mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-16 03:27:01 +02:00
Code Issues Projects Releases Wiki Activity
4,288 Commits 2,843 Branches 445 Tags 454 MiB
84cd3c20b3
Commit Graph

226 Commits

Author SHA1 Message Date
Jeff Mitchell
bfae0223da Merge pull request #1290 from steve-jansen/patch-2 
Adds note on GH-1102 fix to secret/aws doc
 2016-04-05 08:37:39 -04:00
Steve Jansen
03da496bd2 Adds note on GH-1102 fix to secret/aws doc 
Add note related to #1102, which leads to a non-obvious AWS error message on 0.5.0 or earlier.
 2016-04-04 21:30:41 -04:00
Steve Jansen
64b472dc57 Fix typo in iam permission for STS 2016-04-04 21:20:26 -04:00
Vishal Nayak
6b8f3dbe1d Revert "Change mysql connection to match new" 2016-03-23 15:18:09 -04:00
Chris Mague
a681090e3b Change mysql connection to match new 
Documentation update to reflect mysql config connection from the old to the newer format
 2016-03-23 12:09:06 -07:00
Cem Ezberci
efda0f1a61 Fix a typo 2016-03-19 21:24:17 -07:00
Jeff Mitchell
49d1e7a087 Some generic docs updates 2016-03-18 09:57:21 -04:00
Jeff Mitchell
f5d304ab56 Add exclude_cn_from_sans to PKI docs 2016-03-17 16:58:06 -04:00
Matt Hurne
80ca13ce7e AWS permissions documentation fixes: add missing permissions needed to attach and detach managed policies to IAM users, add missing comma, remove extraneous comma 2016-03-14 09:39:32 -04:00
Vishal Nayak
0b2477d7cb Merge pull request #998 from chrishoffman/mssql 
Sql Server (mssql) secret backend
 2016-03-10 22:30:24 -05:00
Chris Hoffman
41b5847a67 Docs updates 2016-03-10 21:15:25 -05:00
Chris Hoffman
1d7fe31eac Adding verify_connection to config, docs updates, misc cleanup 2016-03-09 23:08:05 -05:00
AndrewBrown-JustEat
ead568987c Minor documentation change 2016-03-09 14:50:23 +00:00
Jeff Mitchell
c2727991c1 Add a necessary IAM permission to the example 2016-03-08 21:29:34 -05:00
Jeff Mitchell
2b7edf6bfd Update cubbyhole text to be more explicit. 
Fixes #1165
 2016-03-03 10:58:58 -05:00
Chris Hoffman
ed5ca17b57 Adding mssql secret backend 2016-03-03 09:19:17 -05:00
vishalnayak
8feae7eb1f removed datatype and corrected a sentense 2016-03-01 11:21:29 -05:00
vishalnayak
a40e0fc8d4 zeroaddress documentation fix 2016-03-01 10:57:00 -05:00
Jeff Mitchell
ec75a24647 Be more explicit about buffer type 2016-02-24 22:05:39 -05:00
Jeff Mitchell
6dd8822c08 Add documentation for pki/tidy 2016-02-24 21:31:29 -05:00
Matt Hurne
ac835c4e61 Add note that STS credentials can only be generated for user inline policies in AWS secret backend documentation 2016-02-23 09:06:52 -05:00
vishalnayak
046d7f87b4 postgres: connection_url fix 2016-02-22 11:22:49 -05:00
Kevin Pike
79ed734a2f Merge branch 'master' into rabbitmq 2016-02-21 14:55:06 -08:00
Kevin Pike
d805f2ef57 Add RabbitMQ secret backend 2016-02-21 14:52:57 -08:00
vishalnayak
8c62b0b2b3 changelog++ 2016-02-19 16:52:19 -05:00
vishalnayak
20342d9049 Don't deprecate value field yet 2016-02-19 16:07:06 -05:00
vishalnayak
5f19c77897 mysql: provide allow_verification option to disable connection_url check 2016-02-19 16:07:05 -05:00
Jeff Mitchell
ac3191ad02 Disallow 1024-bit RSA keys. 
Existing certificates are kept but roles with key bits < 2048 will need
to be updated as the signing/issuing functions now enforce this.
 2016-02-19 14:33:02 -05:00
Jeff Mitchell
9ff4d3c204 Remove root-protected references from transit docs 2016-02-18 12:45:18 -05:00
Jeff Mitchell
ddb475d40d Merge pull request #1075 from rajanadar/patch-14 
adding full response for intermediate/generate
 2016-02-18 10:16:53 -05:00
Jeff Mitchell
959064f722 Merge pull request #1074 from rajanadar/patch-13 
added missing fields to read role
 2016-02-18 10:16:14 -05:00
Raja Nadar
8e5989ecb5 adding full response for intermediate/generate 
1. adding superset of fields in response, so that folks can see all possible response fields.
2. also added the less important "warnings" field
 2016-02-14 14:42:37 -08:00
Raja Nadar
5fc80d7ef3 added missing fields to read role 
added the lease and token type field to the read role response.
 2016-02-14 13:00:42 -08:00
Raja Nadar
d083f459bd fixing response fields of /pki/issue 
1. added the private_key_type field
2. changed "serial" to "serial_number"
3. added the warnings field
 2016-02-14 12:41:43 -08:00
techraf
30c51e8e4e Fixes typo 2016-02-12 22:34:07 +09:00
Jeff Mitchell
3ac40a7ae5 Use capabilities to determine upsert-ability in transit. 2016-02-02 10:03:14 -05:00
Jeff Mitchell
216fe1b9da Revert "Re-add upsert into transit. Defaults to off and a new endpoint /config" 
This reverts commit dc27d012c0.
 2016-02-02 09:26:25 -05:00
Jeff Mitchell
dc27d012c0 Re-add upsert into transit. Defaults to off and a new endpoint /config 
can be used to turn it on for a given mount.
 2016-02-01 20:13:57 -05:00
Jeff Mitchell
10a6aec9a3 Merge pull request #980 from rajanadar/patch-8 
fixing the return type of verify otp
 2016-02-01 14:10:14 -05:00
Jeff Mitchell
7fb8db2e6c Allow the format to be specified as pem_bundle, which creates a 
concatenated PEM file.

Fixes #992
 2016-02-01 13:19:41 -05:00
Jeff Mitchell
3b77905c75 Cassandra: 
* Add ability to change protocol version
* Remove config as a root path, use normal ACLs
* Update docs
 2016-02-01 10:27:26 -05:00
Jeff Mitchell
9c244789a7 Update transit docs to no longer claim upsert functionality 2016-01-29 14:43:52 -05:00
Jeff Mitchell
3b22ab02c6 Add listing of roles to PKI 2016-01-28 15:18:07 -05:00
Jeff Mitchell
a1d242f18c Add list documentationf for mysql 2016-01-28 15:06:52 -05:00
Jeff Mitchell
9cf06240e0 Add list support for postgres roles 2016-01-28 14:41:50 -05:00
Jeff Mitchell
56e5615f18 Update SSH documentation with list 2016-01-28 14:41:43 -05:00
Raja Nadar
f42f5ec306 fixed the return type of /ssh/lookup api 2016-01-28 01:04:35 -08:00
Raja Nadar
2270affc2f fix return type of post /ssh/creds 
added sample json for both otp and dynamic credentials
 2016-01-28 00:56:59 -08:00
Raja Nadar
14c1bb4141 better description 2016-01-27 21:58:54 -08:00
Raja Nadar
61e0e3dd94 fixing the return type of verify otp 
it seems to be 200 on valid OTP and 204 on invalid OTP. (i think it should be an error.. 400 or 404)
but for the moment, fixing the docs to match the existing behavior.
 2016-01-27 20:04:11 -08:00
Jeff Mitchell
1dc52267a8 Merge pull request #972 from rajanadar/patch-7 
added the delete api details to generic backend
 2016-01-26 09:49:06 -05:00
Jeff Mitchell
e3e9a3980d Merge pull request #971 from rajanadar/patch-6 
added the delete api details to cubbyhole
 2016-01-26 09:48:47 -05:00
Raja Nadar
8290a4cd5f added the delete api details to generic backend 
documentation was missing this api description
 2016-01-25 23:56:33 -08:00
Raja Nadar
45626fa148 added the delete api details to cubbyhole 
cubbyhole delete api details were missing. added them.
 2016-01-25 23:47:33 -08:00
Raja Nadar
4b84b49797 fixing an incorrect json response field name 
changed a read-role api response field from 'revocation_cql' to 'rollback_cql'
didn't verify it using a real cassandra server test, but looked at the source code json schema definition here: 

https://github.com/hashicorp/vault/blob/master/builtin/logical/cassandra/path_roles.go
func pathRoles(b *backend) *framework.Path 

please feel free to discard the PR, if i am looking at the wrong source location or something.
 2016-01-25 23:42:20 -08:00
Nicki Watt
a616197add AWS secret backend - docs when using existing policy 2016-01-26 01:43:14 +00:00
Nicki Watt
e10f5b2b1a Docs for AWS backend when using an existing policy 2016-01-26 01:39:24 +00:00
Jeff Mitchell
1c43a0148f Document changes 2016-01-25 14:47:16 -05:00
Jeff Mitchell
9eaef0a2a1 Update documentation and use ParseBool for list query param checking 2016-01-22 10:07:32 -05:00
Jeff Mitchell
2667f08f97 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell
2613343c3d Updates and documentation 2016-01-22 10:07:32 -05:00
Dmitriy Gromov
ea1e29fa33 Renamed sts duration to ttl and added STS permissions note. 2016-01-21 14:28:34 -05:00
Dmitriy Gromov
e13f58713e documenting the new aws/sts endpoint 2016-01-21 14:05:10 -05:00
Seth Vargo
9e14bb66f2 Use HTTPS + www where appropriate 2016-01-14 13:42:47 -05:00
Jeff Mitchell
f3ef23318d Create more granular ACL capabilities. 
This commit splits ACL policies into more fine-grained capabilities.
This both drastically simplifies the checking code and makes it possible
to support needed workflows that are not possible with the previous
method. It is backwards compatible; policies containing a "policy"
string are simply converted to a set of capabilities matching previous
behavior.

Fixes #724 (and others).
 2016-01-08 13:05:14 -05:00
kenjones-cisco
3438a3c9da Fixes mis-placed html tag 2015-12-31 10:37:01 -05:00
kenjones
71a8118229 add missing html tag 2015-12-20 14:20:30 -05:00
Jeff Mitchell
74b7e36221 Some copyediting/simplifying of the Consul page 2015-12-18 10:07:40 -05:00
kenjones
c70f7e507e Update secret backend Consul documentation 
Adds information on the steps to get a management token for use by
Vault when communicating with Consul as a secret backend.
 2015-12-18 09:44:31 -05:00
Jeff Mitchell
e6bceea2aa Update documentation with Consul backend token_type parameter. 
Fixes #854
 2015-12-14 20:54:13 -05:00
Jeff Mitchell
d6a5a281b9 Merge branch 'master' into pki-csrs 2015-12-08 10:57:53 -05:00
Jeff Mitchell
70ea26c0e5 Add a warning about consistency of IAM credentials as a stop-gap. 
Ping #687
 2015-12-08 10:56:34 -05:00
Jeff Mitchell
bd03d3c422 Change allowed_base_domain to allowed_domains and allow_base_domain to 
allow_bare_domains, for comma-separated multi-domain support.
 2015-11-30 23:49:11 -05:00
Jeff Mitchell
703a0d65c0 Remove token display names from input options as there isn't a viable 
use-case for it at the moment
 2015-11-30 18:07:42 -05:00
Jeff Mitchell
6af9eac08b Documentation update 2015-11-20 13:13:57 -05:00
Jeff Mitchell
7eed5db86f Update documentation, some comments, make code cleaner, and make generated roots be revoked when their TTL is up 2015-11-19 17:14:22 -05:00
Jeff Mitchell
061539434f Update validator function for URIs. Change example of entering a CA to a 
root cert generation. Other minor documentation updates. Fix private key
output in issue/sign.
 2015-11-19 11:35:17 -05:00
Jeff Mitchell
f644557eab Make it clear that generating/setting a CA cert will overwrite what's 
there.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell
3437af0711 Split root and intermediate functionality into their own sections in the API. Update documentation. Add sign-verbatim endpoint. 2015-11-19 09:51:18 -05:00
Jeff Mitchell
237285e822 Address some feedback from review 2015-11-19 09:51:18 -05:00
Jeff Mitchell
cf148d8cc6 Large documentation updates, remove the pathlength path in favor of 
making that a parameter at CA generation/sign time, and allow more
fields to be configured at CSR generation time.
 2015-11-19 09:51:18 -05:00
Jeff Mitchell
c33c43620f Add tests for intermediate signing and CRL, and fix a couple things 
Completes extra functionality.
 2015-11-19 09:51:17 -05:00
Jeff Mitchell
cee292a06a Documentation update around path/key name encryption. 
Make it clear that path/key names in generic are not encrypted.

Fixes #697
 2015-10-29 11:21:40 -04:00
Seth Vargo
cfd7aa5983 Remove tabs from terminal output 
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
 2015-10-12 12:10:22 -04:00
vishalnayak
93c4cccc6e mysql: made max_open_connections configurable 2015-10-01 21:15:56 -04:00
vishalnayak
bc5ad114e4 postgresql: Configurable max open connections to the database 2015-10-01 20:11:24 -04:00
Colin Rymer
c9e9fbdab2 Remove redundant wording for SSH OTP introduction. 2015-09-30 10:58:44 -04:00
Jeff Mitchell
6c21b3b693 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Dominic Luechinger
886c67892d Fixes docs for new JWT secret backend 2015-09-24 16:47:17 +02:00
Spencer Herzberg
66e0cb2175 docs: pg username not prefixed with vault- 
due to
05fa4a4a48,
vault no longer prefixes the username with `vault-`
 2015-09-22 10:14:47 -05:00
Jeff Mitchell
791ae62db3 Minor doc update to SSH 2015-09-21 16:26:07 -04:00
Jeff Mitchell
fa53293b7b Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell
08a81a3364 Update transit backend documentation, and also return the min decryption 
value in a read operation on the key.
 2015-09-21 16:13:43 -04:00
Jeff Mitchell
a57eb45b50 Add API endpoint documentation to cubbyhole 2015-09-21 16:13:36 -04:00
Jeff Mitchell
e4cab7afe5 Add API endpoint documentation to generic 2015-09-21 16:13:29 -04:00
Jeff Mitchell
46073e4470 Enhance transit backend: 
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
 2015-09-18 14:41:05 -04:00
Jeff Mitchell
c80fdb4bdc Add documentation for cubbyhole 2015-09-15 13:50:37 -04:00
Brian Lalor
ade8c31469 Remove unused param to 'vault write aws/roles/deploy' 
The name is taken from the path, not the request body.  Having the duplicate key is confusing.
 2015-09-06 06:57:39 -04:00
Armon Dadgar
c3ba4fc147 Merge pull request #590 from MarkVLK/patch-1 
Update mysql docs markdown to fix grammar error
 2015-09-04 19:13:50 -07:00
MarkVLK
ac44229d18 Update transit docs markdown to add missing word 
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
 2015-09-04 17:11:34 -07:00