mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-23 07:31:09 +02:00
Code Issues Projects Releases Wiki Activity
20,459 Commits 2,840 Branches 445 Tags
Commit Graph

108 Commits

Author SHA1 Message Date
Scott Miller
38df9cf488
Tweak the ocsp_ca_certificate param docs to be more clear about what kind of cert it wants (#28659) 2024-10-09 16:16:26 -04:00
Yoko Hyakuna
34a1796d03
[Docs] Create 'Troubleshoot' section (#28028) 
* Create 'Troubleshoot' section

* Remove extra spaces

* Update redirects.js

* Remove extra comma

* Change the title

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/troubleshoot/generate-root-token.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* edit suggestions (#28047)

* Fix the relative path - add missing '/'

* Fix a typo

---------

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-08-09 14:21:41 -07:00
Meggie
fd1e53d256
Edit alias_name_source explanation (#27382) 
* Edit alias_name_source explanation

We wanted to clarify the difference between the two options and the implications.

* Add missing backticks

* Add comma

* Update website/content/api-docs/auth/kubernetes.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-08-07 16:07:36 -07:00
John-Michael Faircloth
76ebf0b41b
docs: correct auth jwt role requirements (#27384) 
* docs: correct auth jwt role requirements

* remove upgrade guide to be added in separate PR

* Revert "remove upgrade guide to be added in separate PR"

This reverts commit 6554d3ff63623a329b0d93f7143d95cd3f19b3e6.

* update required details for bound audience

* Apply suggestions from code review

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* fix formatting to match the existing format of the file

* add 1.16 known issues

* add 1.17 upgrade guide note

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-06-12 13:46:40 -05:00
Raja Nadar
0d9e944e04
remove response payload for update approle role id (#18505) 
The ```update approle role id``` api does not return any response. It is a http 204 operation.

Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
 2024-06-04 13:15:23 -04:00
vinay-gopalan
5acc4331ea
Add WIF documentation for Azure Auth and Secrets engines (#27185) 2024-06-03 13:17:13 -07:00
vinay-gopalan
01ccf580d8
Add WIF documentation for GCP Auth and Secrets engines (#27170) 
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-06-03 13:16:56 -07:00
Milena Zlaticanin
309d832462
Add AWS Auth WIF docs (#27054) 
* add aws auth wif docs

* update docs

* update docs
 2024-05-23 12:58:08 -07:00
kpcraig
bef178b4a5
Add ExternalID support to AWS Auth STS configuration (#26628) 
* add basic external id support to aws auth sts configuration

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-05-07 11:10:57 -04:00
preetibhat6
f3e6bf572f
docs/Update cert.mdx (#26165) 
Changed sample request for Configure TLS certificate method from auth/cert/certs/cert1 to auth/cert/config
 2024-05-01 14:09:38 -07:00
thegatsbylofiexperience
5b845c83ff
Add canonicalArn as a entity alias name (#22460) 
* Add canonicalArn as a entity alias name
* Add Canonical Arn to iam_alias documentation
 2024-04-29 15:56:26 -04:00
JMGoldsmith
7b4f6409c6
[DOCS] Updating approle docs and token partial to include batch token prefer… (#26490) 
* updating approle docs and token partial to include batch token preference

* Update website/content/docs/auth/approle.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/partials/tokenstorefields.mdx

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>

* Update website/content/docs/auth/approle.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

---------

Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-04-19 12:32:12 -04:00
Adrian Todorov
76be7fb832
Clarify the wordinf AWS auth docs around alias source (#26441) 2024-04-16 17:41:40 +01:00
Thy Ton
df477f6404
docs make kubernetes_ca_cert optional on kubernetes auth (#25963) 
---------

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2024-03-27 15:45:43 -07:00
Steven Clark
6fca34eace
Proceed with cert auth login attempts if ocsp_fail_open is true and servers are unreachable (#25982) 2024-03-19 10:39:37 -04:00
Steven Clark
5785191067
Support OCSP responses without NextUpdate field set (#25912) 
* Support OCSP responses without a NextUpdate value set

 - Validate that the ThisUpdate value is
   properly prior to our current time and
   if NextUpdate is set that, ThisUpdate is
   before NextUpdate.
 - If we don't have a value for NextUpdate just compare against ThisUpdate.

* Add ocsp_this_update_max_ttl support to cert auth

 - Allow configuring a maximum TTL of the OCSP response based on the
   ThisUpdate time like OpenSSL does
 - Add test to validate that we don't cache OCSP responses with no NextUpdate

* Add cl

* Add missing ` in docs

* Rename ocsp_this_update_max_ttl to ocsp_this_update_max_age

* Missed a few TTL references

* Fix error message
 2024-03-18 18:12:37 -04:00
Peter Wilson
a311735761
Support pre-hashed passwords with userpass backend (#25862) 
* allows use of pre-hashed passwords with userpass backend

* Remove unneeded error

* Single error check after switch

* use param name quoted in error message

* updated test for quoted param in error

* white space fixes for markdown doc

* More whitespace fixes

* added changelog

* Password/pre-hashed password are only required on 'create' operation

* docs indentation

* Update website/content/docs/auth/userpass.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Updated docs

* Check length of hash too

* Update builtin/credential/userpass/path_user_password_test.go

:)

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
 2024-03-12 18:16:11 +00:00
Thy Ton
50aa6eea70
docs: add templated policies workflow example to kubernetes auth (#25694) 
---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
 2024-03-01 15:11:14 -08:00
Austin Gebauer
6d4f5df69c
auth/jwt: adds documentation for multi-jwks config parameter (#25503) 
* auth/jwt: adds documentation for multi-jwks config parameter

* updates bound_issuer parameter

* fix link
 2024-02-20 08:49:53 -08:00
Scott Miller
734afbe09e
Cache trusted cert values, invalidating when anything changes (#25421) 
* Cache trusted cert values, invalidating when anything changes

* rename to something more indicative

* defer

* changelog

* Use an LRU cache rather than a static map so we can't use too much memory.  Add docs, unit tests

* Don't add to cache if disabled.  But this races if just a bool, so make the disabled an atomic
 2024-02-15 21:48:30 +00:00
Thy Ton
aab72100fb
add new config option use_annotations_as_alias_metadata for k8s auth on api docs (#24941) 2024-02-01 11:45:53 -08:00
Jakob Beckmann
2a566f40fc
docs(kubernetes-auth): add API documentation for kubernetes auth namespace selectors (#19318) 
Co-authored-by: Thy Ton <maithytonn@gmail.com>
 2024-02-01 11:41:07 -08:00
Stefan Zhelyazkov
f4978b3efd
Updating Vault docs for JWT support of numeric bound_claims (#24921) 
* Add a note that the role name is available as role in entity alias metadata

* Update JWT docs for numeric bound_claims
 2024-01-18 13:57:30 +00:00
Max Winslow
54bfd792be
Sample payload is empty for AWS auth login request in API docs (#24106) 
* Update aws.mdx

* Update aws.mdx
 2024-01-09 12:28:37 -05:00
Thy Ton
2cd8bbaa75
add token_reviewer_jwt_set to resp data on config read example on k8s auth api doc (#24564) 2024-01-04 13:27:49 -05:00
owenzorrin
7df1b64a3d
Update ldap.mdx (#24338) 
add missing use_token_groups parameter

* use_token_groups - (Optional) Use the Active Directory tokenGroups constructed attribute of the user to find the group memberships
https://registry.terraform.io/providers/hashicorp/vault/latest/docs/resources/ldap_auth_backend#use_token_groups
 2023-12-13 15:06:20 -08:00
Sungyoon Jeong
7336cf70ad
docs: fix typo in aws.mdx (#24435) 2023-12-13 12:37:13 -08:00
Skybladev2
d74d920b6e
Fix Read config title level (#23543) 2023-10-09 13:06:18 -07:00
Austin Gebauer
526d0f4502
auth/saml: adds API docs for verbose_logging config (#23370) 2023-09-29 11:15:38 +09:00
Austin Gebauer
e3617218df
auth/saml: adds documentation (#23183) 
* auth/saml: adds documentation

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* use sentence case for titles

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* fixup technical detail on bound_subjects

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* fixup relay state

* Update website/content/api-docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/docs/auth/saml.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* updates wording for bound_attributes

* updates bound_attributes_type

* updates groups_attribute

* lowercase saml entities, add note to unauthenticated APIs

* updates token api description

* adds section for replication configuration

* adds section for namespace config of acs

* use tabs for authentication section

* change word

---------

Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Rémi Lapeyre <remi.lapeyre@lenstra.fr>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
 2023-09-27 15:34:43 +09:00
Jason O'Donnell
27d647f97a
Update changelog for auth/azure v0.16.2 (#23059) 
* update changelog for azure v0.16.2

* Add retry docs
 2023-09-13 21:23:01 +00:00
Theron Voran
afd1302cce
docs/k8s-auth: non-JWT tokens are now allowed for token_reviewer_jwt (#22857) 2023-09-08 10:40:29 -07:00
Brian Shumate
614f50de66
Docs: AppRole API docs updates (#19162) 
- Add example response for Read AppRole Secret ID
- Add example response for Read AppRole Secret ID Accessor
 2023-08-17 16:25:06 -07:00
Michael Dempsey
d6b7e5bfa1
Add support for signed GET requests for aws authentication (#10961) 
* Support GET requests for aws-iam

This is required to support presigned requests from aws-sdk-go-v2

* Add GET method tests for aws-iam auth login path

* Update Website Documenation

* Validate GET action even if iam-server header is not set

* Combine URL checks

* Add const amzSignedHeaders to aws credential builtin

* Add test for multiple GET request actions

* Add Changelog Entry

---------

Co-authored-by: Max Coulombe <109547106+maxcoulombe@users.noreply.github.com>
 2023-08-15 15:40:12 -04:00
Raymond Ho
0d0cda43d5
clarify docs in ldap/auth for userfilter (#22210) 2023-08-07 13:13:52 -07:00
Raymond Ho
4f7a8fb494
AWS auth login with multi region STS support (#21960) 2023-07-28 08:42:22 -07:00
Florin Cătălin Țiucra-Popa
24a7d966d5
Update cert.mdx (#22076) 
* Update cert.mdx

Adding the missing parameter `url` for CRL create endpoint.

* Update website/content/api-docs/auth/cert.mdx

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Update cert.mdx

Corrected the duplicate `crl` line.

---------

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
 2023-07-27 17:09:17 +02:00
Rachel Culpepper
71841c51be
Vault-17911: add support for hex values in oid extension (#21830) 
* add support for hex values in oid extension

* add changelog

* add length check on split and error handling on unmarshal
 2023-07-17 10:58:18 -04:00
Anton Averchenkov
f4f0412b6a
[docs] Convert titles to sentense case (#21426) 
* Convert documentation titles to sentense case

* Docker, Google, Foundry, Cloud proper case
 2023-06-30 19:22:07 -04:00
Rowan Smith
c7db2d61b0
[Docs] ldap auth add VAULT_LDAP_PASSWORD environment variable (#21407) 
Add VAULT_LDAP_PASSWORD environment variable
 2023-06-22 11:31:26 -07:00
Violet Hynes
d76424cb53
Miscellaneous docs cleanups (#21327) 2023-06-16 15:38:58 -04:00
Luis (LT) Carbonell
21b3262e9f
Correct Default for MaximumPageSize (#20453) 
* default max page size for config

* Add changelog

* update test int to *int

* add testing defaults

* update default to -1, i.e. dont paginate

* update test

* Add error message for invalid search

* Make 0 the default

* cleanup

* Add to known issues doc

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

* Update website/content/docs/upgrading/upgrade-to-1.11.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.13.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-to-1.12.x.mdx

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Add workaround to docs

* Update changelog/20453.txt

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

---------

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
 2023-05-17 20:56:53 +00:00
Luis (LT) Carbonell
7f2deb1420
Add Configurable LDAP Max Page Size (#19032) 
* Add config flag for LDAP max page size

* Add changelog

* move changelog to correct file

* cleanup

* Default to non-paged searching for with -1

* Update website/content/api-docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* Update tests

---------

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
 2023-04-20 20:39:27 +00:00
Austin Gebauer
c94e213ac6
Add OIDC provider docs for IBM ISAM (#19247) 
* Add OIDC provider docs for IBM ISAM

* Add changelog, api docs and docs-nav-data

---------

Co-authored-by: Benjamin Voigt <benjamin.voigt@god.dev>
 2023-04-20 11:30:59 -07:00
Scott Miller
fc21d357ff
Add documentation for cert auth OCSP checking (#18064) 2023-04-13 18:33:21 +00:00
Jason O'Donnell
2f7f0d2db9
sdk/ldaputil: add connection_timeout configurable (#20144) 
* sdk/ldaputil: add connection_timeout configurable

* changelog

* Update doc

* Fix test

* Change default to 30s
 2023-04-13 12:43:28 -04:00
Rowan Smith
538bb799e4
approle naming syntax documentation (#19369) 
Documentation does not currently detail the accepted naming scheme for approle roles, this aims to provide clarity based on customer feedback. https://github.com/hashicorp/vault/blob/main/sdk/framework/path.go#L16-L18 details the regex used.
 2023-02-27 12:08:15 -08:00
Jakob Beckmann
39f9e5e775
Allow alias dereferencing in LDAP searches (#18230) 
* impr(auth/ldap): allow to dereference aliases in searches

* docs: add documentation for LDAP alias dereferencing

* chore(auth/ldap): add changelog entry for PR 18230

* chore: run formatter

* fix: update default LDAP configuration with new default

* Update website/content/docs/auth/ldap.mdx

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>

* docs(ldap): add alias dereferencing to API docs for LDAP

---------

Co-authored-by: tjperry07 <tjperry07@users.noreply.github.com>
 2023-02-24 13:49:17 -05:00
Austin Gebauer
298fb06e7e
docs/oidc: make it clear that contents of CA certificate are expected (#19297) 2023-02-22 11:33:53 -08:00
Max Coulombe
72d0632e4b
Added disambiguation that creation request can also update roles (#17371) 
+ added  disambiguation that creation request can also update roles
 2023-02-22 12:02:31 -05:00