mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-18 12:37:02 +02:00
Code Issues Projects Releases Wiki Activity
10,305 Commits 2,844 Branches 445 Tags 454 MiB
9be1128201
Commit Graph

1637 Commits

Author SHA1 Message Date
Lucas Vasconcelos Santana
8e67ccdef4 add scheme to the redirect_addr example 2017-08-14 10:59:44 -04:00
Seth Vargo
8581a7879c Break SSH types into their own pages (#3157) 
@jefferai and I discussed this on Friday. With three fully-documented
SSH backends, the page is lengthy, ungreppable, and intimidating. This
commit separates the SSH backends into their own pages with as little
text changes as possible.
 2017-08-14 10:49:41 -04:00
Seth Vargo
24c4c0c9c2 Rename database plugins for SEO (#3156) 
When we "nest" like this, it's important to use a common suffix,
"Database Secret Backend" in this case, so that the SEO minions can
properly group search results for end users.
 2017-08-14 10:46:39 -04:00
Jeff Mitchell
1c3ca9d4dd Update github comment 2017-08-11 17:03:18 -04:00
Seth Vargo
32c94e1a8c Remove references to VSI (#3143) 
Andy approved
 2017-08-10 20:47:59 -04:00
Issac
c1d69f8d79 Add TLS config to skeleton plugin (#3137) 2017-08-09 11:41:17 -07:00
vishalnayak
de82889d04 docs: Add API section for MFA docs 2017-08-09 13:26:29 -04:00
vishalnayak
cd14bf99ef docs: fix broken link 2017-08-09 13:17:56 -04:00
vishalnayak
22beec9ec0 docs: Added identity concepts 2017-08-09 13:08:05 -04:00
vishalnayak
6669837509 docs: Add X-Vault-MFA to the list of env vars 2017-08-09 11:31:30 -04:00
Chris Hoffman
7b55c457c7 API Docs updates (#3135) 2017-08-09 11:22:19 -04:00
Jeff Mitchell
847c59fb5b Fix cassandra doc link 2017-08-09 10:32:03 -04:00
Vishal Nayak
d2b3f42936 docs: MFA usage details (#3133) 2017-08-08 23:48:31 -04:00
Jeff Mitchell
27b2764c28 Add an extra sentence to the github warning 2017-08-08 21:10:15 -04:00
Calvin Leung Huang
ffc7901d88 Add plugin backends docs (#3125) 
* Add docs on plugins/backend/reload, add plugin backend guide

* Fix docs headers

* Fix API endpoint description

* Update plugin guide and internals pages
 2017-08-08 12:39:19 -04:00
Chris Hoffman
d60dd42c81 API Docs updates (#3101) 2017-08-08 12:28:17 -04:00
Jeff Mitchell
90e1e80b8f Add a note about GitHub auth backend security 2017-08-08 10:26:05 -04:00
Paulo Ribeiro
bc0954923c Fix minor grammatical error (#3110) 2017-08-04 11:08:49 -04:00
Jeff Mitchell
0bf8c04f73 Merge branch 'master-oss' into issue-2241 2017-08-03 07:41:34 -04:00
Gobin Sougrakpam
f166016ae8 tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Jeff Mitchell
608322b546 Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Minkyu Kim
2f84edc39b Fix outdated documentation about AWS STS credentials (#3093) (#3094) 2017-08-02 11:18:35 -04:00
Jeff Mitchell
54e3d61d6b Use RemoteCredProvider instead of EC2RoleProvider (#2983) 2017-07-31 18:27:16 -04:00
Brian Rodgers
6486a40d47 docs: Added text to clarify that root does not refer to AWS root creds (#2950) 2017-07-31 17:31:44 -04:00
Oliver Beattie
c5222319e9 Fix docs to use new style 2017-07-31 15:24:08 +01:00
Filipe Varela
f3d3f49820 Makes naming consistent w/ other storage backends (ie: etcd) 2017-07-31 15:18:07 +01:00
Filipe Varela
cbbc8be2c9 Adds docs for new configuration options 2017-07-31 15:18:06 +01:00
Oliver Beattie
3a097a146f Add a (basic) Cassandra storage backend 2017-07-31 15:18:01 +01:00
James Phillips
06a19456ff Fixes a typo in the VSI doc. (#3047) 2017-07-26 12:18:52 -04:00
Jeremy Voorhis
6e311aa598 s/alterate/alternate/ (#3056) 2017-07-26 11:44:06 -04:00
Vishal Nayak
96e8ffea5a docs: Identity Store (#3055) 2017-07-25 18:33:17 -04:00
Chris Hoffman
317ae32ca7 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Calvin Leung Huang
2b0f80b981 Backend plugin system (#2874) 
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
 2017-07-20 13:28:40 -04:00
Joel Thompson
88910d0b1c Improve sts header parsing (#3013) 2017-07-18 09:51:45 -04:00
Gobin Sougrakpam
638ef2c9b8 Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT (#3022) 2017-07-18 09:48:31 -04:00
Andy Manoske
41fefd49bd Update configuration.html.md (#3029) 2017-07-17 14:37:32 -04:00
Jeff Mitchell
6876ee8a2c Add max_parallel to mssql and postgresql (#3026) 
For storage backends, set max open connections to value of max_parallel.
 2017-07-17 13:04:49 -04:00
Seth Vargo
31e8349197 Update Policies and Auth concepts pages (#3011) 2017-07-14 11:15:22 -04:00
Jeff Mitchell
cdd68aff95 Reformat some wrapping docs 2017-07-13 19:02:15 -04:00
Tony Cai
f92f4d4972 Added HANA database plugin (#2811) 
* Added HANA dynamic secret backend

* Added acceptance tests for HANA secret backend

* Add HANA backend as a logical backend to server

* Added documentation to HANA secret backend

* Added vendored libraries

* Go fmt

* Migrate hana credential creation to plugin

* Removed deprecated hana logical backend

* Migrated documentation for HANA database plugin

* Updated HANA DB plugin to use role name in credential generation

* Update HANA plugin tests

* If env vars are not configured, tests will skip rather than succeed

* Fixed some improperly named string variables

* Removed unused import

* Import SAP hdb driver
 2017-07-07 13:11:23 -07:00
Will May
dc33acaceb Allow Okta auth backend to specify TTL and max TTL values (#2915) 2017-07-05 09:42:37 -04:00
Jasper Siepkes
624032e59c Added documentation for working with MySQL wildcards in GRANT (#2963) 2017-07-04 13:59:08 -04:00
Brian Shumate
03b95432eb DOCS: fix typo (#2965) 2017-07-03 12:40:31 -04:00
Cameron Stokes
5d2d750d9a [docs] Add requirements for hsm. (#2941) 2017-07-01 21:21:51 +01:00
Seth Vargo
49fe772e0c Add rekeying guide & move guides to top-level (#2935) 2017-06-29 14:43:43 +01:00
Brian Shumate
4a0183ab4c Docs: Expand Telemetry documentation (#2860) 2017-06-29 04:02:48 +01:00
Brian Boerst
0ebb2491b5 Typo fix in vault enterprise/replication docs. (#2932) 2017-06-29 04:01:32 +01:00
Seth Vargo
49f508b469 Merge pull request #2914 from hashicorp/sethvargo/ec2authimage 
Add diagram for EC2 Auth flow
 2017-06-28 07:31:37 +08:00
Seth Vargo
2d84ca0e11
Re-org and move text around in list instead 2017-06-27 22:38:16 +08:00
Seth Vargo
5119e31e68
Capitalize C 2017-06-27 22:38:16 +08:00
Seth Vargo
6af372f77b
Add diagram for EC2 Auth flow 2017-06-27 22:38:16 +08:00
Armon Dadgar
67f55d45f0 adding link to security model 2017-06-26 17:43:04 -07:00
Armon Dadgar
be219f10e6 website: Add more hardening tips 2017-06-26 14:00:36 -07:00
TheCodeAssassin
8b85fc5cc2 Small typo fix (#2921) 2017-06-26 10:08:18 -04:00
Cameron Stokes
aa0db53f0d [docs]: Fix typo in hardening guide. 2017-06-22 22:20:17 -07:00
Armon Dadgar
3dbe7e5cd9 Merge pull request #2898 from hashicorp/docs-prod-hard 
website: adding production hardening guide
 2017-06-22 15:05:35 -07:00
Saj Goonatilleke
910a359909 Fix a typo in the telemetry documentation (#2910) 2017-06-22 20:12:28 +01:00
Armon Dadgar
b57a656ff6 Make recommendation vs requirement more clear 2017-06-22 11:02:18 -07:00
Armon Dadgar
72971198f4 Copy changes 2017-06-21 09:55:00 -07:00
Armon Dadgar
fa40f022a8 website copy updates 2017-06-20 21:21:04 -07:00
Armon Dadgar
629cc49ae9 website: adding production hardening guide 2017-06-20 17:44:54 -07:00
Jeff Mitchell
d0d3b7c0ec More cleanup 
Ping #2894
 2017-06-20 10:46:24 -04:00
Jeff Mitchell
058b96c0cd Clarify/fix some configuration info. 
Fixes #2894
 2017-06-20 10:12:59 -04:00
Jeff Mitchell
29ef62ecfb Add ACL info to Consul configuration page 2017-06-19 19:39:52 -04:00
Raphael Randschau
90d1a1ca7a CouchDB physical backend (#2880) 2017-06-17 11:22:10 -04:00
Jeff Mitchell
27e584c2ce Fix up CORS. 
Ref #2021
 2017-06-17 01:26:25 -04:00
Aaron Salvo
362227c632 Cors headers (#2021) 2017-06-17 00:04:55 -04:00
Jeff Mitchell
f5de93f1bf Add DogStatsD metrics output. (#2883) 
Fixes #2490
 2017-06-16 23:51:46 -04:00
Jeff Mitchell
aab867acf2 Add some warnings to the upgrade guide 2017-06-16 13:23:22 -04:00
vishalnayak
d10a36cb61 doc: add radius to MFA backend docs 2017-06-15 18:31:53 -04:00
Nathan Valentine
f155992ff5 Clean up extra word in docs (#2847) 2017-06-12 13:08:54 -04:00
Jeff Mitchell
703874ed95 Add note about lowercasing usernames to userpass docs 2017-06-08 09:41:01 -04:00
Cameron Stokes
6186fabcaf [docs] Add notes about deprecated database backends. (#2835) 2017-06-07 23:45:01 -07:00
Brian Kassouf
7951a15d65 update database interface in the docs 2017-06-07 11:20:13 -07:00
Joel Thompson
d858511fdf Resolve AWS IAM unique IDs (#2814) 2017-06-07 10:27:11 -04:00
Joel Thompson
ee55e36af6 Check if there's a bound iam arn when renewing (#2819) 
Previously, the renew method would ALWAYS check to ensure the
authenticated IAM principal ARN matched the bound ARN.  However, there
is a valid use case in which no bound_iam_principal_arn is specified and
all bindings are done through inferencing. When a role is configured
like this, clients won't be able to renew their token because of the
check.

This now checks to ensure that the bound_iam_principal_arn is not empty
before requriing that it match the originally authenticated client.

Fixes #2781
 2017-06-06 22:35:12 -04:00
Brian Kassouf
abc900157b Use the role name in the db username (#2812) 2017-06-06 09:49:49 -04:00
sam boyer
00383246a7 Minor typos & wordsmithing for clarity (#2807) 2017-06-05 09:32:09 -07:00
Jeff Mitchell
c18589f590 Add plugin_directory to configuration page (#2801) 
Fixes #2795
 2017-06-03 08:11:03 -04:00
Igor Katson
32c7efe7ca Add max_parallel parameter to MySQL backend. (#2760) 
* Add max_parallel parameter to MySQL backend.

This limits the number of concurrent connections, so that vault does not die
suddenly from "Too many connections".

This can happen when e.g. vault starts up, and tries to load all the
existing leases in parallel. At the time of writing this, the value
ExpirationRestoreWorkerCount in vault/helper/consts/const.go is set to
64, meaning that if there are enough leases in the vault's DB, it will
generate AT LEAST 64 concurrent connections to MySQL when loading the
data during start-up. On certain configurations, e.g. smaller AWS
RDS/Aurora instances, this will cause Vault to fail startup.

* Fix a typo in mysql storage readme
 2017-06-01 15:20:32 -07:00
Vishal Nayak
5a7966810f doc: leases are generated only for dynamic secrets (#2772) 
* doc: leases are generated only for dynamic secrets

* Address review feedback
 2017-05-31 09:47:17 -04:00
vishalnayak
d2aa8c1f12 doc: Fix the sample input value for cache_size 2017-05-19 12:32:44 -04:00
Kenny Gatdula
77b728ca2c Update plugins.html.md (#2744) 
Minor typo and spellcheck update
 2017-05-18 14:06:44 -04:00
Martins Sipenko
5a8c7e321b Fix X-Vault-AWS-IAM-Server-ID example (#2728) 2017-05-15 09:06:45 -04:00
Martins Sipenko
b8c4c3e26b Update aws.html.md (#2715) 2017-05-12 12:10:11 -04:00
Calvin Leung Huang
a4c652cbb3 Mongodb plugin (#2698) 
* WIP on mongodb plugin

* Add mongodb plugin

* Add tests

* Update mongodb.CreateUser() comment

* Update docs

* Add missing docs

* Fix mongodb docs

* Minor comment and test updates

* Fix imports

* Fix dockertest import

* Set c.Initialized at the end, check for empty CreationStmts first on CreateUser

* Remove Initialized check on Connection()

* Add back Initialized check

* Update docs

* Move connProducer and credsProducer into pkg for  mongodb and cassandra

* Chage parseMongoURL to be a private func

* Default to admin if no db is provided in creation_statements

* Update comments and docs
 2017-05-11 17:38:54 -04:00
Jeremy Voorhis
9bc3425424 Update the S3 storage backend docs to reflect capabilities. 2017-05-11 14:30:05 -07:00
Cameron Stokes
365c71800f [docs] Update glossary for auth backend terminology. (#2703) 2017-05-09 22:17:32 -04:00
Jeff Mitchell
f163852d8c Update/clarify docs on generic backend ttl. 
Ping #2697
 2017-05-09 09:56:11 -04:00
Brian Kassouf
c48b7fa8db Few docs updates 2017-05-04 14:07:12 -07:00
Calvin Leung Huang
3f7ea0d4ea Merge branch 'database-refactor' of github.com:hashicorp/vault into database-refactor 2017-05-04 16:46:47 -04:00
Calvin Leung Huang
65b7bba360 Update mssql docs 2017-05-04 16:46:34 -04:00
Brian Kassouf
2e82e00f49 update docs 2017-05-04 13:38:49 -07:00
Brian Kassouf
fcd4f903c3 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 12:40:00 -07:00
mymercurialsky
461d658e88 Implemented TOTP Secret Backend (#2492) 
* Initialized basic outline of TOTP backend using Postgresql backend as template

* Updated TOTP backend.go's structure and help string

* Updated TOTP path_roles.go's structure and help strings

* Updated TOTP path_role_create.go's structure and help strings

* Fixed typo in path_roles.go

* Fixed errors in path_role_create.go and path_roles.go

* Added TOTP secret backend information to cli commands

* Fixed build errors in path_roles.go and path_role_create.go

* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords

* Initialized TOTP test file based on structure of postgresql test file

* Added enforcement of input values

* Added otp library to vendor folder

* Added test steps and cleaned up errors

* Modified read credential test step, not working yet

* Use of vendored package not allowed - Test error

* Removed vendor files for TOTP library

* Revert "Removed vendor files for TOTP library"

This reverts commit fcd030994b.

* Hopefully fixed vendor folder issue with TOTP Library

* Added additional tests for TOTP backend

* Cleaned up comments in TOTP backend_test.go

* Added default values of period, algorithm and digits to field schema

* Changed account_name and issuer fields to optional

* Removed MD5 as a hash algorithm option

* Implemented requested pull request changes

* Added ability to validate TOTP codes

* Added ability to have a key generated

* Added skew, qr size and key size parameters

* Reset vendor.json prior to merge

* Readded otp and barcode libraries to vendor.json

* Modified help strings for path_role_create.go

* Fixed test issue in testAccStepReadRole

* Cleaned up error formatting, variable names and path names. Also added some additional documentation

* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes

* Added ability to pass in TOTP urls

* Added additional tests for TOTP server functions

* Removed unused QRSize, URL and Generate members of keyEntry struct

* Removed unnecessary urlstring variable from pathKeyCreate

* Added website documentation for TOTP secret backend

* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.

* Updated website documentation and added QR example

* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests

* Updated API documentation to inlude to exported variable and qr size option

* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
 2017-05-04 10:49:42 -07:00
Brian Kassouf
55f1f5116a Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Brian Kassouf
c825362304 PR comments 2017-05-04 10:41:59 -07:00
Brian Kassouf
9e28b03c9b add new mysql plugin names and fix grammar 2017-05-03 18:41:39 -07:00
Brian Kassouf
799cd3c7c7 Upate links in docs 2017-05-03 10:25:12 -07:00
Brian Kassouf
78b27fa765 Add API docs 2017-05-03 02:13:07 -07:00
Brian Kassouf
85967cb5a8 Add custom plugins docs page 2017-05-03 00:01:28 -07:00
Brian Kassouf
2be2e4c74e Update docs for the database backend and it's plugins 2017-05-02 22:24:31 -07:00
Brian Kassouf
d230446b4d Update docs and add cassandra as a builtin plugin 2017-05-02 17:04:49 -07:00
Brian Kassouf
dc5979e3ae Fix wording in docs 2017-05-02 16:20:07 -07:00
Jeff Mitchell
d300c23597 Add website skeleton 2017-05-02 16:26:32 -04:00
Brian Kassouf
7f92c5f47f Fix documentation 2017-05-02 02:22:06 -07:00
Brian Kassouf
885398e341 Add internals doc for plugins 2017-05-02 01:59:36 -07:00
Seth Vargo
bf9ef7c302 Add UI docs (#2664) 2017-05-01 17:36:37 -04:00
Michael Ansel
8da4405c99 Add constraints on the Common Name for certificate-based authentication (#2595) 
* Refactor to consolidate constraints on the matching chain

* Add CN prefix/suffix constraint

* Maintain backwards compatibility (pick a random cert if multiple match)

* Vendor go-glob

* Replace cn_prefix/suffix with required_name/globbing

Move all the new tests to acceptance-capable tests instead of embedding in the CRL test

* Allow authenticating against a single cert

* Add new params to documentation

* Add CLI support for new param

* Refactor for style

* Support multiple (ORed) name patterns

* Rename required_names to allowed_names

* Update docs for parameter rename

* Use the new TypeCommaStringSlice
 2017-04-30 11:37:10 -04:00
greenbrian
8074e6167a Fix links on Consul storage backend page (#2652) 2017-04-28 07:48:23 -04:00
Jeff Mitchell
5deb20b29a Fix types of listener options, currently they're all strings 2017-04-25 11:20:48 -04:00
Joel Thompson
5a934e6b2f Create unified aws auth backend (#2441) 
* Rename builtin/credential/aws-ec2 to aws

The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.

* Expand aws-ec2 backend to more generic aws

This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.

* Add missing aws auth handler to CLI

This was omitted from the previous commit

* aws auth backend general variable name cleanup

Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.

* Update docs for the aws auth backend

* Refactor aws bind validation

* Fix env var override in aws backend test

Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.

* Update docs on use of IAM authentication profile

AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.

* Fix typo in aws auth cli help

* Respond to PR feedback

* More PR feedback

* Respond to additional PR feedback

* Address more feedback on aws auth PR

* Make aws auth_type immutable per role

* Address more aws auth PR feedback

* Address more iam auth PR feedback

* Rename aws-ec2.html.md to aws.html.md

Per PR feedback, to go along with new backend name.

* Add MountType to logical.Request

* Make default aws auth_type dependent upon MountType

When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.

* Pass MountPoint and MountType back up to the core

Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
 2017-04-24 15:15:50 -04:00
Matthew Gallagher
b20afce73f Remove mention of Darwin mlock support from docs. (#2624) 2017-04-22 16:56:01 -04:00
Mitch Davis
a20815972c Use service bind for searching LDAP groups (#2534) 
Fixes #2387
 2017-04-18 15:52:05 -04:00
Jeff Mitchell
cb0b22031d Update index.html.md 2017-04-18 15:50:44 -04:00
Jon Benson
32854c8066 Fix sentence - remove "and" 2017-04-17 19:35:04 -07:00
Jeff Mitchell
bdc3002d56 Update SSH docs to indicate deprecation of dynamic key type 2017-04-17 11:11:05 -04:00
Jeff Mitchell
8e2b8ff1df Add some extra documentation around ssh-keygen -L to see signed cert 
info.

Ping #2569
 2017-04-13 15:23:27 -04:00
Chris Hoffman
892d558fa2 minor docs update 2017-04-10 09:46:25 -04:00
Jeff Mitchell
3f3eddc5a2 Update AES-GCM verification text 2017-04-07 14:35:29 -04:00
Jeff Mitchell
b44ed072b5 Remove superfluous/misleading comments around some listener options 2017-04-07 14:23:56 -04:00
Jeff Mitchell
14c0000169 Update SSH CA documentation 
Fixes #2551
Fixes #2569
 2017-04-07 11:59:25 -04:00
Jeff Mitchell
c03466b0de Remove "these are denoted below" w.r.t. SIGHUP 
SIGHUP support is denoted in the sections/options that support actions on SIGHUP, so with the new docs layout it's confusing to have the old statement in there. Remove in favor of the inline comments.

Fixes #2572
 2017-04-06 16:08:58 -04:00
Sebastian Haba
9d013a0707 add mssql physical backend (#2546) 2017-04-06 09:33:49 -04:00
Pavel Timofeev
e2d3a06234 Ldap auth doc fix (#2568) 
* Move url parameter to the next line and fix a typo

* Add userdn paramater to the Scenario 1.
Without userdn set Vault can't search with error like

Code: 400. Errors:

* LDAP search failed for detecting user: LDAP Result Code 32 "No Such Object": 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:
        ''
 2017-04-05 08:29:38 -07:00
Cameron Stokes
59a003b4eb [docs] Add header to fix formatting. 2017-04-05 10:35:59 +10:00
Cameron Stokes
ebf98e8c32 [docs] Adding missing guide from index page. 
Also, make guide titles consistent with sidebar.
 2017-04-05 10:22:20 +10:00
Jeff Mitchell
df160ed59e Add back lost Postgres creation sql for storage backend 2017-04-04 12:30:07 -04:00
Emre Erkunt
c7e9377000 Fixed an example on aws backend documentation about an iam profile. (#2522) 2017-04-04 09:03:27 -07:00
Jonathan Sokolowski
e5013e90e2 Etcd DNS discovery (#2521) 
* etcd: Add discovery_srv option
 2017-04-04 08:50:44 -07:00
Jeff Mitchell
251da1bcdc Update SSH docs to note that host key verification is not performed. 2017-04-03 10:43:41 -04:00
Francis Chuang
431760c1ec Fix typo (#2558) 2017-04-03 05:46:40 -07:00
Adam Shannon
1f0d9b10b6 Quote dynamodb's ha_enabled property (#2547) 
With `ha_enabled = true` vault crashes with the following error: 

```
error parsing 'storage': storage.dynamodb: At 17:16: root.ha_enabled: unknown type for string *ast.LiteralType
```

This seems related to https://github.com/hashicorp/vault/issues/1559
 2017-03-30 14:09:47 -07:00
vishalnayak
b228f5eb0f docs: aws-ec2: link sts configuration from cross account access 2017-03-28 14:34:21 -07:00
Dan Everton
0bc81c9f6b Add permitPool support to S3 (#2466) 2017-03-26 14:32:26 -04:00
Jeff Mitchell
7e17de7cf3 Fix AWS-EC2 sts/certificate typo 
Fixes #2512
 2017-03-21 13:29:40 -04:00
Jack Pearkes
12f921ce27 website: update docs to clearly link to enterprise version 2017-03-21 08:41:39 -07:00
Vishal Nayak
cf0fb2119f docs: Elaborate the steps for SSH CA backend with 'sshd_config' changes (#2507) 2017-03-19 18:52:15 -04:00
Brian Kassouf
32b3bd8630 Add note about prefix/suffix globbing on policy parameters 2017-03-17 13:53:41 -07:00
Seth Vargo
0fe2e84e3a
Update titles 2017-03-17 14:37:01 -04:00
Seth Vargo
a8591fbd81
Links 2017-03-17 14:27:32 -04:00
Seth Vargo
f64bf8d183
/docs/http -> /api 2017-03-17 14:06:03 -04:00
Jeff Mitchell
65b3608b6a Merge branch 'master-oss' into pr-2495 2017-03-17 13:40:58 -04:00
Jeff Mitchell
d349fdf7fa Update replication guide and add to sidebar 2017-03-17 12:38:19 -04:00
Jeff Mitchell
01157459f8 Fix broken GCS account link 2017-03-17 12:12:28 -04:00
Jeff Mitchell
8a38a1e80b Fix misspelling of website link 2017-03-17 12:07:37 -04:00
Seth Vargo
d873469210
Use relative links 2017-03-16 12:04:36 -07:00
Seth Vargo
ae418194d1
Fix sentence 2017-03-16 12:04:14 -07:00
Seth Vargo
558dab03c8
Reformat replication API 2017-03-16 11:57:06 -07:00
Seth Vargo
009b2e43ac
Update PKI backend API docs 2017-03-16 11:26:09 -07:00
Seth Vargo
b5657fc695
Fix formatting in SSH 2017-03-16 11:25:59 -07:00
Seth Vargo
29ff269003
Fix Cassandra text 2017-03-16 11:25:37 -07:00
Seth Vargo
181cd198e8
Add new SSH field 2017-03-16 09:48:45 -07:00
Seth Vargo
c902aa4f98
Add SSH 2017-03-16 09:47:08 -07:00
Seth Vargo
59482390e1
Fix TODOs 2017-03-16 09:47:08 -07:00
Seth Vargo
501cf5d065
Break out API documentation for secret backends 2017-03-16 09:47:06 -07:00
Seth Vargo
efd532536f
Redo docs for system backend 
This commit updates the API documentation for the system backend to
break things apart on a per-page basis and provide specific examples.
This pattern will give more flexibility for future documentation as
well.
 2017-03-16 09:46:49 -07:00
Mike Okner
6f84f7ffd0 Adding allow_user_key_ids field to SSH role config (#2494) 
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
 2017-03-16 08:45:11 -04:00
Jeff Mitchell
02921e8729 Fix layout for replication 2017-03-16 06:50:33 -04:00
Jeff Mitchell
688104e69a Allow roles to specify whether CSR SANs should be used instead of (#2489) 
request values. Fix up some documentation.

Fixes #2451
Fixes #2488
 2017-03-15 14:38:18 -04:00
Andy Manoske
38d70b7eb7 Vault_Enterprise_WWW (#2327) 2017-03-15 14:31:14 -04:00
Jeff Mitchell
b6f6081e56 Add upgrade to 0.7 page 2017-03-15 12:34:11 -04:00
Stanislav Grozev
e9086bd85f Remove superfluous argument from SSH CA docs 2017-03-14 10:21:48 -04:00
Stanislav Grozev
5f3397bff5 Reads on ssh/config/ca return the public keys 
If configured/generated.
 2017-03-14 10:21:48 -04:00
Stanislav Grozev
d22796c644 If generating an SSH CA signing key - return the public part 
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
 2017-03-14 10:21:48 -04:00
Jeff Mitchell
9ebf2c4b61 Clarify cluster_addr and cluster_address 2017-03-14 10:17:58 -04:00
Jeff Mitchell
81fc5fd35d Minor doc updates 2017-03-14 10:11:47 -04:00
Vishal Nayak
6bdba07846 docs: clarify 'storage' and 'ha_storage' requirements (#2471) 2017-03-11 09:43:14 -05:00
Vishal Nayak
9af1ca3d2c doc: ssh allowed_users update (#2462) 
* doc: ssh allowed_users update

* added some more context in default_user field
 2017-03-09 10:34:55 -05:00
vishalnayak
4731754077 doc: ssh markdown alignments 2017-03-08 21:58:12 -05:00
Seth Vargo
d38a3ba861 Move upgrade into guides (#2460) 
* Move upgrades to guides

* Make root token copy-pastable
 2017-03-08 17:33:58 -05:00
Jeff Mitchell
4390f007fe Minor doc updates 2017-03-08 10:25:57 -05:00
Jeff Mitchell
317c664370 Add option to require valid client certificates (#2457) 2017-03-08 10:21:31 -05:00
Jeff Mitchell
8681311b7c Add option to disable caching per-backend. (#2455) 2017-03-08 09:20:09 -05:00
Jeff Mitchell
b1ed578f3d Rename physical backend to storage and alias old value (#2456) 2017-03-08 09:17:00 -05:00
Seth Vargo
364a86bb0b Separate backend configurations into their own pages (#2454) 
* Clean vertical lines

* Make sidebar slightly larger on bigger displays

* Separate backend configurations into their own pages
 2017-03-07 21:47:23 -05:00
Seth Vargo
50ca10b5c8
Fix http layout 2017-03-06 16:11:05 -05:00
Seth Vargo
71a0609616
Move install guides into docs layout 2017-03-06 16:11:05 -05:00
Seth Vargo
7fceebcd6e
Update upgrade guides 2017-03-06 16:11:05 -05:00
Michael
3445b3ae63 Updated doc to match real output (#2443) 
Regards hashicorp/vault#2116
 2017-03-06 10:39:34 -05:00
Vishal Nayak
f4d74fe4cc AppRole: Support restricted use tokens (#2435) 
* approle: added token_num_uses to the role

* approle: added RUD tests for token_num_uses on role

* approle: doc: added token_num_uses
 2017-03-03 09:31:20 -05:00
Jeff Mitchell
e8e1905c96 Some minor ssh docs updating 2017-03-02 16:47:21 -05:00
Will May
ffb5ee7fda Changes from code review 2017-03-02 14:36:13 -05:00
Will May
f9d853f7f0 Allow internal generation of the signing SSH key pair 2017-03-02 14:36:13 -05:00
Vishal Nayak
d30a833db7 Rework ssh ca (#2419) 
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
 2017-03-01 15:50:23 -05:00
Will May
59397250da Changes from code review 
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
 2017-03-01 15:19:18 -05:00
Will May
1d59b965cb Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00
Jeff Mitchell
27f917d656 Update policies doc with allowed/denied params and min/max wrapping ttl info 2017-02-27 15:17:19 -05:00
Marshall Brekka
2ee7e26dae Add a TTL to the dynamodb lock implementation. (#2141) 2017-02-27 14:30:34 -05:00
vishalnayak
ee4c13c944 docs: update sys heal status codes 2017-02-26 15:20:23 -05:00
Gregory Reshetniak
12d49f83dc Update sys-health.html.md 
typo
 2017-02-26 15:20:23 -05:00
Vishal Nayak
241835b6f4 Aws Ec2 additional binds for SubnetID, VpcID and Region (#2407) 
* awsec2: Added bound_region

* awsec2: Added bound_subnet_id and bound_vpc_id

* Add bound_subnet_id and bound_vpc_id to docs

* Remove fmt.Printf

* Added crud test for aws ec2 role

* Address review feedback
 2017-02-24 14:19:10 -05:00
Vishal Nayak
e3016053b3 PKI: Role switch to control lease generation (#2403) 
* pki: Make generation of leases optional

* pki: add tests for upgrading generate_lease

* pki: add tests for leased and non-leased certs

* docs++ pki generate_lease

* Generate lease is applicable for both issuing and signing

* pki: fix tests

* Address review feedback

* Address review feedback
 2017-02-24 12:12:40 -05:00
vishalnayak
ff7a1a810b awsec2: markdown text alignment 2017-02-23 14:52:38 -05:00
Brian Kassouf
a1f1c350a9 Merge branch 'master' into acl-parameters-permission 2017-02-21 14:46:06 -08:00
Jeff Mitchell
98c7bd6c03 Port some replication bits to OSS (#2386) 2017-02-16 15:15:02 -05:00
Jeff Mitchell
5e5d9baabe Add Organization support to PKI backend. (#2380) 
Fixes #2369
 2017-02-16 01:04:29 -05:00
Jeff Mitchell
e2b7d43e01 Merge branch 'master-oss' into acl-parameters-permission 2017-02-15 20:37:58 -05:00
Phil Watts
14e815eede Edit to the language of the description of disable_mlock on the configuration documentation page. Previous wording could lead to confusion as to the recommended setting of the disable_mlock option. (#2377) 2017-02-15 11:09:27 -05:00
Vishal Nayak
fbcb52aafa aws-ec2 auth: fix docs (#2375) 2017-02-15 06:29:27 -05:00
Tommy Murphy
57aac16cd2 audit: support a configurable prefix string to write before each message (#2359) 
A static token at the beginning of a log line can help systems parse
logs better. For example, rsyslog and syslog-ng will recognize the
'@cee: ' prefix and will parse the rest of the line as a valid json message.
This is useful in environments where there is a mix of structured and
unstructured logs.
 2017-02-10 16:56:28 -08:00
P.Nikolajevs (pl)
1ecf8b1409 Update libraries.html.md (#2360) 2017-02-10 09:39:18 -08:00
Tommy Murphy
214cd65d55 docs: transit parameter is actually deletion_allowed (#2356) 2017-02-09 15:10:28 -05:00
Jeff Mitchell
c01d394a8d Add support for backup/multiple LDAP URLs. (#2350) 2017-02-08 14:59:24 -08:00
Jeff Mitchell
1d59d98fc7 Merge branch 'master-oss' into acl-parameters-permission 2017-02-08 01:59:52 -05:00
Jeff Mitchell
56b4fffb50 Add audited headers to sidebar 2017-02-07 17:02:14 -05:00
Matteo Sessa
cb293e3e23 RADIUS Authentication Backend (#2268) 2017-02-07 16:04:27 -05:00
Jeff Mitchell
c05d74be59 Add etcd API info 2017-02-07 11:33:02 -08:00
Brian Kassouf
68fdd34840 Merge pull request #2326 from hashicorp/pr-2161 
Add Socket Audit Backend
 2017-02-07 11:27:25 -08:00
Brian Kassouf
f5739bee4f Added a warning about the dropped socket connection edge case 2017-02-07 11:06:36 -08:00
Brian Vans
32d5d88119 Fixing a few typos in the docs (#2344) 2017-02-07 11:55:29 -05:00
Brian Kassouf
17d00d9548 Add info about UNIX sockets 2017-02-06 15:56:58 -08:00
Cameron Stokes
58c47af060 docs: add note about request size limit (#2337) 2017-02-06 18:24:40 -05:00
Vishal Nayak
a9121ff733 transit: change batch input format (#2331) 
* transit: change batch input format

* transit: no json-in-json for batch response

* docs: transit: update batch input format

* transit: fix tests after changing response format
 2017-02-06 14:56:16 -05:00
Brian Kassouf
aa32568aa9 Update the docs and move the logic for reconnecting into its own function 2017-02-04 16:55:17 -08:00
Jeff Mitchell
487a96fa17 Fix incorrect sample URL in aws-ec2 docs 2017-02-04 19:27:35 -05:00
Harrison Harnisch
6da4806582 add socket audit backend 2017-02-02 14:21:48 -08:00
Brian Kassouf
590b5681cd Configure the request headers that are output to the audit log (#2321) 
* Add /sys/config/audited-headers endpoint for configuring the headers that will be audited

* Remove some debug lines

* Add a persistant layer and refactor a bit

* update the api endpoints to be more restful

* Add comments and clean up a few functions

* Remove unneeded hash structure functionaility

* Fix existing tests

* Add tests

* Add test for Applying the header config

* Add Benchmark for the ApplyConfig method

* ResetTimer on the benchmark:

* Update the headers comment

* Add test for audit broker

* Use hyphens instead of camel case

* Add size paramater to the allocation of the result map

* Fix the tests for the audit broker

* PR feedback

* update the path and permissions on config/* paths

* Add docs file

* Fix TestSystemBackend_RootPaths test
 2017-02-02 11:49:20 -08:00
Vishal Nayak
3797666436 Transit: Support batch encryption and decryption (#2143) 
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
 2017-02-02 14:24:20 -05:00
Vishal Nayak
660e606a7d awsec2: support periodic tokens (#2324) 
* awsec2: support periodic tokens

* awsec2: add api docs for 'period'
 2017-02-02 13:28:01 -05:00
louism517
b548e2860c Support for Cross-Account AWS Auth (#2148) 2017-02-01 14:16:03 -05:00
Shane Starcher
a0b5eecc6d Okta implementation (#1966) 2017-01-26 19:08:52 -05:00
Jeff Mitchell
06b7bb2373 Merge pull request #2296 from hashicorp/rfay-20161230_add_cookbook_with_root_token_generation 
Add 'Guides' section
 2017-01-25 15:33:43 -05:00
Cameron Stokes
b61b786441 Update title and other minor changes. 2017-01-24 08:47:53 -08:00
Chris Hoffman
7e89d506bc Fixing a few incorrect entries 2017-01-24 11:08:58 -05:00
Chris Hoffman
ad6f815308 Minor transit docs fixes 2017-01-23 22:26:38 -05:00
Chris Hoffman
fb6f509df5 Adding LDAP API reference and misc docs formatting issues 2017-01-23 22:08:08 -05:00
Cameron Stokes
6448b116e1 Additional changes to @rfay's PR from https://github.com/hashicorp/vault/pull/2217. 
- Renamed Cookbook to Guides
- Made Guides index page
- Moved Guides link on sidebar
- Minor formatting changes to generate-root guide
 2017-01-23 16:41:25 -08:00
Cameron Stokes
6e3cc88fc9 Merge branch '20161230_add_cookbook_with_root_token_generation' of https://github.com/rfay/vault into rfay-20161230_add_cookbook_with_root_token_generation 2017-01-23 16:13:58 -08:00
Roman Vynar
51bb8bc544 Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 13:48:35 -05:00
joe miller
90e32515ea allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman
43bae79d01 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
Vishal Nayak
b706ec9506 ldap: Minor enhancements, tests and doc update (#2272) 2017-01-23 10:56:43 -05:00
Brian Kassouf
3d7e5dcb61 First attempt at adding docs for permissions 2017-01-20 16:34:30 -08:00
Brian Kassouf
f8e3714eae change consistency config value from a bool to a string (#2282) 2017-01-19 17:36:33 -05:00
vishalnayak
30a67c13fb Fix file_path argument in audit's index.html 2017-01-18 21:43:29 -05:00
Vishal Nayak
c43a7ceb57 tokenStore: document the 'period' field (#2267) 2017-01-18 17:25:52 -05:00
Jacob Crowther
9a3df44d36 Example "List" command missing a forward slash (#2233) 
The List command example is missing a forward slash before the query parameter.
 2017-01-18 17:25:23 -05:00
Raja Nadar
8a09228d7c vaultsharp is now cross-platform (#2285) 2017-01-18 08:45:16 -05:00
vishalnayak
a829762ead Adding the 429 code back in 2017-01-17 13:36:56 -05:00
vishalnayak
a89a03e42d doc: remove unused 429 code from docs to avoid confusion 2017-01-13 23:12:32 -05:00
Brian Kassouf
430e125f45 SP error 2017-01-13 11:50:23 -08:00
Brian Kassouf
8522aeb031 Add require_conistent to docs 2017-01-13 11:48:35 -08:00
Erwin de Keijzer
7e27ca924d Fixed rabbitmq documentation 
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
 2017-01-13 08:54:04 +01:00
vishalnayak
7160809f49 paraphrasing the cluster_addr doc 2017-01-12 11:26:43 -05:00
Pavel TImofeev
75583f67b7 Describe how actually configuration option for 'Per-Node Cluster Address' topic is called. 
According to 'Server Configuration' web page it's 'cluster_addr' (note, not 'cluster_address').
Previously this was not clear, what exactly 'this' was.
 2017-01-12 12:20:19 +03:00
Matthew Irish
231f00dff2 Transit key actions (#2254) 
* add supports_* for transit key reads

* update transit docs with new supports_* fields
 2017-01-11 10:05:06 -06:00
Cameron Stokes
08603054ff Note about VAULT_UI environment variable. (#2255) 2017-01-11 09:29:45 -05:00
Raja Nadar
c5a059743b fix lookup-self response json 
reflect the true 0.6.4 response.
 2017-01-10 23:19:49 -08:00
Jeff Mitchell
ebfba76f98 Remove documenting that the token to revoke can be part of the URL as (#2250) 
this should never be used and only remains for backwards compat.

Fixes #2248
 2017-01-09 22:09:29 -05:00
Jeff Mitchell
7f71ce6672 Clarify text around redirect addr being required 2017-01-06 15:07:01 -05:00
Michael Hofer
f86bd98021 Add link to vault-client vc written in go (#2225) 2017-01-03 11:29:54 -05:00
Randy Fay
a192e03fb5 Add cookbook section, with root token generation technique 2016-12-30 09:19:55 -07:00
Chris Hoffman
a719619344 Adding Vault.NET C# Library (#2213) 2016-12-29 19:26:47 -06:00
Stenio Ferreira
e9519ebd26 Fixed docs - auth backend aws had a typo on API example (#2211) 2016-12-28 11:41:50 -06:00
Daniel Heitmann
1ae7dafd57 Replace app-id with approle due to deprecation (#2197) 
According to the documentation the App-ID backend is deprecated in favor of the AppRole backend since Vault 0.6.1.
 2016-12-20 13:29:42 -05:00
Brian Nuszkowski
fed61f6c12 Add Duo pushinfo capabilities (#2118) 2016-12-19 15:37:44 -05:00
Vishal Nayak
42e133b0a8 TokenStore: Added tidy endpoint (#2192) 2016-12-16 15:29:27 -05:00
Jeff Mitchell
461d2f3f27 Fix revocation of leases when num_uses goes to 0 (#2190) 2016-12-16 13:11:55 -05:00
Elan Ruusamäe
cfbf8bd623 add unix socket example as well (#2193) 2016-12-16 05:13:35 -05:00
Elan Ruusamäe
31e655d597 Update index.html.md (#2191) 
add DSN as link to go-sql-driver/mysql to know the syntax
 2016-12-16 03:37:54 -05:00
Vishal Nayak
b4011f7129 Don't add default policy to child token if parent does not have it (#2164) 2016-12-16 00:36:39 -05:00
vishesh92
d661cf0e8c Fix broken link 2016-12-13 10:56:18 +05:30
Frank Farmer
0ad461c0a7 Small typo 2016-12-08 16:51:16 -08:00
Jeff Mitchell
5351b274fb Add doc for ui to config page 2016-12-06 17:13:12 -05:00
Jeff Mitchell
f3ba03de1a Prep for 0.6.3 2016-12-06 11:26:29 -05:00
Christopher Pauley
973e3c2b1e gcs physical backend (#2099) 2016-12-01 11:42:31 -08:00
Chris MacNaughton
93103f186c Add Rust (#2136) 
Add the Rust crate to the list
 2016-12-01 10:54:41 -08:00
vishesh92
577366ad9a Fix aws auth login example (#2122) 2016-12-01 10:17:08 -08:00
Brian Nuszkowski
4a5ecd5d6c Disallow passwords LDAP binds by default (#2103) 2016-12-01 10:11:40 -08:00
Talal Obeid
1fa62b3fb3 Improve link to intro and getting started (#2049) 2016-11-28 09:41:08 -08:00
Dan Gorst
4835df609d Minor documentation tweak (#2127) 
Should be arn, not policy - latter will error as that assume an inline policy json document
 2016-11-24 07:36:46 -08:00
Jeff Mitchell
6165c3e20f Update docs to fix #2102 2016-11-22 12:19:22 -05:00
Benjamin Farley
8a14a12efd Update libraries doc for Haskell community library (#2101) 2016-11-17 13:36:00 -05:00
Jeff Mitchell
0f53aa8fc7 Document bug causing certain LDAP settings to be forgotten on upgrade to 
0.6.1+.

Fixes #2104
 2016-11-16 17:08:16 -05:00
Daniel Somerfield
c33484c147 Added document to github auth backend covering user-specific policies. (#2084) 2016-11-11 08:59:26 -05:00
matt maier
2cd3cfd83e Vendor circonus (#2082) 2016-11-10 16:17:55 -05:00
Brad Jones
9a8603f347 Clarify that Swift only supports v1.0 auth (#2070) 2016-11-08 06:44:34 -05:00
Jacob Crowther
ba4420d06b Specify the value of "generated secrets" (#2066) 
This small change is to specify (mostly for new users) that only dynamic secrets are revoked when running revoke-self.
 2016-11-07 15:02:23 -05:00
Joel Thompson
523de6b4d2 Add information on HMAC verification to transit docs (#2062) 2016-11-07 13:44:14 -05:00
Jeff Mitchell
5708bed28d Update unwrap call documentation 2016-11-02 13:36:32 -04:00
Jeff Mitchell
1811269949 Fix cache default size and docs 2016-11-01 10:24:35 -04:00
Benjamin Campbell
e78065ec4e Use gpg binary in PGP website documentation (#2047) 2016-10-30 13:09:56 -04:00
Jeff Mitchell
ad5d270e58 Rearrange libs 2016-10-29 13:53:06 -04:00
Mark Paluch
cacaec11f5 Add Spring Vault to client libraries (#2042) 2016-10-29 13:52:16 -04:00
vishalnayak
e2a5881bc4 s/localhost/127.0.0.1 in approle docs 2016-10-28 09:46:39 -04:00
vishalnayak
52419be7c9 s/localhost/127.0.0.1 2016-10-28 09:23:05 -04:00
vishalnayak
81410d7bc4 Using AppRole as an example. Removed 'root' policy being used in examples 2016-10-28 01:24:25 -04:00
Greg Look
0e6580efd9 Update libraries.html.md 
Add Clojure Vault client.
 2016-10-27 11:39:52 -07:00
vishalnayak
8293b19a98 Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
Vishal Nayak
7958b2e3e8 Merge pull request #2029 from bfallik/patch-1 
Update aws-ec2.html.md
 2016-10-26 16:57:39 -04:00
Raja Nadar
d0c6767156 doc: syslog change data type from bool to string (#1998) 2016-10-26 16:18:31 -04:00
Brian Fallik
84f1995e97 Update aws-ec2.html.md 
fix minor typo
 2016-10-26 15:40:40 -04:00
Raja Nadar
b8c492f8c6 doc: change data type from boolean to string (#1997) 
the api doesn't accept the boolean value. it needs a string containing a boolean value.
 2016-10-26 11:29:42 -04:00
vishalnayak
d6dfa44f7a Docs: Add port numbers to redirect_addr 2016-10-19 22:07:25 -04:00
vishalnayak
b85687a639 Docs: Update the client redirection defaults 2016-10-18 13:27:19 -04:00
Vishal Nayak
64965b889e Merge pull request #2006 from hashicorp/update-github-docs 
Update github login output in the docs
 2016-10-18 10:27:06 -04:00
Chris Hoffman
4406a39da2 Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
Vishal Nayak
24ab1610f6 Merge pull request #2010 from rajanadar/patch-5 
doc: add doc for the GET lease settings api
 2016-10-18 09:39:23 -04:00
Raja Nadar
a0bb983132 fix indentation 2016-10-15 22:58:25 -07:00
Raja Nadar
b3dd87bb59 doc: add doc for the GET lease settings api 
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
 2016-10-15 22:43:50 -07:00
Raja Nadar
4321c51c83 doc: add consistency field in get-role response 2016-10-15 01:15:58 -07:00
vishalnayak
174aa4adb1 Update github login output in the docs 2016-10-14 22:39:56 -04:00
Vishal Nayak
baece44ded Merge pull request #1988 from mp911de/issue/refdocs-approle-post-on-secret-id-destroy 
Use POST method for destroy operations in documentation
 2016-10-14 15:37:13 -04:00
vishalnayak
9b398a86d4 Update pgp-gpg concepts page to use base64 decoding instead of hex 2016-10-11 15:58:32 -04:00
Mark Paluch
7652e18aea Use POST method for destroy operations in documentation 
Use POST method as most clients (including Vault cli) cannot send a body when using the DELETE HTTP method.
 2016-10-11 17:12:07 +02:00
Laura Bennett
3bf0520bbb address feedback 2016-10-09 22:23:30 -04:00
Laura Bennett
a8813c4ff2 changes for 'mode' 2016-10-08 19:52:49 -04:00
Laura Bennett
487f0d74c1 website documentation update 2016-10-07 15:48:29 -04:00
Jeff Mitchell
f911375ca4 Update upgrade guide 2016-10-05 14:10:27 -04:00
Jeff Mitchell
37df43d534 Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
Jeff Mitchell
5ce55a2ebc Update website with breaking change information 2016-10-04 22:35:56 -04:00
Vishal Nayak
a72b7698bb Merge pull request #1961 from hashicorp/aws-ec2-auth-rsa-signature 
aws-ec2-auth using identity doc and RSA digest
 2016-10-04 15:45:12 -04:00
vishalnayak
4e471c41fb Minor doc updates 2016-10-04 15:46:09 -04:00
vishalnayak
84c8caefca Address review feedback 2016-10-04 15:05:44 -04:00
Vishal Nayak
4ffd3ec392 Merge pull request #1957 from hashicorp/website-list-userpass 
Added user listing endpoint to userpass docs
 2016-10-04 14:10:49 -04:00
vishalnayak
dda2e81895 Add only relevant certificates 2016-10-03 20:34:28 -04:00
vishalnayak
437ddeaadc aws-ec2 config endpoints support type option to distinguish certs 2016-10-03 20:25:07 -04:00
Matthew Irish
61c88389ed add documentation for cluster_name and link atlas listener docs 2016-10-03 15:04:33 -05:00
Matthew Irish
3113c8c984 document the atlas listener 2016-10-03 10:41:50 -05:00
Jeff Mitchell
0765d8e938 Switch default case of disable cluster. (#1959) 2016-10-02 14:54:01 -04:00
vishalnayak
5235b9899a Added docs for reading and deleting username 2016-09-30 16:13:57 -04:00
vishalnayak
6b0be2d5c4 Added user listing endpoint to userpass docs 2016-09-30 15:47:33 -04:00
Jeff Mitchell
905d01cf8e Update changelog and website for GH-1958 2016-09-30 15:08:38 -04:00
Jeff Mitchell
ff8b570394 Update text around cubbyhole/response 2016-09-29 17:44:15 -04:00
Chris Stevens
32f883acd9 Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection" 
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.

The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
 2016-09-29 14:05:47 -05:00
Vishal Nayak
adf868d3a0 Merge pull request #1947 from hashicorp/secret-id-lookup-delete 
Introduce lookup and destroy endpoints for secret IDs and its accessors
 2016-09-29 10:19:54 -04:00
Jeff Mitchell
60deff1bad Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
vishalnayak
d672d3c5dc Added website docs for lookup and destroy APIs 2016-09-28 22:11:48 -04:00
Michael S. Fischer
e6b39d4b3f Update documentation for required AWS API permissions 
In order for Vault to map IAM instance profiles to roles, Vault
must query the 'iam:GetInstanceProfile' API, so update the documentation
and help to include the additional permissions needed.
 2016-09-28 16:50:20 -07:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
vishalnayak
d178d1d26d Remove a mistyped character 2016-09-28 18:30:49 -04:00
Vishal Nayak
95aa7295a4 Merge pull request #1943 from hashicorp/iam-bounds-prefix 
Check for prefix match instead of exact match for IAM bound parameters
 2016-09-28 18:11:53 -04:00
vishalnayak
1887fbcd7f Check for prefix match instead of exact match for IAM bound parameters 2016-09-28 18:08:28 -04:00
Vishal Nayak
afabe50712 Merge pull request #1940 from chrishoffman/consul-doc 
Small consul doc fix
 2016-09-28 15:48:45 -04:00
Vishal Nayak
692bbc0a12 Merge pull request #1913 from hashicorp/bound-iam-instance-profile-arn 
Proper naming for bound_iam_instance_profile_arn
 2016-09-28 15:34:56 -04:00
Chris Hoffman
44774c99de Small consul doc fix 2016-09-28 15:11:39 -04:00
Laura Bennett
4cfe098ce4 Merge pull request #1931 from hashicorp/cass-consistency 
Adding consistency into cassandra
 2016-09-27 21:12:02 -04:00
Chris Hoffman
10c8024fa3 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett
6fb9364260 typo correction 2016-09-27 16:38:27 -04:00
Laura Bennett
ae97f14ebd updates to the documents 2016-09-27 16:36:20 -04:00
Vishal Nayak
92cb781be9 Merge pull request #1910 from hashicorp/secret-id-cidr-list 
CIDR restrictions on Secret ID
 2016-09-26 10:22:48 -04:00
Jeff Mitchell
273cb3c512 Add information about accessors to the token concepts page. 
Fixes #1918
 2016-09-26 10:18:38 -04:00
vishalnayak
a83acd402e Update docs to contain bound_iam_role_arn 2016-09-26 09:37:38 -04:00
vishalnayak
0d79363b1d Update website for bound_iam_instance_profile_arn 2016-09-23 11:23:59 -04:00
vishalnayak
8ce3fa75ba Store the CIDR list in the secret ID storage entry. 
Use the stored information to validate the source address and credential issue time.
Correct the logic used to verify BoundCIDRList on the role.
Reverify the subset requirements between secret ID and role during credential issue time.
 2016-09-21 20:19:26 -04:00
Jeff Mitchell
2ffc6949c0 Make HA in etcd off by default. (#1909) 
Fixes #1908

(Doesn't really "fix" it but someone from the community needs to step up
if they want to see this fixed.)
 2016-09-21 14:01:36 -04:00
Jeff Mitchell
8482118ac6 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Jeff Mitchell
425a07ce87 Update docs to reflect that there is more than one constraint for EC2 now 2016-09-20 16:11:32 -04:00
Chris Hoffman
cd567eb480 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Carlo Cabanilla
15001218e3 fix shell quoting (#1904) 
$() doesnt get evaluated in single quotes, so you need to break out of it first
 2016-09-19 17:11:16 -04:00
Jeff Mitchell
fe1b8f9bff Fix formatting 2016-09-19 13:00:50 -04:00
Jeff Mitchell
8a9df17b93 Update website docs to indicate sudo being required for auth/audit 
endpoints.
 2016-09-19 12:10:08 -04:00
Jeff Mitchell
b6eabd1ec3 Fix website display of tune paths 2016-09-16 12:03:50 -04:00
Vishal Nayak
f3306fdb31 Merge pull request #1886 from hashicorp/approle-upgrade-notes 
upgrade notes entry for approle constraint and warning on role read
 2016-09-15 12:14:01 -04:00
Vishal Nayak
5d25f8046e Merge pull request #1892 from hashicorp/role-tag-defaults 
Specify that role tags are not tied to an instance by default
 2016-09-15 12:04:41 -04:00
vishalnayak
e9c8555d12 Updated docs with nonce usage 2016-09-14 19:31:09 -04:00
vishalnayak
1499f21947 Address review feedback 2016-09-14 16:06:38 -04:00
vishalnayak
990402c41a Address review feedback 2016-09-14 15:13:54 -04:00
vishalnayak
79e8d83003 Clarify that tags can be used on all instances that satisfies constraints 2016-09-14 14:55:09 -04:00
vishalnayak
36bf0a25a5 Specify that role tags are not tied to an instance by default 2016-09-14 14:49:18 -04:00
vishalnayak
2de4c8bef2 Generate the nonce by default 2016-09-14 14:28:02 -04:00
Jeff Mitchell
941b066780 Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
vishalnayak
de334d1688 upgrade notes entry for approle constraint and warning on role read 2016-09-13 17:44:07 -04:00
vishalnayak
166d67c0a8 Ensure at least one constraint on the role 2016-09-13 16:03:15 -04:00
Jeff Mitchell
ce10ab4634 Remove old text from upgrade notes, as changes were made 2016-09-13 11:51:46 -04:00
sashman
d37d187a68 Update libraries.html.md (#1879) 2016-09-13 09:23:46 -04:00
AJ Bourg
c3bc1f0689 Small change: Fix permission vault requires. 
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
 2016-09-12 14:38:10 -06:00
Raja Nadar
0087541e6f doc: change invalid otp response code to 400 (#1863) 
invalid otp response code is 400 bad request.
 2016-09-08 11:13:13 -04:00
Raja Nadar
f42f765ec4 doc: fixing field name to security_token (#1850) 
response field is security_token, not secret_token.
 2016-09-03 22:40:57 -04:00
vishalnayak
618949ae0b Update atlas listener factory to use version with pre-release info. 2016-09-01 17:21:11 -04:00
vishalnayak
ee26c7e7b6 Remove the string 'Vault' from version information 2016-09-01 14:54:04 -04:00
Raja Nadar
4ec81141e8 doc: add keys_base64 to response json (#1824) 
add the missing fields in json response for initializing vault.
keys_base64
 2016-09-01 09:40:40 -04:00
Raja Nadar
f66e1920e2 doc: add missing version and cluster fields (#1826) 
adding the missing "version" field in json response.
also adding a new response when the unseal completes, and 2 more fields are returned. (cluster..)
 2016-09-01 09:39:26 -04:00
Raja Nadar
0e54f3ed93 doc: add missing token field to generate-root apis (#1828) 
the response is missing the encoded token field for a couple of apis.
 2016-09-01 09:39:00 -04:00
Andrew Backhouse
f8c49840fa Update index.html.md (#1819) 
Corrected a minor spelling error.
 2016-08-31 10:02:43 -04:00
Jeff Mitchell
f02bde7c78 Fix headers in aws-ec2 doc. 2016-08-30 11:53:21 -04:00
Jeff Mitchell
976876ac4b Update website with POST STS path 2016-08-30 10:37:55 -04:00
Raja Nadar
b3a5f49a3b add missing field keys_base64 to rekey operation 
fixing the json response blob in the documentation
 2016-08-28 17:38:10 -07:00
Jeff Mitchell
1a3d2b6c51 update docs 2016-08-26 17:52:42 -04:00
Jeff Mitchell
c9aa308804 Use key derivation for convergent nonce. (#1794) 
Use key derivation for convergent nonce.

Fixes #1792
 2016-08-26 14:11:03 -04:00
Jeff Mitchell
d40277a18f Plumb through the ability to set the storage read cache size. (#1784) 
Plumb through the ability to set the storage read cache size.

Fixes #1772
 2016-08-26 10:27:06 -04:00
Jeff Mitchell
e6b32964d9 Don't duplicate building info 2016-08-25 13:00:26 -04:00
Jeff Mitchell
f447d21a72 Don't allow tokens in paths. (#1783) 2016-08-24 15:59:43 -04:00
Adam Greene
d57fe391f2 fix aws-ec2 formatting around ttl (#1770) 2016-08-23 16:07:57 -04:00
Karl Falconer
fff006bd91 [Documentation] AppRole /login is unauthenticated (#1771) 2016-08-23 16:03:36 -04:00
Jeff Mitchell
58611de06d Swap push/pull. 2016-08-22 19:34:53 -04:00
Eric Peterson
4c5e2a1b7a Fix grammar (#1759) 2016-08-22 12:17:48 -04:00
Eric Peterson
09af5f9dc0 Fix spelling (#1758) 2016-08-22 11:56:37 -04:00
S
19f474433d Update tokens.html.md 
Bullet points at the end were off (probably due to some line wrapping settings somewhere)
 2016-08-22 10:47:11 -04:00
Jeff Mitchell
836e607a7e Update upgrade guide 2016-08-22 09:33:36 -04:00
vishalnayak
1a62fb64c2 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell
826146f9e8 Initial fixups, not yet done 2016-08-20 22:39:41 -04:00
Jeff Mitchell
4e4de5f41a Update location of LDAP docs in upgrade guide. 
Fixes #1656
 2016-08-19 10:31:31 -04:00
Jeff Mitchell
58a7c8999e Change uninit/sealed status codes from health endpoint 2016-08-18 12:10:23 -04:00
Martin Forssen
7f25a25301 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role> 
This parameter was not documented
 2016-08-18 13:16:58 +02:00
Brian Shumate
31f7e58be2 Add a bit of clarification 2016-08-17 16:07:30 -04:00
Jeff Mitchell
565b45d57a Add permit pool to dynamodb 2016-08-15 19:45:06 -04:00
Matt Hurne
587b481a29 AppRole documentation tweaks (#1735) 
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
 2016-08-15 16:12:08 -04:00
Jeff Mitchell
645540012f Request forwarding (#1721) 
Add request forwarding.
 2016-08-15 09:42:42 -04:00
Jeff Mitchell
1ba2ab39a1 Completely revamp token documentation 2016-08-13 17:05:31 -04:00
Jeff Mitchell
18b72519dc Merge pull request #1702 from hashicorp/renew-post-body 
Add ability to specify renew lease ID in POST body.
 2016-08-08 20:01:25 -04:00
Jeff Mitchell
7f13c4bcff Add ability to specify renew lease ID in POST body. 2016-08-08 18:00:44 -04:00
Jeff Mitchell
207d16bf8b Don't allow root from authentication backends either. 
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
 2016-08-08 17:32:37 -04:00
Jeff Mitchell
92f4a02e95 Update upgrade docs 2016-08-08 16:44:13 -04:00
Jeff Mitchell
84cd3c20b3 Remove context-as-nonce, add docs, and properly support datakey 2016-08-07 15:53:40 -04:00
Jeff Mitchell
503a13b17b Remove erroneous information about some endpoints being root-protected 2016-08-04 16:08:54 -04:00
Cameron Stokes
1b66c6534c ~secret/aws: env variable and IAM role usage 2016-08-04 13:02:07 -07:00
Jeff Mitchell
6ce0f86c0f Update DB docs with new SQL specification options 2016-08-03 15:45:56 -04:00
vishalnayak
3496bf8f16 disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell
a3069be5d5 Fix up some wording 2016-08-02 16:25:00 -04:00
vishalnayak
bc4533695c Updated token auth docs with disallowed_policies 2016-08-02 15:33:03 -04:00
Jeff Mitchell
181f90e015 Alphabetize token store docs 2016-08-01 13:37:12 -04:00
Jeff Mitchell
140351733a Add some extra safety checking in accessor listing and update website 
docs.
 2016-08-01 13:12:06 -04:00
Chris Hoffman
87b4514f44 Missing prefix on roles list 2016-07-29 11:31:26 -04:00
Jan Dudulski
382737af20 Update revoke-prefix path in doc 
Minor update to make doc up to date with v0.6
 2016-07-29 12:17:24 +02:00
Chris Hoffman
49aff132ec Preferred method is AppRole since AppId is now deprecated 2016-07-28 14:32:20 -04:00
Vishal Nayak
bd682621e0 Merge pull request #1660 from TerryHowe/ansible-module-hashivault 
Add note about Ansible module in docs
 2016-07-27 13:56:41 -04:00
Adam Greene
0e73baae5d documentation cleanup 2016-07-27 10:43:59 -07:00
Terry Howe
005352c970 Add note about Ansible module in docs 2016-07-27 10:34:13 -06:00
Laura Bennett
ce6bc51c23 Merge pull request #1650 from hashicorp/request-uuid 
Added unique identifier to each request. Closes hashicorp/vault#1617
 2016-07-27 09:40:48 -04:00
Vishal Nayak
8d0bce03be Merge pull request #1655 from hashicorp/cluster-id 
Vault cluster name and ID
 2016-07-26 14:12:48 -04:00
vishalnayak
a64fa19a0e Address review feedback from @jefferai 2016-07-26 14:05:27 -04:00
Jeff Mitchell
67c501309e Add deprecation notices for App ID 2016-07-26 10:08:46 -04:00
Jeff Mitchell
586fb4ac03 Add app-id deprecation to upgrade notes 2016-07-26 10:04:08 -04:00
vishalnayak
59930fda8f AppRole authentication backend 2016-07-26 09:32:41 -04:00
Jeff Mitchell
ecfaba1ac6 Add upgrade notes for LDAP 2016-07-25 09:07:52 -04:00
Laura Bennett
f8bc3b125e website update for request uuuid 2016-07-24 21:23:12 -04:00
Oren Shomron
005cb3e042 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
Vishal Nayak
484dc253c1 Merge pull request #1647 from hashicorp/version-in-api 
Add version information to health status
 2016-07-22 18:34:33 -04:00
vishalnayak
5b9b07e073 Updated sys/health docs 2016-07-22 18:33:29 -04:00
matt maier
a1b50427f2 Circonus integration for telemetry metrics 2016-07-22 15:49:23 -04:00
vishalnayak
d5c669038a Added service-tags config option to provide additional tags to registered service 2016-07-22 04:41:48 -04:00
Laura Bennett
c6cc73b3bd Merge pull request #1635 from hashicorp/mysql-idle-conns 
Added maximum idle connections to mysql to close hashicorp/vault#1616
 2016-07-20 15:31:37 -04:00
Laura Bennett
33ed1ffd58 minor formatting edits 2016-07-20 14:42:52 -04:00
Jeff Mitchell
a8a2886538 Merge pull request #1604 from memory/mysql-displayname-2 
concat role name and token displayname to form mysql username
 2016-07-20 14:02:17 -04:00
Nathan J. Mehl
e824f6040b use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Laura Bennett
7c2c30e5ae update documentation for idle connections 2016-07-20 12:50:07 -04:00
Nathan J. Mehl
83635c16b6 respond to feedback from @vishalnayak 
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
 2016-07-20 06:36:51 -07:00
Matt Hurne
0a55ca674b mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease 2016-07-19 12:46:54 -04:00
Matt Hurne
d23ba11a0c Merge branch 'master' into mongodb-secret-backend 2016-07-19 10:38:45 -04:00
Jeff Mitchell
1923ed3085 Update documentation around dynamodb changes 2016-07-18 14:10:55 -04:00
Jeff Mitchell
dbffe5785c Use parsebool 2016-07-18 13:49:05 -04:00
Jeff Mitchell
a347917044 Turn off DynamoDB HA by default. 
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
 2016-07-18 13:19:58 -04:00
Jeff Mitchell
f16992d6fa Merge pull request #1613 from skippy/update-aws-ec2-docs 
[Docs] aws-ec2 -- note IAM action requirement
 2016-07-18 10:40:38 -04:00
Jeff Mitchell
2dc001b388 Merge pull request #1589 from skippy/patch-2 
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
 2016-07-18 10:02:35 -04:00
Adam Greene
72bd7db1e7 [Docs] aws-ec2 -- note IAM action requirement 2016-07-13 15:52:47 -07:00
Adam Greene
71ad0989ac english tweaks 2016-07-13 15:11:01 -07:00
vishalnayak
150cba24a7 Added tls_min_version to consul storage backend 2016-07-12 20:10:54 -04:00
Nathan J. Mehl
417cf49bb7 allow overriding the default truncation length for mysql usernames 
see https://github.com/hashicorp/vault/issues/1605
 2016-07-12 17:05:43 -07:00
Jeff Mitchell
478f420912 Migrate number of retries down by one to have it be max retries, not tries 2016-07-11 21:57:14 +00:00
Jeff Mitchell
7129fd5785 Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00
Matt Hurne
57d3af8a4e Merge branch 'master' into mongodb-secret-backend 2016-07-09 21:14:21 -04:00
Jeff Mitchell
a1bbd24031 Add documentation of retry env vars 2016-07-08 10:41:11 -04:00
Matt Hurne
5a6547fdaa Merge branch 'master' into mongodb-secret-backend 2016-07-08 08:32:03 -04:00
Jeff Mitchell
9cfce6c3f3 Some policy concept page clarifications 2016-07-08 05:05:46 +00:00
Matt Hurne
2c3b5513df mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages 2016-07-07 23:09:45 -04:00
Matt Hurne
f2a3471f37 Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required 2016-07-07 22:34:00 -04:00
Matt Hurne
a130c7462a mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON 2016-07-07 22:31:35 -04:00
Matt Hurne
1751d4da68 Merge branch 'master' into mongodb-secret-backend 2016-07-07 21:24:40 -04:00
Eric Herot
1a2b13c204 Pretty sure the method to delete a token role is not GET 2016-07-07 13:54:20 -04:00
Jeff Mitchell
82f79dd55f Merge pull request #1590 from skippy/patch-3 
Update aws-ec2.html.md -- clarify pkcs7 cert cleanup before use
 2016-07-06 21:31:12 +02:00
Stig Lindqvist
1400ef0c44 Correcting grammar 2016-07-06 17:57:22 +12:00
Adam Greene
7d5209c251 Update aws-ec2.html.md 
per #1582, updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
 2016-07-05 13:21:56 -07:00
Adam Greene
4ce975bb36 Update aws-ec2.html.md 
clarify, and make more explicit, the language around the default AWS public certificate
 2016-07-05 13:14:29 -07:00
Matt Hurne
2b5b56febd mongodb secret backend: Update documentation 2016-07-05 09:50:23 -04:00
Matt Hurne
7571487c7f Merge branch 'master' into mongodb-secret-backend 2016-07-01 20:39:13 -04:00
Mark Paluch
895eac0405 Address review feedback. 
Switch ConnectTimeout to framework.TypeDurationSecond  with a default of 5. Remove own parsing code.
 2016-07-01 22:26:08 +02:00
Mark Paluch
f85b2b11d3 Support connect_timeout for Cassandra and align timeout. 
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration.  Also align the timeout to 5 seconds which is the default for the Python and Java drivers.

Fixes #1538
 2016-07-01 21:22:37 +02:00
Matt Hurne
b9d681cb9d Merge branch 'master' into mongodb-secret-backend 2016-06-30 20:23:16 -04:00
Tim Schindler
e75d4f64bd added documentation about ETCD_ADDR env var to etcd backend documentation 2016-06-30 18:46:40 +00:00
Matt Hurne
f55955c2d8 Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl' 2016-06-30 09:57:43 -04:00
Matt Hurne
4c97b1982a Add mongodb secret backend 2016-06-29 08:33:06 -04:00
Jeff Mitchell
d46eba8a42 Update PKI docs with key_usge info 2016-06-23 11:07:17 -04:00
Cameron Stokes
d9beaffa7c Minor typo - that->than. 2016-06-22 11:28:31 -07:00
Jason Antman
2a319a104b clarify some aspects of GPG key usage 2016-06-22 10:26:06 -04:00
Vishal Nayak
053f3b78aa Merge pull request #1523 from hashicorp/bind-account-id-aws-ec2 
Added bound_account_id to aws-ec2 auth backend
 2016-06-21 10:03:20 -04:00
Vishal Nayak
3558eca73c Merge pull request #1531 from hashicorp/auth-mount-tune-params 
Auth tune endpoints and config settings output from CLI
 2016-06-20 20:24:47 -04:00
vishalnayak
c37ef12834 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
Jeff Mitchell
1c15a56726 Add convergent encryption option to transit. 
Fixes #1537
 2016-06-20 13:17:48 -04:00
Mark Paluch
10ea4bf8d4 Fix RabbitMQ documentation 
Change parameter `uri` to `connection_uri` in code example.
 2016-06-19 17:45:30 +02:00
vishalnayak
664104af3a Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	website/source/docs/auth/aws-ec2.html.md
 2016-06-17 12:41:21 -04:00
vishalnayak
efaffa8f55 Added 'sys/auth/<path>/tune' endpoints. 
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
 2016-06-15 13:58:24 -04:00
Martin Forssen
84c396f6fa Fixed a number of spelling errors in aws-ec2.html.md 2016-06-15 13:32:36 +02:00
vishalnayak
0d3973b1fa Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	builtin/credential/aws-ec2/backend_test.go
	builtin/credential/aws-ec2/path_login.go
	builtin/credential/aws-ec2/path_role.go
 2016-06-14 14:46:08 -04:00
Ivan Fuyivara
6fd7e798c8 added tests, nil validations and doccumentation 2016-06-14 16:58:50 +00:00
vishalnayak
baac0975ea Added bound_account_id to aws-ec2 auth backend 2016-06-14 11:58:19 -04:00
vishalnayak
75937956aa RabbitMQ docs++ 2016-06-14 10:22:30 -04:00
Jeff Mitchell
5b7e6804e1 Add updated wrapping information 2016-06-14 05:59:50 +00:00
Jon Benson
1e61184085 Update aws-ec2.html.md 2016-06-09 23:08:08 -07:00
vishalnayak
4e38509ac2 s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN 2016-06-09 14:00:56 -04:00
vishalnayak
0bea4ff7ff Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token 2016-06-09 13:45:56 -04:00
Jeff Mitchell
9ec71452ce update sys-health docs with HEAD info 2016-06-09 12:30:23 -04:00
Jeff Mitchell
7479621705 Don't check parsability of a ttl key on write. 
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.

The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.

Fixes #1505
 2016-06-08 20:14:36 -04:00
Jeff Mitchell
4ab63c8232 Merge pull request #1504 from hashicorp/token-store-roles-renewability 
Add renewable flag to token store roles
 2016-06-08 15:56:54 -04:00
Laura Bennett
c21ef90dba Merge pull request #1498 from hashicorp/pki-list 
PKI List Functionality
 2016-06-08 15:42:50 -04:00
Jeff Mitchell
9c6a03ade9 Add renewable flag to token store roles 2016-06-08 15:17:22 -04:00
Laura Bennett
8fb5ca046c url fix 2016-06-08 14:53:33 -04:00
Jeff Mitchell
15a40fdde5 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
Laura Bennett
2b3f6d59a5 Updates for pki/certs list functionality 2016-06-08 14:37:57 -04:00
Jeff Mitchell
3a5a11529b Merge pull request #1502 from hashicorp/pr-1425 
Staging area for me to fix up PR 1425
 2016-06-08 12:31:31 -04:00
Jeff Mitchell
708375b999 Update docs 2016-06-08 12:23:04 -04:00
Jeff Mitchell
17ea8c20a4 Update docs with max_parallel 2016-06-08 12:22:18 -04:00
Jeff Mitchell
5136b8c08c Add permit pool and cleanhttp support to Swift 2016-06-08 12:20:21 -04:00
Jeff Mitchell
8103675f72 Merge remote-tracking branch 'origin/master' into pr-1425 2016-06-08 12:10:29 -04:00
Vishal Nayak
8b15722fb4 Merge pull request #788 from doubledutch/master 
RabbitMQ Secret Backend
 2016-06-08 10:02:24 -04:00
Jeff Mitchell
83771f1e72 Add more entries to the 0.6 upgrade notes 2016-06-06 16:04:02 -04:00
Vinay Hiremath
eae87ca9b8 Small grammatical error 
"invaliding" => "invalidating"
 2016-06-03 11:07:54 -07:00
Jeff Mitchell
4d5686452b Merge pull request #1324 from hashicorp/sethvargo/doc_gpg 
Add a page for step-by-step gpg/keybase
 2016-06-03 13:24:57 -04:00
Jeff Mitchell
bcf7f3ddb9 Make some updates to PGP documentation 2016-06-03 13:23:20 -04:00
vishalnayak
ab017967e4 Provide option to disable host key checking 2016-06-01 11:08:24 -04:00
vishalnayak
386abbad9e Address review feedback 2016-06-01 10:36:58 -04:00
vishalnayak
5500df40cb rename aws.html.md as aws-ec2.html.md 2016-05-30 14:11:15 -04:00
vishalnayak
b3ca9cf14b Rename aws as aws-ec2 2016-05-30 14:11:15 -04:00
vishalnayak
8ae663f498 Allow * to be set for allowed_users 2016-05-30 03:12:43 -04:00
vishalnayak
c945b8b3f2 Do not allow any username to login if allowed_users is not set 2016-05-30 03:01:47 -04:00
Jeff Mitchell
77981d56aa Remove reference to cookies altogether 
Fixes #1437
 2016-05-26 09:29:41 -04:00
vishalnayak
ce5152212c Typo fix: s/Vault/Consul 2016-05-24 18:22:20 -04:00
Seth Vargo
5cfd4b597e
Use updated architecture diagram 
As much as we love @armon's omnigraffle, this new diagram better matches
the Vault branding 😄.
 2016-05-23 20:10:51 -04:00
Kevin Pike
493f69c657 Update rabbitmq lease docs 2016-05-20 23:28:41 -07:00
Jeff Mitchell
205ba863ea Add cubbyhole wrapping documentation 2016-05-19 13:33:51 -04:00
Jeff Mitchell
8c3e9c4753 Merge pull request #1318 from steve-jansen/aws-logical-assume-role 
Add sts:AssumeRole support to the AWS secret backend
 2016-05-19 12:17:27 -04:00
Stuart Glenn
5d4fc775b7 Add documentation on Swift backend configuration 2016-05-16 17:29:40 -05:00
Sean Chittenden
339c0a4127
Speling police 2016-05-15 09:58:36 -07:00
Vishal Nayak
943789a11e Merge pull request #1300 from hashicorp/aws-auth-backend 
AWS EC2 instances authentication backend
 2016-05-14 19:42:03 -04:00
vishalnayak
b53f0cb624 Rename 'role_name' to 'role' 2016-05-13 14:31:13 -04:00
Jeff Mitchell
5bf134a00f Merge pull request #1407 from z00m1n/patch-1 
fix PostgreSQL sample code
 2016-05-12 17:07:48 -07:00
cmclaughlin
2bc546c55c Document configuring listener to use a CA cert 2016-05-12 15:34:47 -07:00
Steven Samuel Cole
131108373e fix PostgreSQL sample code 
The current sample configuration line fails with `Error initializing backend of type postgresql: failed to check for native upsert: pq: unsupported sslmode "disabled"; only "require" (default), "verify-full", "verify-ca", and "disable" supported`.
 2016-05-12 23:22:41 +02:00
vishalnayak
4aa01d390a Update docs and path names to the new patterns 2016-05-12 11:45:10 -04:00
Jeff Mitchell
67a746be30 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
vishalnayak
7a10134f87 Merge branch 'master-oss' into aws-auth-backend 2016-05-10 14:50:00 -04:00
Jeff Mitchell
9de0ea081a Don't revoke CA certificates with leases. 2016-05-09 19:53:28 -04:00
Jeff Mitchell
3ca09fdf30 Merge pull request #1346 from hashicorp/disable-all-caches 
Disable all caches
 2016-05-07 16:33:45 -04:00
Steve Jansen
69740e57e0 Adds sts:AssumeRole support to the AWS secret backend 
Support use cases where you want to provision STS tokens
using Vault, but, you need to call AWS APIs that are blocked
for federated tokens.  For example, STS federated tokens cannot
invoke IAM APIs, such as  Terraform scripts containing
`aws_iam_*` resources.
 2016-05-05 23:32:41 -04:00
Jeff Mitchell
50e3f7d40e Merge remote-tracking branch 'origin/master' into aws-auth-backend 2016-05-05 10:04:52 -04:00
Chris Jansen
0ea77f7dda Add scala vault library to list of client libs 2016-05-04 18:04:28 +01:00
Jeff Mitchell
37d425f873 Update website docs re token store role period parsing 2016-05-04 02:17:20 -04:00
vishalnayak
ef83605f58 Change image/ to a more flexible /role endpoint 2016-05-03 23:36:59 -04:00
Jeff Mitchell
b18854be70 Plumb disabling caches through the policy store 2016-05-02 22:36:44 -04:00
vishalnayak
7945e4668a Allow custom endpoint URLs to be supplied to make EC2 API calls 2016-05-02 17:21:52 -04:00
Jeff Mitchell
7fd49439f6 Merge branch 'master-oss' into aws-auth-backend 2016-04-29 14:23:16 +00:00
Jeff Mitchell
a0db3f10dc Fix fetching parameters in token store when it's optionally in the URL 2016-04-28 15:15:37 -04:00
vishalnayak
0b44a62e8f Added allow_instance_migration to the role tag 2016-04-28 11:43:48 -04:00
vishalnayak
a2c024ff96 Updated docs 2016-04-28 11:25:47 -04:00
vishalnayak
329361f951 Removed existence check on blacklist/roletags, docs fixes 2016-04-27 21:29:32 -04:00
vishalnayak
06a174c2f0 tidy endpoint fixes 2016-04-26 10:22:29 -04:00
vishalnayak
4f46bbaa32 Added cooldown period for periodic tidying operation 2016-04-26 10:22:29 -04:00
vishalnayak
7c39fffe0d Removed redundant AWS public certificate. Docs update. 2016-04-26 10:22:29 -04:00
vishalnayak
cd3e9e3b5b Support providing multiple certificates. 
Append all the certificates to the PKCS#7 parser during signature verification.
 2016-04-26 10:22:29 -04:00
Jeff Mitchell
1e50a88e6b Updating to docs 2016-04-26 10:22:29 -04:00
vishalnayak
9a988ffdee Docs update 2016-04-26 10:22:29 -04:00
Sean Chittenden
00d1e5abd7 Change to the pre-0.6.4 Consul Check API 
Consul is never going to pass in more than 1K of output.  This mitigates the pre-0.6.4 concern.
 2016-04-25 18:01:13 -07:00
Sean Chittenden
f1c170e003 Add a small bit of wording re: disable_registration 
Consul service registration for Vault requires Consul 0.6.4.
 2016-04-25 18:01:13 -07:00
Sean Chittenden
529f3e50c4 Provide documentation and example output 2016-04-25 18:01:13 -07:00
Sean Chittenden
53dd43650e Various refactoring to clean up code organization 
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
 2016-04-25 18:01:13 -07:00
Sean Chittenden
f2dc2f636e Comment nits 2016-04-25 18:00:54 -07:00
Jeff Mitchell
a036704426 Merge pull request #1266 from sepiroth887/azure_backend 
added Azure Blobstore backend support
 2016-04-25 15:53:09 -04:00
Jeff Mitchell
6e1288d23f Merge pull request #1282 from rileytg/patch-1 
change github example team to admins
 2016-04-25 15:45:01 -04:00
Sean Chittenden
8611270e58 Wordsmith the docs around the list command. 
Prompted by: feedback from conference attendees at PGConf '16
 2016-04-20 18:13:58 -04:00
Jeff Mitchell
b44d2c01c0 Use UseNumber() on json.Decoder to have numbers be json.Number objects 
instead of float64. This fixes some display bugs.
 2016-04-20 18:38:20 +00:00
Jeff Mitchell
ccce78a6d0 Add vault-php-sdk to libraries page 2016-04-20 13:59:39 +00:00
Jeff Mitchell
e702a63320 Backtick "region" in S3 config 2016-04-15 17:03:35 -04:00
Jeff Mitchell
110c483ffc Update cert website docs 2016-04-13 16:28:23 +00:00
Seth Vargo
a262d36288 Not strictly required 2016-04-12 21:55:04 +01:00
Seth Vargo
a263c9e6d4 Add a page for step-by-step gpg/keybase 2016-04-12 21:44:07 +01:00
Simon Dick
5f936c4a07 Should be renew not revoke 2016-04-12 14:04:26 +01:00
Adam Kunicki
08af95b9e0 Add unofficial client library written in Kotlin 
I've been working on a Vault client written in Kotlin. Still a work in progress but will soon be on-par with the official Ruby client.
 2016-04-11 09:37:42 -07:00
Christopher "Chief" Najewicz
14ae646878 Update github doc with note about slugifying team 2016-04-10 11:11:40 -04:00
Kevin Pike
a557bdebcc Remove example parameters 2016-04-08 09:49:10 -07:00
Kevin Pike
862afdb355 Support verify_connection flag 2016-04-08 09:44:15 -07:00
Kevin Pike
9733770010 Fix RabbitMQ documentation 
PostgreSQL -> RabbitMQ
 2016-04-08 09:30:20 -07:00
Kevin Pike
ae6b145b6f Fix RabbitMQ URLs 2016-04-08 09:29:00 -07:00
Kevin Pike
a20f2bc6bd Merge branch 'master' of github.com:doubledutch/vault 2016-04-08 09:25:28 -07:00
Sean Chittenden
4e6d8b9e70 Merge pull request #1297 from hashicorp/f-bsd-mlock 
F bsd mlock
 2016-04-06 13:57:34 -07:00
Sean Chittenden
1f61222625 Clarify that Darwin and BSD are supported w/ mlock 
Word smith a tad.
 2016-04-05 22:18:44 -07:00
vishalnayak
5f1829af67 Utility Enhancements 2016-04-05 20:32:59 -04:00
Jeff Mitchell
9803b9fceb Merge pull request #1293 from gliptak/patch-2 
Correct typo in base64 parameters
 2016-04-05 09:38:00 -04:00
Gábor Lipták
6ce11ee680 Correct typo in base64 parameters 2016-04-05 09:20:43 -04:00
Gábor Lipták
bda3af7dbb Update transit read key output 2016-04-05 09:16:47 -04:00
Jeff Mitchell
bfae0223da Merge pull request #1290 from steve-jansen/patch-2 
Adds note on GH-1102 fix to secret/aws doc
 2016-04-05 08:37:39 -04:00
Steve Jansen
03da496bd2 Adds note on GH-1102 fix to secret/aws doc 
Add note related to #1102, which leads to a non-obvious AWS error message on 0.5.0 or earlier.
 2016-04-04 21:30:41 -04:00
Steve Jansen
64b472dc57 Fix typo in iam permission for STS 2016-04-04 21:20:26 -04:00
Riley Guerin
e62254a565 fix typo 2016-04-01 07:49:25 -07:00
Riley Guerin
5061b670db change github example team to admins 
somewhat recently github has gone away from the previous model of an "owners" team 
https://help.github.com/articles/converting-your-previous-owners-team-to-the-improved-organization-permissions/

you can be an "Owner" of the org still but this does not map to vault as one *might* expect given these docs
 2016-04-01 07:48:54 -07:00
Jeff Mitchell
da00982529 Update 0.6 upgrade info 2016-04-01 10:11:32 -04:00
Jeff Mitchell
9075a8fbff Add revoke-prefix changelog/website info 2016-04-01 10:06:29 -04:00
Jeff Mitchell
de5bba4162 Documentation update 2016-03-31 18:07:43 -04:00
Gérard de Vos
57215ac0aa Update index.html.md 
According to the source it is expecting a description. log_raw is one of the options.
 2016-03-31 14:19:03 +02:00
Gérard de Vos
f0e3d4abb3 Update index.html.md 
description -> log_raw
 2016-03-31 14:06:19 +02:00
Tobias Haag
7a82733e4d added Azure backend support 
updated Godeps
added website docs
updated vendor
 2016-03-30 19:49:38 -07:00
Vishal Nayak
111f5be80d Merge pull request #1268 from hashicorp/fix-audit-doc 
Fix audit docs
 2016-03-30 00:55:39 -04:00
vishalnayak
26ae455234 Fix audit docs 2016-03-30 00:54:40 -04:00
Vishal Nayak
6b8f3dbe1d Revert "Change mysql connection to match new" 2016-03-23 15:18:09 -04:00
Chris Mague
a681090e3b Change mysql connection to match new 
Documentation update to reflect mysql config connection from the old to the newer format
 2016-03-23 12:09:06 -07:00
Amit Khare
3bd2eee4ac Update userpass.html.md 2016-03-23 10:47:28 -04:00
Christian Winther
3dd08c2924 Update sys-step-down.html.md 2016-03-20 18:02:32 +01:00
Cem Ezberci
efda0f1a61 Fix a typo 2016-03-19 21:24:17 -07:00
Jeff Mitchell
385d80abb6 Add some clarification to advertise_addr 2016-03-19 10:21:51 -04:00
Jeff Mitchell
49d1e7a087 Some generic docs updates 2016-03-18 09:57:21 -04:00