mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-18 04:27:02 +02:00
Code Issues Projects Releases Wiki Activity
10,543 Commits 2,844 Branches 445 Tags 454 MiB
68b40b814c
Commit Graph

2583 Commits

Author SHA1 Message Date
Jeff Mitchell
db5783d1f0 Remove outdated references to UUIDs for token values 2018-10-08 12:45:17 -04:00
Jeff Mitchell
a9dd2d3996
Set allowed OIDs to any value when generaing a CA. (#5462) 
* Set allowed OIDs to any value when generaing a CA.

Also, allow utf-8 in addition to utf8 as the OID type specifier, and
allow `*` to specify any OID of a supported type.

* Update PKI docs
 2018-10-08 09:51:43 -04:00
Jim Kalafut
4731f1319c
Fix docs typos 2018-10-05 22:53:09 -07:00
Jim Kalafut
238a93d23d
Update examples to use sha256 (#5468) 
sha_256 is supported but not referenced in our API docs.
 2018-10-04 09:51:54 -07:00
Jeff Mitchell
dbde07211c Remove incorrect api docs text around metadata being supported for identity aliases 2018-10-04 09:09:41 -04:00
Jeff
bf154cdff8 fix doc typo (#5455) 2018-10-03 11:25:57 -07:00
Martins Sipenko
1e1a31e8d8 Fix missing > (#5452) 2018-10-03 09:16:36 -04:00
Brian Kassouf
14a620c173
Fix identity link (#5449) 2018-10-02 17:45:17 -07:00
Brian Kassouf
760aca7055
mailto link (#5448) 2018-10-02 17:41:04 -07:00
Becca Petrin
3ebe388dc1 alicloud auto-unseal docs (#5446) 2018-10-02 17:21:26 -07:00
Chris Hoffman
4b645cb8ac
adding upgrade guide (#5447) 2018-10-02 20:18:59 -04:00
sk4ry
58c6c03398 Add ability to configure the NotBefore property of certificates in role api (#5325) 
* Add ability to configure the NotBefore property of certificates in role api

* Update index.html.md

* converting field to time.Duration

* setting default back to 30s

* renaming the parameter not_before_duration to differentiate between the NotBefore datetime on the cert

* Update description
 2018-10-02 11:10:43 -04:00
Joel Thompson
7e610e6227 Allow specifying role-default TTLs in AWS secret engine (#5138) 
* Allow specifying role-default TTLs in AWS secret engine

* Add an acceptance test

* Add docs for AWS secret role-default TTLs

* Rename default_ttl to default_sts_ttl

* Return default_ttl as int64 instead of time.Duration

* Fix broken tests

The merge of #5383 broke the tests due to some changes in the test style
that didn't actually cause a git merge conflict. This updates the tests
to the new style.
 2018-10-02 10:14:16 -04:00
Nageswara Rao Podilapu
db3b6468b4 Update page content with a generic noun (#5444) 
This might be a typo, It says `A user may have a client token sent to her` instead it should say `A user may have a client token sent to them`
 2018-10-02 09:31:01 -04:00
Saurabh Pal
239f2013b8 Enable TLS based communication with Zookeeper Backend (#4856) 
* The added method customTLSDial() creates a tls connection to the zookeeper backend when 'tls_enabled' is set to true in config

* Update to the document for TLS configuration that is  required to enable TLS connection to Zookeeper backend

* Minor formatting update

* Minor update to the description for example config

* As per review comments from @kenbreeman, additional property description indicating support for multiple Root CAs in a single file has been added

* minor formatting
 2018-10-01 14:12:08 -07:00
Brian Kassouf
6449f3d59e
Update replication-performance.html.md 2018-10-01 13:59:50 -07:00
Brian Kassouf
d73b46c2f8
Update replication-dr.html.md 2018-10-01 13:59:17 -07:00
Brian Kassouf
25ee68d5e6
Update replication-dr.html.md 2018-10-01 12:53:20 -07:00
Brian Kassouf
75f4a07916
Update replication-performance.html.md 2018-10-01 12:52:44 -07:00
Becca Petrin
52e9257110 Discuss ambient credentials in namespaces (#5431) 
* discuss ambient credentials in namespaces

* update aws cred chain description
 2018-10-01 15:23:54 -04:00
Chris Pick
e77f08d4e6 Note that GCP auth method needs iam API enabled (#5339) 
In addition to the specific permissions that are already mentioned, the project also needs the `iam.googleapis.com` API enabled, otherwise authenticating will fail with an error similar to:

```
Error authenticating: Error making API request.

URL: PUT https://localhost:8200/v1/auth/gcp/login
Code: 400. Errors:

* could not find service account key or Google Oauth cert with given 'kid' id
```
 2018-10-01 10:09:32 -07:00
Brian Shumate
adc9e821ef Guide/Identity: use consistent id/accessor example to fix #5340 (#5432) 2018-09-28 17:43:15 -04:00
Mike Christof
9a11700b64 fixed read-entity-by-name code (#5422) 2018-09-28 07:23:46 -07:00
Calvin Leung Huang
6f63f42daf docs: Update CLI page to include namespace and flags info (#5363) 2018-09-27 17:08:14 -07:00
joe miller
f2b685e0f8 add allowed_organiztaional_units parameter to cert credential backend (#5252) 
Specifying the `allowed_organiztaional_units` parameter to a cert auth
backend role will require client certificates to contain at least one of
a list of one or more "organizational units" (OU).

Example use cases:

Certificates are issued to entities in an organization arrangement by
organizational unit (OU). The OU may be a department, team, or any other logical
grouping of resources with similar roles. The entities within the OU
should be granted the same policies.

```
$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering

$ vault write auth/cert/certs/ou-engineering \
    certificate=@ca.pem \
    policies=engineering \
    allowed_organiztaional_units=engineering,support
```
 2018-09-27 19:04:55 -05:00
Andy Manoske
55e657d19c
Broken link fix 
Fix broken links
 2018-09-26 19:48:07 -07:00
Andy Manoske
0e6030b2c3
partnerships-format 
Some small formatting fixes
 2018-09-26 19:41:27 -07:00
Andy Manoske
3770632494
Fix header issues 
Fix partnerships docs formatting issues
 2018-09-26 19:30:28 -07:00
Andy Manoske
9915d70022
Merge branch 'master' into partnerships-add-docs 2018-09-26 19:17:26 -07:00
Andy Manoske
765dd4bc2b
Update community.html.erb 2018-09-26 19:16:56 -07:00
Andy Manoske
5c6f5fa97b
Delete partnerships.html.erb 2018-09-26 19:14:06 -07:00
Andy Manoske
3b79ae27d4
Update guides.erb 2018-09-26 19:12:03 -07:00
Andy Manoske
9694a6d40e
Create index.html.md 2018-09-26 19:06:22 -07:00
Andy Manoske
3017016b01
Update partnerships.html.erb 2018-09-26 18:56:48 -07:00
Jim Kalafut
cb8a3551ed operator migrate docs (#5400) 
* operator migrate docs

* Address feedback

* Fix title
 2018-09-26 10:55:04 -07:00
Joel Thompson
d12547c7fa auth/aws: Make identity alias configurable (#5247) 
* auth/aws: Make identity alias configurable

This is inspired by #4178, though not quite exactly what is requested
there. Rather than just use RoleSessionName as the Identity alias, the
full ARN is uses as the Alias. This mitigates against concerns that an
AWS role with an insufficiently secured trust policy could allow an
attacker to generate arbitrary RoleSessionNames in AssumeRole calls to
impersonate anybody in the Identity store that had an alias set up.
By using the full ARN, the owner of the identity store has to explicitly
trust specific AWS roles in specific AWS accounts to generate an
appropriate RoleSessionName to map back to an identity.

Fixes #4178

* Respond to PR feedback

* Remove CreateOperation

Response to PR feedback
 2018-09-26 08:27:12 -07:00
Joel Thompson
d184aa0ae3 Add AWS Secret Engine Root Credential Rotation (#5140) 
* Add AWS Secret Engine Root Credential Rotation

This allows the AWS Secret Engine to rotate its credentials used to
access AWS. This will only work when the AWS Secret Engine has been
provided explicit IAM credentials via the config/root endpoint, and
further, when the IAM credentials provided are the only access key on
the IAM user associated wtih the access key (because AWS allows a
maximum of 2 access keys per user).

Fixes #4385

* Add test for AWS root credential rotation

Also fix a typo in the root credential rotation code

* Add docs for AWS root rotation

* Add locks around reading and writing config/root

And wire the backend up in a bunch of places so the config can get the
lock

* Respond to PR feedback

* Fix casing in error messages

* Fix merge errors

* Fix locking bugs
 2018-09-26 07:10:00 -07:00
Clint
43bc4540d5
Allow force restore for Transit Key Restores (#5382) 
* Add test file for testing path_restore in Transit backend. Fails because 'force' is not implemented yet

* initial implementation of 'force', to force restore of existing transit key atomically
 2018-09-25 15:20:59 -05:00
Vishal Nayak
4e0adb5708
Support operating on entities and groups by their names (#5355) 
* Support operating on entities and groups by their names

* address review feedback
 2018-09-25 12:28:28 -07:00
emily
076c1819c5 Docs PR for GCP secrets backend access token changes (#5366) 
* initial docs pass

* fix docs
 2018-09-21 10:31:49 -07:00
Brian Shumate
9c1638497e Add Enterprise Replication metrics (#3981) 2018-09-21 12:01:44 -04:00
Brian Shumate
45526da0e7 Docs: update policy read API output to address #5298 (#5299) 2018-09-21 10:52:46 -04:00
Brian Shumate
9dc2a85050 Update screenshot (#5378) 
- Use a Vault dashboard example (previous example was for Consul)
- Rename image file
 2018-09-21 09:53:49 -04:00
Roman Iuvshyn
717165babd fixes file path option in samples (#5377) 
fixes file path option in samples
 2018-09-20 15:55:20 -07:00
Yoko
22269320de
[Guide] Tokens & Leases guide **Correction** (#5375) 
* Added Azure Key Vault

* Corrected the info about orphan token creation
 2018-09-20 13:58:29 -07:00
Calvin Leung Huang
494b9a039c
Add ability to provide env vars to plugins (#5359) 
* Add ability to provide env vars to plugins

* Update docs

* Update docs with examples

* Refactor TestAddTestPlugin, remove TestAddTestPluginTempDir
 2018-09-20 10:50:29 -07:00
Brian Shumate
abdf729924 Docs: update Tidy API (#5374) 
- Add a sample response to /auth/token/tidy API docs
- Document /auth/approle/tidy/secret-id API docs
 2018-09-20 13:25:33 -04:00
Laura Gjerman-Uva
2b0c7596d4 Add -dr-token flag to commands to generate OTP and decode with OTP (required on DR secondary as of 0.11) (#5368) 2018-09-20 09:19:01 -07:00
Richard Lane
6179375100 Documentation correction - update list identity whitelist sample request (#5369) 
Path was incorrectly referencing the roletag-blacklist

Updated the sample to match the correct path
 2018-09-19 21:21:57 -07:00
Becca Petrin
8367eb6619
AliCloud Secrets Docs (#5351) 2018-09-19 08:42:59 -07:00
Jeff Mitchell
e8b7ec2e11 Fix default_max_request_duration HCL name and update docs (#5321) 
* Fix default_max_request_duration HCL name and update docs

* Update tcp.html.md
 2018-09-18 14:30:21 -07:00
Yoko
6e8099ef40
[Guide] Secure Introduction - Update (#5323) 
* Adding Vault Agent to the Secure Intro guide

* Incorporated the feedback

* Deleted extra spaces

* methods -> approaches
 2018-09-14 13:51:23 -07:00
Yoko
ff6ce5cc07
[Guide] Namespaces policy (#5296) 
* Added policy info

* Fixed the API URL

* Added webinar recording as a reference material
 2018-09-14 11:23:46 -07:00
Evan Grim
e31cdb7a10 Fix small grammatical error in plugin docs (#5334) 2018-09-13 14:23:24 -07:00
Yoko
6ededfab60
ACL Policy Templating -> ACL Policy Path Templating (#5330) 2018-09-12 16:14:31 -07:00
Clint
d070b36874
Update AWS auth backend iam_request_headers to be TypeHeader (#5320) 
Update AWS Auth backend to use TypeHeader for iam request headers

- Remove parseIamRequestHeaders function and test, no longer needed with new TypeHeader
- Update AWS auth login docs
 2018-09-12 16:16:16 -05:00
Becca Petrin
25cb22fe0a
Poll for new creds in the AWS auth agent (#5300) 2018-09-12 13:30:57 -07:00
Brian Shumate
23ec4b86b1 Docs: clarify max_ttl in Database Secrets Create (#5311) 
- Clarify max_ttl on Database Secrets Create API
- Crosslink to TTL general case docs
 2018-09-11 19:55:15 -04:00
Jeremy Gerson
e7ca6d9490 Update pki-engine.html.md (#5322) 2018-09-11 19:49:31 -04:00
Yoko
ea6ec0acad
[Guide] Performance Standby Nodes (#5272) 
* Performance Standby Nodes guide

* Added a link in the Vault HA guide

* Added links

* Clarified the node selection info

* Incorporated feedback

* Added 'when the Enterprise license includes this feature'

* Fixed the label: server 8 -> VM8

* Incorporated the feedback
 2018-09-11 15:22:36 -07:00
Jeff Mitchell
995efc0a61 Update some text around encrypting with agent 2018-09-11 15:05:44 -04:00
Becca Petrin
e1687ed78d
update to match aws (#5315) 2018-09-11 11:10:50 -07:00
Brian Shumate
9dd7753866 Docs: namespaces edit lookup subcommand text (#5310) 
* Docs: namespaces edit lookup subcommand text

* precise
 2018-09-10 11:56:01 -04:00
Jeff Mitchell
6acf58d77d Finish updating jwt auth docs 2018-09-10 11:46:50 -04:00
mg
18569d78be resolve incorrect scope (#5307) 
https://github.com/terraform-providers/terraform-provider-azurerm/issues/943

> Turns out the problem is that the scope was invalid. There was a missing s on resourceGroup. The error message though is absolutely awful for detecting that.
 2018-09-07 16:56:02 -07:00
Joakim Bakke Hellum
839d1ed372 Fix typos in Azure Secrets Engine docs (#5295) 2018-09-06 15:31:19 -07:00
Geoff Meakin
ee8b5b2019 Update relatedtools.html.md (#5287) 
Add ansible-modules-hashivault to the list of third-party tools
 2018-09-06 08:37:03 -07:00
Andy Manoske
b8c369d65b
Create partnerships.html.erb 2018-09-05 17:06:49 -07:00
Andy Manoske
09a861faf8
Update community.html.erb 2018-09-05 16:44:46 -07:00
Jeff Mitchell
d3edc47096
Allow most parts of Vault's logging to have its level changed on-the-fly (#5280) 
* Allow most parts of Vault's logging to have its level changed on-the-fly

* Use a const for not set
 2018-09-05 15:52:54 -04:00
Steven Black
80272dfe07 Fix misspelling (#5279) 2018-09-05 15:40:01 -04:00
Brian Shumate
b96fc7dfb9 Update terminology (#5225) 
- Change "key ring" references to "key" to match Transit API docs
 2018-09-05 12:05:02 -04:00
Becca Petrin
d69c674c8e Add AliCloud auth to the Vault Agent (#5179) 2018-09-05 11:56:30 -04:00
Seth Vargo
1bc3222929 Fix resource binding examples (#5273) 2018-09-05 11:55:45 -04:00
Dan Brown
6b452d3114 EA validation of material against Vault 0.11 (#5276) 
* Validate RA against Vault 0.11

* Validate DG against Vault 0.11
 2018-09-05 11:55:27 -04:00
Jeff Mitchell
b4ab18bbc1
Remove certificates from store if tidying revoked certificates (#5231) 
This will cause them to be removed even if they have not expired yet,
whereas before it would simply leave them in the store until they were
expired, but remove from revocation info.
 2018-09-05 11:47:27 -04:00
RobinsonWM
abf336eec8 Documentation: Corrected typo in CLI init doc (#5269) 2018-09-04 15:44:41 -06:00
Jeff Mitchell
535dd9df1f
Update index.html.md 2018-09-04 12:15:05 -04:00
Dan Brown
b8195d34c6 Update Azure VM sizes in Reference Architecture (#5251) 2018-09-03 20:24:27 -07:00
Yoko
cdfde4c4c2
[Guide] Updates on Namespaces guide (#5243) 
* Added 'Additional Discussion' section

* s/at the root/in the root namespace/

* one more place that I said 'at the root' - fixed
 2018-08-31 18:24:07 -07:00
Chris Hoffman
7ce426b6e9
adding known issue 2018-08-31 17:29:21 -04:00
Yoko
1c6105aa60
Fixed the incomplete sentense (#5240) 2018-08-31 11:37:28 -07:00
Yoko
4222e1f259
[Guide] ACL Templating (#5226) 
* WIP - ACL Templating

* WIP

* WIP - ACL Templating

* WIP

* Updated

* ACL Policy Templating guide

* Updated to use kv-v2 instead of kv

* Fixed the incomplete sentense and cleaned it up a little

* WIP Formatting and grammar

* Minor fixes
 2018-08-31 09:06:43 -07:00
Chris Hoffman
00596c4064
adding known issues section 2018-08-30 19:09:30 -04:00
Yoko
552f82c691
[Guide] Update for Vault HA (0.11) (#5104) 
* For 0.11 - Performance Nodes

* Added the doc link

* Performance Node -> Performance Standby Nodes

* Updated to say 'most read-only requests'
 2018-08-30 14:45:34 -07:00
Andy Manoske
152c91c6db
namespace docs updates 
Post-launch clarifications on namespace docs
 2018-08-30 14:20:14 -07:00
Yoko
2430761aee
[Guide] Fixed the reported issue (#5230) 
* Fixed the message

* Fixed the message
 2018-08-30 09:45:18 -07:00
Jeff Mitchell
5df396009f Fix up sidebar JWT description 2018-08-30 12:00:20 -04:00
Jeff Mitchell
828124acf2 Remove some confusing language on perf standby page 2018-08-29 19:51:23 -04:00
Brian Shumate
40862dca5c Minor edits (#5221) 
- Correct typo
- Remove trailing spaces
 2018-08-29 12:01:33 -04:00
Chris Hoffman
c1a3fd61fc
adding namespaces example 2018-08-29 11:26:23 -04:00
Jeff Mitchell
9248335d48
Add namespace/mfa docs (#5215) 2018-08-28 15:33:34 -07:00
Jeff Mitchell
601c028d43 Make the usernames match in all examples in userpass 2018-08-28 18:33:00 -04:00
Brian Kassouf
db178f6b25
Add Performance Standby Docs (#5214) 
* Add Performance Standby Docs

* Review updates
 2018-08-28 12:48:02 -07:00
Frederic Hemberger
dac2b8658b Fix ssh command in example (#5209) 2018-08-28 12:34:48 -07:00
Jeff Mitchell
219c4d613e
Update API section index file with fixes, updates, and namespace info. (#5213) 2018-08-28 12:33:19 -07:00
Chris Hoffman
4673cadb33
remove beta language 2018-08-28 14:00:55 -04:00
Yoko
84dff64c52
Added Deployment Guide in the index (#5211) 2018-08-28 10:55:30 -07:00
Jeff Mitchell
79c09951a2 Update upgrade guide 2018-08-28 12:17:43 -04:00
Jeff Mitchell
54c4cefca0 Update upgrade guide for 0.11.0 2018-08-28 12:12:40 -04:00
Jeff Mitchell
52e446152a Document disable_performance_standby 2018-08-28 12:09:13 -04:00
Chris Hoffman
8521b70483
fixing link 2018-08-28 07:19:35 -04:00
Dan Brown
3697217b4c Add Deployment Guide, links and reformat Ref Arch (#5041) 
* Add Deployment Guide, links and reformat Ref Arch

* Improve systemd service file and links
 2018-08-28 04:53:36 -06:00
Jim Kalafut
c9a4fdf143 Fix Azure Secrets API example 2018-08-27 20:44:00 -06:00
Austin Workman
99fe3a61d2 Adding documentation clarifying oracle plugin setup and requirements (#5183) 2018-08-25 12:27:13 -07:00
Becca Petrin
7df67566ba
use ldaps in docs (#5180) 2018-08-24 10:36:20 -07:00
Laura Gjerman-Uva
12d1f1ef7e Update ad/creds/:rolename endpoint to include the table with method/path for consistency/clarity. Also, remove payload.json from example, since this endpoint doesn't take a payload. (#5172) 2018-08-24 09:19:51 -07:00
Chris Hoffman
c15c6b7c5c
Revert "Add Configuration Builder and Better Download page" (#5171) 2018-08-23 19:34:50 -04:00
Jim Kalafut
b39627ca8e
Fix Azure Secrets docs error 2018-08-23 14:27:47 -07:00
Joshua Ogle
cb833a0eec
Merge branch 'master' into oss-download-config-path 2018-08-23 14:01:39 -06:00
Jeff Mitchell
e4b251661b
Restricts ACL templating to paths but allows failures (#5167) 
When a templating failure happens, we now simply ignore that path,
rather than fail all access to all policies
 2018-08-23 12:15:02 -04:00
Chris Hoffman
fea8ee5125 Docs: ACL Templating (#5159) 2018-08-23 10:05:44 -04:00
Jim Kalafut
fb2d2de66b Fix docs typos (#5158) 2018-08-22 18:26:48 -04:00
Greg Oledzki
a60e39489c Update delete.html.md (#5155) 
Minor typo in `delete` command docs
 2018-08-22 11:26:21 -07:00
Becca Petrin
c5f9575c62
Alibaba auth docs (#5132) 2018-08-22 10:23:33 -07:00
Chris Hoffman
62eae43c07
fixing feature name 2018-08-22 11:41:28 -04:00
Chris Hoffman
7e4ba6f7d6
fixing feature name 2018-08-22 11:40:48 -04:00
Hugo Wood
08782dc7a1 JWT/OIDC documentation fixes (#5157) 
* Fix argument name in JWT/OIDC login CLI example

* Fix groups_claim documented as required when creating roles for JWT/OIDC
 2018-08-22 10:44:08 -04:00
Stenio Ferreira
fa8f84b3b6 Fixed a typo in the Namespaces guide (#5151) 2018-08-21 13:33:40 -07:00
Jeff Mitchell
fe309723c9
Add the ability to specify token CIDR restrictions on secret IDs. (#5136) 
Fixes #5034
 2018-08-21 11:54:04 -04:00
Jeff Mitchell
b54b2648f1
Two PKI improvements: (#5134) 
* Disallow adding CA's serial to revocation list
* Allow disabling revocation list generation. This returns an empty (but
signed) list, but does not affect tracking of revocations so turning it
back on will populate the list properly.
 2018-08-21 11:20:57 -04:00
Gerardo Rodriguez
0a2dd2a324 Edit, missing "to" (#5147) 2018-08-21 11:09:41 -04:00
Chris Hoffman
9369c8e1c4
adding namespace docs (#5133) 2018-08-17 12:17:11 -04:00
Chris Hoffman
d12b17cbf1
Add additional clarification 2018-08-17 08:55:49 -04:00
Raja Nadar
c7adfdedd0 vaultsharp - multi platform capabilities (#5127) 2018-08-17 08:47:16 -04:00
Yoko
f0e5d82527 [Guide] Multi-Tenant Pattern with ACL Namespaces (0.11) (#5103) 
* WIP - ACL Namespace

* WIP - ACL Namepaces

* WIP

* WIP

* WIP

* WIP

* WIP

* Added UI screenshots

* Added summary at the end

* Added the Web UI steps in Step 5

* Update multi-tenant.html.md

Updated text to ensure that we use the final "ship" name of namespaces (namespaces vs. ACL Namespaces) and introduced some industry-specific terminology (highlighting this is about Secure Multi-Tenancy)
 2018-08-16 16:51:53 -07:00
Andy Manoske
0a3a1d2810
Merge pull request #5112 from hashicorp/namespaces-docs 
Merge for Beta Launch
 2018-08-16 15:36:43 -07:00
Chris Hoffman
2542f805a0
doc updates 2018-08-16 17:59:39 -04:00
Brian Kassouf
81309cef02
Update upgrade-to-0.11.0.html.md 2018-08-16 14:29:18 -07:00
Brian Kassouf
4b84a95ea5
Add upgrade notes (#5125) 2018-08-16 14:22:27 -07:00
Andy Manoske
6c6f511fa1
Update docs.erb 2018-08-16 13:44:13 -07:00
Andy Manoske
f59d8a8814
Update index.html.md 
Updated to include Yoko's guide URL
 2018-08-16 13:38:24 -07:00
Clint
ca1e2a766e [WIP] Support custom max Nomad token name length [supersedes https://github.com/hashicorp/vault/pull/4361] (#5117) 
* Nomad: updating max token length to 256

* Initial support for supporting custom max token name length for Nomad

* simplify/correct tests

* document nomad max_token_name_length

* removed support for max token length env var. Rename field for clarity

* cleanups after removing env var support

* move RandomWithPrefix to testhelpers

* fix spelling

* Remove default 256 value. Use zero as a sentinel value and ignore it

* update docs
 2018-08-16 15:48:23 -04:00
Jim Kalafut
bc2f70e19b
Initial Azure Secrets docs (#5121) 2018-08-16 12:10:56 -07:00
brianvans
801eddf5f8 Add ha_enabled for mysql backend (#5122) 
* Slight cleanup around mysql ha lock implementation

* Removes some duplication around lock table naming
* Escapes lock table name with backticks to handle weird characters
* Lock table defaults to regular table name + "_lock"
* Drop lock table after tests run

* Add `ha_enabled` option for mysql storage

It defaults to false, and we gate a few things like creating the lock
table and preparing lock related statements on it
 2018-08-16 11:03:16 -07:00
Yamamoto, Hirotaka
088e73b854 [etcd] fix the deafult prefix in website (#5116) 
etcd storage stores all Vault data under a prefix.
The default prefix is "/vault/" according to source codes.

However, the default prefix shown in the website is "vault/".
If the access to etcd is restricted to this wrong prefix, vault
cannot use etcd.
 2018-08-16 10:38:11 -04:00
Joel Thompson
8275802ac9 Make AWS credential types more explicit (#4360) 
* Make AWS credential types more explicit

The AWS secret engine had a lot of confusing overloading with role
paramemters and how they mapped to each of the three credential types
supported. This now adds parameters to remove the overloading while
maintaining backwards compatibility.

With the change, it also becomes easier to add other feature requests.
Attaching multiple managed policies to IAM users and adding a policy
document to STS AssumedRole credentials is now also supported.

Fixes #4229
Fixes #3751
Fixes #2817

* Add missing write action to STS endpoint

* Allow unsetting policy_document with empty string

This allows unsetting the policy_document by passing in an empty string.
Previously, it would fail because the empty string isn't a valid JSON
document.

* Respond to some PR feedback

* Refactor and simplify role reading/upgrading

This gets rid of the duplicated role upgrade code between both role
reading and role writing by handling the upgrade all in the role
reading.

* Eliminate duplicated AWS secret test code

The testAccStepReadUser and testAccStepReadSTS were virtually identical,
so they are consolidated into a single method with the path passed in.

* Switch to use AWS ARN parser
 2018-08-16 06:38:13 -04:00
Andy Manoske
a977bbc531
Update index.html.md 2018-08-15 17:44:36 -07:00
Andy Manoske
cec1bf37d8
Update index.html.md 2018-08-15 17:44:00 -07:00
Clint
d2f3abf02e Update apis.html.md (#5071) 
We disable TLS for example purposes, not exemplary purposes 😄
 2018-08-15 19:41:29 -04:00
Christoph Ludwig
d74fae41ef Add support for "sovereign" Azure cloud environments (#4997) 
* Add support for "sovereign" Azure cloud environments

* Shorten variable names
 2018-08-15 19:40:36 -04:00
Andy Manoske
669110b0ee
Create index.html.md 2018-08-15 15:27:11 -07:00
RichardWLaub
3f0c33937d Update usage section for kv-v1 docs (#5105) 
While following along with the usage section in the kv-v1 docs I noticed this error.
Running the given command gives:

```text
$ vault kv list kv/my-secret
No value found at kv/my-secret/
```

Running `vault kv list kv/` gives the desired output. 

Also, I removed some trailing whitespace.
 2018-08-15 10:57:36 -07:00
Seth Vargo
f927f29d18 Fix docs typo (service-account => service_account) (#5102) 
Fixes hashicorp/vault-plugin-auth-gcp#47
 2018-08-14 15:46:41 -07:00
Gerald
8754694e80 Add ttl params into csr signing docs (#5094) 2018-08-13 23:38:03 -04:00
Yoko
84e8c92e44
[Guide] Control Groups (#5072) 
* Control Group guide

* Fixed user policy list

* Fixed a typo

* Replaced the wrong screenshot

* Added missing period
 2018-08-13 14:51:32 -07:00
Frank Allenby
716faadbbd Added a link to the "previous section" mentioned (#5018) 
This is for clarity since I had to check back to remember where it was mentioned.
 2018-08-13 17:13:42 -04:00
Jim Kalafut
90203b7924
Clarify "Commands" docs (#5092) 
Fixes #4890
 2018-08-13 14:09:48 -07:00
Nándor István Krácser
23d89841d7 Alibaba Object Storage support (#4783) 2018-08-13 17:03:24 -04:00
Michael Schuett
88fe0fad24 MySQL HA Backend Support (#4686) 2018-08-13 17:02:31 -04:00
Jim Kalafut
f4882fee74 Revert "Add ttl parameter to pki api docs (#5063)" 
This reverts commit 7824826ca72c503677559cf9e5c1a7193433b34a.
 2018-08-13 09:34:05 -07:00
Yoko
58967f725f
[Guide] Vault Cluster Monitoring Guide (#5084) 
* Vault cluster monitoring guide

* Updated the download link

* Fixed broken link
 2018-08-10 13:52:02 -07:00
Jim Kalafut
7b9fee7b2d
Add RDS notes to MSSQL docs (#5062) 2018-08-10 08:52:21 -07:00
Jeff Mitchell
dd68f25a67 Website typo fix 2018-08-08 15:53:40 -04:00
Jim Kalafut
179b8c2c1b
Add ttl parameter to pki api docs (#5063) 2018-08-08 09:12:14 -07:00
Conor Mongey
6ba9aaaa0d Fix typo: Consult Template -> Consul Template (#5066) 2018-08-08 09:01:45 -07:00
Ian Grayson
0d5dd986ba Update policies.html.md (#5007) 
Allow admins to run CLI: `vault secrets list`
 2018-08-07 10:35:23 -07:00
Jeff Escalante
b84ef1a814 html syntax corrections (#5009) 2018-08-07 10:34:35 -07:00
Rob
624636b76f Update dev-server.html.md (#5035) 
The instructions were in backwards order. #3591
 2018-08-07 10:33:30 -07:00
Yoko
6977aa70f1
Typo fix (#5052) 2018-08-06 15:50:39 -07:00
Yoko
c840cead27
[Guide] Sentinel Policies (#5049) 
* Sentinel policies guide

* Typo fix
 2018-08-06 15:39:32 -07:00
Yoko
0df3d03797
[Guide] SSH Secrets Engine (#5022) 
* OTP SSH guide

* Fixed the required policy

* Added the step to restart the SSH server

* Update ssh-otp.html.md

Just a few edits to highlight its cloud context. Looks great otherwise!
 2018-08-06 15:04:24 -07:00
Yoko
a14e5c7ef1
[Guide] Build Your Own CA Guide (#4995) 
* WIP

* WIP

* WIP - Jake's PKI demo

* WIP

* PKI secret engine guide

* Added little more description about role

* Added tidy step

* Fixed a broken link
 2018-08-06 14:42:46 -07:00
Joshua Ogle
6c00717b01 Better OS highlighting 2018-08-06 12:30:31 -06:00
Joshua Ogle
eea840086c Javascript refactor for configuration builder 2018-08-06 11:55:36 -06:00
Joshua Ogle
2de4b52860 Better JavaScript line wrapping in configuration 2018-08-03 23:37:58 -06:00
Joshua Ogle
9d3e5db2e5 JS Feedback fixes, make UI default on click 2018-08-03 22:57:17 -06:00
Joshua Ogle
86f70e294a
Merge branch 'master' into oss-download-config-path 2018-08-03 16:53:45 -06:00
Chris Hoffman
7be900fffd Add Configuration Builder and Better Download page 
- Make Download Link more prominent on home page
- Add UI Demo link to home page
- Download page now suggests download based on your current system
- Added links for next steps
- Added configuration builder form, including downloading your custom config
 2018-08-03 16:31:22 -06:00
Olivier Lemasle
31978a402d Fix two errors in docs (#5042) 
Two small errors in documentation
 2018-08-03 14:26:46 -07:00
Jim Kalafut
dbd669103e Fix docs sidebar layout 2018-08-03 09:15:45 -07:00
Jason Martin
148e212b48 Fix typo in the AWS STS AssumeRole docs. (#5032) 2018-08-02 22:57:24 -07:00
Gerald
a070299171 Fix gcp auth method link (#5030) 2018-08-02 22:55:59 -07:00
Jiang Yong
bb196e0576 correct Jenkins policy and mysql secret path when kv put in authentication guide (#5023) 
* correct Jenkins policy and mysql secret path when kv put

* add a note for kv-v2 secret
 2018-08-02 08:38:51 -07:00
Jeff Mitchell
09f41deedf Fix website typo 2018-08-01 16:52:11 -04:00
Yoko
5ff52b8b49
[Guide] Identity: Entities & Groups (#4968) 
* Entities & Groups tutorial

* Re-wordig the persona section

* Incorporated the feedback

* Updated the policy requirements

* Incorporate the feedback

* Fixed grammar

* Made the final small adjustments
 2018-08-01 11:07:09 -07:00
Raja Nadar
f58b26777f .net 2.0 standard leap (#5019) 
2.0 is more conducive for consumers
 2018-08-01 08:57:49 -04:00
Yoko
3143a0bcc9
[Guide] Direct App Integration guide (#4948) 
* Direct App Integration guide

* Added a tag for step3
 2018-07-31 09:19:23 -07:00
Sean Malloy
2794e68049 Fix GCP auth docs typo (#5017) 
The bound_bound_service_accounts parameter does not exist. The correct
spelling is bound_service_accounts.
 2018-07-31 10:57:34 -04:00
Jeff Mitchell
c1a3e599ca
Add exit-after-auth functionality to agent (#5013) 
This allows it to authenticate once, then exit once all sinks have
reported success. Useful for things like an init container vs. a
sidecard container.

Also adds command-level testing of it.
 2018-07-30 10:37:04 -04:00
Pat Downey
cd63f3e6ef Expand TOFU acronym in AWS auto-auth docs (#5011) 2018-07-29 18:05:49 -07:00
Yoko
ee8ea88fa6
[Guide] Transit Secrets Engine beginner guide (#4943) 
* Intro to Transit Secrets Engine guide

* Added the Katacoda scenario link in the Reference Materials section

* Referencig this guide in the existing encryption guides
 2018-07-27 16:08:52 -07:00
Michael Herman
1382fa72ed Update index.html.md (#5005) 2018-07-27 15:30:59 -04:00
Chris Hoffman
f348177b5d
adding environment to azure auth docs (#5004) 2018-07-27 08:33:20 -04:00
Chris Hoffman
ec3e571404
adding missing properties (#5003) 2018-07-27 08:19:12 -04:00
Chris Hoffman
86a0b466f3
adding upgrade guide for 0.10.4 (#4992) 2018-07-25 12:54:48 -04:00
Jeff Mitchell
903ab7c485
VSI (#4985) 2018-07-24 22:02:27 -04:00
Chris Hoffman
3ba265cf6a
updating azure auth plugin and docs (#4975) 2018-07-23 10:00:44 -04:00
Jim Kalafut
ecc622ac43
Add FoundationDB link to sidebar 2018-07-20 20:10:52 -07:00
Yoko
4f9757e53e
Git repo folder name changed (#4969) 2018-07-20 11:46:12 -07:00
Olivier Lemasle
f09c365ef1 State in docs that FoundationDB backend is community supported (#4964) 2018-07-20 09:59:13 -04:00
Peter Vandenabeele
9627d55134 Fix small typo in Vault website documentation (#4962) 2018-07-20 09:57:16 -04:00
Brian Shumate
4bd42b4e3a Add missing telemetry metrics (#4785) 
* Add missing telemetry metrics

- Add merkle related telemetry
- Add WAL related telemetry

* additional wal metrics

* Use correct metrics naming
 2018-07-19 18:36:55 -04:00
Chris Hoffman
472c0c83fa
Fixing formatting 2018-07-19 10:36:09 -04:00
Chris Hoffman
140776734b
Adding information on required azure permissions (#4956) 2018-07-19 10:24:55 -04:00
John Naulty Jr
1caa13c335 fix Issue #4952 static-secrets small typo (#4953) 2018-07-18 22:36:47 -07:00
Tomohisa Oda
c6fd9f5c90 add sequelize-vault to third-party tools (#4945) 2018-07-17 21:45:37 -07:00
Yoko
c86840163a
Updated - Secure Introduction to Vault Clients guide (#4944) 
* Incorporated Armon's feedback

* Added a diagram
 2018-07-17 15:54:48 -07:00
Yoko
838a449c9b
Secure Introduction to Vault Clients Guide (#4871) 
* WIP

* WIP - Secure Intro Guide

* WIP secure intro guide

* WIP Secure Intro Guide

* WIP Secure Intro Guide

* WIP Secure Intro Guide
 2018-07-16 15:17:52 -07:00
Julien Blache
e59d19325c FoundationDB physical backend (#4900) 2018-07-16 10:18:09 -04:00
Ram Nadella
e6a4d35bb3 Fix environment mismatch in MySQL cert step (#4835) 2018-07-16 10:13:44 -04:00
Seth Vargo
c50881b274 Add plugin CLI for interacting with the plugin catalog (#4911) 
* Add 'plugin list' command

* Add 'plugin register' command

* Add 'plugin deregister' command

* Use a shared plugin helper

* Add 'plugin read' command

* Rename to plugin info

* Add base plugin for help text

* Fix arg ordering

* Add docs

* Rearrange to alphabetize

* Fix arg ordering in example

* Don't use "sudo" in command description
 2018-07-13 10:35:08 -07:00
dmicanzerofox
6559f5fe76 PKI Tidy Revocation List optionally Tidy Revoked Certs that are Unexpired (#4916) 2018-07-13 09:32:32 -04:00
Seth Vargo
c4d57245f2 Update GCP docs (#4898) 
* Consistently use "Google Cloud" where appropriate

* Update GCP docs

This updates the GCP docs to use the new updated fields that will be
present in the next release of the plugin as well as fixes up some
inconsistencies between the GCP docs and other auth method
documentation.
 2018-07-11 15:52:22 -04:00
Jeff Mitchell
6b4f6b9361
Add jwt auth docs (#4891) 2018-07-11 15:08:49 -04:00
Jeff Mitchell
0883dc3e0b
Fix permitted dns domain handling (#4905) 
It should not require a period to indicate subdomains being allowed

Fixes #4863
 2018-07-11 12:44:49 -04:00
Md. Nure Alam Nahid
cf587cf525 Add additional config keys for swift (#4901) 
* Add additional config keys for swift

* Add additional swift config keys in the doc page
 2018-07-11 08:29:29 -07:00
Seth Vargo
1268342acc Properly capitalize H in GitHub (#4889) 
It's really bothering me, sorry.
 2018-07-10 08:11:03 -07:00
Jeff Mitchell
ce81df0ba2 Remove vault.rocks from some that were missed 2018-07-10 10:47:30 -04:00
Jeff Mitchell
5a2d80e487
Allow max request size to be user-specified (#4824) 
* Allow max request size to be user-specified

This turned out to be way more impactful than I'd expected because I
felt like the right granularity was per-listener, since an org may want
to treat external clients differently from internal clients. It's pretty
straightforward though.

This also introduces actually using request contexts for values, which
so far we have not done (using our own logical.Request struct instead),
but this allows non-logical methods to still get this benefit.

* Switch to ioutil.ReadAll()
 2018-07-06 15:44:56 -04:00
Kawsar Kamal
9591e44bef Fixed example file extensions from .hcl to .json (#4810) 2018-07-06 08:59:09 -04:00
Chris Bednarski
bebf54c6aa Added documentation to consul and listener pages explaining how to control Consul's DNS resolution with multiple listeners (#4862) 2018-07-06 08:51:51 -04:00
Calvin Leung Huang
bc88718d56
Add missing replication props, prettify tables (#4816) 
* Add missing request.replication props, prettify tables

* Fix location of replication prop
 2018-07-05 16:11:21 -04:00
Chris Hoffman
52a6ea3937
Update docs 2018-07-03 08:28:43 -04:00
Brian Shumate
5c7300323b Clarify policies note (#4832) 
- Make it even clearer that "*" is the glob character referred to
 2018-07-03 08:27:12 -04:00
Jeff Mitchell
24c776180b Fix tuning visibility in CLI (#4827) 
The API elides the value if it's empty, but empty has meaning. This adds
"hidden" as an option which is fundamentally identical to the default.
 2018-07-02 12:13:25 -04:00
Yoko
f2fb469c51
Updates made by Michael Lucas (#4855) 
Since this PR was created on behalf of EA and I approve all the changes, I'm merging this.
 2018-07-02 08:56:15 -07:00
Chris Hoffman
41ec5bc61d
Clarify performance replication token handling 2018-06-29 09:32:35 -04:00
Chris Hoffman
b9cd68a952
adding sample request to key status api docs (#4853) 2018-06-29 09:17:51 -04:00
Logan Rakai
984ee07a1c Typo fix (#4822) 2018-06-23 16:34:25 -07:00
Logan Rakai
f8ac612eaa Small grammar fix (#4821) 2018-06-22 21:59:39 -07:00
Jeff Mitchell
ca67d0df60 Add a warning to syslog 
Ping #3617
 2018-06-22 09:00:07 -04:00
Kevin Hicks
ae72826be1 Fix typos (#4813) 2018-06-21 12:29:18 -07:00
Yoko
a1a3ca0951
Fixed a typo (#4812) 2018-06-21 11:11:30 -07:00
Steven Farage
62c472399c Make documentation match API example (#4809) 
Quick and easy change to make the passwords match.
 2018-06-21 10:50:02 -07:00
Yoko
10e725f71d
Vault DR Replication Setup Guide (#4790) 
* WIP DR setup guide

* Fix typos

* Added the steps to demote & disable primary

* Clarified some of the explanation
 2018-06-21 08:42:35 -07:00
Becca Petrin
b3a711d717 Add bound cidrs to tokens in AppRole (#4680) 2018-06-19 22:57:11 -04:00
Becca Petrin
fe3404ad46
clarify aws role tag doc (#4797) 2018-06-19 15:59:57 -07:00
Becca Petrin
dc88c64c36
Update Active Directory secret engine docs (#4788) 
* active directory rotate root docs

* update doc
 2018-06-19 09:11:46 -07:00
Calvin Leung Huang
29f5296519 Be explicit about trailing slash on paths for list capability (#4793) 2018-06-19 12:10:39 -04:00
Jeff Mitchell
df00e62d92
Database updates (#4787) 
* Database updates

* Add create/update distinction for connection config
* Add create/update distinction for role config
* Add db name and revocation statements to leases to give revocation a
shot at working if the role has been deleted

Fixes #3544
Fixes #4782

* Add create/update info to docs
 2018-06-19 11:24:28 -04:00
Ryan Loomba
b2bb13221c fix typo in Vault Encryption as a Service Guide (#4789) 2018-06-18 17:32:43 -07:00
Laura Uva
2e24e3dc64 Add example of min_wrapping_ttl and max_wrapping_ttl (#4753) 2018-06-18 19:59:21 -04:00
Mike Fortuno
43e218e5b1 Update policies.html.md (#4780) 
Policy file name was incorrect, causing instructions to be unclear.
 2018-06-15 15:49:09 -07:00
Mr Talbot
042b9d4715 pki: add ext_key_usage to mirror key_usage and add to sign-verbatim (#4777) 
* pki: add ext_key_usage parameter to role

* pki: add key_usage and ext_key_usage parameter to sign-verbatim

* pki: cleanup code as per comments
 2018-06-15 18:20:43 -04:00
Jeff Mitchell
73e8031d35 Mention delegating change password privs in ad docs 2018-06-15 17:01:47 -04:00
Jeff Mitchell
9bed291ce7 Remove msa info from AD page 2018-06-15 16:55:28 -04:00
Jeff Mitchell
6951b70dd9
Add URI SANs (#4767) 2018-06-15 15:32:25 -04:00
Nándor István Krácser
bd0b7f1861 docs: kv 2 is used by default in the dev server only (#4773) 2018-06-15 09:09:27 -04:00
Jeff Mitchell
56cb1e05a9
Update index.html.md 
Fixes #4763
 2018-06-14 10:19:38 -04:00
Laura Uva
567824500f Update kv v2 documentation to better warn and elaborate on changes needed when upgrading a mount from version 1 to version 2 (customer request) (#4754) 2018-06-13 16:44:15 -07:00
Brian Kassouf
2fbe04132c
Update replication status (#4761) 
* Update replication-performance.html.md

* Update replication-dr.html.md

* Update replication.html.md

* Update replication-dr.html.md

* Update replication-dr.html.md

* Update replication-performance.html.md

* Update replication.html.md
 2018-06-13 16:43:39 -07:00
Becca Petrin
53e6dc53e4
add link to api docs (#4757) 2018-06-13 09:35:37 -07:00
Yoko
0962253c4b
Vault guides example update (#4756) 
* Typos in the sample payload JSON

* AWS support files were added

* yet another typo
 2018-06-13 09:34:07 -07:00
Pavlos Ratis
d39a25cb5c Use shell highlighting in the command snippets (#4736) 2018-06-11 08:46:35 -04:00
Tom Schlenkhoff
fd6d75609c Fix typo (#4738) 2018-06-11 05:38:21 -07:00
Chris Hoffman
f394cc496d
reorder sidebar 2018-06-08 17:22:27 -04:00
Chris Hoffman
0d9a4142c6
Update gcpckms.html.md 2018-06-08 17:07:59 -04:00
Chris Hoffman
bd4ad80b1b
fix typo 2018-06-08 17:05:17 -04:00
Chris Hoffman
d6d7191978
Adding Azure Key Vault seal docs (#4728) 2018-06-08 17:04:14 -04:00
Jeff Mitchell
a03f86b6f6 Add missing sidebar links for AD 2018-06-07 10:21:22 -04:00
Brian Shumate
2667a5560e Tiny formalized edit (#4715) 2018-06-07 06:44:57 -07:00
Kevin Hicks
284600fbef update docs and help text to include 'operator' (#4712) 2018-06-06 21:11:21 -07:00
Jeff Mitchell
070267d1da Update 0.10.2 upgrade guide 2018-06-06 10:45:15 -04:00
Jeff Mitchell
4bcbc5a784 Transit convergent v3 2018-06-05 18:53:39 -04:00
LeSuisse
8df30fc414 Update usage of deprecated commands rekey and rotate in the documentation (#4703) 2018-06-05 12:37:26 -04:00
Eli Oxman
d6efc1cff6 Add async python client to docs (#4698) 2018-06-05 10:23:56 -04:00
Nándor István Krácser
76be6ce5e6 Fix VAULT_LOG_LEVEL in docs (#4696) 2018-06-05 10:23:32 -04:00
Becca Petrin
063d9ed756 be more explicit about names (#4695) 2018-06-04 21:34:17 -04:00
amcbarnett
e7335efad4 Update mount-filter.html.md (#4656) 2018-05-30 08:28:51 -04:00
emily
8568e791dd Add GCP auth helper (#4654) 
* update auth plugin vendoring

* add GCP auth helper and docs
 2018-05-29 20:36:24 -04:00
Becca Petrin
648ea3345f
add formatter to ad docs (#4653) 2018-05-29 16:47:46 -07:00
Eduardo Criado Mascaray
9535f0704b Fix typo in group parameter in Vault systemd file (#4642) 2018-05-29 15:04:43 -04:00
Viacheslav Vasilyev
bec5c172fe Make test-case output a little bit consistent (#4645) 
As well as in some places `-d` were incorrectly replaced with `--data`, sample commands with `accessor` were added
 2018-05-29 15:03:33 -04:00
Jeff Mitchell
373a7472e9
Merge pull request #4600 from hashicorp/rekey-verification 
Rekey verification, allowing new key shares to be confirmed before committing the new key.
 2018-05-29 15:00:07 -04:00
Becca Petrin
f6b5cab7ba
Docs for the upcoming Active Directory secrets engine (#4612) 2018-05-29 08:49:09 -07:00
Jeff Mitchell
6fa29dda67
Merge branch 'master' into rekey-verification 2018-05-29 10:19:57 -04:00
Chris Hoffman
3bdfa4ae0a
pkcs11 docs updates 2018-05-25 15:39:07 -04:00
Becca Petrin
71fb24e5ac add userpass note on bound cidrs (#4610) 2018-05-25 14:35:09 -04:00
Jeff Mitchell
c4f8a3a5c3 Changelogify and fix some minor website bits 2018-05-25 10:39:23 -04:00
Nicholas Jackson
61e0eda70c Breakout parameters for x.509 certificate login (#4463) 2018-05-25 10:34:46 -04:00
Yoko
7522d56669
Vault Interactive Tutorial updates (#4623) 
* Added more tutorial steps

* Updated the step texts
 2018-05-24 11:39:02 -07:00
nelson
f87d452d40 Update kv-v2.html.md (#4614) 
correct the payload format for "Configure the KV Engine" and "Update Metadata"
 2018-05-24 12:44:44 -04:00
Jeff Mitchell
0545944fc5 Interactive server now uses kvv2 so update text 2018-05-23 09:59:52 -04:00
Chris Hoffman
c42adad873
remove incorrect parameter 2018-05-23 08:58:27 -04:00
Jeff Mitchell
804b5e9bd2 Minor website doc updates 2018-05-22 15:12:12 -04:00
Yoko
d67e3b3200
Seal Wrap / FIPS 140-2 Compliance guide (#4558) 
* WIP - Seal Wrap guide

* WIP: Seal Wrap guide

* Added a brief description about the Seal Wrap guide

* Incorporated feedbacks

* Updated FIPS language

Technically everything looks great. I've updated some of the language here as "compliance" could be interpreted to mean that golang's crypto and xcrypto libraries have been certified compliant with FIPS. Unfortunately they have not, and Leidos' cert is only about how Vault can operate in tandem with FIPS-certified modules.

It's a very specific update, but it's an important one for some VE customers.

Looks great - thanks!

* Removed 'Compliance' from title

* typo fix
 2018-05-22 11:23:11 -07:00
Jeff Mitchell
c0275a3c7d Add instructions for both kvv1 and kvv2 to getting started policies info 2018-05-22 14:07:12 -04:00
Yoko
500cb5737c
Mount Filters guide (#4536) 
* WIP: Mount filter guide

* WIP

* Mount filter guide for CLI, API, and UI

* updated the next step

* Updated the verification steps

* Added a note about the unseal key on secondaries

* Added more details

* Added a reference to mount filter guide

* Added a note about generating a new root token

* Added a note about local secret engine
 2018-05-22 08:57:36 -07:00
Chris Hoffman
25df1c28e4
updating link 2018-05-22 10:00:20 -04:00
Chris Hoffman
e614cadbe5
adding options information to mount endpoint (#4606) 2018-05-21 16:39:43 -04:00
Jeff Mitchell
3e95a48e7b Remove dupe website text 2018-05-21 16:30:45 -04:00
Jeff Mitchell
153d5360f7 Address feedback 2018-05-21 16:13:38 -04:00
Jeff Mitchell
98f0485d84 Add verification documentation 2018-05-21 12:00:36 -04:00
Jeff Mitchell
1fa5e18d44 Make description of prehashed a bit more friendly 2018-05-21 09:08:22 -04:00
Jeff Mitchell
ec24d3d2f7 Update key_type parameter description 2018-05-19 12:20:37 -04:00
Kevin Paulisse
7a6777b41a Docs: Clarify that revoking token revokes dynamic secrets (#4592) 2018-05-18 23:27:53 -07:00
Jeff Mitchell
f6b6ce1837 Add missing drsecondarycode to health API docs 2018-05-18 12:39:13 -04:00
Jeff Mitchell
2f97c3017f Flip documented resolve_aws_unique_id value 
Fixes #4583
 2018-05-18 12:05:52 -04:00
Reid Wiggins
668e2358aa Add documentation for MySQL 5.6 root rotation (#4584) 
The default root rotation statement for MySQL is only valid for 5.7 and
up. This commit adds example documentation for 5.6.

Fixes #4567
 2018-05-18 08:56:11 -07:00
Romain Vrignaud
5e62b26f10 Rename Google Container Engine to Google Kubernetes Engine (#4586) 2018-05-18 08:19:56 -07:00
Jeff Mitchell
91b9ffdb33
Merge pull request #4580 from tavislikedavis/patch-1 
Update policies.html.md
 2018-05-17 09:14:35 -07:00
Jeff Mitchell
15a365c76f
Updated for new syntax 2018-05-17 09:14:12 -07:00
Jeff Mitchell
2a6f08a0b8
Merge pull request #4575 from avoidik/patch-2 
Add more essential notes into production hardening guide
 2018-05-17 09:05:34 -07:00
Jeff Mitchell
f058a82010
Update production.html.md 2018-05-17 09:05:08 -07:00
Jim Kalafut
e47c602654
Fix GCP API parameter docs 2018-05-17 08:54:25 -07:00
Seth Vargo
4479d42688 Move UI docs from enterprise to OSS (#4565) 2018-05-17 08:48:10 -07:00
Andrew Slattery
e1eafc78b5 Update KV response code (#4568) 
Creating/Updating a secret in KV-V2 produces a status code `200` with a response body of `application/json`, whereas the previous documentation notated a `204 (empty body)` expected response code.
 2018-05-17 08:46:19 -07:00
Tavis Wilson
215b89d363
Update policies.html.md 2018-05-16 14:35:30 -05:00
Jeff Mitchell
9a9638c93d Update website ldap url text 2018-05-16 11:58:10 -04:00
Viacheslav Vasilyev
47d8604fe5
Update production.html.md 2018-05-16 11:16:04 +03:00
Jacob Friedman
36f3f61ac5 fixed spelling error in step 1 (#4572) 2018-05-15 17:43:35 -07:00
Jeff Mitchell
476b150a19 Mention that you can actually rekey when using an HSM 2018-05-13 16:49:42 -04:00
Jeff Mitchell
112510da63 Update HSM documentation and fix GCP docs build 2018-05-13 16:39:22 -04:00
Robbie McKinstry
fd6f676f8f Client side rate limiting (#4421) 2018-05-11 10:42:06 -04:00
Seth Vargo
5769fb4416 Update GCP secrets to be example-driven (#4539) 
👍
 2018-05-10 16:58:22 -04:00
Tyler Marshall
9e059e65e9 Fix minor spelling mistake (#4548) 2018-05-10 13:42:01 -07:00
Becca Petrin
df4b650e61
Restrict cert auth by CIDR (#4478) 2018-05-09 15:39:55 -07:00
Jeff Kohrman
47aab6e22e Add link to updated privacy policy in layout.erb (#4533) 
Added link to updated privacy policy in footer of `layout.erb` for the OSS website.
 2018-05-09 16:11:57 -04:00
Yoko
c648475746
[Guide] DB Root Credential Rotation (#4508) 
* DB root credential rotation guide

* Fixed typos

* Added a note about creating a dedicated superuser

* Incorporated Chris's feedback

* Added a reference to DB root credential rotation

* Rephrase some of the languages

* Minor re-wording of a sentence
 2018-05-09 11:01:58 -07:00
Jeff VanSickle
cc800b649a Update jq path for "excited" in JSON output example (#4531) 2018-05-09 08:41:41 -07:00
Shelby Moore
4a1c826d98 Updated proxy protocol config validation (#4528) 2018-05-09 10:53:44 -04:00
Jeff Mitchell
9fb688f789 Clarify that rotate requires sudo 2018-05-09 10:19:35 -04:00
tdsacilowski
7694c8e1c2 Clarify HA params, fixed typos (#4527) 
* Clarify HA params, fixed typos

* Additional clarifications to listener parameters

* Updated cluster_address values
 2018-05-08 13:36:42 -07:00
Jacob Friedman
390068b54e Updated link for k8s-tokenreview (#4523) 
Link for k8s-tokenreview was broken when they released a new version so I went ahead and fixed it.
 2018-05-08 13:36:12 -07:00
Jacob Friedman
38192cf97c Changed DR docs page to fix generating secondary DR token (#4521) 
The docs for how to create secondary DR tokens were incorrect, which caused issues at a customer. I fixed the documentation with the proper syntax and formatting, which I copied from the perf replication docs (after changing endpoints). Can someone take a quick look for me?
 2018-05-08 13:35:48 -07:00
vishalnayak
c61fd9bba6 docs: s/entity/group-alias 2018-05-08 16:32:35 -04:00
Chris Hoffman
2654a55574
docs update 2018-05-07 16:34:39 -04:00
Chris Hoffman
168d02c9a8
docs updates 2018-05-07 16:33:38 -04:00
Chris Hoffman
befd3cf451
updating pkcs11 docs (#4520) 2018-05-07 13:50:45 -04:00
Anthony Dong
7ad10034ed Fix typo in AppRole guide (#4509) 2018-05-04 10:10:21 -04:00
Jeff
3bfa45e306 Typo (#4505) 2018-05-03 13:37:44 -07:00
Jerome Cheng
e701b6adea Fix incorrect file path in Token Helper doc (#4499) 
Vault stores the token in `~/.vault-token` and not `~/.vault_token`.
 2018-05-02 21:56:38 -07:00
Laura Uva
765b1a0cb0 Payload key should be dr_operation_token (#4498) 2018-05-02 18:35:51 -07:00
Nathan Valentine
ff62d2a585 s/aws_region/region/ (#4497) 
The correct key name is 'region' as opposed to 'aws_region'.
 2018-05-02 14:25:03 -07:00
Fabrizio Cucci
92502021e5 Fix role of example in Kubernetes Auth Method (#4483) 
It was `test` but it should be `demo` to be aligned with the example.
 2018-05-01 15:04:53 -07:00
Matthew Irish
9ac9e088ba
add script defer to the demo app tag as well (#4489) 2018-04-29 22:14:54 -05:00
Jeff Escalante
3b442f8da7 fix fout issue (#4477) 2018-04-27 14:34:20 -07:00
Yoko
237a066f39
Spring Cloud Vault Java demo (#4397) 
* WIP - Spring Cloud Vault Java demo

* Added 'Reloading the Static Secrets' step

* Fixed a typo

* Minor wording change

Remove redundant "a".

* Typos and grammar

Fixed a few misspellings ("spring") and the odd "a", "the", or "an".
 2018-04-27 09:18:50 -07:00
Pavlos Ratis
c9f989a3fb [website] fix Markdown formatting on GCP page (#4471) 2018-04-27 09:13:07 -07:00
Jim Kalafut
4a40bd6432 Minor updates to Azure auth docs 2018-04-27 08:47:06 -07:00
Jeff Escalante
f843f833db adjust analytics and other js for turbolinks (#4400) 2018-04-26 16:02:25 -05:00
emily
462f98673f fix docs (#4466) 2018-04-26 16:54:19 -04:00
Nathan Dataguake Basanese
da98217e61 Make a minor grammar edit for docs (#4467) 
Previous version used `read` in stead of `get` for everything but the code block examples.

It's a minor oversight, and most of us are going to skim to the code blocks anyway. But maybe it'll help.
 2018-04-26 16:41:23 -04:00
Jeff Mitchell
783a5c3422 Remove out of date text on HSM rekeying 2018-04-26 10:10:30 -04:00
Jim Kalafut
abcd859236
Fix typo in aws auth docs 2018-04-25 22:57:39 -07:00
Andrew Speed
102be1a679 Fix authentication example mentioning vault auth but using vault login (#4458) 2018-04-25 14:59:38 -07:00
Krish
bc15f55479 Update authentication.html.md 
Thanks!
 2018-04-25 14:37:59 -07:00
Chris Hoffman
c6551ced97
fix document formatting 2018-04-25 10:16:41 -04:00
Chris Hoffman
2b57907cae
Seal Rotation Docs (#4449) 
* wip docs

* adding docs

* removing vendor supported mechanism
 2018-04-25 09:59:06 -04:00
Nándor István Krácser
420a9b9321 Fix mapping read paths (#4448) 2018-04-25 09:22:30 -04:00
Chris Kent
47ca22cd00 Website download page update (#4444) 
* Update download page to include community resources

+ Added “downloads powered by” text to Fastly icon
+ changed to horizontal grid for download list (vs vertical list)
+ added community resources below page

* Reverting changes from earlier

* Added community links to downloads page

+ added community and getting-started links to sidebar as well
 2018-04-24 20:29:36 -05:00
vishalnayak
4222df38c6 Merge branch 'master-oss' into approle-local-secretid 2018-04-24 16:17:56 -04:00
Becca Petrin
b12fa85c9b
uppercase Vault in plugin doc (#4442) 2018-04-24 10:41:37 -07:00
Brian Shumate
7a5d7713fd Update curl commands / replace invalid '--payload' flag (#4440) 2018-04-24 11:20:29 -04:00
vishalnayak
a7814f38cc Merge branch 'master-oss' into approle-local-secretid 2018-04-24 11:03:39 -04:00
Yoko
8353246eea
Updated the link to the sample app folder which was moved (#4437) 
* Updated the link to the sample app folder which was moved

* Folder name changed from vault-transit-rewrap-example to vault-transit-rewrap
 2018-04-23 16:45:10 -07:00
vishalnayak
20c7f20265 error on enable_local_secret_ids update after role creation 2018-04-23 17:05:53 -04:00
vishalnayak
b4f6b6fd31 update docs 2018-04-23 16:54:23 -04:00
Jeff Mitchell
87e54d12b2 Update audit text to make it clear that audit logs are for authenticated interactions 2018-04-23 10:49:32 -04:00
Malhar Vora
78aa4876eb Corrects description for mode option in ssh command (#4420) 
Fixes #4375
 2018-04-22 13:42:46 -04:00
Malhar Vora
7b2858b7a3 Correct typo in Kubernetes auth backend docs 
Resolve small typo in Configuring Kubernetes section in Kubernetes Auth Backend
documentation.

Fixes #4417
 2018-04-21 19:37:59 -07:00
Jeff Mitchell
bc0918a350
Add the ability to restrict token usage by IP. Add to token roles. (#4412) 
Fixes #815
 2018-04-21 10:49:16 -04:00
Chris Kent
cee348e75f Mrktfix (#4411) 
* Updated hero with current logo

* Updated logos in these artifact images as well

* Added Branded Logo

with HashiCorp

* Updated logo with branded logo

(HashiCorp in the name)

* typo

* Wrong spot

* Updated logo
 2018-04-20 14:43:11 -05:00
Chris Kent
01abce85ef Updated hero with current logo (#4410) 2018-04-20 12:50:00 -05:00
Alvin Huang
5d440fe618 remove redundant 'Vault' in approle docs (#4405) 2018-04-20 09:55:15 -04:00
skiggety
4d0b47855a remove lingering mention of "vault write" command. (#4388) 2018-04-18 16:32:37 -04:00
Vishal Nayak
e6cc20d1e7
phys/consul: Allow tuning of session ttl and lock wait time (#4352) 
* phys/consul: allow tuning of session ttl and lock wait time

* use parseutil

* udpate docs
 2018-04-18 13:09:55 -04:00
Jeff Mitchell
80b17705a9
X-Forwarded-For (#4380) 2018-04-17 18:52:09 -04:00
Yoko
81af0f69d1
Versioned KV secret engine (kv-v2) tutorial (#4367) 
* Added versioned kv secret engine tutorial

* Added check-and-set feature

* Fixed archived -> deleted

* Incorporated all suggested changes
 2018-04-17 14:42:14 -07:00
Laura Uva
d4b5f94dfe Add mode to the examples under automation steps (#4374) 2018-04-17 13:47:41 -04:00
vishalnayak
46d4ded928 docs: update accessor lookup response 2018-04-17 11:52:58 -04:00
vishalnayak
73df4a6f8b docs: update token lookup response 2018-04-17 11:40:00 -04:00
Sohex
f676ca9db7 Update index.html.md (#4372) 
Remove duplicate of max_ttl description from end of period description under create role parameters.
 2018-04-17 11:05:50 -04:00
George Hartzell
fa10bbdc81 Touch up getting started doc (#4373) 
The example uses `vault kv put` but the the commentary references `vault write`.  Make them consistent (this commit) or explain the equivalence.
 2018-04-16 13:57:12 -04:00
Calvin Leung Huang
36d46452d0
Add docs for internal UI mounts endpoint (#4369) 
* Add docs for internal UI mounts endpoint

* Update description section
 2018-04-16 12:13:58 -04:00
Jeff Mitchell
b65832d08a
Add ability to disable an entity (#4353) 2018-04-13 21:49:40 -04:00
Jeff Mitchell
a7f604ff91 Fix token store role documentation around explicit max ttl 2018-04-13 09:59:12 -04:00
Jerome Cheng
06eae018a3 Fix indentation of code block in Consul Secrets Engine docs (#4350) 
The indentation of the code block in the Consul Secrets Engine doc was
removed in #4224, but the closing backticks remained indented one level,
resulting in the block swallowing all text after it. Removing the
indentation from the closing backticks fixes this.
 2018-04-13 09:55:35 -04:00
Jeff Escalante
fce704efa2 switch from GA to segment tracking (#4109) 2018-04-12 21:35:38 -05:00
Peter Souter
0ac5933c24 Remove Enterprise Only flag (#4337) 2018-04-11 14:27:58 -04:00
James Mannion
986ace5183 Fixes a reference to deprecated init command (#4338) 
Replace "vault init" with "vault operator init" in initialising the vault section.
 2018-04-11 14:26:53 -04:00
Jeff Mitchell
f3dadf9bc6 Remove beta tag from Google Cloud 2018-04-10 13:58:16 -04:00
Matthew Irish
e7801faf2a
fix broken link (#4329) 2018-04-10 11:11:38 -05:00
Jeff Mitchell
8569e6a143 Add more info to upgrade guide and changelog 2018-04-10 12:09:54 -04:00
Chris Hoffman
360819c571
adding 0.10 upgrade guide (#4321) 2018-04-09 17:32:15 -04:00
Yoko
dc390a9f80
Removed extra '( )' in the link (#4316) 2018-04-09 09:57:22 -07:00
Brian Kassouf
915e452c0d
KV: Update 'versioned' naming to 'v2' (#4293) 
* Update 'versioned' naming to 'v2'

* Make sure options are set

* Fix description of auth flag

* Review feedback
 2018-04-09 09:39:32 -07:00
Yoko
279810a6a6
Fixed a missing 's' (#4314) 2018-04-09 09:22:11 -07:00
Chris Hoffman
e3742e5a54
Docs for configuration UI headers (#4313) 
* adding /sys/config/ui headers

* adding /sys/config/ui headers
 2018-04-09 12:21:02 -04:00
Chris Hoffman
295db4718f
Root Credential Rotation Docs (#4312) 
* updating root credential docs

* more docs updates

* more docs updates
 2018-04-09 12:20:29 -04:00
Yoko
815be82ba1
AppRole with Terraform & Chef (#4200) 
* WIP - Teddy's webinar

* WIP

* Added more details with diagram

* Fixed a typo

* Added a note about terraform bug with 0.11.4 & 0.11.5

* Minor adjustment

* Fixed typos

* Added matching CLI commands

* Added extra speace for readability
 2018-04-09 08:50:50 -07:00
Matthew Irish
fec8f13955
UI - pki updates (#4291) 
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
 2018-04-08 21:09:29 -05:00
Chris Hoffman
6492311767
remove token from curl request for login paths (#4303) 2018-04-06 18:10:59 -04:00
Yoko
2859c20cb5
Added in-region DR scenario diagram (#4292) 
This is a replica of the PR 4243 which has already been approved.
 2018-04-05 16:08:55 -07:00
Andy Manoske
0b4adfd92f
Update index.html.md 2018-04-05 15:16:28 -07:00
Yoko
4d7da27639
Auto Unseal with AWS KMS guide (#4277) 
* WIP

* Added auto unseal

* Converting to a guide

* Added little more explanations

* Minor fixes

* Fixed a typo

* Fixed a typo

* Changed auto unseal to auto-unseal

* Found more typo... fixed
 2018-04-05 13:28:39 -07:00
Geoffrey Grosenbach
dfd8c3ee21 Correct the page title to read re-wrapping (#4274) 
The title in the metadata used `re-rapping` instead of `re-wrapping`. This one line change fixes the spelling.
 2018-04-04 16:55:46 -04:00
Quinn Stearns
ab79123f2a Rename Example Key from "value" to "foo" (#4270) 
It is slightly confusing to have the first example include a key named "Value". This can create a slight hump to grokking what's happening in this early step of the README. Here we rename the key to "foo" to help indicate it's dynamic nature.
 2018-04-04 16:22:27 -04:00
Yoko
f66615153c
Vault HA with Consul guide (#4187) 
* Vault HA guide draft

* Fixed node_id to say node_name based on Brian's input

* Fixed the unwanted hyperlink

* Vault HA guide

* Updated the description of the Vault HA guide

* Typo fixes

* Added a reference to Vault HA with Consule guide

* Incorporated Teddy's feedback

* Fixed an env var name

* Vault configuration has been updated: 'api_addr'
 2018-04-04 08:25:06 -07:00
Seth Vargo
aec4a603b4 Rename Google things to say "Google", update telemetry (#4267) 2018-04-04 10:37:44 -04:00
Brian Kassouf
56274d854d
Versioned K/V docs (#4259) 
* Work on kv docs

* Add more kv docs

* Update kv docs

* More docs updates

* address some review coments
 2018-04-03 23:22:41 -07:00
Roy Sindre Norangshol
3ddd3bd20c project is now project_id (#4251) 
Verified both via vault CLI and direct curl'ing towards API endpoints.
 2018-04-03 17:11:47 -04:00
Jeff Mitchell
266a57fab2
Case insensitive behavior for LDAP (#4238) 2018-04-03 09:52:43 -04:00
Lowe Schmidt
7c06e9610f Grammatical error (#4246) 
As per Franklin Davis suggestion on the mailing list.
 2018-04-03 07:53:38 -04:00
Vishal Nayak
0caa6408c2
Update group alias by ID (#4237) 
* update group alias by id

* update docs
 2018-04-02 10:42:01 -04:00
Vishal Nayak
c052bb5ae2
move identity docs from ent docs to oss (#4235) 2018-04-01 13:59:43 -04:00
Vishal Nayak
3930da11d4
add entity merge API to docs (#4234) 2018-04-01 12:59:57 -04:00
LeSuisse
885a6e754d Update usage of the deprecated generated-root command in the documentation (#4232) 2018-03-31 11:17:08 -04:00
Seth Vargo
e0fccbd55a Add HA support to the Google Cloud Storage backend (#4226) 2018-03-30 12:36:37 -04:00