mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-23 15:41:07 +02:00
Code Issues Projects Releases Wiki Activity
9,692 Commits 2,840 Branches 445 Tags
Commit Graph

9692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeff Mitchell
08a81a3364 Update transit backend documentation, and also return the min decryption 
value in a read operation on the key.
 2015-09-21 16:13:43 -04:00
Jeff Mitchell
a57eb45b50 Add API endpoint documentation to cubbyhole 2015-09-21 16:13:36 -04:00
Jeff Mitchell
e4cab7afe5 Add API endpoint documentation to generic 2015-09-21 16:13:29 -04:00
Vishal Nayak
d71e1b9b55 Merge pull request #629 from hashicorp/token-create-sudo 
TokenStore: Provide access based on sudo permissions and not policy name
 2015-09-21 10:12:29 -04:00
vishalnayak
33b7705474 Take ClientToken instead of Policies 2015-09-21 10:04:03 -04:00
Jeff Mitchell
c2f74828a4 Fix up per-backend timing logic; also fix error in TypeDurationSecond in 
GetOkErr.
 2015-09-21 09:55:03 -04:00
Jeff Mitchell
97ecc3d72d Add clarity to the lease concepts document. 2015-09-21 08:56:26 -04:00
Jeff Mitchell
6ac419d9b8 Merge pull request #630 from hashicorp/barrier-pathing 
Bump AESGCM version; include path in the GCM tags.
 2015-09-21 08:39:30 -04:00
Jeff Mitchell
bc00f750c3 Merge pull request #632 from hashicorp/sethvargo/faster_deploy 
Use a faster middleman deploy
 2015-09-20 14:36:40 -04:00
Seth Vargo
a36a762313 Use a faster middleman deploy 2015-09-20 14:09:35 -04:00
vishalnayak
a0a05438cc Using core's logger 2015-09-19 19:01:36 -04:00
vishalnayak
7060670515 Abstraced SudoPrivilege to take list of policies 2015-09-19 18:23:44 -04:00
vishalnayak
b3647b3323 Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 17:53:24 -04:00
Jeff Mitchell
b03d89d974 Bump AESGCM version; include path in the GCM tags. 2015-09-19 17:04:37 -04:00
vishalnayak
6bb58f9e69 fix broken tests 2015-09-19 12:33:52 -04:00
Jeff Mitchell
f966c61e27 Allow tuning of auth mounts, to set per-mount default/max lease times 2015-09-19 11:50:50 -04:00
Jeff Mitchell
aaf06a2c9e Merge pull request #627 from hashicorp/enhance-audit-security 
Enhance audit security with hmac-sha256 on secrets
 2015-09-19 11:30:30 -04:00
Jeff Mitchell
743e7f99b6 Use hmac-sha256 for protecting secrets in audit entries 2015-09-19 11:29:31 -04:00
vishalnayak
4474e04ed1 TokenStore: Provide access based on sudo permissions and not policy name 2015-09-19 11:14:51 -04:00
Jeff Mitchell
49ec196016 Changes to salt to clean up HMAC stuff. 2015-09-18 18:13:10 -04:00
Jeff Mitchell
1a22cb0b12 Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass. 2015-09-18 17:38:30 -04:00
Jeff Mitchell
a4ca14cfbc Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash. 2015-09-18 17:38:22 -04:00
Jeff Mitchell
d62f533a6f Store token creation time and TTL. This can be used to properly populate 
fields in 'lookup-self'. Importantly, this also makes credential
backends use the SystemView per-backend TTL values and fixes unit tests
to expect this.

Fully fixes #527
 2015-09-18 16:39:35 -04:00
Jeff Mitchell
f454e8d1ba Merge pull request #626 from hashicorp/f-transit-enhancements 
Enhancements to the transit backend
 2015-09-18 14:48:24 -04:00
Jeff Mitchell
fa6cbba286 Move no_plaintext to two separate paths for datakey. 2015-09-18 14:41:05 -04:00
Jeff Mitchell
b8fe460170 Add datakey generation to transit. 
Can specify 128 bits (defaults to 256) and control whether or not
plaintext is returned (default true).

Unit tests for all of the new functionality.
 2015-09-18 14:41:05 -04:00
Jeff Mitchell
82d1f28fb6 Remove enable/disable and make deletion_allowed a configurable property. On read, return the version and creation time of each key 2015-09-18 14:41:05 -04:00
Jeff Mitchell
46073e4470 Enhance transit backend: 
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
 2015-09-18 14:41:05 -04:00
Jeff Mitchell
4836e7ca4d Make TLS backend honor SystemView default values. Expose lease TTLs on read. Make auth command show lease TTL if one exists. Addresses most of #527 2015-09-18 14:01:28 -04:00
Vishal Nayak
0f3a28f7df Merge pull request #623 from hashicorp/userpass-renewal 
Vault userpass: Enable renewals for login tokens
 2015-09-17 16:41:09 -04:00
vishalnayak
16f531da3d Userpass Bk: Added tests for TTL duration verifications 2015-09-17 16:33:26 -04:00
vishalnayak
f731c672cf Throw error if system view boundaries are violated 2015-09-17 15:47:36 -04:00
vishalnayak
714aff570b Vault userpass: Enable renewals for login tokens 2015-09-17 14:35:50 -04:00
Jeff Mitchell
913989e4b0 Add revoke-self endpoint. 
Fixes #620.
 2015-09-17 13:22:30 -04:00
Vishal Nayak
91b9acf34b Merge pull request #624 from hashicorp/vault-i583 
CLI: Avoiding CR when printing specific fields
 2015-09-17 11:47:51 -04:00
vishalnayak
fee64e16c2 Adding type checking to ensure only BasicUi is affected 2015-09-17 11:37:21 -04:00
vishalnayak
fd6a63550c Error on violating SysView boundaries 2015-09-17 11:24:46 -04:00
vishalnayak
fceaea733e CLI: Avoiding CR when printing specific fields 2015-09-17 10:05:56 -04:00
Jeff Mitchell
bb1ac0b759 Merge pull request #606 from tsilen/renew-etcd-semaphore-key 
Renew the semaphore key periodically
 2015-09-17 10:00:06 -04:00
vishalnayak
586c1a6889 Vault userpass: Enable renewals for login tokens 2015-09-16 23:55:35 -04:00
Jeff Mitchell
46de06aed7 Merge pull request #622 from Poohblah/log-level-help 
improve documentation for available log levels
 2015-09-16 15:15:36 -04:00
hendrenj
2925912b6b improve documentation for available log levels 2015-09-16 11:01:33 -06:00
Jeff Mitchell
7857419c0a Restrict orphan revocation to root tokens 2015-09-16 09:22:15 -04:00
Seth Vargo
a87798c724 Merge pull request #621 from jklein/patch-1 
Grammar fix
 2015-09-15 20:54:24 +01:00
Jonathan Klein
5af8601128 Grammar fix 2015-09-15 15:53:27 -04:00
Jeff Mitchell
3e12ce4f36 Merge pull request #612 from hashicorp/f-cubby 
Implement the cubbyhole backend
 2015-09-15 14:04:07 -04:00
Jeff Mitchell
f639383d45 Directly pass the cubbyhole backend to the token store and bypass logic in router 2015-09-15 13:50:37 -04:00
Jeff Mitchell
6b00838e27 Move more cubby logic outside of router into auth setup 2015-09-15 13:50:37 -04:00
Jeff Mitchell
19eb1cf5be Cleanup; remove everything but double-salting from the router and give 
the token store cubby backend information for direct calling.
 2015-09-15 13:50:37 -04:00
Jeff Mitchell
c80fdb4bdc Add documentation for cubbyhole 2015-09-15 13:50:37 -04:00