mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-18 12:37:02 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,844 Branches 445 Tags 454 MiB
68b40b814c
Commit Graph

1675 Commits

Author SHA1 Message Date
kenjones
71a8118229 add missing html tag 2015-12-20 14:20:30 -05:00
Jeff Mitchell
74b7e36221 Some copyediting/simplifying of the Consul page 2015-12-18 10:07:40 -05:00
kenjones
c70f7e507e Update secret backend Consul documentation 
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
 2015-12-18 09:44:31 -05:00
Jeff Mitchell
51cee50fb6 Update etcd config docs with new options in 0.4. 
Ping #780
 2015-12-17 10:34:41 -05:00
Terry Corley
e9aca2b4a1 Change API endpoint path for app-id 
The /login path was confusing because its not relative and not consistent with other documentation. Other documentation (e.g., username and password at https://www.vaultproject.io/docs/auth/userpass.html) uses relative path.
 2015-12-15 12:45:04 -06:00
Jeff Mitchell
d7cb3c9f94 Allow setting the advertise address via an environment variable. 
Fixes #581
 2015-12-14 21:22:55 -05:00
Jeff Mitchell
0914d931b3 Update Changelog and documentation with separate-HA-backend info. 2015-12-14 21:04:58 -05:00
Jeff Mitchell
e6bceea2aa Update documentation with Consul backend token_type parameter. 
Fixes #854
 2015-12-14 20:54:13 -05:00
Johan Haals
ec94e35431 Add vault-java to libraries 
vault-java implements the basic HTTP API, more endpoints are in the
pipeline
 2015-12-14 19:04:05 +01:00
Jeff Mitchell
583882efdc Update documentation to be consistent with return codes 
Fixes #831
 2015-12-10 10:26:40 -05:00
Jeff Mitchell
d6a5a281b9 Merge branch 'master' into pki-csrs 2015-12-08 10:57:53 -05:00
Jeff Mitchell
70ea26c0e5 Add a warning about consistency of IAM credentials as a stop-gap. 
Ping #687
 2015-12-08 10:56:34 -05:00
Jeff Mitchell
704966a3eb Add info about cert backend not checking CRL revocation. 2015-12-05 15:12:43 -05:00
Jeff Mitchell
3a893f760d Tab -> space doc fix 2015-12-05 15:04:54 -05:00
Jeff Mitchell
0f020b11d5 Merge branch 'master' into pki-csrs 2015-12-03 15:23:08 -05:00
Jeff Mitchell
6800d5185b Remove datacenter from Consul configuration, as it cannot actually do 
anything

Fixes #816
 2015-12-03 15:16:37 -05:00
Jeff Mitchell
bd03d3c422 Change allowed_base_domain to allowed_domains and allow_base_domain to 
allow_bare_domains, for comma-separated multi-domain support.
 2015-11-30 23:49:11 -05:00
Jeff Mitchell
703a0d65c0 Remove token display names from input options as there isn't a viable 
use-case for it at the moment
 2015-11-30 18:07:42 -05:00
Armon Dadgar
6022e81be0 website: updating documentation 2015-11-25 12:23:56 -08:00
Jeff Mitchell
6af9eac08b Documentation update 2015-11-20 13:13:57 -05:00
Jeff Mitchell
76e5760696 Merge branch 'master' into pki-csrs 2015-11-20 12:48:38 -05:00
Jeff Mitchell
7eed5db86f Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up 2015-11-19 17:14:22 -05:00
Jeff Mitchell
061539434f Update validator function for URIs. Change example of entering a CA to a 
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
 2015-11-19 11:35:17 -05:00
Jeff Mitchell
f644557eab Make it clear that generating/setting a CA cert will overwrite what's 
there.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell
3437af0711 Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00
Jeff Mitchell
237285e822 Address some feedback from review 2015-11-19 09:51:18 -05:00
Jeff Mitchell
cf148d8cc6 Large documentation updates, remove the pathlength path in favor of 
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell
c33c43620f Add tests for intermediate signing and CRL, and fix a couple things 
Completes extra functionality.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell
49d525ebf3 Reintroduce the ability to look up obfuscated values in the audit log 
with a new endpoint '/sys/audit-hash', which returns the given input
string hashed with the given audit backend's hash function and salt
(currently, always HMAC-SHA256 and a backend-specific salt).

In the process of adding the HTTP handler, this also removes the custom
HTTP handlers for the other audit endpoints, which were simply
forwarding to the logical system backend. This means that the various
audit functions will now redirect correctly from a standby to master.
(Tests all pass.)

Fixes #784
 2015-11-18 20:26:03 -05:00
Jeff Mitchell
7d03d63bfe Update audit documentation around what hash is used 2015-11-18 10:42:42 -05:00
Jeff Mitchell
f600e3ac29 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell
254dcccf44 Update cert documentation to note requiring sudo access. 2015-11-06 16:09:42 -05:00
Jeff Mitchell
dbbbb02daf Update S3 docs 2015-11-06 09:26:09 -05:00
Jeff Mitchell
dafecff414 Switch etcd default port to 2379, in line with 2.x. 
Fixes #753
 2015-11-05 09:47:50 -05:00
Sander van Harmelen
8f17567774 Add a line to the documentation to describe the new feature 2015-11-04 15:36:24 +01:00
Jeff Mitchell
1878696db5 Merge pull request #746 from hashicorp/issue-677 
Add a PermitPool to physical and consul/inmem
 2015-11-03 15:26:58 -05:00
Jeff Mitchell
e0d2b1af78 Add configuration parameter for max parallel connections to Consul 2015-11-03 15:26:07 -05:00
Jeff Mitchell
7709cbf796 Add create-orphan to documentation 2015-11-03 15:15:33 -05:00
Jeff Mitchell
5ccccde6da Fix trailing whitespace complaints 2015-11-03 10:52:20 -05:00
Jeff Mitchell
ef21eb6ee4 Clarify that CRLs are not fetched by Vault 2015-11-03 10:52:20 -05:00
Jeff Mitchell
af4af078fa Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell
90a9f25d80 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jeff Mitchell
cee292a06a Documentation update around path/key name encryption. 
Make it clear that path/key names in generic are not encrypted.

Fixes #697
 2015-10-29 11:21:40 -04:00
Jeff Mitchell
d7f528a768 Add reset support to the unseal command. 
Reset clears the provided unseal keys, allowing the process to be begun
again. Includes documentation and unit test changes.

Fixes #695
 2015-10-28 15:59:39 -04:00
Jeff Mitchell
b0f24dc820 Minor format fix in environment documentation 2015-10-28 09:56:28 -04:00
Jason Antman
0cf323ce07 add documentation for GitHub Auth Backend 'ttl' and 'max_ttl' parameters 2015-10-23 09:30:48 -04:00
Jason Antman
887257b811 add GitHub Enterprise base_url to docs 
In https://github.com/hashicorp/vault/issues/716 @jefferai confirmed that the GitHub Auth Backend supports GitHub enterprise using an undocumented ``base_url`` parameter. This adds that parameter to the relevant documentation page.
 2015-10-23 09:18:07 -04:00
Jeff Mitchell
6c4e05dbc0 Update token documentation to better explain token durations 2015-10-22 13:02:37 -04:00
Jeff Mitchell
5b5e1850ac Document the renew-self call 2015-10-21 10:53:20 -04:00
Jeff Mitchell
846c1975cc Remove revoke-self from sys API documentation as it's in the token-store instead 2015-10-21 10:46:41 -04:00
Jeff Mitchell
676970574b Allow disabling the physical storage cache with 'disable_cache'. 
Fixes #674.
 2015-10-12 13:00:32 -04:00
Seth Vargo
cfd7aa5983 Remove tabs from terminal output 
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
 2015-10-12 12:10:22 -04:00
vishalnayak
93c4cccc6e mysql: made max_open_connections configurable 2015-10-01 21:15:56 -04:00
vishalnayak
bc5ad114e4 postgresql: Configurable max open connections to the database 2015-10-01 20:11:24 -04:00
Colin Rymer
c9e9fbdab2 Remove redundant wording for SSH OTP introduction. 2015-09-30 10:58:44 -04:00
Jeff Mitchell
70ce824267 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell
6c21b3b693 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Jeff Mitchell
b2da14c3e8 Documentation fix for global TTLs 2015-09-24 12:17:26 -04:00
Jeff Mitchell
816214c4c9 Add revoke-self to docs 2015-09-24 12:05:00 -04:00
Dominic Luechinger
886c67892d Fixes docs for new JWT secret backend 2015-09-24 16:47:17 +02:00
Spencer Herzberg
66e0cb2175 docs: pg username not prefixed with vault- 
due to
05fa4a4a48,
vault no longer prefixes the username with `vault-`
 2015-09-22 10:14:47 -05:00
Jeff Mitchell
791ae62db3 Minor doc update to SSH 2015-09-21 16:26:07 -04:00
Jeff Mitchell
fa53293b7b Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell
08a81a3364 Update transit backend documentation, and also return the min decryption 
value in a read operation on the key.
 2015-09-21 16:13:43 -04:00
Jeff Mitchell
a57eb45b50 Add API endpoint documentation to cubbyhole 2015-09-21 16:13:36 -04:00
Jeff Mitchell
e4cab7afe5 Add API endpoint documentation to generic 2015-09-21 16:13:29 -04:00
Jeff Mitchell
97ecc3d72d Add clarity to the lease concepts document. 2015-09-21 08:56:26 -04:00
Jeff Mitchell
46073e4470 Enhance transit backend: 
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
 2015-09-18 14:41:05 -04:00
Jeff Mitchell
913989e4b0 Add revoke-self endpoint. 
Fixes #620.
 2015-09-17 13:22:30 -04:00
Jeff Mitchell
c80fdb4bdc Add documentation for cubbyhole 2015-09-15 13:50:37 -04:00
vishalnayak
ec4f6e59b3 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Jeff Mitchell
b9a5a137c0 Address items from feedback. Make MountConfig use values rather than 
pointers and change how config is read to compensate.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
dd8ac00daa Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation 2015-09-10 15:09:54 -04:00
Jeff Mitchell
aadf039368 Add DynamicSystemView. This uses a pointer to a pointer to always have 
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.

Need specific unit tests for this functionality.
 2015-09-10 15:09:54 -04:00
Jeff Mitchell
12521eb87f Merge pull request #508 from mfischer-zd/webdoc_environment 
docs: Document environment variables
 2015-09-09 11:29:10 -04:00
Michael S. Fischer
eb494455ed docs: Document environment variables 2015-09-08 11:59:58 -07:00
Brian Lalor
ade8c31469 Remove unused param to 'vault write aws/roles/deploy' 
The name is taken from the path, not the request body.  Having the duplicate key is confusing.
 2015-09-06 06:57:39 -04:00
Armon Dadgar
c3ba4fc147 Merge pull request #590 from MarkVLK/patch-1 
Update mysql docs markdown to fix grammar error
 2015-09-04 19:13:50 -07:00
MarkVLK
ac44229d18 Update transit docs markdown to add missing word 
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
 2015-09-04 17:11:34 -07:00
MarkVLK
94c6df8d65 Update mysql docs markdown to fix grammar error 
Changed "... used to **generated** those credentials" to "... used to **generate** those credentials."
 2015-09-04 17:05:45 -07:00
Seth Vargo
f0b3ad6a2a Update documentation around cookies 2015-09-03 10:36:59 -04:00
Vishal Nayak
4d3f68a631 Merge pull request #578 from hashicorp/exclude-cidr-list 
Vault SSH: Added exclude_cidr_list option to role
 2015-08-28 07:59:46 -04:00
vishalnayak
1226251d14 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
Jeff Mitchell
f84c8b8681 Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470. 2015-08-27 12:24:37 -07:00
vishalnayak
06ac073684 Vault SSH: Docs for default CIDR value 2015-08-27 13:10:15 -04:00
vishalnayak
630f348dbf Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
Jeff Mitchell
5584a11997 When using PGP encryption on unseal keys, encrypt the hexencoded string rather than the raw bytes. 2015-08-26 07:59:50 -07:00
Jeff Mitchell
078da0b6a9 Merge pull request #568 from ctennis/add_some_s3_info 
Make it clear for physical S3 backend we support instance profiles as well.
 2015-08-26 09:03:38 -04:00
Jeff Mitchell
4d877dc4eb Address comments from review. 2015-08-25 15:33:58 -07:00
Jeff Mitchell
f5271c2ab0 Update website documentation for init and rekey with secret_pgp_keys API option 2015-08-25 14:52:13 -07:00
Caleb Tennis
6e8bc25a94 Make it clear we support instance profiles as well, the existing docs seem to indicate static credentials are required 2015-08-25 06:47:07 -07:00
Jeff Mitchell
e7f2a54720 Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell
c35fbca5e0 Update help text for TTL values in generic backend 2015-08-20 17:59:30 -07:00
Jeff Mitchell
358849fbc3 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4. 
Fixes #528.
 2015-08-20 16:41:25 -07:00
Vishal Nayak
41db9d25c7 Merge pull request #385 from hashicorp/vishal/vault 
SSH Secret Backend for Vault
 2015-08-20 10:03:15 -07:00
Bernhard K. Weisshuhn
e0e0c43202 avoid dashes in generated usernames for cassandra to avoid quoting issues 2015-08-20 11:15:28 +02:00
vishalnayak
36bf873a47 Vault SSH: 1024 is default key size and removed 4096 2015-08-19 12:51:33 -07:00
vishalnayak
47464abd08 Merge branch 'master' of https://github.com/hashicorp/vault into vishalvault 2015-08-19 12:16:37 -07:00
Armon Dadgar
e0aef4a512 Merge pull request #531 from mfischer-zd/fix_doc_tls 
Clarify availability of tls_min_version
 2015-08-18 19:01:28 -07:00
vishalnayak
2e6a087d22 Vault SSH: doc update 2015-08-18 11:50:32 -07:00
vishalnayak
d63726b41b Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak
a98b3befd9 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
Michael S. Fischer
558f24c03c Clarify availability of tls_min_version 
`tls_min_version` doesn't work in the current Vault release;
make that clear.
 2015-08-13 08:35:09 -07:00
vishalnayak
2ac3cabf87 Merging changes from master 2015-08-12 09:28:16 -07:00
vishalnayak
18db544d26 Vault SSH: Website doc v1. Removed path_echo 2015-08-12 09:25:28 -07:00
Erik Kristensen
d877b713e9 initial pass at JWT secret backend 2015-08-06 17:49:44 -06:00
Armon Dadgar
5058582e98 Merge pull request #439 from geckoboard/feature-tls-mysql 
Using SSL to encrypt connections to MYSQL
 2015-08-05 14:52:43 -07:00
Armon Dadgar
385f2375bd Merge pull request #469 from kgutwin/f-config-defaultlease 
Add configuration options for default lease duration and max lease duration
 2015-08-04 10:06:41 -07:00
Vivien Schilis
de2218dd2c Add documentation for the tls_ca_file option 2015-08-04 05:10:33 +00:00
Rusty Ross
9f9b8a81e2 update doc for app-id 
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
 2015-08-03 09:44:26 -07:00
Armon Dadgar
fedf878e9a Merge pull request #482 from chiefy/master 
Adding vaulted nodejs library to libraries section in docs.
 2015-07-31 15:13:44 -07:00
Long Nguyen
a79def7710 added golang client 2015-07-31 17:10:38 -04:00
Christopher Najewicz
0a8d3cdd43 Adding vaulted nodejs library to libraries section in docs. 2015-07-31 14:31:26 -04:00
Armon Dadgar
b2d37df7f4 Merge pull request #464 from bgirardeau/master 
Add Multi-factor authentication with Duo
 2015-07-30 17:51:31 -07:00
Bradley Girardeau
7b6547abf7 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Karl Gutwin
1a673ddc0a PR review updates 2015-07-30 13:21:41 -04:00
Karl Gutwin
a87af4e863 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
Armon Dadgar
23d4906eaf Merge pull request #384 from dkaffee92/feature/storage-backend-consul-configuration 
allow specifying certificates used to talk to consul for storage backend
 2015-07-29 14:41:53 -07:00
Fabian Ruff
d2074132aa fix doc for pki/revoke API 2015-07-29 14:28:12 +02:00
Bradley Girardeau
cf4fa83598 mfa: cleanup website documentation 2015-07-28 12:25:01 -07:00
Bradley Girardeau
4a862163ac mfa: add website documentation 2015-07-28 11:00:57 -07:00
Daniel Kaffee
844cb49b38 made documentation a bit more clear 2015-07-28 15:50:43 +03:00
Daniel Kaffee
68e340a285 refactor code 2015-07-28 14:55:33 +03:00
Armon Dadgar
49cdf87ab9 website: fixing details about HA backends 2015-07-24 12:11:45 -07:00
Armon Dadgar
f9e853afc0 Merge pull request #449 from JustinLaRose/master 
Cassandra secret backend doc update for connection config
 2015-07-23 13:42:59 -07:00
Armon Dadgar
69e5100eb4 Merge pull request #447 from kgutwin/f-tlsvers 
Specify Vault listener minimum TLS version
 2015-07-23 13:42:42 -07:00
Armon Dadgar
3f7853cd53 Merge pull request #433 from infame-io/feature/s3_sts 
Granting S3 backend temporary access
 2015-07-23 13:33:58 -07:00
Karl Gutwin
46838b2b7e Document warning for using lower TLS versions 2015-07-23 11:54:45 -04:00
Lauro Balderas
8d574d2eaa S3 backend session token documentation updated 2015-07-23 22:53:20 +10:00
Justin LaRose
e697b7c057 Cassandra secret backend doc update for connection config - "hosts" instead of "host" 2015-07-23 03:07:29 -04:00
Karl Gutwin
04c5596822 Avoid unnecessary abbreviation 2015-07-22 23:28:46 -04:00
Karl Gutwin
3ad703eba6 TLS minimum version documentation 2015-07-22 23:21:18 -04:00
Armon Dadgar
3c7f311181 Merge pull request #419 from nbrownus/telemetry_names 
Disable hostname prefix for runtime telemetry
 2015-07-22 15:38:23 -07:00
Bradley Girardeau
709b91fbd1 ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Bradley Girardeau
675dc28c70 ldap: add documentation for setting policies based on user 2015-07-14 16:13:40 -07:00
Nate Brown
bb11e27ba1 Docs for the telemetry object 2015-07-14 15:45:45 -07:00
Bradley Girardeau
cbb6b64ce6 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Armon Dadgar
dc5ecc3eed website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar
e6cf9dcb63 website: help command is now path-help 2015-07-13 20:03:29 +10:00
Armon Dadgar
fce7c43b98 physical/zk: Fixing node representation. Fixes #416 2015-07-13 19:33:23 +10:00
Armon Dadgar
0cc974bd66 website: fixing documentation errors. Fixes #412 2015-07-13 19:10:44 +10:00
Armon Dadgar
10f23df605 website: update HA status, discourage ZK 2015-07-13 19:01:32 +10:00
Matt Button
6d2eca31f1 Remove documentation that was copied from the terraform project 2015-07-12 16:52:24 +00:00
mootpt
40d2834310 fixed secrets backend url 
minor doc fix
 2015-07-06 11:11:58 -07:00
mootpt
e8fb47048b pointed authentication backend to proper location 
pointed authentication backend to proper location
 2015-07-06 10:42:14 -07:00
Armon Dadgar
ab489f3208 Merge pull request #400 from hashicorp/f-glob 
Change ACL semantics, use explicit glob and deny has highest precedence
 2015-07-06 11:15:49 -06:00
Armon Dadgar
d9c7349ad3 website: clarify changes in addition to feedback 2015-07-06 11:10:09 -06:00
Armon Dadgar
c062345146 secret/transit: address PR feedback 2015-07-05 19:58:31 -06:00
Armon Dadgar
5e40a66b7c website: update for glob matching 2015-07-05 17:43:13 -06:00
Armon Dadgar
5838f8da50 website: document derived keys in secret/transit 2015-07-05 14:47:16 -07:00
Armon Dadgar
d77efbd716 http: support ?standbyok for 200 status on standby. Fixes #389 2015-07-02 17:49:35 -07:00
Bradley Girardeau
0ef2eca24f ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar
f7602dd44a Merge pull request #380 from kgutwin/cert-cli 
Enable TLS client cert authentication via the CLI
 2015-06-30 11:44:28 -07:00
Armon Dadgar
a8537b220e website: document insecure_tls for LDAP backend 2015-06-30 09:42:18 -07:00
Jeff Mitchell
035c430eb2 Address some issues from code review. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:27:23 -04:00
Karl Gutwin
6668a6d7ef Website docs. 2015-06-30 09:18:39 -04:00
Jeff Mitchell
1faaf20b92 A Cassandra secrets backend. 
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:04:01 -04:00
Jeff Mitchell
d8ed14a603 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell
435aefc072 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Armon Dadgar
46ba8d10a5 physical/mysql: cleanup and documentation 2015-06-18 14:31:00 -07:00
Jeff Mitchell
23ba605068 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00
Armon Dadgar
ba24d891fd website: document transit upsert behavior 2015-06-17 18:51:58 -07:00
Armon Dadgar
7c31e29295 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Jeff Mitchell
79164f38ad Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Armon Dadgar
61f7c098f7 Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix 
Do not output the trailing newline in encoding.
 2015-06-15 17:36:01 -07:00
Seth Vargo
b9112733f3 Document longest-prefix match 
Fixes https://github.com/hashicorp/vault/issues/331
 2015-06-15 14:29:20 -04:00
Ryan Currah
35f1cfeb77 Do not output the trailing newline in encoding. 
Added -n to echo command to prevent newlines from showing up in encoding.
 2015-06-13 12:03:57 -04:00
Jeff Mitchell
067fbc9078 Fix a docs-out-of-date bug. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-12 16:33:00 -04:00
Jeff Mitchell
0ee9735a5a Fix some out-of-date examples. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 21:17:05 -04:00
Jeff Mitchell
20ac7a46f7 Add acceptance tests 
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Jeff Mitchell
530b67bbb9 Initial PKI backend implementation. 
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Justin Campbell
a8850ed5ed docs: Fix examples of auth via JSON 
For both userpass and LDAP
 2015-06-04 10:38:11 -04:00
Armon Dadgar
9b879d3434 Merge pull request #263 from sheldonh/iam-policy 
List IAM permissions required by root credentials
 2015-06-01 13:16:51 +02:00
Armon Dadgar
35b10a7a9a Merge pull request #261 from jsok/consul-lease 
Add ability to configure consul lease durations
 2015-06-01 13:04:28 +02:00
Armon Dadgar
96241c4972 Merge pull request #277 from hashicorp/f-rotate 
Add support for key rotation
 2015-06-01 12:52:32 +02:00
Seth Vargo
6e9f37e993 Cleanup style on http index docs 2015-05-31 21:23:44 -07:00
Seth Vargo
767a3e9e32 Merge pull request #271 from boncheff/f-doc-update-read-write-example 
Update index.html.md
 2015-05-31 21:20:34 -07:00
Seth Vargo
6c677fd4f1 Merge pull request #279 from whit537/patch-1 
Capitalize the first word of a sentence
 2015-05-31 15:53:34 -07:00
Seth Vargo
974e8526cd Merge pull request #280 from whit537/patch-2 
Put me in charge of dev mode :)
 2015-05-31 15:53:24 -07:00
Chad Whitacre
adb777cc0f Provide missing verb 2015-05-31 17:19:34 -04:00
Chad Whitacre
86e8195cb1 REMOVE A SINGLE WHITESPACE CHARACTER 2015-05-31 16:21:39 -04:00
Chad Whitacre
4d6f74b2a3 Remove quotes to match styling elsewhere 
Cf. http://vaultproject.io/intro/getting-started/dynamic-secrets.html
 2015-05-31 16:20:56 -04:00
Chad Whitacre
2d442a2b5e fix line wrapping 
Sorry!
 2015-05-31 16:07:50 -04:00
Chad Whitacre
2ab0ea3ff7 Direct new users over to the getting started guide 
I found myself on the dev server reference, when really I was more interested in the getting started guide. This link is intended to help others get back on the right track.
 2015-05-31 16:06:58 -04:00
Chad Whitacre
de535518f9 Put me in charge of dev mode :) 
- "You" as subject instead of "Vault"
 - give the actual command
 - minor formatting changes
 2015-05-31 15:54:32 -04:00
Chad Whitacre
a5f551e590 Capitalize the first word of a sentence 2015-05-31 14:22:57 -04:00
Armon Dadgar
c94a0562c3 website: document key rotation internals 2015-05-29 15:34:29 -07:00
Armon Dadgar
200b30d28d website: document new system APIs 2015-05-29 15:05:05 -07:00
boncheff
d8a3bdc2d7 Update index.html.md 
Updated the docs to show an example of how to read/write a secret using the HTTP API
 2015-05-28 22:28:25 +01:00
Armon Dadgar
8f5b7dfe50 Merge pull request #269 from sheldonh/getting_started_deploy_consul 
Use local Consul instance in deploy walkthrough
 2015-05-28 10:06:36 -07:00
Sheldon Hearn
0cf95d9393 Use local Consul instance in deploy walkthrough 
As per hashicorp/vault#217, demo.consul.io prevents sessions from being
created, which means you can't use it as a backend for Vault.
 2015-05-28 14:11:34 +02:00
Sheldon Hearn
d1ec264eff Clarify the disable_mlock option 2015-05-28 12:40:56 +02:00
certifiedloud
2521e90ef7 replaced confusing term 'physical' with 'storage'. 2015-05-27 14:44:17 -06:00
Sheldon Hearn
5a28f0bcbd Missed a few IAM permissions 2015-05-27 16:42:12 +02:00
Sheldon Hearn
7cba6f84de List IAM permissions required by root credentials 2015-05-27 16:28:24 +02:00
Jonathan Sokolowski
b872babb7b website: Update /consul/roles/ parameters 2015-05-27 09:54:15 +10:00
Armon Dadgar
4ea6acffec Merge pull request #259 from buth/etcd 
etcd non-HA storage backend
 2015-05-26 15:07:06 -07:00
Eric Buth
080d8b8505 added etcd as a non-HA storage backend, updated documentation 2015-05-26 13:38:25 -04:00
Ian Unruh
75eed4e4bd Add libraries section to HTTP docs 2015-05-22 14:32:14 -07:00
Ian Unruh
0f9270bdd3 Add read field flag to documentation 2015-05-22 11:33:28 -07:00
Armon Dadgar
5afcd735e3 website: doc cleanup 2015-05-20 17:42:29 -07:00
Armon Dadgar
ab77e05b1f Merge pull request #242 from jstremick/f-physical-s3-backend 
Physical S3 backend implementation
 2015-05-20 17:00:44 -07:00
joe miller
d1100c6293 fix doc example to submit valid json in POST body 
I don't know if there is some version of curl that auto-generates json but the example didn't work for me on curl 7.32.0. Submitting the data as JSON works though.
 2015-05-20 13:11:54 -07:00
James Stremick
a8faf25397 Physical S3 backend implementation 2015-05-20 10:59:03 -04:00
Aaron Bedra
2cf2cc927c Fix typo in app-id docs 2015-05-20 09:36:54 -05:00
Seth Vargo
0ede02a08c Merge pull request #239 from ijin/patch-1 
Document that Vault Server needs to be running for vault help path
 2015-05-20 12:28:31 +02:00
Michael H. Oshita
c495d07d8a Document that Vault Server needs to be running for vault help path 
Confused initial, I tried running `vault help secret` by itself and found out that the server needs to be running to execute this command.

Furthermore, the client needs `VAULT_ADDR` configured (`http://127.0.0.1:8200` in dev mode, since it uses https by default) to interact with the server.
 2015-05-20 17:06:59 +09:00
Daniel McCarney
bae60e4afa Add missing word to storage backend threat model. 2015-05-19 12:11:48 -07:00
Daniel McCarney
159317edeb Fix "the a lease ID" typo. 2015-05-19 12:07:07 -07:00
Daniel McCarney
05d7225d22 Fix "all everything" typo in Secrets description. 2015-05-19 11:59:20 -07:00
Ian Unruh
eeb0bccd73 Remove non-existent unseal API argument 2015-05-18 19:59:18 -07:00
Armon Dadgar
45f14256fe Update github.html.md 
Fixing incorrect documentation about case sensitivity
 2015-05-18 09:37:31 -07:00
Armon Dadgar
381db8d22c Merge pull request #204 from nrocine/master 
Added implementation details to the GitHub Auth Docs on the Vault Website
 2015-05-18 09:36:35 -07:00
Armon Dadgar
9dc38923fe website: clarify the app-id parameters 2015-05-15 11:39:05 -07:00
Nils Rocine
e80e2a800d Added details in the github auth docs for the website. These details clarify end-to-end use of the github auth backend. Specifically: noting how to create a usable GitHub PAT and an example of how to auth with the PAT. 2015-05-14 13:20:58 -07:00
Mitchell Hashimoto
c559382c47 website: note PGP key 2015-05-11 11:34:38 -07:00
Armon Dadgar
2d9b12b853 website: Document overwrite behavior. Fixes #182 2015-05-11 10:58:29 -07:00
Mitchell Hashimoto
ec4fcd39eb http: allow header for auth token [GH-124] 2015-05-11 10:56:58 -07:00
Armon Dadgar
ebd6a90195 website: Fixing doc error 2015-05-11 10:43:03 -07:00
Armon Dadgar
712db294ff website: Adding LDAP docs 2015-05-11 10:43:03 -07:00
Seth Vargo
d580e42673 Cleanup userpass docs 2015-05-08 11:49:58 -04:00
Seth Vargo
3748be6491 Remove references to -var 2015-05-08 11:45:29 -04:00
Mads R. Christensen
e8672b3844 Fixed typo 2015-05-08 11:48:42 +02:00
Mads R. Christensen
bb6ea32dfc Added more info about the userpass auth backend API endpoint 2015-05-08 11:45:21 +02:00
Armon Dadgar
f203b80571 Merge pull request #166 from Banno/remove-plugin-docs 
remove unused plugin docs
 2015-05-07 12:26:44 -07:00
Spencer Herzberg
d47bb20e39 remove unused docs 2015-05-07 14:20:33 -05:00
Seth Vargo
87e25f4300 Add instructions for enabling the auth first 2015-05-07 13:52:06 -04:00
Leo Cassarani
98f65ae041 Fix typo in docs: "it's" -> "its" [ci skip] 2015-05-07 11:08:03 +00:00
Armon Dadgar
5b42f71181 website: minor doc changes for zookeeper 2015-05-06 11:08:26 -07:00
Spencer Herzberg
c4472a2446 cleanup zk HA leftover docs 2015-05-05 17:22:43 -05:00
Spencer Herzberg
e8f8dcbc12 properly default zk address to localhost 2015-05-05 17:20:38 -05:00
Spencer Herzberg
55f1a7c4d9 initial implementation of non-ha zookeeper 2015-05-05 16:49:18 -05:00
Seth Vargo
f2cab3d0f9 Merge pull request #144 from gotcha/patch-1 
Typo
 2015-05-05 08:43:43 -07:00
Seth Vargo
a95fd6c1bb Merge pull request #145 from gotcha/patch-2 
Word missing
 2015-05-05 08:43:33 -07:00
Godefroid Chapelle
d5c07b6f8a Use singular 2015-05-05 09:16:30 +02:00
Godefroid Chapelle
014e73f0f3 Word missing 2015-05-05 09:12:32 +02:00
Godefroid Chapelle
6791758e6c Typo 2015-05-05 09:05:05 +02:00
Seth Vargo
671765a944 s/consul/vault /cc @armon 2015-05-03 16:13:55 -04:00
Trevor Pounds
a9367c17d0 Fix documentation typo. 2015-04-28 22:15:56 -07:00
jjshoe
ff9c7f53b0 I think you a word. 2015-04-28 18:05:40 -05:00
Mitchell Hashimoto
809fdeb548 website: add disable_mlock flag 2015-04-28 15:13:07 -07:00
Emil Hessman
e4b48bb916 website: fix typo 2015-04-28 20:42:53 +02:00
Mitchell Hashimoto
03a9e0535c website: we vendored 2015-04-28 11:40:36 -07:00
Mitchell Hashimoto
9f9527ddc3 Merge pull request #54 from pborreli/typos 
website: fixed typos
 2015-04-28 11:37:49 -07:00
Emil Hessman
4079905682 website: merge 2015-04-28 20:36:27 +02:00
Pascal Borreli
bbd3ce341a Fixed typos 2015-04-28 19:36:16 +01:00
AJ Bourg
b09e9a90a4 Update architecture.html.md 
Super trivial grammar fix.
 2015-04-28 12:32:06 -06:00
Emil Hessman
79b098b89e website: address minor doc typos 2015-04-28 20:32:04 +02:00
Andrew Williams
cfe60c4846 website: fix small typo 2015-04-28 13:21:44 -05:00
Mat Elder
680f55aee6 msyql to consul on consul backend docs 2015-04-28 14:11:42 -04:00
Mitchell Hashimoto
e9b3ad0353 website: remove unused files 2015-04-28 09:46:19 -07:00
Armon Dadgar
1530403a04 audit/file: add log_raw parameter and default to hashing 2015-04-27 15:56:41 -07:00
Armon Dadgar
91730ae8af website: Adding the syslog audit backend 2015-04-27 15:56:41 -07:00
Armon Dadgar
2bcba24561 website: remove TODO from transit quickstart 2015-04-27 14:58:53 -07:00
Armon Dadgar
478a5965ee secret/aws: Using roles instead of policy 2015-04-27 14:20:28 -07:00
Armon Dadgar
aaf10cd624 Do not root protect role configurations 2015-04-27 14:07:20 -07:00
Armon Dadgar
3330d43d44 secret/postgres: secret/mysql: roles endpoints root protected 2015-04-27 14:04:10 -07:00
Armon Dadgar
f159750509 secret/consul: replace policy with roles, and prefix the token path 2015-04-27 13:59:56 -07:00
Armon Dadgar
d425ca22df secret/transit: rename policy to keys 2015-04-27 13:52:47 -07:00
Armon Dadgar
dd1ba4a79e website: Adding CIDR block config to app-id 2015-04-27 12:38:04 -07:00
Armon Dadgar
b80f3e4e06 website: API consistency 2015-04-27 12:30:46 -07:00
Armon Dadgar
26b5dc20c6 website: aws API 2015-04-27 12:26:23 -07:00
Armon Dadgar
27902b1d06 website: make PG quickstart like MySQL 2015-04-27 12:16:07 -07:00
Armon Dadgar
fd00322981 website: adding postgresql API docs 2015-04-27 11:17:13 -07:00
Armon Dadgar
e44fd556a8 website: document Consul APIs 2015-04-27 11:08:47 -07:00
Seth Vargo
6b62366d2b Add Quick Start for Postgresql 2015-04-27 09:30:21 -04:00
Seth Vargo
ad8f1f3659 Add Quick Start for AWS 2015-04-27 09:29:16 -04:00
Armon Dadgar
e7298e1169 website: start consul api 2015-04-26 22:03:38 -07:00
Armon Dadgar
d6a1344bfd website: consul quickstart 2015-04-26 22:03:38 -07:00
Armon Dadgar
7db392217c website: adding mysql quickstart and API 2015-04-26 22:03:38 -07:00
Armon Dadgar
a6ec8e7685 website: quickstart + API for transit 2015-04-26 22:03:38 -07:00
Armon Dadgar
3670757628 website: quickstart for generic 2015-04-26 22:03:38 -07:00
Armon Dadgar
91094ceeca website: fix formating 2015-04-26 22:03:38 -07:00
Mitchell Hashimoto
3c0c334d01 website: fix API styling for auth 2015-04-26 21:08:11 -07:00
Armon Dadgar
a1f294235f website: documenting token API 2015-04-25 20:21:59 -07:00
Armon Dadgar
cc69073b37 website: adding mysql docs skeleton 2015-04-25 12:10:53 -07:00
Armon Dadgar
8ae7b1288a credential/cert: support leasing and renewal 2015-04-24 12:58:39 -07:00
Seth Vargo
bfb0f08372 Fix typo 2015-04-24 14:06:50 -04:00
Armon Dadgar
cd65bbabb0 website: document cert backend 2015-04-24 10:52:25 -07:00
Armon Dadgar
19c8557786 Merge pull request #29 from hashicorp/f-health 
Adding sys/health for Consul HTTP health monitoring
 2015-04-23 11:58:58 -07:00
Armon Dadgar
912d04e46b website: document endpoint 2015-04-23 11:58:10 -07:00
Seth Vargo
2bcb0a1b67 Update website whitespace and formatting 2015-04-22 19:47:11 -04:00
Mitchell Hashimoto
373b9c6f1e Merge pull request #21 from hashicorp/audit-hashstructure 
Hash the strings in audit logs
 2015-04-22 07:43:21 +02:00
Mitchell Hashimoto
423c669cdd website: help command 2015-04-21 19:04:21 +02:00
Mitchell Hashimoto
6aad5f3b6d website: reading data 2015-04-21 18:48:23 +02:00
Mitchell Hashimoto
d5eca265e5 website: TODO on reading data 2015-04-21 18:39:50 +02:00
Mitchell Hashimoto
7a0fe62123 website: start documenting CLI more 2015-04-21 16:35:19 +01:00
Mitchell Hashimoto
8436264a9b website: clarify that secrets are no longer stored in audit logs 2015-04-21 16:23:16 +01:00
Armon Dadgar
c759d95ca8 website: replace the consul telemetry 2015-04-20 12:26:30 -07:00
Armon Dadgar
538106db1c website: document sys/leader 2015-04-20 12:02:32 -07:00
Armon Dadgar
99b098a4a8 website: typo fix 2015-04-20 11:51:09 -07:00
Armon Dadgar
54aaf15670 website: document sys/raw/ and sys/revoke-prefix/ 2015-04-20 11:50:21 -07:00
Mitchell Hashimoto
7f410be198 website: audit backends 2015-04-19 22:59:39 -07:00
Mitchell Hashimoto
f14d970598 website: doc userpass 2015-04-19 15:21:35 -07:00
Armon Dadgar
5a8c44d7d3 website: Document token tree / one-time-tokens 2015-04-19 12:20:16 -07:00
Mitchell Hashimoto
8f49e8a919 website: postgresql backend 2015-04-18 22:47:23 -07:00
Mitchell Hashimoto
138f84d80e website: mostly complete API 2015-04-18 22:39:43 -07:00
Mitchell Hashimoto
06c4e52377 logical/aws: move root creds config to config/root 2015-04-18 22:21:31 -07:00
Mitchell Hashimoto
4501b62953 website: so much API docs 2015-04-18 14:34:47 -07:00
Mitchell Hashimoto
796dbe3481 website: more auth 2015-04-18 13:45:50 -07:00
Mitchell Hashimoto
4602733986 website: token auth help 2015-04-18 13:35:55 -07:00
Mitchell Hashimoto
c22ef80a1e website: auth backends 2015-04-17 17:41:56 -07:00
Mitchell Hashimoto
4e56567d6e website: a lot more concepts 2015-04-17 17:18:31 -07:00
Mitchell Hashimoto
d77faa2760 website: transit backend 2015-04-17 12:56:31 -07:00
Mitchell Hashimoto
090c8becb2 website: HA concepts, configuration 2015-04-17 12:56:31 -07:00
Armon Dadgar
e809819046 website: Adding telemetry documentation 2015-04-14 18:47:47 -07:00
Armon Dadgar
166cff2d4c website: document the HA design 2015-04-14 18:31:25 -07:00
Armon Dadgar
8084f742d5 website: copy cleanups 2015-04-14 10:50:07 -07:00
Mitchell Hashimoto
c69e35d1a4 website: leasing 2015-04-13 20:56:03 -07:00
Mitchell Hashimoto
307b662b3b website: seal concept 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
2de2fcdcb2 website: concepts, dev server mode 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
1dac233812 website: add a couple more secret backend sections 2015-04-13 20:42:07 -07:00
Armon Dadgar
f55ba9e5a9 website: more on security model 2015-04-13 19:09:44 -07:00
Mitchell Hashimoto
061f6cfd2f website: consul secret backend 2015-04-10 20:26:01 -07:00
Mitchell Hashimoto
148129030b website: aws secret backend 2015-04-10 20:24:45 -07:00
Mitchell Hashimoto
f850926f4a website: security model is pretty important 2015-04-10 20:11:43 -07:00
Armon Dadgar
9f734db74d website: working on thread model 2015-04-10 18:16:36 -07:00
Mitchell Hashimoto
87ebb09ca8 website: secrets index 2015-04-09 23:31:26 -07:00
Mitchell Hashimoto
3603ef94cd website: lots more docs 2015-04-09 22:52:02 -07:00
Mitchell Hashimoto
13915c2d3e website: install docs 2015-04-09 21:49:52 -07:00
Mitchell Hashimoto
3cb1d4e844 website: nit picking 2015-04-09 19:23:50 -07:00
Mitchell Hashimoto
3ff418adb3 website: update to protect website during beta 2015-04-09 18:03:46 -07:00
Armon Dadgar
ab78503127 website: Working on architecture page 2015-04-08 15:36:55 -07:00
Armon Dadgar
80a08944d4 website: Starting internals glossary 2015-04-08 12:17:09 -07:00
Jack Pearkes
ca3128cbb4 website: initial import 2015-03-13 10:38:41 -07:00