57 Fix typo in iam permission for STS 2016-04-04 21:20:26 -04:00
Vishal Nayak
6b8f3dbe1d Revert "Change mysql connection to match new" 2016-03-23 15:18:09 -04:00
Chris Mague
a681090e3b Change mysql connection to match new 
Documentation update to reflect mysql config connection from the old to the newer format
 2016-03-23 12:09:06 -07:00
Cem Ezberci
efda0f1a61 Fix a typo 2016-03-19 21:24:17 -07:00
Jeff Mitchell
49d1e7a087 Some generic docs updates 2016-03-18 09:57:21 -04:00
Jeff Mitchell
f5d304ab56 Add exclude_cn_from_sans to PKI docs 2016-03-17 16:58:06 -04:00
Matt Hurne
80ca13ce7e AWS permissions documentation fixes: add missing permissions needed to attach and detach managed policies to IAM users, add missing comma, remove extraneous comma 2016-03-14 09:39:32 -04:00
Vishal Nayak
0b2477d7cb Merge pull request #998 from chrishoffman/mssql 
Sql Server (mssql) secret backend
 2016-03-10 22:30:24 -05:00
Chris Hoffman
41b5847a67 Docs updates 2016-03-10 21:15:25 -05:00
Chris Hoffman
1d7fe31eac Adding verify_connection to config, docs updates, misc cleanup 2016-03-09 23:08:05 -05:00
AndrewBrown-JustEat
ead568987c Minor documentation change 2016-03-09 14:50:23 +00:00
Jeff Mitchell
c2727991c1 Add a necessary IAM permission to the example 2016-03-08 21:29:34 -05:00
Jeff Mitchell
2b7edf6bfd Update cubbyhole text to be more explicit. 
Fixes #1165
 2016-03-03 10:58:58 -05:00
Chris Hoffman
ed5ca17b57 Adding mssql secret backend 2016-03-03 09:19:17 -05:00
vishalnayak
8feae7eb1f removed datatype and corrected a sentense 2016-03-01 11:21:29 -05:00
vishalnayak
a40e0fc8d4 zeroaddress documentation fix 2016-03-01 10:57:00 -05:00
Jeff Mitchell
ec75a24647 Be more explicit about buffer type 2016-02-24 22:05:39 -05:00
Jeff Mitchell
6dd8822c08 Add documentation for pki/tidy 2016-02-24 21:31:29 -05:00
Matt Hurne
ac835c4e61 Add note that STS credentials can only be generated for user inline policies in AWS secret backend documentation 2016-02-23 09:06:52 -05:00
vishalnayak
046d7f87b4 postgres: connection_url fix 2016-02-22 11:22:49 -05:00
Kevin Pike
79ed734a2f Merge branch 'master' into rabbitmq 2016-02-21 14:55:06 -08:00
Kevin Pike
d805f2ef57 Add RabbitMQ secret backend 2016-02-21 14:52:57 -08:00
vishalnayak
8c62b0b2b3 changelog++ 2016-02-19 16:52:19 -05:00
vishalnayak
20342d9049 Don't deprecate value field yet 2016-02-19 16:07:06 -05:00
vishalnayak
5f19c77897 mysql: provide allow_verification option to disable connection_url check 2016-02-19 16:07:05 -05:00
Jeff Mitchell
ac3191ad02 Disallow 1024-bit RSA keys. 
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
 2016-02-19 14:33:02 -05:00
Jeff Mitchell
9ff4d3c204 Remove root-protected references from transit docs 2016-02-18 12:45:18 -05:00
Jeff Mitchell
ddb475d40d Merge pull request #1075 from rajanadar/patch-14 
adding full response for intermediate/generate
 2016-02-18 10:16:53 -05:00
Jeff Mitchell
959064f722 Merge pull request #1074 from rajanadar/patch-13 
added missing fields to read role
 2016-02-18 10:16:14 -05:00
Raja Nadar
8e5989ecb5 adding full response for intermediate/generate 
1. adding superset of fields in response, so that folks can see all possible response fields.
2. also added the less important "warnings" field
 2016-02-14 14:42:37 -08:00
Raja Nadar
5fc80d7ef3 added missing fields to read role 
added the lease and token type field to the read role response.
 2016-02-14 13:00:42 -08:00
Raja Nadar
d083f459bd fixing response fields of /pki/issue 
1. added the private_key_type field
2. changed "serial" to "serial_number"
3. added the warnings field
 2016-02-14 12:41:43 -08:00
techraf
30c51e8e4e Fixes typo 2016-02-12 22:34:07 +09:00
Jeff Mitchell
3ac40a7ae5 Use capabilities to determine upsert-ability in transit. 2016-02-02 10:03:14 -05:00
Jeff Mitchell
216fe1b9da Revert "Re-add upsert into transit. Defaults to off and a new endpoint /config" 
This reverts commit dc27d012c0.
 2016-02-02 09:26:25 -05:00
Jeff Mitchell
dc27d012c0 Re-add upsert into transit. Defaults to off and a new endpoint /config 
can be used to turn it on for a given mount.
 2016-02-01 20:13:57 -05:00
Jeff Mitchell
10a6aec9a3 Merge pull request #980 from rajanadar/patch-8 
fixing the return type of verify otp
 2016-02-01 14:10:14 -05:00
Jeff Mitchell
7fb8db2e6c Allow the format to be specified as pem_bundle, which creates a 
concatenated PEM file.

Fixes #992
 2016-02-01 13:19:41 -05:00
Jeff Mitchell
3b77905c75 Cassandra: 
* Add ability to change protocol version
* Remove config as a root path, use normal ACLs
* Update docs
 2016-02-01 10:27:26 -05:00
Jeff Mitchell
9c244789a7 Update transit docs to no longer claim upsert functionality 2016-01-29 14:43:52 -05:00
Jeff Mitchell
3b22ab02c6 Add listing of roles to PKI 2016-01-28 15:18:07 -05:00
Jeff Mitchell
a1d242f18c Add list documentationf for mysql 2016-01-28 15:06:52 -05:00
Jeff Mitchell
9cf06240e0 Add list support for postgres roles 2016-01-28 14:41:50 -05:00
Jeff Mitchell
56e5615f18 Update SSH documentation with list 2016-01-28 14:41:43 -05:00
Raja Nadar
f42f5ec306 fixed the return type of /ssh/lookup api 2016-01-28 01:04:35 -08:00
Raja Nadar
2270affc2f fix return type of post /ssh/creds 
added sample json for both otp and dynamic credentials
 2016-01-28 00:56:59 -08:00
Raja Nadar
14c1bb4141 better description 2016-01-27 21:58:54 -08:00
Raja Nadar
61e0e3dd94 fixing the return type of verify otp 
it seems to be 200 on valid OTP and 204 on invalid OTP. (i think it should be an error.. 400 or 404)
but for the moment, fixing the docs to match the existing behavior.
 2016-01-27 20:04:11 -08:00
Jeff Mitchell
1dc52267a8 Merge pull request #972 from rajanadar/patch-7 
added the delete api details to generic backend
 2016-01-26 09:49:06 -05:00
Jeff Mitchell
e3e9a3980d Merge pull request #971 from rajanadar/patch-6 
added the delete api details to cubbyhole
 2016-01-26 09:48:47 -05:00
Raja Nadar
8290a4cd5f added the delete api details to generic backend 
documentation was missing this api description
 2016-01-25 23:56:33 -08:00
Raja Nadar
45626fa148 added the delete api details to cubbyhole 
cubbyhole delete api details were missing. added them.
 2016-01-25 23:47:33 -08:00
Raja Nadar
4b84b49797 fixing an incorrect json response field name 
changed a read-role api response field from 'revocation_cql' to 'rollback_cql'
didn't verify it using a real cassandra server test, but looked at the source code json schema definition here: 

https://github.com/hashicorp/vault/blob/master/builtin/logical/cassandra/path_roles.go
func pathRoles(b *backend) *framework.Path 

please feel free to discard the PR, if i am looking at the wrong source location or something.
 2016-01-25 23:42:20 -08:00
Nicki Watt
a616197add AWS secret backend - docs when using existing policy 2016-01-26 01:43:14 +00:00
Nicki Watt
e10f5b2b1a Docs for AWS backend when using an existing policy 2016-01-26 01:39:24 +00:00
Jeff Mitchell
1c43a0148f Document changes 2016-01-25 14:47:16 -05:00
Jeff Mitchell
9eaef0a2a1 Update documentation and use ParseBool for list query param checking 2016-01-22 10:07:32 -05:00
Jeff Mitchell
2667f08f97 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell
2613343c3d Updates and documentation 2016-01-22 10:07:32 -05:00
Dmitriy Gromov
ea1e29fa33 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov
e13f58713e documenting the new aws/sts endpoint 2016-01-21 14:05:10 -05:00
Seth Vargo
9e14bb66f2 Use HTTPS + www where appropriate 2016-01-14 13:42:47 -05:00
Jeff Mitchell
f3ef23318d Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
kenjones-cisco
3438a3c9da Fixes mis-placed html tag 2015-12-31 10:37:01 -05:00
kenjones
71a8118229 add missing html tag 2015-12-20 14:20:30 -05:00
Jeff Mitchell
74b7e36221 Some copyediting/simplifying of the Consul page 2015-12-18 10:07:40 -05:00
kenjones
c70f7e507e Update secret backend Consul documentation 
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
 2015-12-18 09:44:31 -05:00
Jeff Mitchell
e6bceea2aa Update documentation with Consul backend token_type parameter. 
Fixes #854
 2015-12-14 20:54:13 -05:00
Jeff Mitchell
d6a5a281b9 Merge branch 'master' into pki-csrs 2015-12-08 10:57:53 -05:00
Jeff Mitchell
70ea26c0e5 Add a warning about consistency of IAM credentials as a stop-gap. 
Ping #687
 2015-12-08 10:56:34 -05:00
Jeff Mitchell
bd03d3c422 Change allowed_base_domain to allowed_domains and allow_base_domain to 
allow_bare_domains, for comma-separated multi-domain support.
 2015-11-30 23:49:11 -05:00
Jeff Mitchell
703a0d65c0 Remove token display names from input options as there isn't a viable 
use-case for it at the moment
 2015-11-30 18:07:42 -05:00
Jeff Mitchell
6af9eac08b Documentation update 2015-11-20 13:13:57 -05:00
Jeff Mitchell
7eed5db86f Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up 2015-11-19 17:14:22 -05:00
Jeff Mitchell
061539434f Update validator function for URIs. Change example of entering a CA to a 
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
 2015-11-19 11:35:17 -05:00
Jeff Mitchell
f644557eab Make it clear that generating/setting a CA cert will overwrite what's 
there.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell
3437af0711 Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00
Jeff Mitchell
237285e822 Address some feedback from review 2015-11-19 09:51:18 -05:00