mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-18 12:37:02 +02:00
Code Issues Projects Releases Wiki Activity
17,641 Commits 2,844 Branches 445 Tags 454 MiB
a2de4c75cd
Commit Graph

50 Commits

Author SHA1 Message Date
Anton Averchenkov
1a2c60dae5
openapi: Add display attributes for SSH plugin (#19543) 2023-04-10 14:18:00 -04:00
Hamid Ghaf
e55c18ed12
adding copyright header (#19555) 
* adding copyright header

* fix fmt and a test
 2023-03-15 09:00:52 -07:00
Alexander Scheel
8e7f2076a2
Remove dynamic keys from SSH Secrets Engine (#18874) 
* Remove dynamic keys from SSH Secrets Engine

This removes the functionality of Vault creating keys and adding them to
the authorized keys file on hosts.

This functionality has been deprecated since Vault version 0.7.2.

The preferred alternative is to use the SSH CA method, which also allows
key generation but places limits on TTL and doesn't require Vault reach
out to provision each key on the specified host, making it much more
secure.

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove dynamic ssh references from documentation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove dynamic key secret type entirely

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Clarify changelog language

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add removal notice to the website

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
 2023-01-31 16:02:22 -05:00
Lars Lehtonen
7ca2caf3d0
builtin: deprecate errwrap.Wrapf() throughout (#11430) 
* audit: deprecate errwrap.Wrapf()

* builtin/audit/file: deprecate errwrap.Wrapf()

* builtin/crediential/app-id: deprecate errwrap.Wrapf()

* builtin/credential/approle: deprecate errwrap.Wrapf()

* builtin/credential/aws: deprecate errwrap.Wrapf()

* builtin/credentials/token: deprecate errwrap.Wrapf()

* builtin/credential/github: deprecate errwrap.Wrapf()

* builtin/credential/cert: deprecate errwrap.Wrapf()

* builtin/logical/transit: deprecate errwrap.Wrapf()

* builtin/logical/totp: deprecate errwrap.Wrapf()

* builtin/logical/ssh: deprecate errwrap.Wrapf()

* builtin/logical/rabbitmq: deprecate errwrap.Wrapf()

* builtin/logical/postgresql: deprecate errwrap.Wrapf()

* builtin/logical/pki: deprecate errwrap.Wrapf()

* builtin/logical/nomad: deprecate errwrap.Wrapf()

* builtin/logical/mssql: deprecate errwrap.Wrapf()

* builtin/logical/database: deprecate errwrap.Wrapf()

* builtin/logical/consul: deprecate errwrap.Wrapf()

* builtin/logical/cassandra: deprecate errwrap.Wrapf()

* builtin/logical/aws: deprecate errwrap.Wrapf()
 2021-04-22 11:20:59 -04:00
Brian Kassouf
a24653cc5c
Run a more strict formatter over the code (#11312) 
* Update tooling

* Run gofumpt

* go mod vendor
 2021-04-08 09:43:39 -07:00
Anthony Dong
9950383f6a ssh backend: support at character in role name (#8038) 2020-01-21 11:46:29 +01:00
Jeff Mitchell
278bdd1f4e
Switch to go modules (#6585) 
* Switch to go modules

* Make fmt
 2019-04-13 03:44:06 -04:00
Jeff Mitchell
170521481d
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jim Kalafut
a54603039d Run goimports across the repository (#6010) 
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
 2019-01-08 16:48:57 -08:00
Vishal Nayak
e2bb2ec3b9
Errwrap everywhere (#4252) 
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
 2018-04-05 11:49:21 -04:00
Brian Kassouf
c0815bd2b0
Add context to the NewSalt function (#4102) 2018-03-08 11:21:11 -08:00
Brian Kassouf
8142b42d95 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Brian Kassouf
78adac0a24
Pass context to backends (#3750) 
* Start work on passing context to backends

* More work on passing context

* Unindent logical system

* Unindent token store

* Unindent passthrough

* Unindent cubbyhole

* Fix tests

* use requestContext in rollback and expiration managers
 2018-01-08 10:31:38 -08:00
Jeff Mitchell
eb0e7cd0d2 Don't write salts in initialization, look up on demand (#2702) 2017-05-09 17:51:09 -04:00
Jeff Mitchell
2fbd973001 Add logic to skip initialization in some cases and some invalidation logic 2017-05-05 15:01:52 -04:00
vishalnayak
b408c95e0d ssh: Use temporary file to store the identity file 2016-10-18 12:50:12 -04:00
vishalnayak
b632ef58e4 Add allowed_roles to ssh-helper-config and return role name from verify call 2016-07-05 11:14:29 -04:00
vishalnayak
8ae663f498 Allow * to be set for allowed_users 2016-05-30 03:12:43 -04:00
vishalnayak
c945b8b3f2 Do not allow any username to login if allowed_users is not set 2016-05-30 03:01:47 -04:00
Jeff Mitchell
2eb08d3bde Make backends much more consistent: 
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
 2016-01-29 20:03:37 -05:00
Jeff Mitchell
21f91f73bb Update deps, and adjust usage of go-uuid to match new return values 2016-01-13 13:40:08 -05:00
Jeff Mitchell
45e32756ea WriteOperation -> UpdateOperation 2016-01-08 13:03:03 -05:00
Jeff Mitchell
a0308e6858 Migrate 'uuid' to 'go-uuid' to better fit HC naming convention 2015-12-16 12:56:20 -05:00
Jeff Mitchell
0ea4271ddb Use split-out hashicorp/uuid 2015-10-12 14:07:12 -04:00
Jeff Mitchell
fa53293b7b Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
vishalnayak
22ff8fc8ad Vault SSH: Store roles as slice of strings 2015-08-31 17:03:46 -04:00
vishalnayak
f72befc9c6 Vault SSH: ZeroAddress CRUD test 2015-08-30 14:20:16 -04:00
vishalnayak
79be357030 Vault SSH: Zeroaddress roles and CIDR overlap check 2015-08-29 15:24:15 -04:00
vishalnayak
1226251d14 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
vishalnayak
630f348dbf Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
Jeff Mitchell
99041b5b6d Merge pull request #561 from hashicorp/fix-wild-cards 
Allow hyphens in endpoint patterns of most backends
 2015-08-21 11:40:42 -07:00
vishalnayak
41678f18ae Vault: Fix wild card paths for all backends 2015-08-21 00:56:13 -07:00
Jeff Mitchell
97112665e8 Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod 2015-08-20 18:00:51 -07:00
vishalnayak
d63726b41b Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak
a98b3befd9 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
vishalnayak
ffaf80167d Vault SSH: CLI embellishments 2015-08-13 16:55:47 -07:00
vishalnayak
3958136a78 Vault SSH: Introduced allowed_users option. Added helpers getKey and getOTP 2015-08-13 14:18:30 -07:00
vishalnayak
9b1ea2f20c Vault SSH: Helper for OTP creation and role read 2015-08-13 11:12:30 -07:00
vishalnayak
3d77058773 Vault SSH: Mandate default_user. Other refactoring 2015-08-13 10:36:31 -07:00
vishalnayak
2dd82aeb9a Vault SSH: cidr to cidr_list 2015-08-13 08:46:55 -07:00
vishalnayak
1a1ce742dd Vault SSH: Default lease duration, policy/ to role/ 2015-08-12 17:36:27 -07:00
vishalnayak
d1b75e9d28 Vault SSH: Default lease of 5 min for SSH secrets 2015-08-12 17:10:35 -07:00
vishalnayak
0542fd8389 Vault SSH: uninstall dynamic keys using script 2015-08-06 15:50:12 -04:00
vishalnayak
c26782acad Vault SSH: Script to install dynamic keys in target 2015-08-06 14:48:19 -04:00
vishalnayak
8dbbb8b8e6 Vault SSH: CRUD test case for OTP Role 2015-07-31 13:24:23 -04:00
vishalnayak
9aa02ad560 Vault SSH: Review Rework 2015-07-29 14:21:36 -04:00
Vishal Nayak
6a91529f4e Vault SSH: admin_user/default_user fix 2015-07-27 15:03:10 -04:00
Vishal Nayak
6c5548ca7b Vault SSH: Refactoring 2015-07-27 13:02:31 -04:00
Vishal Nayak
0a4854e542 Vault SSH: Dynamic Key test case fix 2015-07-24 12:13:26 -04:00
Vishal Nayak
9d4c5f718b Vault SSH: keys/ designated special path 2015-07-23 18:12:13 -04:00