mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-18 04:27:02 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,844 Branches 445 Tags 454 MiB
68b40b814c
Commit Graph

1675 Commits

Author SHA1 Message Date
Armon Dadgar
d77efbd716 http: support ?standbyok for 200 status on standby. Fixes #389 2015-07-02 17:49:35 -07:00
Bradley Girardeau
0ef2eca24f ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar
f7602dd44a Merge pull request #380 from kgutwin/cert-cli 
Enable TLS client cert authentication via the CLI
 2015-06-30 11:44:28 -07:00
Armon Dadgar
a8537b220e website: document insecure_tls for LDAP backend 2015-06-30 09:42:18 -07:00
Jeff Mitchell
035c430eb2 Address some issues from code review. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:27:23 -04:00
Karl Gutwin
6668a6d7ef Website docs. 2015-06-30 09:18:39 -04:00
Jeff Mitchell
1faaf20b92 A Cassandra secrets backend. 
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:04:01 -04:00
Jeff Mitchell
d8ed14a603 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell
435aefc072 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Armon Dadgar
46ba8d10a5 physical/mysql: cleanup and documentation 2015-06-18 14:31:00 -07:00
Jeff Mitchell
23ba605068 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00
Armon Dadgar
ba24d891fd website: document transit upsert behavior 2015-06-17 18:51:58 -07:00
Armon Dadgar
7c31e29295 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Jeff Mitchell
79164f38ad Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Armon Dadgar
61f7c098f7 Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix 
Do not output the trailing newline in encoding.
 2015-06-15 17:36:01 -07:00
Seth Vargo
b9112733f3 Document longest-prefix match 
Fixes https://github.com/hashicorp/vault/issues/331
 2015-06-15 14:29:20 -04:00
Ryan Currah
35f1cfeb77 Do not output the trailing newline in encoding. 
Added -n to echo command to prevent newlines from showing up in encoding.
 2015-06-13 12:03:57 -04:00
Jeff Mitchell
067fbc9078 Fix a docs-out-of-date bug. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-12 16:33:00 -04:00
Jeff Mitchell
0ee9735a5a Fix some out-of-date examples. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 21:17:05 -04:00
Jeff Mitchell
20ac7a46f7 Add acceptance tests 
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Jeff Mitchell
530b67bbb9 Initial PKI backend implementation. 
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Justin Campbell
a8850ed5ed docs: Fix examples of auth via JSON 
For both userpass and LDAP
 2015-06-04 10:38:11 -04:00
Armon Dadgar
9b879d3434 Merge pull request #263 from sheldonh/iam-policy 
List IAM permissions required by root credentials
 2015-06-01 13:16:51 +02:00
Armon Dadgar
35b10a7a9a Merge pull request #261 from jsok/consul-lease 
Add ability to configure consul lease durations
 2015-06-01 13:04:28 +02:00
Armon Dadgar
96241c4972 Merge pull request #277 from hashicorp/f-rotate 
Add support for key rotation
 2015-06-01 12:52:32 +02:00
Seth Vargo
6e9f37e993 Cleanup style on http index docs 2015-05-31 21:23:44 -07:00
Seth Vargo
767a3e9e32 Merge pull request #271 from boncheff/f-doc-update-read-write-example 
Update index.html.md
 2015-05-31 21:20:34 -07:00
Seth Vargo
6c677fd4f1 Merge pull request #279 from whit537/patch-1 
Capitalize the first word of a sentence
 2015-05-31 15:53:34 -07:00
Seth Vargo
974e8526cd Merge pull request #280 from whit537/patch-2 
Put me in charge of dev mode :)
 2015-05-31 15:53:24 -07:00
Chad Whitacre
adb777cc0f Provide missing verb 2015-05-31 17:19:34 -04:00
Chad Whitacre
86e8195cb1 REMOVE A SINGLE WHITESPACE CHARACTER 2015-05-31 16:21:39 -04:00
Chad Whitacre
4d6f74b2a3 Remove quotes to match styling elsewhere 
Cf. http://vaultproject.io/intro/getting-started/dynamic-secrets.html
 2015-05-31 16:20:56 -04:00
Chad Whitacre
2d442a2b5e fix line wrapping 
Sorry!
 2015-05-31 16:07:50 -04:00
Chad Whitacre
2ab0ea3ff7 Direct new users over to the getting started guide 
I found myself on the dev server reference, when really I was more interested in the getting started guide. This link is intended to help others get back on the right track.
 2015-05-31 16:06:58 -04:00
Chad Whitacre
de535518f9 Put me in charge of dev mode :) 
- "You" as subject instead of "Vault"
 - give the actual command
 - minor formatting changes
 2015-05-31 15:54:32 -04:00
Chad Whitacre
a5f551e590 Capitalize the first word of a sentence 2015-05-31 14:22:57 -04:00
Armon Dadgar
c94a0562c3 website: document key rotation internals 2015-05-29 15:34:29 -07:00
Armon Dadgar
200b30d28d website: document new system APIs 2015-05-29 15:05:05 -07:00
boncheff
d8a3bdc2d7 Update index.html.md 
Updated the docs to show an example of how to read/write a secret using the HTTP API
 2015-05-28 22:28:25 +01:00
Armon Dadgar
8f5b7dfe50 Merge pull request #269 from sheldonh/getting_started_deploy_consul 
Use local Consul instance in deploy walkthrough
 2015-05-28 10:06:36 -07:00
Sheldon Hearn
0cf95d9393 Use local Consul instance in deploy walkthrough 
As per hashicorp/vault#217, demo.consul.io prevents sessions from being
created, which means you can't use it as a backend for Vault.
 2015-05-28 14:11:34 +02:00
Sheldon Hearn
d1ec264eff Clarify the disable_mlock option 2015-05-28 12:40:56 +02:00
certifiedloud
2521e90ef7 replaced confusing term 'physical' with 'storage'. 2015-05-27 14:44:17 -06:00
Sheldon Hearn
5a28f0bcbd Missed a few IAM permissions 2015-05-27 16:42:12 +02:00
Sheldon Hearn
7cba6f84de List IAM permissions required by root credentials 2015-05-27 16:28:24 +02:00
Jonathan Sokolowski
b872babb7b website: Update /consul/roles/ parameters 2015-05-27 09:54:15 +10:00
Armon Dadgar
4ea6acffec Merge pull request #259 from buth/etcd 
etcd non-HA storage backend
 2015-05-26 15:07:06 -07:00
Eric Buth
080d8b8505 added etcd as a non-HA storage backend, updated documentation 2015-05-26 13:38:25 -04:00
Ian Unruh
75eed4e4bd Add libraries section to HTTP docs 2015-05-22 14:32:14 -07:00
Ian Unruh
0f9270bdd3 Add read field flag to documentation 2015-05-22 11:33:28 -07:00
Armon Dadgar
5afcd735e3 website: doc cleanup 2015-05-20 17:42:29 -07:00
Armon Dadgar
ab77e05b1f Merge pull request #242 from jstremick/f-physical-s3-backend 
Physical S3 backend implementation
 2015-05-20 17:00:44 -07:00
joe miller
d1100c6293 fix doc example to submit valid json in POST body 
I don't know if there is some version of curl that auto-generates json but the example didn't work for me on curl 7.32.0. Submitting the data as JSON works though.
 2015-05-20 13:11:54 -07:00
James Stremick
a8faf25397 Physical S3 backend implementation 2015-05-20 10:59:03 -04:00
Aaron Bedra
2cf2cc927c Fix typo in app-id docs 2015-05-20 09:36:54 -05:00
Seth Vargo
0ede02a08c Merge pull request #239 from ijin/patch-1 
Document that Vault Server needs to be running for vault help path
 2015-05-20 12:28:31 +02:00
Michael H. Oshita
c495d07d8a Document that Vault Server needs to be running for vault help path 
Confused initial, I tried running `vault help secret` by itself and found out that the server needs to be running to execute this command.

Furthermore, the client needs `VAULT_ADDR` configured (`http://127.0.0.1:8200` in dev mode, since it uses https by default) to interact with the server.
 2015-05-20 17:06:59 +09:00
Daniel McCarney
bae60e4afa Add missing word to storage backend threat model. 2015-05-19 12:11:48 -07:00
Daniel McCarney
159317edeb Fix "the a lease ID" typo. 2015-05-19 12:07:07 -07:00
Daniel McCarney
05d7225d22 Fix "all everything" typo in Secrets description. 2015-05-19 11:59:20 -07:00
Ian Unruh
eeb0bccd73 Remove non-existent unseal API argument 2015-05-18 19:59:18 -07:00
Armon Dadgar
45f14256fe Update github.html.md 
Fixing incorrect documentation about case sensitivity
 2015-05-18 09:37:31 -07:00
Armon Dadgar
381db8d22c Merge pull request #204 from nrocine/master 
Added implementation details to the GitHub Auth Docs on the Vault Website
 2015-05-18 09:36:35 -07:00
Armon Dadgar
9dc38923fe website: clarify the app-id parameters 2015-05-15 11:39:05 -07:00
Nils Rocine
e80e2a800d Added details in the github auth docs for the website. These details clarify end-to-end use of the github auth backend. Specifically: noting how to create a usable GitHub PAT and an example of how to auth with the PAT. 2015-05-14 13:20:58 -07:00
Mitchell Hashimoto
c559382c47 website: note PGP key 2015-05-11 11:34:38 -07:00
Armon Dadgar
2d9b12b853 website: Document overwrite behavior. Fixes #182 2015-05-11 10:58:29 -07:00
Mitchell Hashimoto
ec4fcd39eb http: allow header for auth token [GH-124] 2015-05-11 10:56:58 -07:00
Armon Dadgar
ebd6a90195 website: Fixing doc error 2015-05-11 10:43:03 -07:00
Armon Dadgar
712db294ff website: Adding LDAP docs 2015-05-11 10:43:03 -07:00
Seth Vargo
d580e42673 Cleanup userpass docs 2015-05-08 11:49:58 -04:00
Seth Vargo
3748be6491 Remove references to -var 2015-05-08 11:45:29 -04:00
Mads R. Christensen
e8672b3844 Fixed typo 2015-05-08 11:48:42 +02:00
Mads R. Christensen
bb6ea32dfc Added more info about the userpass auth backend API endpoint 2015-05-08 11:45:21 +02:00
Armon Dadgar
f203b80571 Merge pull request #166 from Banno/remove-plugin-docs 
remove unused plugin docs
 2015-05-07 12:26:44 -07:00
Spencer Herzberg
d47bb20e39 remove unused docs 2015-05-07 14:20:33 -05:00
Seth Vargo
87e25f4300 Add instructions for enabling the auth first 2015-05-07 13:52:06 -04:00
Leo Cassarani
98f65ae041 Fix typo in docs: "it's" -> "its" [ci skip] 2015-05-07 11:08:03 +00:00
Armon Dadgar
5b42f71181 website: minor doc changes for zookeeper 2015-05-06 11:08:26 -07:00
Spencer Herzberg
c4472a2446 cleanup zk HA leftover docs 2015-05-05 17:22:43 -05:00
Spencer Herzberg
e8f8dcbc12 properly default zk address to localhost 2015-05-05 17:20:38 -05:00
Spencer Herzberg
55f1a7c4d9 initial implementation of non-ha zookeeper 2015-05-05 16:49:18 -05:00
Seth Vargo
f2cab3d0f9 Merge pull request #144 from gotcha/patch-1 
Typo
 2015-05-05 08:43:43 -07:00
Seth Vargo
a95fd6c1bb Merge pull request #145 from gotcha/patch-2 
Word missing
 2015-05-05 08:43:33 -07:00
Godefroid Chapelle
d5c07b6f8a Use singular 2015-05-05 09:16:30 +02:00
Godefroid Chapelle
014e73f0f3 Word missing 2015-05-05 09:12:32 +02:00
Godefroid Chapelle
6791758e6c Typo 2015-05-05 09:05:05 +02:00
Seth Vargo
671765a944 s/consul/vault /cc @armon 2015-05-03 16:13:55 -04:00
Trevor Pounds
a9367c17d0 Fix documentation typo. 2015-04-28 22:15:56 -07:00
jjshoe
ff9c7f53b0 I think you a word. 2015-04-28 18:05:40 -05:00
Mitchell Hashimoto
809fdeb548 website: add disable_mlock flag 2015-04-28 15:13:07 -07:00
Emil Hessman
e4b48bb916 website: fix typo 2015-04-28 20:42:53 +02:00
Mitchell Hashimoto
03a9e0535c website: we vendored 2015-04-28 11:40:36 -07:00
Mitchell Hashimoto
9f9527ddc3 Merge pull request #54 from pborreli/typos 
website: fixed typos
 2015-04-28 11:37:49 -07:00
Emil Hessman
4079905682 website: merge 2015-04-28 20:36:27 +02:00
Pascal Borreli
bbd3ce341a Fixed typos 2015-04-28 19:36:16 +01:00
AJ Bourg
b09e9a90a4 Update architecture.html.md 
Super trivial grammar fix.
 2015-04-28 12:32:06 -06:00
Emil Hessman
79b098b89e website: address minor doc typos 2015-04-28 20:32:04 +02:00
Andrew Williams
cfe60c4846 website: fix small typo 2015-04-28 13:21:44 -05:00
Mat Elder
680f55aee6 msyql to consul on consul backend docs 2015-04-28 14:11:42 -04:00
Mitchell Hashimoto
e9b3ad0353 website: remove unused files 2015-04-28 09:46:19 -07:00
Armon Dadgar
1530403a04 audit/file: add log_raw parameter and default to hashing 2015-04-27 15:56:41 -07:00
Armon Dadgar
91730ae8af website: Adding the syslog audit backend 2015-04-27 15:56:41 -07:00
Armon Dadgar
2bcba24561 website: remove TODO from transit quickstart 2015-04-27 14:58:53 -07:00
Armon Dadgar
478a5965ee secret/aws: Using roles instead of policy 2015-04-27 14:20:28 -07:00
Armon Dadgar
aaf10cd624 Do not root protect role configurations 2015-04-27 14:07:20 -07:00
Armon Dadgar
3330d43d44 secret/postgres: secret/mysql: roles endpoints root protected 2015-04-27 14:04:10 -07:00
Armon Dadgar
f159750509 secret/consul: replace policy with roles, and prefix the token path 2015-04-27 13:59:56 -07:00
Armon Dadgar
d425ca22df secret/transit: rename policy to keys 2015-04-27 13:52:47 -07:00
Armon Dadgar
dd1ba4a79e website: Adding CIDR block config to app-id 2015-04-27 12:38:04 -07:00
Armon Dadgar
b80f3e4e06 website: API consistency 2015-04-27 12:30:46 -07:00
Armon Dadgar
26b5dc20c6 website: aws API 2015-04-27 12:26:23 -07:00
Armon Dadgar
27902b1d06 website: make PG quickstart like MySQL 2015-04-27 12:16:07 -07:00
Armon Dadgar
fd00322981 website: adding postgresql API docs 2015-04-27 11:17:13 -07:00
Armon Dadgar
e44fd556a8 website: document Consul APIs 2015-04-27 11:08:47 -07:00
Seth Vargo
6b62366d2b Add Quick Start for Postgresql 2015-04-27 09:30:21 -04:00
Seth Vargo
ad8f1f3659 Add Quick Start for AWS 2015-04-27 09:29:16 -04:00
Armon Dadgar
e7298e1169 website: start consul api 2015-04-26 22:03:38 -07:00
Armon Dadgar
d6a1344bfd website: consul quickstart 2015-04-26 22:03:38 -07:00
Armon Dadgar
7db392217c website: adding mysql quickstart and API 2015-04-26 22:03:38 -07:00
Armon Dadgar
a6ec8e7685 website: quickstart + API for transit 2015-04-26 22:03:38 -07:00
Armon Dadgar
3670757628 website: quickstart for generic 2015-04-26 22:03:38 -07:00
Armon Dadgar
91094ceeca website: fix formating 2015-04-26 22:03:38 -07:00
Mitchell Hashimoto
3c0c334d01 website: fix API styling for auth 2015-04-26 21:08:11 -07:00
Armon Dadgar
a1f294235f website: documenting token API 2015-04-25 20:21:59 -07:00
Armon Dadgar
cc69073b37 website: adding mysql docs skeleton 2015-04-25 12:10:53 -07:00
Armon Dadgar
8ae7b1288a credential/cert: support leasing and renewal 2015-04-24 12:58:39 -07:00
Seth Vargo
bfb0f08372 Fix typo 2015-04-24 14:06:50 -04:00
Armon Dadgar
cd65bbabb0 website: document cert backend 2015-04-24 10:52:25 -07:00
Armon Dadgar
19c8557786 Merge pull request #29 from hashicorp/f-health 
Adding sys/health for Consul HTTP health monitoring
 2015-04-23 11:58:58 -07:00
Armon Dadgar
912d04e46b website: document endpoint 2015-04-23 11:58:10 -07:00
Seth Vargo
2bcb0a1b67 Update website whitespace and formatting 2015-04-22 19:47:11 -04:00
Mitchell Hashimoto
373b9c6f1e Merge pull request #21 from hashicorp/audit-hashstructure 
Hash the strings in audit logs
 2015-04-22 07:43:21 +02:00
Mitchell Hashimoto
423c669cdd website: help command 2015-04-21 19:04:21 +02:00
Mitchell Hashimoto
6aad5f3b6d website: reading data 2015-04-21 18:48:23 +02:00
Mitchell Hashimoto
d5eca265e5 website: TODO on reading data 2015-04-21 18:39:50 +02:00
Mitchell Hashimoto
7a0fe62123 website: start documenting CLI more 2015-04-21 16:35:19 +01:00
Mitchell Hashimoto
8436264a9b website: clarify that secrets are no longer stored in audit logs 2015-04-21 16:23:16 +01:00
Armon Dadgar
c759d95ca8 website: replace the consul telemetry 2015-04-20 12:26:30 -07:00
Armon Dadgar
538106db1c website: document sys/leader 2015-04-20 12:02:32 -07:00
Armon Dadgar
99b098a4a8 website: typo fix 2015-04-20 11:51:09 -07:00
Armon Dadgar
54aaf15670 website: document sys/raw/ and sys/revoke-prefix/ 2015-04-20 11:50:21 -07:00
Mitchell Hashimoto
7f410be198 website: audit backends 2015-04-19 22:59:39 -07:00
Mitchell Hashimoto
f14d970598 website: doc userpass 2015-04-19 15:21:35 -07:00
Armon Dadgar
5a8c44d7d3 website: Document token tree / one-time-tokens 2015-04-19 12:20:16 -07:00
Mitchell Hashimoto
8f49e8a919 website: postgresql backend 2015-04-18 22:47:23 -07:00
Mitchell Hashimoto
138f84d80e website: mostly complete API 2015-04-18 22:39:43 -07:00
Mitchell Hashimoto
06c4e52377 logical/aws: move root creds config to config/root 2015-04-18 22:21:31 -07:00
Mitchell Hashimoto
4501b62953 website: so much API docs 2015-04-18 14:34:47 -07:00
Mitchell Hashimoto
796dbe3481 website: more auth 2015-04-18 13:45:50 -07:00
Mitchell Hashimoto
4602733986 website: token auth help 2015-04-18 13:35:55 -07:00
Mitchell Hashimoto
c22ef80a1e website: auth backends 2015-04-17 17:41:56 -07:00
Mitchell Hashimoto
4e56567d6e website: a lot more concepts 2015-04-17 17:18:31 -07:00
Mitchell Hashimoto
d77faa2760 website: transit backend 2015-04-17 12:56:31 -07:00
Mitchell Hashimoto
090c8becb2 website: HA concepts, configuration 2015-04-17 12:56:31 -07:00
Armon Dadgar
e809819046 website: Adding telemetry documentation 2015-04-14 18:47:47 -07:00
Armon Dadgar
166cff2d4c website: document the HA design 2015-04-14 18:31:25 -07:00
Armon Dadgar
8084f742d5 website: copy cleanups 2015-04-14 10:50:07 -07:00
Mitchell Hashimoto
c69e35d1a4 website: leasing 2015-04-13 20:56:03 -07:00
Mitchell Hashimoto
307b662b3b website: seal concept 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
2de2fcdcb2 website: concepts, dev server mode 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
1dac233812 website: add a couple more secret backend sections 2015-04-13 20:42:07 -07:00
Armon Dadgar
f55ba9e5a9 website: more on security model 2015-04-13 19:09:44 -07:00
Mitchell Hashimoto
061f6cfd2f website: consul secret backend 2015-04-10 20:26:01 -07:00
Mitchell Hashimoto
148129030b website: aws secret backend 2015-04-10 20:24:45 -07:00
Mitchell Hashimoto
f850926f4a website: security model is pretty important 2015-04-10 20:11:43 -07:00
Armon Dadgar
9f734db74d website: working on thread model 2015-04-10 18:16:36 -07:00
Mitchell Hashimoto
87ebb09ca8 website: secrets index 2015-04-09 23:31:26 -07:00
Mitchell Hashimoto
3603ef94cd website: lots more docs 2015-04-09 22:52:02 -07:00
Mitchell Hashimoto
13915c2d3e website: install docs 2015-04-09 21:49:52 -07:00
Mitchell Hashimoto
3cb1d4e844 website: nit picking 2015-04-09 19:23:50 -07:00
Mitchell Hashimoto
3ff418adb3 website: update to protect website during beta 2015-04-09 18:03:46 -07:00
Armon Dadgar
ab78503127 website: Working on architecture page 2015-04-08 15:36:55 -07:00
Armon Dadgar
80a08944d4 website: Starting internals glossary 2015-04-08 12:17:09 -07:00
Jack Pearkes
ca3128cbb4 website: initial import 2015-03-13 10:38:41 -07:00