mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-16 11:37:04 +02:00
Code Issues Projects Releases Wiki Activity
10,305 Commits 2,843 Branches 445 Tags 454 MiB
9be1128201
Commit Graph

458 Commits

Author SHA1 Message Date
Jim Kalafut
179b8c2c1b
Add ttl parameter to pki api docs (#5063) 2018-08-08 09:12:14 -07:00
Jeff Escalante
b84ef1a814 html syntax corrections (#5009) 2018-08-07 10:34:35 -07:00
Olivier Lemasle
31978a402d Fix two errors in docs (#5042) 
Two small errors in documentation
 2018-08-03 14:26:46 -07:00
Raja Nadar
f58b26777f .net 2.0 standard leap (#5019) 
2.0 is more conducive for consumers
 2018-08-01 08:57:49 -04:00
Sean Malloy
2794e68049 Fix GCP auth docs typo (#5017) 
The bound_bound_service_accounts parameter does not exist. The correct
spelling is bound_service_accounts.
 2018-07-31 10:57:34 -04:00
Chris Hoffman
f348177b5d
adding environment to azure auth docs (#5004) 2018-07-27 08:33:20 -04:00
Chris Hoffman
ec3e571404
adding missing properties (#5003) 2018-07-27 08:19:12 -04:00
Chris Hoffman
3ba265cf6a
updating azure auth plugin and docs (#4975) 2018-07-23 10:00:44 -04:00
Tomohisa Oda
c6fd9f5c90 add sequelize-vault to third-party tools (#4945) 2018-07-17 21:45:37 -07:00
dmicanzerofox
6559f5fe76 PKI Tidy Revocation List optionally Tidy Revoked Certs that are Unexpired (#4916) 2018-07-13 09:32:32 -04:00
Seth Vargo
c4d57245f2 Update GCP docs (#4898) 
* Consistently use "Google Cloud" where appropriate

* Update GCP docs

This updates the GCP docs to use the new updated fields that will be
present in the next release of the plugin as well as fixes up some
inconsistencies between the GCP docs and other auth method
documentation.
 2018-07-11 15:52:22 -04:00
Jeff Mitchell
6b4f6b9361
Add jwt auth docs (#4891) 2018-07-11 15:08:49 -04:00
Jeff Mitchell
0883dc3e0b
Fix permitted dns domain handling (#4905) 
It should not require a period to indicate subdomains being allowed

Fixes #4863
 2018-07-11 12:44:49 -04:00
Seth Vargo
1268342acc Properly capitalize H in GitHub (#4889) 
It's really bothering me, sorry.
 2018-07-10 08:11:03 -07:00
Jeff Mitchell
ce81df0ba2 Remove vault.rocks from some that were missed 2018-07-10 10:47:30 -04:00
Jeff Mitchell
24c776180b Fix tuning visibility in CLI (#4827) 
The API elides the value if it's empty, but empty has meaning. This adds
"hidden" as an option which is fundamentally identical to the default.
 2018-07-02 12:13:25 -04:00
Chris Hoffman
b9cd68a952
adding sample request to key status api docs (#4853) 2018-06-29 09:17:51 -04:00
Becca Petrin
b3a711d717 Add bound cidrs to tokens in AppRole (#4680) 2018-06-19 22:57:11 -04:00
Becca Petrin
fe3404ad46
clarify aws role tag doc (#4797) 2018-06-19 15:59:57 -07:00
Becca Petrin
dc88c64c36
Update Active Directory secret engine docs (#4788) 
* active directory rotate root docs

* update doc
 2018-06-19 09:11:46 -07:00
Jeff Mitchell
df00e62d92
Database updates (#4787) 
* Database updates

* Add create/update distinction for connection config
* Add create/update distinction for role config
* Add db name and revocation statements to leases to give revocation a
shot at working if the role has been deleted

Fixes #3544
Fixes #4782

* Add create/update info to docs
 2018-06-19 11:24:28 -04:00
Mr Talbot
042b9d4715 pki: add ext_key_usage to mirror key_usage and add to sign-verbatim (#4777) 
* pki: add ext_key_usage parameter to role

* pki: add key_usage and ext_key_usage parameter to sign-verbatim

* pki: cleanup code as per comments
 2018-06-15 18:20:43 -04:00
Jeff Mitchell
6951b70dd9
Add URI SANs (#4767) 2018-06-15 15:32:25 -04:00
Jeff Mitchell
56cb1e05a9
Update index.html.md 
Fixes #4763
 2018-06-14 10:19:38 -04:00
Brian Kassouf
2fbe04132c
Update replication status (#4761) 
* Update replication-performance.html.md

* Update replication-dr.html.md

* Update replication.html.md

* Update replication-dr.html.md

* Update replication-dr.html.md

* Update replication-performance.html.md

* Update replication.html.md
 2018-06-13 16:43:39 -07:00
Eli Oxman
d6efc1cff6 Add async python client to docs (#4698) 2018-06-05 10:23:56 -04:00
Becca Petrin
648ea3345f
add formatter to ad docs (#4653) 2018-05-29 16:47:46 -07:00
Jeff Mitchell
373a7472e9
Merge pull request #4600 from hashicorp/rekey-verification 
Rekey verification, allowing new key shares to be confirmed before committing the new key.
 2018-05-29 15:00:07 -04:00
Becca Petrin
f6b5cab7ba
Docs for the upcoming Active Directory secrets engine (#4612) 2018-05-29 08:49:09 -07:00
Jeff Mitchell
6fa29dda67
Merge branch 'master' into rekey-verification 2018-05-29 10:19:57 -04:00
Becca Petrin
71fb24e5ac add userpass note on bound cidrs (#4610) 2018-05-25 14:35:09 -04:00
Jeff Mitchell
c4f8a3a5c3 Changelogify and fix some minor website bits 2018-05-25 10:39:23 -04:00
Nicholas Jackson
61e0eda70c Breakout parameters for x.509 certificate login (#4463) 2018-05-25 10:34:46 -04:00
nelson
f87d452d40 Update kv-v2.html.md (#4614) 
correct the payload format for "Configure the KV Engine" and "Update Metadata"
 2018-05-24 12:44:44 -04:00
Chris Hoffman
c42adad873
remove incorrect parameter 2018-05-23 08:58:27 -04:00
Jeff Mitchell
804b5e9bd2 Minor website doc updates 2018-05-22 15:12:12 -04:00
Chris Hoffman
e614cadbe5
adding options information to mount endpoint (#4606) 2018-05-21 16:39:43 -04:00
Jeff Mitchell
3e95a48e7b Remove dupe website text 2018-05-21 16:30:45 -04:00
Jeff Mitchell
153d5360f7 Address feedback 2018-05-21 16:13:38 -04:00
Jeff Mitchell
98f0485d84 Add verification documentation 2018-05-21 12:00:36 -04:00
Jeff Mitchell
1fa5e18d44 Make description of prehashed a bit more friendly 2018-05-21 09:08:22 -04:00
Jeff Mitchell
ec24d3d2f7 Update key_type parameter description 2018-05-19 12:20:37 -04:00
Kevin Paulisse
7a6777b41a Docs: Clarify that revoking token revokes dynamic secrets (#4592) 2018-05-18 23:27:53 -07:00
Jeff Mitchell
f6b6ce1837 Add missing drsecondarycode to health API docs 2018-05-18 12:39:13 -04:00
Jeff Mitchell
2f97c3017f Flip documented resolve_aws_unique_id value 
Fixes #4583
 2018-05-18 12:05:52 -04:00
Jim Kalafut
e47c602654
Fix GCP API parameter docs 2018-05-17 08:54:25 -07:00
Andrew Slattery
e1eafc78b5 Update KV response code (#4568) 
Creating/Updating a secret in KV-V2 produces a status code `200` with a response body of `application/json`, whereas the previous documentation notated a `204 (empty body)` expected response code.
 2018-05-17 08:46:19 -07:00
Jeff Mitchell
9a9638c93d Update website ldap url text 2018-05-16 11:58:10 -04:00
Seth Vargo
5769fb4416 Update GCP secrets to be example-driven (#4539) 
👍
 2018-05-10 16:58:22 -04:00
Becca Petrin
df4b650e61
Restrict cert auth by CIDR (#4478) 2018-05-09 15:39:55 -07:00
Jeff Mitchell
9fb688f789 Clarify that rotate requires sudo 2018-05-09 10:19:35 -04:00
Jacob Friedman
38192cf97c Changed DR docs page to fix generating secondary DR token (#4521) 
The docs for how to create secondary DR tokens were incorrect, which caused issues at a customer. I fixed the documentation with the proper syntax and formatting, which I copied from the perf replication docs (after changing endpoints). Can someone take a quick look for me?
 2018-05-08 13:35:48 -07:00
vishalnayak
c61fd9bba6 docs: s/entity/group-alias 2018-05-08 16:32:35 -04:00
Jeff
3bfa45e306 Typo (#4505) 2018-05-03 13:37:44 -07:00
Laura Uva
765b1a0cb0 Payload key should be dr_operation_token (#4498) 2018-05-02 18:35:51 -07:00
Nándor István Krácser
420a9b9321 Fix mapping read paths (#4448) 2018-04-25 09:22:30 -04:00
vishalnayak
4222df38c6 Merge branch 'master-oss' into approle-local-secretid 2018-04-24 16:17:56 -04:00
Brian Shumate
7a5d7713fd Update curl commands / replace invalid '--payload' flag (#4440) 2018-04-24 11:20:29 -04:00
vishalnayak
20c7f20265 error on enable_local_secret_ids update after role creation 2018-04-23 17:05:53 -04:00
vishalnayak
b4f6b6fd31 update docs 2018-04-23 16:54:23 -04:00
Jeff Mitchell
bc0918a350
Add the ability to restrict token usage by IP. Add to token roles. (#4412) 
Fixes #815
 2018-04-21 10:49:16 -04:00
vishalnayak
46d4ded928 docs: update accessor lookup response 2018-04-17 11:52:58 -04:00
vishalnayak
73df4a6f8b docs: update token lookup response 2018-04-17 11:40:00 -04:00
Sohex
f676ca9db7 Update index.html.md (#4372) 
Remove duplicate of max_ttl description from end of period description under create role parameters.
 2018-04-17 11:05:50 -04:00
Calvin Leung Huang
36d46452d0
Add docs for internal UI mounts endpoint (#4369) 
* Add docs for internal UI mounts endpoint

* Update description section
 2018-04-16 12:13:58 -04:00
Jeff Mitchell
b65832d08a
Add ability to disable an entity (#4353) 2018-04-13 21:49:40 -04:00
Jeff Mitchell
a7f604ff91 Fix token store role documentation around explicit max ttl 2018-04-13 09:59:12 -04:00
Brian Kassouf
915e452c0d
KV: Update 'versioned' naming to 'v2' (#4293) 
* Update 'versioned' naming to 'v2'

* Make sure options are set

* Fix description of auth flag

* Review feedback
 2018-04-09 09:39:32 -07:00
Chris Hoffman
e3742e5a54
Docs for configuration UI headers (#4313) 
* adding /sys/config/ui headers

* adding /sys/config/ui headers
 2018-04-09 12:21:02 -04:00
Chris Hoffman
295db4718f
Root Credential Rotation Docs (#4312) 
* updating root credential docs

* more docs updates

* more docs updates
 2018-04-09 12:20:29 -04:00
Matthew Irish
fec8f13955
UI - pki updates (#4291) 
* add require_cn to pki roles
* add policy_identifiers and basic_constraints_valid_for_non_ca to pki role form
* add new fields to the PKI docs
* add add_basic_constraints field
 2018-04-08 21:09:29 -05:00
Brian Kassouf
56274d854d
Versioned K/V docs (#4259) 
* Work on kv docs

* Add more kv docs

* Update kv docs

* More docs updates

* address some review coments
 2018-04-03 23:22:41 -07:00
Jeff Mitchell
266a57fab2
Case insensitive behavior for LDAP (#4238) 2018-04-03 09:52:43 -04:00
Vishal Nayak
0caa6408c2
Update group alias by ID (#4237) 
* update group alias by id

* update docs
 2018-04-02 10:42:01 -04:00
Vishal Nayak
3930da11d4
add entity merge API to docs (#4234) 2018-04-01 12:59:57 -04:00
Jeff Mitchell
4b45cb7f91 Merge branch 'master-oss' into 0.10-beta 2018-03-27 12:40:30 -04:00
Yoko
e5788b8860
Update Github auth method API reference (#4202) 
* Update Github auth method API reference

* Replaced vault.rocks in API
 2018-03-26 16:56:14 -07:00
Seth Vargo
04708d554c Drop vault.rocks (#4186) 2018-03-23 11:41:51 -04:00
Chris Hoffman
505f0ea495
adding Azure docs (#4185) 
Adding Azure Auth Method docs
 2018-03-22 18:28:42 -04:00
Brian Kassouf
1626803f3f Update kv backend and add some docs (#4182) 
* Add kv backend

* Move kv in apha order

* Update kv backend and add some docs
 2018-03-21 23:10:05 -04:00
Calvin Leung Huang
c54c9519c8
Passthrough request headers (#4172) 
* Add passthrough request headers for secret/auth mounts

* Update comments

* Fix SyncCache deletion of passthrough_request_headers

* Remove debug line

* Case-insensitive header comparison

* Remove unnecessary allocation

* Short-circuit filteredPassthroughHeaders if there's nothing to filter

* Add whitelistedHeaders list

* Update router logic after merge

* Add whitelist test

* Add lowercase x-vault-kv-client to whitelist

* Add back const

* Refactor whitelist logic
 2018-03-21 19:56:47 -04:00
emily
468cad19f3 Docs for Vault GCP secrets plugin (#4159) 2018-03-21 15:02:38 -04:00
Brian Shumate
6c0b238459 Docs: update formatting / heading (#4175) 
- Correct Generate Disaster Recovery Operation Token heading level
- Tighten up formatting/trailing spaces
 2018-03-21 10:14:52 -04:00
Josh Soref
e43b76ef97 Spelling (#4119) 2018-03-20 14:54:10 -04:00
Jason Martin
7054005e9f README Spelling error (#4165) 2018-03-20 11:45:56 -04:00
Jeff Mitchell
f7e80837a7 Note that you can set a CA chain when using set-signed. 
Fixes #2246
 2018-03-19 19:44:07 -04:00
Jacob Crowther
53b0e5971d Add Cryptr to related tools (#4126) 2018-03-19 14:46:54 -04:00
Jeff Mitchell
9e596fcef2 Update path-help to make clear you shouldn't put things in the URL. 
Remove from website docs as those have been long deprecated.
 2018-03-19 11:50:16 -04:00
Joel Thompson
29551c0b1b Allow non-prefix-matched IAM role and instance profile ARNs in AWS auth backend (#4071) 
* Update aws auth docs with new semantics

Moving away from implicitly globbed bound_iam_role_arn and
bound_iam_instance_profile_arn variables to make them explicit

* Refactor tests to reduce duplication

auth/aws EC2 login tests had the same flow duplicated a few times, so
refactoring to reduce duplication

* Add tests for aws auth explicit wildcard constraints

* Remove implicit prefix matching from AWS auth backend

In the aws auth backend, bound_iam_role_arn and
bound_iam_instance_profile_arn were ALWAYS prefix matched, and there was
no way to opt out of this implicit prefix matching. This now makes the
implicit prefix matching an explicit opt-in feature by requiring users
to specify a * at the end of an ARN if they want the prefix matching.
 2018-03-17 21:24:49 -04:00
Joel Thompson
d349f5b0a7 auth/aws: Allow binding by EC2 instance IDs (#3816) 
* auth/aws: Allow binding by EC2 instance IDs

This allows specifying a list of EC2 instance IDs that are allowed to
bind to the role. To keep style formatting with the other bindings, this
is still called bound_ec2_instance_id rather than bound_ec2_instance_ids
as I intend to convert the other bindings to accept lists as well (where
it makes sense) and keeping them with singular names would be the
easiest for backwards compatibility.

Partially fixes #3797
 2018-03-15 09:19:28 -07:00
Brian Nuszkowski
ecb3fe21b7 Add PKCS1v15 as a RSA signature and verification option on the Transit secret engine (#4018) 
Option to specify the RSA signature type, in specific add support for PKCS1v15
 2018-03-15 09:17:02 -07:00
Jeff Mitchell
efb7a23498 Make the API docs around ed25519 more clear about what derivation means for this key type 2018-03-15 11:59:50 -04:00
Calvin Leung Huang
034f83f1cd
Audit HMAC values on AuthConfig (#4077) 
* Add audit hmac values to AuthConfigInput and AuthConfigOutput, fix docs

* docs: Add ttl params to auth enable endpoint

* Rewording of go string to simply string

* Add audit hmac keys as CLI flags on auth/secrets enable

* Fix copypasta mistake

* Add audit hmac keys to auth and secrets list

* Only set config values if they exist

* Fix http sys/auth tests

* More auth plugin_name test fixes

* Pass API values into MountEntry's config when creating auth/secrets mount

* Update usage wording
 2018-03-09 14:32:28 -05:00
Vishal Nayak
1d8baa9b9c
approle: Use TypeCommaStringSlice for BoundCIDRList (#4078) 
* Use TypeCommaStringSlice for Approle bound_cidr_list

* update docs

* Add comments in the test
 2018-03-08 17:49:08 -05:00
Calvin Leung Huang
01eecf9d1a
Non-HMAC audit values (#4033) 
* Add non-hmac request keys

* Update comment

* Initial audit request keys implementation

* Add audit_non_hmac_response_keys

* Move where req.NonHMACKeys gets set

* Minor refactor

* Add params to auth tune endpoints

* Sync cache on loadCredentials

* Explicitly unset req.NonHMACKeys

* Do not error if entry is nil

* Add tests

* docs: Add params to api sections

* Refactor audit.Backend and Formatter interfaces, update audit broker methods

* Add audit_broker.go

* Fix method call params in audit backends

* Remove fields from logical.Request and logical.Response, pass keys via LogInput

* Use data.GetOk to allow unsetting existing values

* Remove debug lines

* Add test for unsetting values

* Address review feedback

* Initialize values in FormatRequest and FormatResponse using input values

* Update docs

* Use strutil.StrListContains

* Use strutil.StrListContains
 2018-03-02 12:18:39 -05:00
Jeff Mitchell
90f245995a Document primary_email in Okta mfa path 2018-03-02 11:54:21 -05:00
Jeff Mitchell
9c5e90cb0a Actually add PingID to the index of API pages 2018-03-02 11:49:48 -05:00
Joel Thompson
8a115c73d9 auth/aws: Allow lists in binds (#3907) 
* auth/aws: Allow lists in binds

In the aws auth method, allow a number of binds to take in lists
instead of a single string value. The intended semantic is that, for
each bind type set, clients must match at least one of each of the bind
types set in order to authenticate.
 2018-03-02 11:09:14 -05:00
Vishal Nayak
5ede80de1c
update sys/capabilities docs (#4059) 2018-03-01 11:42:39 -05:00
Jeff Mitchell
e7524b816d Add the ability to use multiple paths for capability checking (#3663) 
* Add the ability to use multiple paths for capability checking. WIP
(tests, docs).

Fixes #3336

* Added tests

* added 'paths' field

* Update docs

* return error if paths is not supplied
 2018-03-01 11:14:56 -05:00
vishalnayak
c2812d6761 ssh: clarify optional behavior of cidr_list 2018-02-24 06:55:55 -05:00
Chris Hoffman
44a58df738
adding LIST for connections in database backend (#4027) 2018-02-22 15:27:33 -05:00
Jeff Mitchell
e118ae30ba Fix formatting on sys/health docs 2018-02-22 10:52:12 -05:00
Calvin Leung Huang
11d15895f9
Add description param on tune endpoints (#4017) 2018-02-21 17:18:05 -05:00
Vishal Nayak
1deaed2ffe
Verify DNS SANs if PermittedDNSDomains is set (#3982) 
* Verify DNS SANs if PermittedDNSDomains is set

* Use DNSNames check and not PermittedDNSDomains on leaf certificate

* Document the check

* Add RFC link

* Test for success case

* fix the parameter name

* rename the test

* remove unneeded commented code
 2018-02-16 17:42:29 -05:00
Jeff Mitchell
a43a854740
Support other names in SANs (#3889) 2018-02-16 17:19:34 -05:00
Jeff Mitchell
d325b32a9d Update website for AWS client max_retries 2018-02-16 11:13:55 -05:00
Jeff Mitchell
ef00a69f11
Add ChaCha20-Poly1305 support to transit (#3975) 2018-02-14 11:59:46 -05:00
Joel Thompson
d4465fdfcd auth/aws: Improve role tag docs as suggested on mailing list (#3915) 
Fixes the ambiguity called out in
https://groups.google.com/forum/#!msg/vault-tool/X3s7YY0An_w/yH0KFQxlBgAJ
 2018-02-12 17:39:17 -05:00
Jeff Mitchell
a9a322aa39
Adds the ability to bypass Okta MFA checks. (#3944) 
* Adds the ability to bypass Okta MFA checks.

Unlike before, the administrator opts-in to this behavior, and is
suitably warned.

Fixes #3872
 2018-02-09 17:03:49 -05:00
Vishal Nayak
58cab5f59f added a flag to make common name optional if desired (#3940) 
* added a flag to make common name optional if desired

* Cover one more case where cn can be empty

* remove skipping when empty; instead check for emptiness before calling validateNames

* Add verification before adding to DNS names to also fix #3918
 2018-02-09 13:42:19 -05:00
Jeff Mitchell
ec27e83b6e
Update relatedtools.html.md 2018-02-08 11:15:47 -05:00
Robert Kreuzer
8f475dd93f Add vaultenv to the list of related tools (#3945) 2018-02-08 10:30:45 -05:00
Vishal Nayak
4551b9250f docs: Fix the expected type of metadata (#3835) 2018-01-23 16:30:15 -05:00
Jeff Mitchell
a109e2a11e Sync some bits over 2018-01-22 21:44:49 -05:00
Brian Shumate
28d6b91fe2 Update API endpoint references for revoke-prefix (#3828) 2018-01-22 18:04:43 -05:00
Josh Giles
2b719ae6cd Support JSON lists for Okta user groups+policies. (#3801) 
* Support JSON lists for Okta user groups+policies.

Migrate the manually-parsed comma-separated string field types for user
groups and user policies to TypeCommaStringSlice. This means user
endpoints now accept proper lists as input for these fields in addition
to comma-separated string values. The value for reads remains a list.

Update the Okta API documentation for users and groups to reflect that
both user group and user/group policy fields are list-valued.

Update the Okta acceptance tests to cover passing a list value for the
user policy field, and require the OKTA_API_TOKEN env var to be set
(required for the "everyone" policy tests to pass).

* Fix typo, add comma-separated docs.
 2018-01-16 18:20:19 -05:00
Jake Scaltreto
2e51b1562b Fix minor typo in word "certificate" (#3783) 2018-01-15 15:52:41 -05:00
Jeff Mitchell
0a2c911c03 Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-10 11:15:49 -05:00
Laura Uva
9abac4fd93 Fixed the link to the section on generating DR operation token for promoting secondary. (#3766) 2018-01-09 10:02:09 -06:00
Brian Shumate
9cac2a0ac1 Docs: add DR secondary/active HTTP 472 code (#3748) 2018-01-03 15:07:36 -05:00
Jeff Mitchell
d6552a11cc Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Brian Nuszkowski
326e1ab24c Update '/auth/token/revoke-self' endpoint documentation to reflect the proper response code (#3735) 2018-01-03 12:09:43 -05:00
dmwilcox
ad0a39dfe1 Update docs to reflect ability to load cold CA certs to output full chains. (#3740) 2018-01-03 10:59:18 -05:00
markpaine
68f87ba6f6 Spelling correction. "specifig" -> "specific" (#3739) 2018-01-03 10:38:55 -05:00
markpaine
6201056f11 Spelling correction "datatabse" -> "database" (#3738) 2018-01-03 10:38:16 -05:00
Jeff Mitchell
f9f64572f5 Clarify control group APIs are enterprise only. 
Fixes #3702
 2017-12-19 11:00:02 -05:00
Calvin Leung Huang
40b8314c4d Add period and max_ttl to cert role creation (#3642) 2017-12-18 15:29:45 -05:00
Travis Cosgrave
95328e2fb4 Use Custom Cert Extensions as Cert Auth Constraint (#3634) 2017-12-18 12:53:44 -05:00
Jeff Mitchell
4f31ee7cc8
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
Ernest W. Durbin III
a6c0194b68 Correct documentation for Kubernetes Auth Plugin (#3708) 2017-12-18 12:12:08 -05:00
Raja Nadar
bb667bf109 added the missing nonce and type fields (#3694) 2017-12-17 16:26:07 -05:00
Chris Hoffman
737dbca37a fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Chris Hoffman
152b6e4305 address some feedback 2017-12-15 17:06:56 -05:00
Jeff Mitchell
96b0c31de5
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Vishal Nayak
c38f9884ce Transit: backup/restore (#3637) 2017-12-14 12:51:50 -05:00
Chris Hoffman
628153979a
Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Paulo Ribeiro
a179a1804d Remove duplicate link in ToC (#3671) 2017-12-11 12:52:58 -05:00
Jeff Mitchell
32a7503b89
Cross reference pki/cert in a few places. 2017-12-11 11:10:28 -05:00
Mohsen
77fc89088d Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Calvin Leung Huang
a9e7dbb7b4
Support MongoDB session-wide write concern (#3646) 
* Initial work on write concern support, set for the lifetime of the session

* Add base64 encoded value support, include docs and tests

* Handle error from json.Unmarshal, fix test and docs

* Remove writeConcern struct, move JSON unmarshal to Initialize

* Return error on empty mapping of write_concern into mgo.Safe struct
 2017-12-05 15:31:01 -05:00
Laura Uva
291edb9746 Update example payload and response for pem_keys field which needs \n after header and before footer in order to be accepted as a valid RSA or ECDSA public key (#3632) 2017-12-04 12:12:58 -05:00
Brian Shumate
61eac778cc Docs: Update /sys/policies/ re: beta refs to address #3624 (#3629) 2017-12-04 12:10:26 -05:00
Jeff Mitchell
a898bd272d
Remove beta notice 2017-12-04 08:25:16 -08:00
crdotson
9692cde57f Fix spelling (#3609) 
changed "aomma" to "comma"
 2017-12-04 10:53:58 -05:00
csawyerYumaed
e2cdbf4913 update relatedtools, add Goldfish UI. (#3597) 
Add link to Goldfish a  web UI for Vault.
 2017-12-04 10:51:16 -05:00
Paul Pieralde
3b56130f10 Fix docs for Transit API (#3588) 2017-12-04 10:34:05 -05:00
Jeff Mitchell
14b43deb05 Update cassandra docs with consistency value. 
Fixes #3361
 2017-12-02 14:18:23 -05:00
Nicolas Corrarello
ea66973fcb
Fix docs up to current standards 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 16:53:42 +00:00
Nicolas Corrarello
12e77fac51
Rename policy into policies 2017-11-29 16:31:17 +00:00
Nicolas Corrarello
a3df394134
Pull master into f-nomad 
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
 2017-11-29 15:56:37 +00:00
Vishal Nayak
0f8e4c826c
docs: encryption/decryption now supports asymmetric keys (#3599) 2017-11-21 12:25:28 -05:00
Vishal Nayak
0fccc908d0
Docs: Remove 'none' as algorithm options (#3587) 2017-11-15 09:09:45 -05:00
Brian Kassouf
f67feaea20
Add token_reviewer_jwt to the kubernetes docs (#3586) 2017-11-14 13:27:09 -08:00
Chris Hoffman
95d4f68d26
adding licensing docs (#3585) 2017-11-14 16:15:09 -05:00
Paul Pieralde
ce49d77f86 Docs change for Policy API (#3584) 
vault 0.9.0 deprecated the term `rules` in favor of the
term `policy` in several of the /sys/policy APIs.

The expected return state of 200 SUCCESS_NO_DATA only happens
if the `policy` term is used. A response including the
deprecation notice and a 204 SUCCESS_WITH_DATA status code
is returned when `rules` is applied.
 2017-11-14 14:26:26 -05:00
Jeff Mitchell
f056cf9119 Sync docs 2017-11-14 06:13:11 -05:00
Vishal Nayak
b659e94a3b
API refactoring and doc updates (#3577) 
* Doc updates and API refactoring

* fix tests

* change metadata fieldtype to TypeKVPairs

* Give example for TypeKVPairs in CLI for metadata

* Update API docs examples to reflect the native expected value for TypeKVPairs

* Don't mention comma separation in the docs for TypeCommaStringSlice

* s/groups/group; s/entities/entity; s/entity-aliases/entity-alias; s/group-aliases/group-alias

* Address review feedback

* Fix formatting

* fix sidebar links
 2017-11-13 20:59:42 -05:00
Vishal Nayak
31484b7d55
transit doc update (#3564) 2017-11-09 16:17:54 -05:00
Calvin Leung Huang
b9348ebf4c Add docs for /sys/rekey-recovery-key (#3520) 2017-11-08 14:22:30 -05:00
Paul Pieralde
91d2c05a34 Doc fix for Create/Update Token API (#3548) 
`orphan` is intended to be default to False. Docs indicate this
is default to True. Simple change to update the docs only.
 2017-11-07 18:06:44 -05:00
Joel Thompson
50aa3d9e1f auth/aws: Make disallow_reauthentication and allow_instance_migration mutually exclusive (#3291) 2017-11-06 17:12:07 -05:00
Chris Hoffman
cbe172fb65 minor cleanup 2017-11-06 16:34:20 -05:00
Gregory Reshetniak
81e18aeccd added AWS enpoint handling (#3416) 2017-11-06 13:31:38 -05:00
Calvin Leung Huang
447d13ec39
Add note on support for using rec keys on /sys/rekey (#3517) 2017-11-06 12:18:15 -05:00
Jeff Mitchell
33cf98026e
Add PKCS8 marshaling to PKI (#3518) 2017-11-06 12:05:07 -05:00
Nicolas Corrarello
f9c30bff20
Updated documentation 2017-11-06 15:13:50 +00:00
Calvin Leung Huang
22e156712c
Update SSH list roles docs (#3536) 2017-11-03 18:00:46 -04:00
Vishal Nayak
d5ad857a86
Capabilities responds considering policies on entities and groups (#3522) 
* Capabilities endpoint will now return considering policies on entities and groups

* refactor the policy derivation into a separate function

* Docs: Update docs to reflect the change in capabilities endpoint
 2017-11-03 11:20:10 -04:00
Vishal Nayak
4d3b3bed08
docs: s/persona/alias (#3529) 2017-11-03 11:17:59 -04:00
Vishal Nayak
ced60dbc0c
Encrypt/Decrypt/Sign/Verify using RSA in Transit backend (#3489) 
* encrypt/decrypt/sign/verify RSA

* update path-help and doc

* Fix the bug which was breaking convergent encryption

* support both 2048 and 4096

* update doc to contain both 2048 and 4096

* Add test for encrypt, decrypt and rotate on RSA keys

* Support exporting RSA keys

* Add sign and verify test steps

* Remove 'RSA' from PEM header

* use the default salt length

* Add 'RSA' to PEM header since openssl is expecting that

* export rsa keys as signing-key as well

* Comment the reasoning behind the PEM headers

* remove comment

* update comment

* Parameterize hashing for RSA signing and verification

* Added test steps to check hash algo choice for RSA sign/verify

* fix test by using 'prehashed'
 2017-11-03 10:45:53 -04:00
Vishal Nayak
7ca73556e4
docs: Add config/ca delete operation (#3525) 2017-11-03 06:19:21 -04:00
Nicolas Corrarello
3a0d7ac9a6 Unifying Storage and API path in role 2017-10-31 21:06:10 +00:00
Jeff Mitchell
bba371c7de Fix C&P in docs. 
Fixes #3454
 2017-10-27 16:43:26 -04:00
Christophe Tafani-Dereeper
f8e6f9ed70 Correct typos in the sys/raw documentation (#3484) 2017-10-24 10:33:57 -04:00
Seth Vargo
50caac0bb6
More naming cleanup 2017-10-24 09:35:03 -04:00
Seth Vargo
e118a16f63
Oops typo 2017-10-24 09:34:30 -04:00
Seth Vargo
94fdc0e7d2
Update k8s documentation 2017-10-24 09:34:12 -04:00
Seth Vargo
23d1d9a1ac
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo
39097c80d6
Remove ?list examples 
They are documented in the overall API section, but people should get used to seeing LIST as a verb
 2017-10-24 09:32:15 -04:00
Seth Vargo
b8e4b0d515
Standardize on "auth method" 
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
 2017-10-24 09:32:15 -04:00
Seth Vargo
9b18a8ab20
Document mount types/values 2017-10-24 09:28:05 -04:00
Chris Hoffman
49df3d67e5 copying general purpose tools from transit backend to /sys/tools (#3391) 2017-10-20 10:59:17 -04:00
blazindragon
aafaf1cf87 Correct typo: DELET to DELETE (#3452) 2017-10-13 10:11:04 -04:00
Jeremy Voorhis
333bd83a3f Implement signing of pre-hashed data (#3448) 
Transit backend sign and verify endpoints now support algorithm=none
 2017-10-11 11:48:51 -04:00
Martins Sipenko
095017a364 Fix docs (#3449) 2017-10-11 11:29:26 -04:00
Brendan
6ecbad6c62 Update index.html.md (#3433) 
Fixed typo in json property used to create custom secret_id
 2017-10-11 09:25:43 -04:00
emily
ea412e52b7 add GCP APIs that need to be enabled to GCP auth docs, small doc fixes (#3446) 2017-10-11 09:18:32 -04:00
Nicolas Corrarello
c99b741bed A few simple fixes for the Github API docs (#3432) 2017-10-06 06:13:47 -04:00
Daniel DeFisher
57b8871e58 upgrade ldap api docs to refrect 0.8.3 change to returned json of policies (#3421) 2017-10-04 15:40:28 -04:00
Jeff Mitchell
04e8d163ba Allow entering PKI URLs as arrays. (#3409) 
Fixes #3407
 2017-10-03 16:13:57 -04:00
Nicolas Corrarello
b581716b75 Updated API Docs with the Global Token Parameter 2017-09-29 11:23:47 +01:00
Alex Dadgar
b314c13882 Fix spelling errors (#3390) 2017-09-28 07:54:40 -04:00
Paulo Ribeiro
b8082675e8 Fix grammatical error (#3395) 
Also changed capitalization for consistency.
 2017-09-28 06:28:48 -04:00
Brian Kassouf
539cb262f1 Kubernetes Docs Update (#3386) 
* Update Kubnernetes Docs

* Add a note about alpha clusters on GKE

* Fix JSON formatting

* Update kubernetes.html.md

* Fix a few review comments
 2017-09-27 14:02:18 -07:00
Vishal Nayak
5d805a252e docs: Added certificate deletion operation API (#3385) 2017-09-26 20:28:52 -04:00
Nicolas Corrarello
bc1ea9af53 Adding Nomad Secret Backend API documentation 2017-09-21 09:18:35 -05:00
Brian Kassouf
4fb3f163ee Kubernetes auth (#3350) 
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a942.

* Update the vendored directory
 2017-09-19 09:27:26 -05:00
Calvin Leung Huang
7e21bb3b5e Clarify backup data that is being stored (#3345) 2017-09-19 07:44:34 -05:00
emily
08c2e2ce44 Add GCE docs for GCP Auth Backend (#3341) 2017-09-19 07:44:05 -05:00