mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-19 21:51:09 +02:00
Code Issues Projects Releases Wiki Activity
9,692 Commits 2,844 Branches 445 Tags
Commit Graph

9692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mitchell Hashimoto
fb32e64f74 api: logical Read/Write 2015-03-15 19:47:32 -07:00
Mitchell Hashimoto
dba2b5d315 http: 404 if reading secret that doesn't exist 2015-03-15 19:42:24 -07:00
Mitchell Hashimoto
0584cea42c vault: fix merge conflict + pass tests 2015-03-15 19:38:23 -07:00
Mitchell Hashimoto
05d37bf9f1 http: generic read/write endpoint for secrets 2015-03-15 19:35:04 -07:00
captainill
e165e89f08 update tagline margin 2015-03-15 19:17:16 -07:00
captainill
e2b8ec7418 update logo-lockup and add css dots 2015-03-15 19:16:00 -07:00
Armon Dadgar
210e2ac994 vault: Merge conflict 2015-03-15 18:06:19 -07:00
Armon Dadgar
2b8db4831c vault: Assign renew time 2015-03-15 18:05:31 -07:00
Mitchell Hashimoto
1be431df51 vault: system using the framework 2015-03-15 17:35:59 -07:00
Mitchell Hashimoto
2d92c2ee10 fix all tests 2015-03-15 17:10:33 -07:00
Mitchell Hashimoto
e7f7f7a221 vault: passthrough backend uses logical/framework 2015-03-15 17:07:54 -07:00
Mitchell Hashimoto
1f88dd2d92 logical/testing: acceptance testttttttt 2015-03-15 16:52:19 -07:00
Mitchell Hashimoto
12566c645c logical/framework, logical/testing 2015-03-15 16:39:49 -07:00
Mitchell Hashimoto
4eaa25eb2c vault: can pass in the backends 2015-03-15 16:25:38 -07:00
Mitchell Hashimoto
0496a0837a helper/backend: use logical package 2015-03-15 14:57:19 -07:00
Mitchell Hashimoto
69f62d8872 vault: rename SystemBackend2 to SystemBackend 2015-03-15 14:54:49 -07:00
Mitchell Hashimoto
9b42fe3c99 vault: convert to logical.Request and friends 2015-03-15 14:53:41 -07:00
Mitchell Hashimoto
4811f2453b vault: convert system to logical.Backend 2015-03-15 14:42:05 -07:00
Mitchell Hashimoto
68918feebe vault: Passthrough backend uses logical.Backend 2015-03-15 14:27:06 -07:00
Mitchell Hashimoto
5ce1b65e5d vault: incremental change to get closer to logical structs 2015-03-15 14:27:06 -07:00
Mitchell Hashimoto
923ff65959 logical: put structs here, vault uses them 2015-03-15 14:27:06 -07:00
JT
6aacbffde4 update hero 2015-03-15 14:16:58 -07:00
Mitchell Hashimoto
cdd633175b vault: make mount functions private again, going to try something else 2015-03-14 18:31:31 -07:00
Mitchell Hashimoto
6ce4fc63cb vault: don't copy the key so it can be zeroed, document, add helper 2015-03-14 18:25:55 -07:00
captainill
b82c471d42 Merge branch 'master' of github.com:hashicorp/vault 2015-03-14 18:17:18 -07:00
captainill
511d9d2754 docs sidebar new animation/cleanup 2015-03-14 18:16:58 -07:00
Mitchell Hashimoto
7cd30fe035 vault: public TestCoreUnsealed, don't modify key in Unseal 
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
 2015-03-14 17:47:11 -07:00
captainill
c5b188ba1c fix js 2015-03-14 17:37:22 -07:00
Mitchell Hashimoto
b3aa46abdb vault: make Mount related core functions public 
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.

The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.

If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.

The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
 2015-03-14 17:26:59 -07:00
Mitchell Hashimoto
5e804c26e9 helper/backend: start acceptance test framework 2015-03-14 17:18:19 -07:00
Mitchell Hashimoto
8ecbb9d2d1 helper/backend: auto-generate help route 2015-03-14 10:12:50 -07:00
Mitchell Hashimoto
0890ece955 helper/backend: one callback per operation 2015-03-14 00:19:25 -07:00
Mitchell Hashimoto
24f7ddfd8c helper/backend: HandleRequest works 2015-03-13 23:58:20 -07:00
Mitchell Hashimoto
da2c1d4896 helper/backend: store captures for a path 2015-03-13 23:48:49 -07:00
Mitchell Hashimoto
f19c63de4a helper/backend: cache route regexps (98% speedup) 
benchmark                 old ns/op     new ns/op     delta
BenchmarkBackendRoute     49144         589           -98.80%
 2015-03-13 23:25:17 -07:00
Mitchell Hashimoto
9e7add90b2 helper/backend: benchmark route 2015-03-13 23:22:48 -07:00
Mitchell Hashimoto
f5893adb8a helper/backend: basic path routing (naive) 2015-03-13 23:17:25 -07:00
Mitchell Hashimoto
6575c9355b helper/backend: add default values 2015-03-13 21:15:20 -07:00
Mitchell Hashimoto
d39b117281 helper/backend: start this thing 2015-03-13 21:11:19 -07:00
Mitchell Hashimoto
4679dd6ada command/unseal: tests 2015-03-13 20:17:55 -07:00
Mitchell Hashimoto
db91352a52 website: imageoptim 2015-03-13 12:58:21 -07:00
Mitchell Hashimoto
e881439d0b command/seal-status 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
8de077810e command/init: tests 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
48c05995e5 http: make TestServer public 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
d2642529b7 vault: public testing methods 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
fb5530d0e0 command/init: make the output a little nicer 2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
6b83c937d4 command/init 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
722a3875cf api: use /v1 prefix 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
fcc6646a19 command/server: initial working 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
cf259c3f22 command/sever: copy the TCP keep alive listener 2015-03-13 12:53:08 -07:00