mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 03:57:01 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,844 Branches 445 Tags 454 MiB
68b40b814c
Commit Graph

1675 Commits

Author SHA1 Message Date
Chris Hoffman
52a6ea3937
Update docs 2018-07-03 08:28:43 -04:00
Brian Shumate
5c7300323b Clarify policies note (#4832) 
- Make it even clearer that "*" is the glob character referred to
 2018-07-03 08:27:12 -04:00
Chris Hoffman
41ec5bc61d
Clarify performance replication token handling 2018-06-29 09:32:35 -04:00
Logan Rakai
984ee07a1c Typo fix (#4822) 2018-06-23 16:34:25 -07:00
Logan Rakai
f8ac612eaa Small grammar fix (#4821) 2018-06-22 21:59:39 -07:00
Jeff Mitchell
ca67d0df60 Add a warning to syslog 
Ping #3617
 2018-06-22 09:00:07 -04:00
Steven Farage
62c472399c Make documentation match API example (#4809) 
Quick and easy change to make the passwords match.
 2018-06-21 10:50:02 -07:00
Becca Petrin
b3a711d717 Add bound cidrs to tokens in AppRole (#4680) 2018-06-19 22:57:11 -04:00
Calvin Leung Huang
29f5296519 Be explicit about trailing slash on paths for list capability (#4793) 2018-06-19 12:10:39 -04:00
Laura Uva
2e24e3dc64 Add example of min_wrapping_ttl and max_wrapping_ttl (#4753) 2018-06-18 19:59:21 -04:00
Jeff Mitchell
73e8031d35 Mention delegating change password privs in ad docs 2018-06-15 17:01:47 -04:00
Jeff Mitchell
9bed291ce7 Remove msa info from AD page 2018-06-15 16:55:28 -04:00
Nándor István Krácser
bd0b7f1861 docs: kv 2 is used by default in the dev server only (#4773) 2018-06-15 09:09:27 -04:00
Laura Uva
567824500f Update kv v2 documentation to better warn and elaborate on changes needed when upgrading a mount from version 1 to version 2 (customer request) (#4754) 2018-06-13 16:44:15 -07:00
Becca Petrin
53e6dc53e4
add link to api docs (#4757) 2018-06-13 09:35:37 -07:00
Pavlos Ratis
d39a25cb5c Use shell highlighting in the command snippets (#4736) 2018-06-11 08:46:35 -04:00
Chris Hoffman
0d9a4142c6
Update gcpckms.html.md 2018-06-08 17:07:59 -04:00
Chris Hoffman
bd4ad80b1b
fix typo 2018-06-08 17:05:17 -04:00
Chris Hoffman
d6d7191978
Adding Azure Key Vault seal docs (#4728) 2018-06-08 17:04:14 -04:00
Brian Shumate
2667a5560e Tiny formalized edit (#4715) 2018-06-07 06:44:57 -07:00
Kevin Hicks
284600fbef update docs and help text to include 'operator' (#4712) 2018-06-06 21:11:21 -07:00
Jeff Mitchell
4bcbc5a784 Transit convergent v3 2018-06-05 18:53:39 -04:00
LeSuisse
8df30fc414 Update usage of deprecated commands rekey and rotate in the documentation (#4703) 2018-06-05 12:37:26 -04:00
Nándor István Krácser
76be6ce5e6 Fix VAULT_LOG_LEVEL in docs (#4696) 2018-06-05 10:23:32 -04:00
Becca Petrin
063d9ed756 be more explicit about names (#4695) 2018-06-04 21:34:17 -04:00
emily
8568e791dd Add GCP auth helper (#4654) 
* update auth plugin vendoring

* add GCP auth helper and docs
 2018-05-29 20:36:24 -04:00
Becca Petrin
f6b5cab7ba
Docs for the upcoming Active Directory secrets engine (#4612) 2018-05-29 08:49:09 -07:00
Chris Hoffman
3bdfa4ae0a
pkcs11 docs updates 2018-05-25 15:39:07 -04:00
Chris Hoffman
25df1c28e4
updating link 2018-05-22 10:00:20 -04:00
Reid Wiggins
668e2358aa Add documentation for MySQL 5.6 root rotation (#4584) 
The default root rotation statement for MySQL is only valid for 5.7 and
up. This commit adds example documentation for 5.6.

Fixes #4567
 2018-05-18 08:56:11 -07:00
Romain Vrignaud
5e62b26f10 Rename Google Container Engine to Google Kubernetes Engine (#4586) 2018-05-18 08:19:56 -07:00
Jeff Mitchell
91b9ffdb33
Merge pull request #4580 from tavislikedavis/patch-1 
Update policies.html.md
 2018-05-17 09:14:35 -07:00
Jeff Mitchell
15a365c76f
Updated for new syntax 2018-05-17 09:14:12 -07:00
Seth Vargo
4479d42688 Move UI docs from enterprise to OSS (#4565) 2018-05-17 08:48:10 -07:00
Tavis Wilson
215b89d363
Update policies.html.md 2018-05-16 14:35:30 -05:00
Jeff Mitchell
476b150a19 Mention that you can actually rekey when using an HSM 2018-05-13 16:49:42 -04:00
Jeff Mitchell
112510da63 Update HSM documentation and fix GCP docs build 2018-05-13 16:39:22 -04:00
Robbie McKinstry
fd6f676f8f Client side rate limiting (#4421) 2018-05-11 10:42:06 -04:00
Seth Vargo
5769fb4416 Update GCP secrets to be example-driven (#4539) 
👍
 2018-05-10 16:58:22 -04:00
Tyler Marshall
9e059e65e9 Fix minor spelling mistake (#4548) 2018-05-10 13:42:01 -07:00
Shelby Moore
4a1c826d98 Updated proxy protocol config validation (#4528) 2018-05-09 10:53:44 -04:00
Jacob Friedman
390068b54e Updated link for k8s-tokenreview (#4523) 
Link for k8s-tokenreview was broken when they released a new version so I went ahead and fixed it.
 2018-05-08 13:36:12 -07:00
Chris Hoffman
2654a55574
docs update 2018-05-07 16:34:39 -04:00
Chris Hoffman
168d02c9a8
docs updates 2018-05-07 16:33:38 -04:00
Chris Hoffman
befd3cf451
updating pkcs11 docs (#4520) 2018-05-07 13:50:45 -04:00
Jerome Cheng
e701b6adea Fix incorrect file path in Token Helper doc (#4499) 
Vault stores the token in `~/.vault-token` and not `~/.vault_token`.
 2018-05-02 21:56:38 -07:00
Nathan Valentine
ff62d2a585 s/aws_region/region/ (#4497) 
The correct key name is 'region' as opposed to 'aws_region'.
 2018-05-02 14:25:03 -07:00
Fabrizio Cucci
92502021e5 Fix role of example in Kubernetes Auth Method (#4483) 
It was `test` but it should be `demo` to be aligned with the example.
 2018-05-01 15:04:53 -07:00
Pavlos Ratis
c9f989a3fb [website] fix Markdown formatting on GCP page (#4471) 2018-04-27 09:13:07 -07:00
Jim Kalafut
4a40bd6432 Minor updates to Azure auth docs 2018-04-27 08:47:06 -07:00
emily
462f98673f fix docs (#4466) 2018-04-26 16:54:19 -04:00
Jeff Mitchell
783a5c3422 Remove out of date text on HSM rekeying 2018-04-26 10:10:30 -04:00
Jim Kalafut
abcd859236
Fix typo in aws auth docs 2018-04-25 22:57:39 -07:00
Andrew Speed
102be1a679 Fix authentication example mentioning vault auth but using vault login (#4458) 2018-04-25 14:59:38 -07:00
Chris Hoffman
c6551ced97
fix document formatting 2018-04-25 10:16:41 -04:00
Chris Hoffman
2b57907cae
Seal Rotation Docs (#4449) 
* wip docs

* adding docs

* removing vendor supported mechanism
 2018-04-25 09:59:06 -04:00
Becca Petrin
b12fa85c9b
uppercase Vault in plugin doc (#4442) 2018-04-24 10:41:37 -07:00
Jeff Mitchell
87e54d12b2 Update audit text to make it clear that audit logs are for authenticated interactions 2018-04-23 10:49:32 -04:00
Malhar Vora
78aa4876eb Corrects description for mode option in ssh command (#4420) 
Fixes #4375
 2018-04-22 13:42:46 -04:00
Malhar Vora
7b2858b7a3 Correct typo in Kubernetes auth backend docs 
Resolve small typo in Configuring Kubernetes section in Kubernetes Auth Backend
documentation.

Fixes #4417
 2018-04-21 19:37:59 -07:00
Jeff Mitchell
bc0918a350
Add the ability to restrict token usage by IP. Add to token roles. (#4412) 
Fixes #815
 2018-04-21 10:49:16 -04:00
Alvin Huang
5d440fe618 remove redundant 'Vault' in approle docs (#4405) 2018-04-20 09:55:15 -04:00
Vishal Nayak
e6cc20d1e7
phys/consul: Allow tuning of session ttl and lock wait time (#4352) 
* phys/consul: allow tuning of session ttl and lock wait time

* use parseutil

* udpate docs
 2018-04-18 13:09:55 -04:00
Jeff Mitchell
80b17705a9
X-Forwarded-For (#4380) 2018-04-17 18:52:09 -04:00
Laura Uva
d4b5f94dfe Add mode to the examples under automation steps (#4374) 2018-04-17 13:47:41 -04:00
Jerome Cheng
06eae018a3 Fix indentation of code block in Consul Secrets Engine docs (#4350) 
The indentation of the code block in the Consul Secrets Engine doc was
removed in #4224, but the closing backticks remained indented one level,
resulting in the block swallowing all text after it. Removing the
indentation from the closing backticks fixes this.
 2018-04-13 09:55:35 -04:00
Peter Souter
0ac5933c24 Remove Enterprise Only flag (#4337) 2018-04-11 14:27:58 -04:00
Matthew Irish
e7801faf2a
fix broken link (#4329) 2018-04-10 11:11:38 -05:00
Brian Kassouf
915e452c0d
KV: Update 'versioned' naming to 'v2' (#4293) 
* Update 'versioned' naming to 'v2'

* Make sure options are set

* Fix description of auth flag

* Review feedback
 2018-04-09 09:39:32 -07:00
Chris Hoffman
295db4718f
Root Credential Rotation Docs (#4312) 
* updating root credential docs

* more docs updates

* more docs updates
 2018-04-09 12:20:29 -04:00
Chris Hoffman
6492311767
remove token from curl request for login paths (#4303) 2018-04-06 18:10:59 -04:00
Andy Manoske
0b4adfd92f
Update index.html.md 2018-04-05 15:16:28 -07:00
Seth Vargo
aec4a603b4 Rename Google things to say "Google", update telemetry (#4267) 2018-04-04 10:37:44 -04:00
Brian Kassouf
56274d854d
Versioned K/V docs (#4259) 
* Work on kv docs

* Add more kv docs

* Update kv docs

* More docs updates

* address some review coments
 2018-04-03 23:22:41 -07:00
Roy Sindre Norangshol
3ddd3bd20c project is now project_id (#4251) 
Verified both via vault CLI and direct curl'ing towards API endpoints.
 2018-04-03 17:11:47 -04:00
Vishal Nayak
c052bb5ae2
move identity docs from ent docs to oss (#4235) 2018-04-01 13:59:43 -04:00
LeSuisse
885a6e754d Update usage of the deprecated generated-root command in the documentation (#4232) 2018-03-31 11:17:08 -04:00
Seth Vargo
e0fccbd55a Add HA support to the Google Cloud Storage backend (#4226) 2018-03-30 12:36:37 -04:00
Brian Shumate
721bcc6546 Update Consuls Secrets quick start (#4224) 
- Fix typo in role name
- Drop ordered list formatting on get credential example
 2018-03-30 10:46:05 -04:00
Jon Benson
12cd8bdeb6 Update mfa-totp.html.md (#4220) 2018-03-29 16:51:13 -04:00
Jeff Mitchell
4b45cb7f91 Merge branch 'master-oss' into 0.10-beta 2018-03-27 12:40:30 -04:00
vishalnayak
29ed7a383f docs: update aws ec2 auth step 2018-03-26 17:26:48 -04:00
Jeff Mitchell
1c2b610f3a Remove a few more vault.rocks usages 2018-03-26 15:02:22 -04:00
Wilhelmina Drengwitz
9b91032297 Add general recommendation for the api_addr config value (#4198) 
We ran into some confusion about what we should be setting the api_addr config value to. I feel this general recommendation should nudge any others into a better understanding of what this value should point to.
 2018-03-26 13:46:54 -04:00
Jeff Mitchell
43e9bcd948 Add more docs around list paths in policies. 
CC #4199
 2018-03-26 11:30:58 -04:00
Seth Vargo
04708d554c Drop vault.rocks (#4186) 2018-03-23 11:41:51 -04:00
Chris Hoffman
505f0ea495
adding Azure docs (#4185) 
Adding Azure Auth Method docs
 2018-03-22 18:28:42 -04:00
Jim Kalafut
c646f96786 Fix minor docs and help text issues (#4184) 2018-03-22 09:29:59 -04:00
Brian Kassouf
d51dc47070 Add kv backend (#4181) 2018-03-21 22:56:52 -04:00
emily
468cad19f3 Docs for Vault GCP secrets plugin (#4159) 2018-03-21 15:02:38 -04:00
Josh Soref
e43b76ef97 Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jeff Mitchell
59c451d246 Explicitly call out that we use aes-256 gcm-96 for the barrier. 
Fixes #2913
 2018-03-19 19:53:12 -04:00
Roger Berlind
aabccd5fd2 Fixed broken k8s TokenReview API link (#4144) 2018-03-17 21:23:41 -04:00
immutability
b2f44f9867 Plugins need setcap too for syscall mlock (#4138) 2018-03-16 06:05:01 -07:00
Jim Kalafut
17ed6663f7 Fix description of parameter value globbing (#4131) 2018-03-14 17:03:00 -04:00
Edward Z. Yang
1adda15299 Vault user needed to use STS Federation Tokens (#4108) 
If you try to use role authorization to get an STS token, you'll get this error:

* Error generating STS keys: AccessDenied: Cannot call GetFederationToken with session credentials
 2018-03-14 10:24:29 -04:00
Malte
26d8b7f095 Fix typo in recommended vault auth iam policy (#4128) 
The resource arn for the `sts:AssumeRole` action is missing a `:` for the region and therefore invalid.
 2018-03-14 03:45:21 -04:00
Brian Shumate
f8324e9c2a Docs: grammatical clarification around community supported note (#4122) 2018-03-13 10:32:28 -04:00
Jeff Mitchell
0fec3965e1 Update text around default policy to make it clear that it is user-modifiable 2018-03-08 15:48:11 -05:00
Jim Kalafut
3024869fdc Fix instruction in installation docs (#4097) 2018-03-08 11:02:04 -05:00
Aleksandar
ceef3b60d8 Add the chunk_size optional parameter to gcs storage (#4060) 2018-03-05 08:32:48 -05:00
Mike
79a884fbe8 Correct endpoint's path in Doc (#4074) 
Fix typo in endpoint's path
 2018-03-05 07:41:53 -05:00
Jim Kalafut
9a16efe7db Change "mount" to "secrets enable" in docs 2018-03-02 12:54:28 -08:00
Joel Thompson
8a115c73d9 auth/aws: Allow lists in binds (#3907) 
* auth/aws: Allow lists in binds

In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
 2018-03-02 11:09:14 -05:00
Andy Manoske
d21cbe3687
Update index.html.md 
Updated for Unbound
 2018-02-28 16:20:54 -08:00
Jeff Mitchell
8f328c490a Fix broken link on Consul docs 2018-02-26 13:28:15 -05:00
chris trott
4987468fba Configurable Consul Service Address (#3971) 
* Consul service address is blank

Setting an explicit service address eliminates the ability for Consul
to dynamically decide what it should be based on its translate_wan_addrs
setting.

translate_wan_addrs configures Consul to return its lan address to nodes
in its same datacenter but return its wan address to nodes in foreign
datacenters.

* service_address parameter for Consul storage backend

This parameter allows users to override the use of what Vault knows to
be its HA redirect address.

This option is particularly commpelling because if set to a blank
string, Consul will leverage the node configuration where the service is
registered which includes the `translate_wan_addrs` option. This option
conditionally associates nodes' lan or wan address based on where
requests originate.

* Add TestConsul_ServiceAddress

Ensures that the service_address configuration parameter is setting the
serviceAddress field of ConsulBackend instances properly.

If the "service_address" parameter is not set, the ConsulBackend
serviceAddress field must instantiate as nil to indicate that it can be
ignored.
 2018-02-23 11:15:29 -05:00
Yoko
e57eb8d1a1
Changed the layout category menu (#4007) 
* Changed the layout category menu

* Fixed typos

* Fixed a typo, and removed the duplicated generate-root guide

* Fixed the redirect.txt
 2018-02-22 16:24:01 -08:00
Jeff Mitchell
207081740e Make docs around regenerate_key more specific 2018-02-22 09:09:20 -05:00
Jeff Mitchell
f83f41436d Update PKCS11 seal information 2018-02-21 09:05:36 -05:00
Jeff Mitchell
e36a49fdf1 Add some info about cert reloading behavior on SIGHUP 
CC #3990
 2018-02-15 17:11:48 -05:00
Seth Vargo
7af2bdc5a4 Add support for Google Cloud Spanner (#3977) 2018-02-14 20:31:20 -05:00
Jeff Mitchell
ef00a69f11
Add ChaCha20-Poly1305 support to transit (#3975) 2018-02-14 11:59:46 -05:00
Nick
1489c08ea0 Update lease.html.md (#3759) 2018-02-14 09:44:34 -05:00
Brian Shumate
2b617f305a DOCS: update Telemetry with more coverage (#3968) 
- Add initial secrets engines metrics
- Update metrics types/values
- Update language for auth methods, secrets engines, audit devices
- Add more linking to relevant documentation
 2018-02-14 09:39:51 -05:00
Brian Shumate
c400463298 Clarify with example of file-backend specific metrics (#3913) 2018-02-13 11:04:11 -05:00
Brian Shumate
bea6121359 DOCS: update Telemetry (#3964) 
- Correct time to millis
- Correct storage backend summaries from # ops to duration of ops
 2018-02-13 10:15:19 -05:00
Paul Stack
7181749031 Adding Manta Storage Backend (#3720) 
This PR adds a new Storage Backend for Triton's Object Storage - Manta

```
make testacc TEST=./physical/manta
==> Checking that code complies with gofmt requirements...
==> Checking that build is using go version >= 1.9.1...
go generate
VAULT_ACC=1 go test -tags='vault' ./physical/manta -v  -timeout 45m
=== RUN   TestMantaBackend
--- PASS: TestMantaBackend (61.18s)
PASS
ok  	github.com/hashicorp/vault/physical/manta	61.210s
```

Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store

Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value

The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta
will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value`

The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
 2018-02-12 18:22:41 -05:00
Calvin Leung Huang
3189278c84
CLI Enhancements (#3897) 
* Use Colored UI if stdout is a tty

* Add format options to operator unseal

* Add format test on operator unseal

* Add -no-color output flag, and use BasicUi if no-color flag is provided

* Move seal status formatting logic to OutputSealStatus

* Apply no-color to warnings from DeprecatedCommands as well

* Add OutputWithFormat to support arbitrary data, add format option to auth list

* Add ability to output arbitrary list data on TableFormatter

* Clear up switch logic on format

* Add format option for list-related commands

* Add format option to rest of commands that returns a client API response

* Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead

* Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead

* Remove -no-color flag, use env var exclusively to toggle colored output

* Fix compile

* Remove -no-color flag in main.go

* Add missing FlagSetOutputFormat

* Fix generate-root/decode test

* Migrate init functions to main.go

* Add no-color flag back as hidden

* Handle non-supported data types for TableFormatter.OutputList

* Pull formatting much further up to remove the need to use c.flagFormat (#3950)

* Pull formatting much further up to remove the need to use c.flagFormat

Also remove OutputWithFormat as the logic can cause issues.

* Use const for env var

* Minor updates

* Remove unnecessary check

* Fix SSH output and some tests

* Fix tests

* Make race detector not run on generate root since it kills Travis these days

* Update docs

* Update docs

* Address review feedback

* Handle --format as well as -format
 2018-02-12 18:12:16 -05:00
Jeff Mitchell
3ce120e0f9
Add transaction-like behavior for Transit persists. (#3959) 2018-02-12 17:27:28 -05:00
Jeff Mitchell
f125cda324 Minor website wording updates 2018-02-12 15:28:06 -05:00
Jeff Mitchell
ce025b953f Document the disable_sealwrap parameter 2018-02-12 15:20:07 -05:00
alexandrumd
e47c7e866a Change 'rules' parameter for Policies requests (#3947) 
With Vault Version: 0.9.1, the following is returned when using "rules" for policies operation:
```The following warnings were returned from the Vault server:
* 'rules' is deprecated, please use 'policy' instead```
 2018-02-09 07:43:18 -05:00
Roger Berlind
f64bcf1a9a Updated replication table (#3929) 2018-02-08 18:11:00 -05:00
Chris Hoffman
d285fdf957
Fixing docs links and adding redirects for new guides (#3939) 
* updating links

* updating links

* updating links

* updating links

* updating links

* adding redirects
 2018-02-07 19:29:07 -05:00
cikenerd
f4f66a9779 Update etcd storage doc (#3753) 2018-02-06 11:00:00 -05:00
Jeff Mitchell
291df73f42 Minor grammatical update to MFA doc 2018-02-05 12:26:16 -05:00
Jeff Mitchell
78ff2014fa Make the MFA support status more clear for the legacy system 2018-02-04 19:25:27 -05:00
Vishal Nayak
1d310fadb6
docs/telemetry: remove merge conflict remnant (#3882) 
* remove merge conflict remnant

* s/auth/authentication
 2018-02-01 12:09:58 -05:00
Brian Shumate
15982cfa07 Correct cofiguration option in example (#3879) 2018-01-31 13:41:31 -05:00
Jack Pearkes
8ca8b46c51 website: add note about the 0.9.2+ CLI changes to reduce confusion (#3868) 
* website: add note about the 0.9.2+ CLI changes to reduce confusion

* website: fix frontmatter for 0.9.3 guide, add to guides index

* website: add overview title to 0.9.3 guide for spacing
 2018-01-30 13:30:47 -05:00
Chris Bartlett
17e1b7538d #3850 Fixed documentation for aws/sts ttl (#3851) 2018-01-25 22:20:30 -05:00
Paweł Słomka
276ad1f529 Cleanup of deprecated commands in tests, docs (#3788) 2018-01-15 15:19:28 -05:00
Vishal Nayak
80c4bd45af
Delete group alias upon group deletion (#3773) 2018-01-11 10:58:05 -05:00
Jeff Mitchell
d6552a11cc Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jon Davies
f57329a37a s3.go: Added options to use paths with S3 and the ability to disable SSL (#3730) 2018-01-03 12:11:00 -05:00
Didi Kohen
ec8befbaac Clarify that keybase is supported only in the CLI (#3744) 2018-01-03 11:18:38 -05:00
Alexandre Nicastro
3108692119 docs: fix typo (change 'a' to 'an' - indefinite article) (#3741) 2018-01-03 10:47:15 -05:00
Brian Shumate
f25f546eb9 Docs: Updated Telemetry documentation (#3722) 2017-12-26 13:51:15 -05:00
Brian Shumate
2c5b6909c9 Update backend config docs - addresses #3718 (#3724) 2017-12-26 13:48:45 -05:00
Jeff Mitchell
9c7e739ee7 Port website changes from ent side 2017-12-21 09:00:35 -05:00
Roger Berlind
b5b77d29dc Added example for Azure SQL Database (#3700) 2017-12-18 13:55:56 -05:00
Jeff Mitchell
4f31ee7cc8
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
James Nugent
7480287181 physical/dynamodb: Clarify ha_enabled type (#3703) 
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.

While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
 2017-12-18 09:30:29 -05:00
James Nugent
eb0cd8c29b docs: Add correct method for mlock on systemd (#3704) 
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
 2017-12-18 09:29:37 -05:00
Chris Hoffman
6c19fa3b78 Merge remote-tracking branch 'oss/master' into f-nomad 
* oss/master:
  Add support for encrypted TLS key files (#3685)
 2017-12-15 19:51:28 -05:00
Chris Hoffman
098c66a624
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Jeff Mitchell
96b0c31de5
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Brian Shumate
6395252068 Docs: fix typo in libtool ltdl name and link to avoid confusion and note about arch (#3644) 2017-12-11 13:42:19 -05:00
Brian Shumate
912ec80ad8 Docs: Update PKI URL config examples to FQDN — addresses #3606 (#3647) 2017-12-11 13:25:59 -05:00
Brian Shumate
62097160e5 Docs: Update PKI output examples - addresses #3606 (#3628) 2017-12-11 11:57:07 -05:00
Brad Sickles
dc70b1c21f Adding mfa support to okta auth backend. (#3653) 2017-12-07 14:17:42 -05:00
Brian Shumate
c767dc4ed6 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Brian Kassouf
f700c64551 Remove the note about GKE from the Kubernetes docs (#3658) 2017-12-06 13:38:00 -05:00
Calvin Leung Huang
208dc55830
Clarify api_addr related errors on VaultPluginTLSProvider (#3620) 
* Mention api_addr on VaultPluginTLSProvider logs, update docs

* Clarify message and mention automatic api_address detection

* Change error message to use api_addr

* Change error messages to use api_addr
 2017-12-05 12:01:35 -05:00
Jeff Mitchell
063f3d575e
Update secrets page 
Fixes #3623
 2017-12-04 12:05:34 -05:00
Chris Hoffman
effeb02afa Expanding on the quick start guide with how to set up an intermediate authority (#3622) 2017-12-04 11:23:58 -05:00
Brian Shumate
0a53ea27bf Docs: mlock() notes, fixes #3605 (#3614) 2017-12-04 10:56:16 -05:00
Marc Sensenich
100ec6c292 Remove Trailing White space in Kubernetes Doc (#3360) 
Removed a trailing white space from which caused `Error loading data: Invalid key/value pair ' ': format must be key=value` if copying the example

```
vault write auth/kubernetes/role/demo \
    bound_service_account_names=vault-auth \
    bound_service_account_namespaces=default \
    policies=default \
    ttl=1h
```
 2017-12-02 14:12:39 -05:00
Nicolas Corrarello
12e77fac51
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello
a3df394134
Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Laura Uva
d3a2844a75 Added clarification to KV documentation about default CLI behavior and how to preserve non-string type values (#3596) 2017-11-27 11:43:49 -05:00
Brian Shumate
4e69240ad2 Docs: policy update for multiple policies, fixes #3611 (#3613) 2017-11-27 09:54:38 -05:00
mariachugunova
1d2a38028a Fix typo in s3 storage backend docs (#3603) 2017-11-23 13:28:33 -08:00
Jeff Mitchell
89809168fe Add now-necessary mfa import to sentinel MFA example 2017-11-14 21:42:43 -05:00
Brian Kassouf
f67feaea20
Add token_reviewer_jwt to the kubernetes docs (#3586) 2017-11-14 13:27:09 -08:00
Vishal Nayak
16b1cbacc1
Doc: Add groups to identity concepts (#3581) 
* Add groups to the concepts page

* s/pulled-in and pulled-out/synced against

* Remove double spaces
 2017-11-14 13:27:49 -05:00
Seth Vargo
355fc65464
Flip seal pages upside down to put examples first 2017-11-14 13:12:35 -05:00
Seth Vargo
09366b573c
Add an auto-unseal page to the docs 
This helps with SEO and also is where I'd expect auto unsealing to be referenced.
 2017-11-14 13:12:20 -05:00
Jeff Mitchell
8a9d2e7df9 Minor website wording updates 2017-11-14 12:34:28 -05:00
Jeff Mitchell
e56f1beda9 Fix some broken links 2017-11-14 12:32:03 -05:00
Jeff Mitchell
f056cf9119 Sync docs 2017-11-14 06:13:11 -05:00
Vishal Nayak
b659e94a3b
API refactoring and doc updates (#3577) 
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
 2017-11-13 20:59:42 -05:00
Brian Shumate
ac95095a99 DOCS: Update telemetry docs - fixes #3557 (#3571) 2017-11-13 09:58:04 -05:00
Calvin Leung Huang
56b5c8e8bd
Docs update related to new top-level config values (#3556) 
* Add new top level config value docs, add VAULT_API_ADDR, purge old references

* Fix indentation

* Update wording on ha.html

* Add section on split data/HA mode

* Fix grammar
 2017-11-10 20:06:07 -05:00
James Soubry
859bd4fa1d Fix curl commands (#3558) 
Curl commands require HCL within JSON to work.
 2017-11-09 10:16:09 -05:00
Joel Thompson
50aa3d9e1f auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Jonathan Freedman
a40f8c40e6 More Mount Conflict Detection (#2919) 2017-11-06 15:29:09 -05:00
Jason Antman
ee438809d6 Add third party tools list to website (#3488) 2017-11-06 12:11:02 -05:00
Nicolas Corrarello
f9c30bff20
Updated documentation 2017-11-06 15:13:50 +00:00
Vishal Nayak
4d3b3bed08
docs: s/persona/alias (#3529) 2017-11-03 11:17:59 -04:00
Chris Hoffman
ed8cf070c9
Add ability to require parameters in ACLs (#3510) 2017-11-02 07:18:49 -04:00
Nicolas Corrarello
3a0d7ac9a6 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Nicolas Corrarello
482d73aebe Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00
Nathan Valentine
ad6b4df9a8 Should these names not reference Vault? (#3506) 
Since we are in the Vault docs, should these names not reference Vault instead of Nomad?
 2017-10-30 11:04:38 -05:00
Vishal Nayak
30aab2aa2f aws-ec2: Avoid audit logging of custom nonces (#3381) 2017-10-27 11:23:15 -04:00
smeach
6157a89f1b Updated cli arg to reflect text description (#3487) 2017-10-27 09:44:56 -05:00
AJ Bourg
e26573cb78 Add a doc for the token helper (#3411) 
* Add token helper docs.

* Update it so the new token helpers page appears in the navigation.
 2017-10-27 09:42:33 -05:00
Seth Vargo
50caac0bb6
More naming cleanup 2017-10-24 09:35:03 -04:00
Seth Vargo
1c9dadd1f7
Remove more references to auth backend 2017-10-24 09:34:12 -04:00
Seth Vargo
94fdc0e7d2
Update k8s documentation 2017-10-24 09:34:12 -04:00
Seth Vargo
23d1d9a1ac
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo
b8e4b0d515
Standardize on "auth method" 
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
 2017-10-24 09:32:15 -04:00
Seth Vargo
965b8809e3
Audit backend -> device 2017-10-24 09:30:52 -04:00
Seth Vargo
9ae01f1e6a
Absorb help and read-write into index 2017-10-24 09:30:52 -04:00
Seth Vargo
aaeacc291a
Add "write" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo
878f80e47f
Add "unwrap" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo
a282ac98f2
Add "token" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo
0783fe73fd
Add "status" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo
a0d67d8540
Add "ssh" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo
914321259a
Add "server" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo
b046a6bcdd
Add "secrets" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo
8e0eeade04
Add "read" command documentation 2017-10-24 09:30:52 -04:00
Seth Vargo
66448e3f82
Add "policy" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
7a88b59414
Update "path-help" documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
f3fc20b64b
Add "operator" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
afd289f65a
Add "login" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
737540b9ba
Add "list" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
53f3db41b6
Add "lease" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
9d6cae1f5d
Add "delete" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
e776921f96
Add "auth" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
0844c285b2
Add "audit" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
0024eca6b1
Add "token revoke" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
46b3f74988
Add "token renew" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
15b6cbf9e5
Add "token lookup" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
b8987e00c7
Add "token create" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
36b6563867
Add "token capabilities" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
ee6849c01c
Add "secrets tune" command documentation 2017-10-24 09:30:51 -04:00
Seth Vargo
bfaabc5cae
Add "secrets move" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
4f5a073a62
Add "secrets list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
7e9c0004b4
Add "secrets enable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
872ccb49cf
Add "secrets disable" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
44ea6f47d0
Add "policy write" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
88524e1f00
Add "policy read" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
7d96e6cc4e
Add "policy list" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
0dc501cc9b
Add "policy fmt" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
2217c037d7
Add "policy delete" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
ca7a0a5d4d
Add "operator unseal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
ccb3bec2a5
Add "operator step-down" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
eaf634ca34
Add "operator seal" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
cfc0940a23
Add "operator rotate" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
15a0f6c58a
Add "operator rekey" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
4e7d5bb841
Add "operator key-status" command documentation 2017-10-24 09:30:50 -04:00
Seth Vargo
06e5d1f1df
Add "operator init" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
4f794cfdce
Add "operator generate-root" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
276e1d2f98
Add "lease revoke" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
9a23ee813f
Add "lease renew" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
9c9e3a00fa
Add "auth tune" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
eeefe935b1
Add "auth list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
3f31c2b3fd
Add "auth help" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
b01c789140
Add "auth enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
629f1a7899
Add "auth disable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
f5be8ed04b
Add "audit list" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
0b5c21168a
Add "audit enable" command documentation 2017-10-24 09:30:49 -04:00
Seth Vargo
7f7232d029
Add "audit disable" command documentation 2017-10-24 09:30:49 -04:00
Chris Hoffman
07ea7ba193 updating mssql docs (#3477) 2017-10-19 11:21:29 -04:00
Brian Shumate
9b9cc294aa Match plugin name from releases (#3453) 2017-10-19 11:10:42 -04:00
Brian Kassouf
26a71da225 Add a note about the instant client libraries (#3434) 
* Add a note about the instant client libraries

* Update oracle.html.md
 2017-10-12 09:40:06 -04:00
emily
ea412e52b7 add GCP APIs that need to be enabled to GCP auth docs, small doc fixes (#3446) 2017-10-11 09:18:32 -04:00
Nicolas Corrarello
72b0a2fcdb Adding Nomad docs to the nav. Minor cosmetics fixes 2017-10-06 16:03:06 +01:00
David Dixon
111369e336 Small typo corrections for policies doc (#3413) 2017-10-06 09:38:00 -04:00
Oluwafemi Sule
f76633c8bc fix spellings errors (#3400) 2017-09-29 11:52:42 -04:00
Alex Dadgar
b314c13882 Fix spelling errors (#3390) 2017-09-28 07:54:40 -04:00
Brian Kassouf
539cb262f1 Kubernetes Docs Update (#3386) 
* Update Kubnernetes Docs

* Add a note about alpha clusters on GKE

* Fix JSON formatting

* Update kubernetes.html.md

* Fix a few review comments
 2017-09-27 14:02:18 -07:00
Jeff Mitchell
6faf8365e9 Add option to disable client certificate requesting. (#3373) 
Fixes #3372
 2017-09-25 14:41:46 -04:00
Nicolas Corrarello
bcd147711a Adding Nomad secret backend documentation 2017-09-20 17:31:28 -05:00
Dave Pedu
516cc8bd6b Spelling fix (#3351) 2017-09-19 15:25:39 -04:00
Brian Kassouf
4fb3f163ee Kubernetes auth (#3350) 
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a942.

* Update the vendored directory
 2017-09-19 09:27:26 -05:00
emily
08c2e2ce44 Add GCE docs for GCP Auth Backend (#3341) 2017-09-19 07:44:05 -05:00
Bruno Miguel Custódio
14714f399a Fix a few quirks in the GCP auth backend's docs. (#3322) 2017-09-19 07:41:41 -05:00
Vishal Nayak
de7ac83df6 Add 'pid_file' config option (#3321) 
* add pid_file config option

* address review feedback

* address review comments
 2017-09-16 17:09:37 -04:00
Chris Hoffman
010575cb60 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman
3aa68c0034 Adding support for base_url for Okta api (#3316) 
* Adding support for base_url for Okta api

* addressing feedback suggestions, bringing back optional group query

* updating docs

* cleaning up the login method

* clear out production flag if base_url is set

* docs updates

* docs updates
 2017-09-15 00:27:45 -04:00
Chris Hoffman
4a8c33cca3 Disable the sys/raw endpoint by default (#3329) 
* disable raw endpoint by default

* adding docs

* config option raw -> raw_storage_endpoint

* docs updates

* adding listing on raw endpoint

* reworking tests for enabled raw endpoints

* root protecting base raw endpoint
 2017-09-15 00:21:35 -04:00
Chris Hoffman
ca74cdbc23 update enterprise urls /docs/vault-enterprise -> /docs/enterprise (#3333) 2017-09-13 15:37:40 -04:00
Bruno Miguel Custódio
bfff8b4244 Fix navigation and prameters in the 'gcp' auth backend docs. (#3317) 2017-09-11 15:26:24 -04:00
Adam Duke
cc536c2cf4 fix typo in policies documentation (#3302) 2017-09-07 11:55:24 -04:00
Jeff Mitchell
acb944635c Massive update to response-wrapping concept page 2017-09-01 08:32:55 -04:00
Jeff Mitchell
22528daac6 Add 'discard' target to file audit backend (#3262) 
Fixes #seth
 2017-08-30 19:16:47 -04:00
Joel Thompson
c641938cef auth/aws: Allow wildcard in bound_iam_principal_id (#3213) 2017-08-30 17:51:48 -04:00
stephan stachurski
55fa69a2f4 add support to use application default credentials to gcs storage backend (#3257) 2017-08-30 15:42:02 -04:00
Seth Vargo
aa1591cd3b
Remove fake news about custom plugins 
This also adds a redirect from the old page to the new one
 2017-08-30 12:57:45 -04:00
Christopher Pauley
f2d452b5e1 stdout support for file backend via logger (#3235) 2017-08-29 14:51:16 -04:00
Brian Kassouf
41db07530a Add basic autocompletion (#3223) 
* Add basic autocompletion

* Add autocomplete to some common commands

* Autocomplete the generate-root flags

* Add information about autocomplete to the docs
 2017-08-24 15:23:40 -07:00
Serg
c228f880c8 Update index.html.md (#3233) 2017-08-24 10:08:35 -04:00
Seth Vargo
be57fd0594 Thread stderr through too (#3211) 
* Thread stderr through too

* Small docs typo
 2017-08-21 17:23:29 -04:00
Seth Vargo
9eacae526e Addd more SSH CA troubleshooting (#3201) 
* Add notes about pty and other permit-* extensions

* Update troubleshooting

* Add an example of JSON for sign

* Fix a bug about what keys to push up
 2017-08-21 17:22:54 -04:00
Calvin Leung Huang
4ff2ad649c Update gcp auth backend docs (#3209) 
* Update gcp auth backend docs

* Minor formatting and wording fixes

* Minor formatting fixes
 2017-08-18 16:25:52 -04:00
Seth Vargo
1a907c81d4
Typo fix 2017-08-16 18:38:35 -04:00
Seth Vargo
1a7a39d4fd
Refactor SSH CA backend docs 2017-08-16 18:38:35 -04:00
Brian Kassouf
1d03ad7420 Fix a few links (#3188) 2017-08-16 10:27:12 -07:00
Jeff Mitchell
94abf01931 Fix ping docs location 2017-08-16 12:57:31 -04:00
emily
376bd88479 Initial GCP auth backend documentation (#3167) 2017-08-15 22:03:04 -04:00
Jeff Mitchell
443df65ae5 Add PingID MFA docs (#3182) 2017-08-15 22:01:34 -04:00
Brian Kassouf
1691a3756a Oracle plugin docs (#3131) 
* Add oracle database docs

* Add oracle database docs

* Fix commas in json output

* Update oracle.html.md
 2017-08-15 17:24:01 -07:00
Andy Manoske
e064863284 Update index.html.md 
Updated replication docs for DR
 2017-08-14 19:02:02 -07:00
Jeff Mitchell
ff0bbbe2fc Fix hanadb link 2017-08-14 13:04:26 -04:00
Lucas Vasconcelos Santana
655cb4bd7d add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Lucas Vasconcelos Santana
8e67ccdef4 add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Seth Vargo
8581a7879c Break SSH types into their own pages (#3157) 
@jefferai and I discussed this on Friday. With three fully-documented
SSH backends, the page is lengthy, ungreppable, and intimidating. This
commit separates the SSH backends into their own pages with as little
text changes as possible.
 2017-08-14 10:49:41 -04:00
Seth Vargo
24c4c0c9c2 Rename database plugins for SEO (#3156) 
When we "nest" like this, it's important to use a common suffix,
"Database Secret Backend" in this case, so that the SEO minions can
properly group search results for end users.
 2017-08-14 10:46:39 -04:00
Jeff Mitchell
1c3ca9d4dd Update github comment 2017-08-11 17:03:18 -04:00
Seth Vargo
32c94e1a8c Remove references to VSI (#3143) 
Andy approved
 2017-08-10 20:47:59 -04:00
Issac
c1d69f8d79 Add TLS config to skeleton plugin (#3137) 2017-08-09 11:41:17 -07:00
vishalnayak
de82889d04 docs: Add API section for MFA docs 2017-08-09 13:26:29 -04:00
vishalnayak
cd14bf99ef docs: fix broken link 2017-08-09 13:17:56 -04:00
vishalnayak
22beec9ec0 docs: Added identity concepts 2017-08-09 13:08:05 -04:00
vishalnayak
6669837509 docs: Add X-Vault-MFA to the list of env vars 2017-08-09 11:31:30 -04:00
Chris Hoffman
7b55c457c7 API Docs updates (#3135) 2017-08-09 11:22:19 -04:00
Jeff Mitchell
847c59fb5b Fix cassandra doc link 2017-08-09 10:32:03 -04:00
Vishal Nayak
d2b3f42936 docs: MFA usage details (#3133) 2017-08-08 23:48:31 -04:00
Jeff Mitchell
27b2764c28 Add an extra sentence to the github warning 2017-08-08 21:10:15 -04:00
Calvin Leung Huang
ffc7901d88 Add plugin backends docs (#3125) 
* Add docs on plugins/backend/reload, add plugin backend guide

* Fix docs headers

* Fix API endpoint description

* Update plugin guide and internals pages
 2017-08-08 12:39:19 -04:00
Chris Hoffman
d60dd42c81 API Docs updates (#3101) 2017-08-08 12:28:17 -04:00
Jeff Mitchell
90e1e80b8f Add a note about GitHub auth backend security 2017-08-08 10:26:05 -04:00
Paulo Ribeiro
bc0954923c Fix minor grammatical error (#3110) 2017-08-04 11:08:49 -04:00
Jeff Mitchell
0bf8c04f73 Merge branch 'master-oss' into issue-2241 2017-08-03 07:41:34 -04:00
Gobin Sougrakpam
f166016ae8 tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Jeff Mitchell
608322b546 Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Minkyu Kim
2f84edc39b Fix outdated documentation about AWS STS credentials (#3093) (#3094) 2017-08-02 11:18:35 -04:00
Jeff Mitchell
54e3d61d6b Use RemoteCredProvider instead of EC2RoleProvider (#2983) 2017-07-31 18:27:16 -04:00
Brian Rodgers
6486a40d47 docs: Added text to clarify that root does not refer to AWS root creds (#2950) 2017-07-31 17:31:44 -04:00
Oliver Beattie
c5222319e9 Fix docs to use new style 2017-07-31 15:24:08 +01:00
Filipe Varela
f3d3f49820 Makes naming consistent w/ other storage backends (ie: etcd) 2017-07-31 15:18:07 +01:00
Filipe Varela
cbbc8be2c9 Adds docs for new configuration options 2017-07-31 15:18:06 +01:00
Oliver Beattie
3a097a146f Add a (basic) Cassandra storage backend 2017-07-31 15:18:01 +01:00
James Phillips
06a19456ff Fixes a typo in the VSI doc. (#3047) 2017-07-26 12:18:52 -04:00
Jeremy Voorhis
6e311aa598 s/alterate/alternate/ (#3056) 2017-07-26 11:44:06 -04:00
Vishal Nayak
96e8ffea5a docs: Identity Store (#3055) 2017-07-25 18:33:17 -04:00
Chris Hoffman
317ae32ca7 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Calvin Leung Huang
2b0f80b981 Backend plugin system (#2874) 
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
 2017-07-20 13:28:40 -04:00
Joel Thompson
88910d0b1c Improve sts header parsing (#3013) 2017-07-18 09:51:45 -04:00
Gobin Sougrakpam
638ef2c9b8 Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT (#3022) 2017-07-18 09:48:31 -04:00
Andy Manoske
41fefd49bd Update configuration.html.md (#3029) 2017-07-17 14:37:32 -04:00
Jeff Mitchell
6876ee8a2c Add max_parallel to mssql and postgresql (#3026) 
For storage backends, set max open connections to value of max_parallel.
 2017-07-17 13:04:49 -04:00
Seth Vargo
31e8349197 Update Policies and Auth concepts pages (#3011) 2017-07-14 11:15:22 -04:00
Jeff Mitchell
cdd68aff95 Reformat some wrapping docs 2017-07-13 19:02:15 -04:00
Tony Cai
f92f4d4972 Added HANA database plugin (#2811) 
* Added HANA dynamic secret backend

* Added acceptance tests for HANA secret backend

* Add HANA backend as a logical backend to server

* Added documentation to HANA secret backend

* Added vendored libraries

* Go fmt

* Migrate hana credential creation to plugin

* Removed deprecated hana logical backend

* Migrated documentation for HANA database plugin

* Updated HANA DB plugin to use role name in credential generation

* Update HANA plugin tests

* If env vars are not configured, tests will skip rather than succeed

* Fixed some improperly named string variables

* Removed unused import

* Import SAP hdb driver
 2017-07-07 13:11:23 -07:00
Will May
dc33acaceb Allow Okta auth backend to specify TTL and max TTL values (#2915) 2017-07-05 09:42:37 -04:00
Jasper Siepkes
624032e59c Added documentation for working with MySQL wildcards in GRANT (#2963) 2017-07-04 13:59:08 -04:00
Brian Shumate
03b95432eb DOCS: fix typo (#2965) 2017-07-03 12:40:31 -04:00
Cameron Stokes
5d2d750d9a [docs] Add requirements for hsm. (#2941) 2017-07-01 21:21:51 +01:00
Seth Vargo
49fe772e0c Add rekeying guide & move guides to top-level (#2935) 2017-06-29 14:43:43 +01:00
Brian Shumate
4a0183ab4c Docs: Expand Telemetry documentation (#2860) 2017-06-29 04:02:48 +01:00
Brian Boerst
0ebb2491b5 Typo fix in vault enterprise/replication docs. (#2932) 2017-06-29 04:01:32 +01:00
Seth Vargo
49f508b469 Merge pull request #2914 from hashicorp/sethvargo/ec2authimage 
Add diagram for EC2 Auth flow
 2017-06-28 07:31:37 +08:00
Seth Vargo
2d84ca0e11
Re-org and move text around in list instead 2017-06-27 22:38:16 +08:00
Seth Vargo
5119e31e68
Capitalize C 2017-06-27 22:38:16 +08:00
Seth Vargo
6af372f77b
Add diagram for EC2 Auth flow 2017-06-27 22:38:16 +08:00
Armon Dadgar
67f55d45f0 adding link to security model 2017-06-26 17:43:04 -07:00
Armon Dadgar
be219f10e6 website: Add more hardening tips 2017-06-26 14:00:36 -07:00
TheCodeAssassin
8b85fc5cc2 Small typo fix (#2921) 2017-06-26 10:08:18 -04:00
Cameron Stokes
aa0db53f0d [docs]: Fix typo in hardening guide. 2017-06-22 22:20:17 -07:00
Armon Dadgar
3dbe7e5cd9 Merge pull request #2898 from hashicorp/docs-prod-hard 
website: adding production hardening guide
 2017-06-22 15:05:35 -07:00
Saj Goonatilleke
910a359909 Fix a typo in the telemetry documentation (#2910) 2017-06-22 20:12:28 +01:00
Armon Dadgar
b57a656ff6 Make recommendation vs requirement more clear 2017-06-22 11:02:18 -07:00
Armon Dadgar
72971198f4 Copy changes 2017-06-21 09:55:00 -07:00
Armon Dadgar
fa40f022a8 website copy updates 2017-06-20 21:21:04 -07:00
Armon Dadgar
629cc49ae9 website: adding production hardening guide 2017-06-20 17:44:54 -07:00
Jeff Mitchell
d0d3b7c0ec More cleanup 
Ping #2894
 2017-06-20 10:46:24 -04:00