These don't do anything but reject requests:
> The server will not issue certificates for the identifier:
> role (something) will not issue certificate for name
> xps15.local.cipherboy.com
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add notes on PKI performance and key types
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add ACME Public Internet section
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on importance of tidy
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on cluster scalability
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note about server log location
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Fix ToC, finish public ACME discussion
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on role restrictions and ACLs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on security considerations of ACME
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add consideration note about cluster URLs
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note on 90 day certificates
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add note about client counts and ACME
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* VAULT-15546 First pass at Vault Proxy docs
* VAULT-15546 correct errors
* VAULT-15546 fully qualify paths
* VAULT-15546 remove index
* VAULT-15546 Some typos and clean up
* VAULT-15546 fix link
* VAULT-15546 Add redirects so old links stay working
* VAULT-15546 more explicit redirects
* VAULT-15546 typo fixes
* Suggestions for Vault Agent & Vault Proxy docs (#20612)
* Rename 'agentandproxy' to 'agent-and-proxy' for better URL
* Update the index pages for each section
* VAULT-15546 fix link typo
---------
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
* Update elasticdb.mdx
Remove success message of vault write operations from text blocks to better support copy&paste to console
* Update code block types
---------
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
* Docs - update ldap page to add clarity around sAMAccountName
Updated https://developer.hashicorp.com/vault/docs/secrets/ldap#active-directory-ad-1 to clarify customers configure username properly using username_template when sAMAccountName is involved.
* Docs - edit on last update for ldap page
Fixed the link /vault/docs/concepts/username-templating
* Document 'managed_key' key type for transit. Document new 'usages' parameter when creating a managed key in the system backend.
* Document new managed key parameters for transit managed key rotation.
* Remove dynamic keys from SSH Secrets Engine
This removes the functionality of Vault creating keys and adding them to
the authorized keys file on hosts.
This functionality has been deprecated since Vault version 0.7.2.
The preferred alternative is to use the SSH CA method, which also allows
key generation but places limits on TTL and doesn't require Vault reach
out to provision each key on the specified host, making it much more
secure.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Remove dynamic ssh references from documentation
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Remove dynamic key secret type entirely
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Clarify changelog language
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add removal notice to the website
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
---------
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* Add documentation for KMIP features implemented in 1.13
* Add release version for key format types
* Fix syntax
* Add supported hashing algorithms and padding methods
* Fix formatting
* Add nit picks from review feedback
* add compatibility info to consul service reg docs
* fix alert formatting
* add consul dataplane compatibility partial
* add compat partial to more consul doc pages
* fix links
* Add known issue about PKI secrets engine with Consul
* Added KB article URL
* Update website/content/docs/secrets/pki/index.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
Thanks to Khai Tran for identifying that syslogging has a lower limit
on message size and sometimes large CRLs can hit that limit.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
