mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 19:17:02 +02:00
Code Issues Projects Releases Wiki Activity
6,740 Commits 2,844 Branches 445 Tags 454 MiB
d3a2844a75
Commit Graph

253 Commits

Author SHA1 Message Date
AJ Bourg
c3bc1f0689 Small change: Fix permission vault requires. 
Vault requires ec2:DescribeInstances, not ec2:DescribeInstance. (the
non-plural form doesn't exist)
 2016-09-12 14:38:10 -06:00
Jeff Mitchell
f02bde7c78 Fix headers in aws-ec2 doc. 2016-08-30 11:53:21 -04:00
Adam Greene
d57fe391f2 fix aws-ec2 formatting around ttl (#1770) 2016-08-23 16:07:57 -04:00
Karl Falconer
fff006bd91 [Documentation] AppRole /login is unauthenticated (#1771) 2016-08-23 16:03:36 -04:00
Jeff Mitchell
58611de06d Swap push/pull. 2016-08-22 19:34:53 -04:00
vishalnayak
1a62fb64c2 Seperate endpoints for read/delete using secret-id and accessor 2016-08-21 14:42:49 -04:00
Jeff Mitchell
826146f9e8 Initial fixups, not yet done 2016-08-20 22:39:41 -04:00
Martin Forssen
7f25a25301 Mention ttl parameter in the documentation of /auth/aws-ec2/role/<role> 
This parameter was not documented
 2016-08-18 13:16:58 +02:00
Matt Hurne
587b481a29 AppRole documentation tweaks (#1735) 
* Fix spelling error in AppRole docs

* Add force flag to sample command to generate a secret ID in AppRole docs

* Update sample output for AppRole login in docs
 2016-08-15 16:12:08 -04:00
Jeff Mitchell
207d16bf8b Don't allow root from authentication backends either. 
We've disabled this in the token store, but it makes no sense to have
that disabled but have it enabled elsewhere. It's the same issue across
all, so simply remove the ability altogether.
 2016-08-08 17:32:37 -04:00
vishalnayak
3496bf8f16 disallowed_policies doc update 2016-08-02 16:33:22 -04:00
Jeff Mitchell
a3069be5d5 Fix up some wording 2016-08-02 16:25:00 -04:00
vishalnayak
bc4533695c Updated token auth docs with disallowed_policies 2016-08-02 15:33:03 -04:00
Jeff Mitchell
181f90e015 Alphabetize token store docs 2016-08-01 13:37:12 -04:00
Jeff Mitchell
140351733a Add some extra safety checking in accessor listing and update website 
docs.
 2016-08-01 13:12:06 -04:00
Chris Hoffman
49aff132ec Preferred method is AppRole since AppId is now deprecated 2016-07-28 14:32:20 -04:00
Adam Greene
0e73baae5d documentation cleanup 2016-07-27 10:43:59 -07:00
Jeff Mitchell
67c501309e Add deprecation notices for App ID 2016-07-26 10:08:46 -04:00
vishalnayak
59930fda8f AppRole authentication backend 2016-07-26 09:32:41 -04:00
Oren Shomron
005cb3e042 LDAP Auth Backend Overhaul 
--------------------------

Added new configuration option to ldap auth backend - groupfilter.
GroupFilter accepts a Go template which will be used in conjunction with
GroupDN for finding the groups a user is a member of. The template will
be provided with context consisting of UserDN and Username.

Simplified group membership lookup significantly to support multiple use-cases:
  * Enumerating groups via memberOf attribute on user object
  * Previous default behavior of querying groups based on member/memberUid/uniqueMember attributes
  * Custom queries to support nested groups in AD via LDAP_MATCHING_RULE_IN_CHAIN matchind rule

There is now a new configuration option - groupattr - which specifies
how to resolve group membership from the objects returned by the primary groupfilter query.

Additional changes:
  * Clarify documentation for LDAP auth backend.
  * Reworked how default values are set, added tests
  * Removed Dial from LDAP config read. Network should not affect configuration.
 2016-07-22 21:20:05 -04:00
Jeff Mitchell
f16992d6fa Merge pull request #1613 from skippy/update-aws-ec2-docs 
[Docs] aws-ec2 -- note IAM action requirement
 2016-07-18 10:40:38 -04:00
Jeff Mitchell
2dc001b388 Merge pull request #1589 from skippy/patch-2 
[Docs] aws-ec2 -- clarify aws public cert is already preloaded
 2016-07-18 10:02:35 -04:00
Adam Greene
72bd7db1e7 [Docs] aws-ec2 -- note IAM action requirement 2016-07-13 15:52:47 -07:00
Adam Greene
71ad0989ac english tweaks 2016-07-13 15:11:01 -07:00
Eric Herot
1a2b13c204 Pretty sure the method to delete a token role is not GET 2016-07-07 13:54:20 -04:00
Adam Greene
7d5209c251 Update aws-ec2.html.md 
per #1582, updating the docs to include notes about pkcs#7 handling, specifically that aws returns the pkcs#7 cert with newlines and that they need to be stripped before sending them to the login endpoint
 2016-07-05 13:21:56 -07:00
Adam Greene
4ce975bb36 Update aws-ec2.html.md 
clarify, and make more explicit, the language around the default AWS public certificate
 2016-07-05 13:14:29 -07:00
vishalnayak
664104af3a Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	website/source/docs/auth/aws-ec2.html.md
 2016-06-17 12:41:21 -04:00
Martin Forssen
84c396f6fa Fixed a number of spelling errors in aws-ec2.html.md 2016-06-15 13:32:36 +02:00
vishalnayak
0d3973b1fa Merge branch 'master-oss' into bind-account-id-aws-ec2 
Conflicts:
	builtin/credential/aws-ec2/backend_test.go
	builtin/credential/aws-ec2/path_login.go
	builtin/credential/aws-ec2/path_role.go
 2016-06-14 14:46:08 -04:00
Ivan Fuyivara
6fd7e798c8 added tests, nil validations and doccumentation 2016-06-14 16:58:50 +00:00
vishalnayak
baac0975ea Added bound_account_id to aws-ec2 auth backend 2016-06-14 11:58:19 -04:00
Jon Benson
1e61184085 Update aws-ec2.html.md 2016-06-09 23:08:08 -07:00
vishalnayak
4e38509ac2 s/VAULT_GITHUB_AUTH_TOKEN/VAULT_AUTH_GITHUB_TOKEN 2016-06-09 14:00:56 -04:00
vishalnayak
0bea4ff7ff Added VAULT_GITHUB_AUTH_TOKEN env var to receive GitHub auth token 2016-06-09 13:45:56 -04:00
Jeff Mitchell
4ab63c8232 Merge pull request #1504 from hashicorp/token-store-roles-renewability 
Add renewable flag to token store roles
 2016-06-08 15:56:54 -04:00
Jeff Mitchell
9c6a03ade9 Add renewable flag to token store roles 2016-06-08 15:17:22 -04:00
Jeff Mitchell
15a40fdde5 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
vishalnayak
386abbad9e Address review feedback 2016-06-01 10:36:58 -04:00
vishalnayak
5500df40cb rename aws.html.md as aws-ec2.html.md 2016-05-30 14:11:15 -04:00
vishalnayak
b3ca9cf14b Rename aws as aws-ec2 2016-05-30 14:11:15 -04:00
Vishal Nayak
943789a11e Merge pull request #1300 from hashicorp/aws-auth-backend 
AWS EC2 instances authentication backend
 2016-05-14 19:42:03 -04:00
vishalnayak
b53f0cb624 Rename 'role_name' to 'role' 2016-05-13 14:31:13 -04:00
vishalnayak
4aa01d390a Update docs and path names to the new patterns 2016-05-12 11:45:10 -04:00
Jeff Mitchell
67a746be30 Add explicit maximum TTLs to token store roles. 2016-05-11 16:51:18 -04:00
Jeff Mitchell
50e3f7d40e Merge remote-tracking branch 'origin/master' into aws-auth-backend 2016-05-05 10:04:52 -04:00
Jeff Mitchell
37d425f873 Update website docs re token store role period parsing 2016-05-04 02:17:20 -04:00
vishalnayak
ef83605f58 Change image/ to a more flexible /role endpoint 2016-05-03 23:36:59 -04:00
vishalnayak
7945e4668a Allow custom endpoint URLs to be supplied to make EC2 API calls 2016-05-02 17:21:52 -04:00
Jeff Mitchell
7fd49439f6 Merge branch 'master-oss' into aws-auth-backend 2016-04-29 14:23:16 +00:00
Jeff Mitchell
a0db3f10dc Fix fetching parameters in token store when it's optionally in the URL 2016-04-28 15:15:37 -04:00
vishalnayak
0b44a62e8f Added allow_instance_migration to the role tag 2016-04-28 11:43:48 -04:00
vishalnayak
a2c024ff96 Updated docs 2016-04-28 11:25:47 -04:00
vishalnayak
329361f951 Removed existence check on blacklist/roletags, docs fixes 2016-04-27 21:29:32 -04:00
vishalnayak
06a174c2f0 tidy endpoint fixes 2016-04-26 10:22:29 -04:00
vishalnayak
4f46bbaa32 Added cooldown period for periodic tidying operation 2016-04-26 10:22:29 -04:00
vishalnayak
7c39fffe0d Removed redundant AWS public certificate. Docs update. 2016-04-26 10:22:29 -04:00
vishalnayak
cd3e9e3b5b Support providing multiple certificates. 
Append all the certificates to the PKCS#7 parser during signature verification.
 2016-04-26 10:22:29 -04:00
Jeff Mitchell
1e50a88e6b Updating to docs 2016-04-26 10:22:29 -04:00
vishalnayak
9a988ffdee Docs update 2016-04-26 10:22:29 -04:00
Jeff Mitchell
6e1288d23f Merge pull request #1282 from rileytg/patch-1 
change github example team to admins
 2016-04-25 15:45:01 -04:00
Jeff Mitchell
110c483ffc Update cert website docs 2016-04-13 16:28:23 +00:00
Simon Dick
5f936c4a07 Should be renew not revoke 2016-04-12 14:04:26 +01:00
Christopher "Chief" Najewicz
14ae646878 Update github doc with note about slugifying team 2016-04-10 11:11:40 -04:00
vishalnayak
5f1829af67 Utility Enhancements 2016-04-05 20:32:59 -04:00
Riley Guerin
e62254a565 fix typo 2016-04-01 07:49:25 -07:00
Riley Guerin
5061b670db change github example team to admins 
somewhat recently github has gone away from the previous model of an "owners" team 
https://help.github.com/articles/converting-your-previous-owners-team-to-the-improved-organization-permissions/

you can be an "Owner" of the org still but this does not map to vault as one *might* expect given these docs
 2016-04-01 07:48:54 -07:00
Jeff Mitchell
de5bba4162 Documentation update 2016-03-31 18:07:43 -04:00
Amit Khare
3bd2eee4ac Update userpass.html.md 2016-03-23 10:47:28 -04:00
vishalnayak
b8e007c195 Use helper for existence check. Avoid panic by fetching default values for field data 2016-03-16 11:26:33 -04:00
vishalnayak
79ff36713b Added API documentation for userpass backend 2016-03-15 22:19:31 -04:00
Jeff Mitchell
ebaf325e3a Remove name param from docs 2016-03-15 14:58:10 -04:00
Jeff Mitchell
f52004e12a Add list support to certs in cert auth backend. 
Fixes #1212
 2016-03-15 14:07:40 -04:00
vishalnayak
c98ec7a092 Documentation to provide optional parameters to token store API 2016-03-14 19:36:53 -04:00
Jeff Mitchell
3368b9cdb7 Update app-id docs to use new endpoint 2016-03-14 16:43:02 -04:00
Jeff Mitchell
8b6df2a1a4 Merge branch 'master' into token-roles 2016-03-09 17:23:34 -05:00
vishalnayak
da9ad9cee3 Provide accessor to revove-accessor in the URL itself 2016-03-09 13:08:37 -05:00
vishalnayak
928d872ed9 Add docs for new token endpoints 2016-03-09 09:31:09 -05:00
Jeff Mitchell
88348ec798 Address first round of feedback 2016-03-01 15:30:37 -05:00
Jeff Mitchell
6e8033b5bd Update token documentation 2016-03-01 14:00:52 -05:00
vishalnayak
9280dda5f4 rename verify_cert as disable_binding and invert the logic 2016-02-24 21:01:21 -05:00
vishalnayak
b8e79cd615 documentation for the config endpoint 2016-02-24 17:13:24 -05:00
Jeff Mitchell
73e84b8c38 Address some feedback on ldap escaping help text 2016-02-19 13:47:26 -05:00
Jeff Mitchell
331f57c082 Update LDAP documentation with a note on escaping 2016-02-19 13:16:18 -05:00
Jeff Minard
503e6dbb5d Minor spelling fix 2016-02-13 08:41:16 -08:00
Jeff Mitchell
6bdbbf1c65 Fix token backend doc bug 
Fixes #990
 2016-01-29 21:01:08 -05:00
Hanno Hecker
ba9b20d275 discover bind dn with anonymous binds 2016-01-27 17:06:27 +01:00
Hanno Hecker
c23b5bf1e6 samaccountname as login example 2016-01-27 09:25:05 +01:00
Hanno Hecker
769bee060c docs for binddn/bindpass 2016-01-27 07:51:10 +01:00
Raja Nadar
e391200599 fixing the description of the /lookup/<token> api 2016-01-25 23:26:29 -08:00
Raja Nadar
e2c9f40e9b clarify default mountpoint 2016-01-23 11:02:00 -08:00
Raja Nadar
f936f77c45 fixed login link,request params,add json response 
1. fix login link
2. added personal access token to request message
3. added a sample json response
 2016-01-22 17:38:32 -08:00
Jeff Mitchell
2afd5072a7 Cert documentation fix. 
Fixes #899
 2015-12-30 16:44:24 -05:00
Terry Corley
e9aca2b4a1 Change API endpoint path for app-id 
The /login path was confusing because its not relative and not consistent with other documentation. Other documentation (e.g., username and password at https://www.vaultproject.io/docs/auth/userpass.html) uses relative path.
 2015-12-15 12:45:04 -06:00
Jeff Mitchell
704966a3eb Add info about cert backend not checking CRL revocation. 2015-12-05 15:12:43 -05:00
Jeff Mitchell
3a893f760d Tab -> space doc fix 2015-12-05 15:04:54 -05:00
Jeff Mitchell
f600e3ac29 Add no-default-policy flag and API parameter to allow exclusion of the 
default policy from a token create command.
 2015-11-09 17:30:50 -05:00
Jeff Mitchell
254dcccf44 Update cert documentation to note requiring sudo access. 2015-11-06 16:09:42 -05:00
Jeff Mitchell
7709cbf796 Add create-orphan to documentation 2015-11-03 15:15:33 -05:00
Jeff Mitchell
5ccccde6da Fix trailing whitespace complaints 2015-11-03 10:52:20 -05:00
Jeff Mitchell
ef21eb6ee4 Clarify that CRLs are not fetched by Vault 2015-11-03 10:52:20 -05:00
Jeff Mitchell
af4af078fa Address first round of feedback from review 2015-11-03 10:52:20 -05:00
Jeff Mitchell
90a9f25d80 Add documentation for CRLs and some minor cleanup. 2015-11-03 10:52:20 -05:00
Jason Antman
0cf323ce07 add documentation for GitHub Auth Backend 'ttl' and 'max_ttl' parameters 2015-10-23 09:30:48 -04:00
Jason Antman
887257b811 add GitHub Enterprise base_url to docs 
In https://github.com/hashicorp/vault/issues/716 @jefferai confirmed that the GitHub Auth Backend supports GitHub enterprise using an undocumented ``base_url`` parameter. This adds that parameter to the relevant documentation page.
 2015-10-23 09:18:07 -04:00
Jeff Mitchell
5b5e1850ac Document the renew-self call 2015-10-21 10:53:20 -04:00
Seth Vargo
cfd7aa5983 Remove tabs from terminal output 
This also standardizes on the indentation we use for multi-line commands as
well as prefixes all commands with a $ to indicate a shell.
 2015-10-12 12:10:22 -04:00
Jeff Mitchell
70ce824267 Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend. 2015-09-25 10:41:21 -04:00
Jeff Mitchell
913989e4b0 Add revoke-self endpoint. 
Fixes #620.
 2015-09-17 13:22:30 -04:00
vishalnayak
ec4f6e59b3 Improve documentation of token renewal 2015-09-11 21:08:32 -04:00
Seth Vargo
f0b3ad6a2a Update documentation around cookies 2015-09-03 10:36:59 -04:00
Armon Dadgar
385f2375bd Merge pull request #469 from kgutwin/f-config-defaultlease 
Add configuration options for default lease duration and max lease duration
 2015-08-04 10:06:41 -07:00
Rusty Ross
9f9b8a81e2 update doc for app-id 
make clearer in doc that user-id can accept multiple app-id mappngs as comma-separated values
 2015-08-03 09:44:26 -07:00
Bradley Girardeau
7b6547abf7 Clean up naming and add documentation 2015-07-30 17:36:40 -07:00
Karl Gutwin
a87af4e863 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
Bradley Girardeau
cf4fa83598 mfa: cleanup website documentation 2015-07-28 12:25:01 -07:00
Bradley Girardeau
4a862163ac mfa: add website documentation 2015-07-28 11:00:57 -07:00
Bradley Girardeau
709b91fbd1 ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Bradley Girardeau
675dc28c70 ldap: add documentation for setting policies based on user 2015-07-14 16:13:40 -07:00
Bradley Girardeau
cbb6b64ce6 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Armon Dadgar
dc5ecc3eed website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar
0cc974bd66 website: fixing documentation errors. Fixes #412 2015-07-13 19:10:44 +10:00
mootpt
40d2834310 fixed secrets backend url 
minor doc fix
 2015-07-06 11:11:58 -07:00
Bradley Girardeau
0ef2eca24f ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar
f7602dd44a Merge pull request #380 from kgutwin/cert-cli 
Enable TLS client cert authentication via the CLI
 2015-06-30 11:44:28 -07:00
Armon Dadgar
a8537b220e website: document insecure_tls for LDAP backend 2015-06-30 09:42:18 -07:00
Karl Gutwin
6668a6d7ef Website docs. 2015-06-30 09:18:39 -04:00
Justin Campbell
a8850ed5ed docs: Fix examples of auth via JSON 
For both userpass and LDAP
 2015-06-04 10:38:11 -04:00
joe miller
d1100c6293 fix doc example to submit valid json in POST body 
I don't know if there is some version of curl that auto-generates json but the example didn't work for me on curl 7.32.0. Submitting the data as JSON works though.
 2015-05-20 13:11:54 -07:00
Aaron Bedra
2cf2cc927c Fix typo in app-id docs 2015-05-20 09:36:54 -05:00
Armon Dadgar
45f14256fe Update github.html.md 
Fixing incorrect documentation about case sensitivity
 2015-05-18 09:37:31 -07:00
Armon Dadgar
381db8d22c Merge pull request #204 from nrocine/master 
Added implementation details to the GitHub Auth Docs on the Vault Website
 2015-05-18 09:36:35 -07:00
Armon Dadgar
9dc38923fe website: clarify the app-id parameters 2015-05-15 11:39:05 -07:00
Nils Rocine
e80e2a800d Added details in the github auth docs for the website. These details clarify end-to-end use of the github auth backend. Specifically: noting how to create a usable GitHub PAT and an example of how to auth with the PAT. 2015-05-14 13:20:58 -07:00
Armon Dadgar
712db294ff website: Adding LDAP docs 2015-05-11 10:43:03 -07:00
Seth Vargo
d580e42673 Cleanup userpass docs 2015-05-08 11:49:58 -04:00
Seth Vargo
3748be6491 Remove references to -var 2015-05-08 11:45:29 -04:00
Mads R. Christensen
e8672b3844 Fixed typo 2015-05-08 11:48:42 +02:00
Mads R. Christensen
bb6ea32dfc Added more info about the userpass auth backend API endpoint 2015-05-08 11:45:21 +02:00
Seth Vargo
87e25f4300 Add instructions for enabling the auth first 2015-05-07 13:52:06 -04:00
Trevor Pounds
a9367c17d0 Fix documentation typo. 2015-04-28 22:15:56 -07:00
Emil Hessman
79b098b89e website: address minor doc typos 2015-04-28 20:32:04 +02:00
Armon Dadgar
dd1ba4a79e website: Adding CIDR block config to app-id 2015-04-27 12:38:04 -07:00
Armon Dadgar
91094ceeca website: fix formating 2015-04-26 22:03:38 -07:00
Mitchell Hashimoto
3c0c334d01 website: fix API styling for auth 2015-04-26 21:08:11 -07:00
Armon Dadgar
a1f294235f website: documenting token API 2015-04-25 20:21:59 -07:00
Armon Dadgar
8ae7b1288a credential/cert: support leasing and renewal 2015-04-24 12:58:39 -07:00
Armon Dadgar
cd65bbabb0 website: document cert backend 2015-04-24 10:52:25 -07:00
Seth Vargo
2bcb0a1b67 Update website whitespace and formatting 2015-04-22 19:47:11 -04:00
Mitchell Hashimoto
f14d970598 website: doc userpass 2015-04-19 15:21:35 -07:00