mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 11:07:00 +02:00
Code Issues Projects Releases Wiki Activity
6,740 Commits 2,843 Branches 445 Tags 454 MiB
d3a2844a75
Commit Graph

339 Commits

Author SHA1 Message Date
Jeff Mitchell
8e2b8ff1df Add some extra documentation around ssh-keygen -L to see signed cert 
info.

Ping #2569
 2017-04-13 15:23:27 -04:00
Jeff Mitchell
14c0000169 Update SSH CA documentation 
Fixes #2551
Fixes #2569
 2017-04-07 11:59:25 -04:00
Emre Erkunt
c7e9377000 Fixed an example on aws backend documentation about an iam profile. (#2522) 2017-04-04 09:03:27 -07:00
Jeff Mitchell
251da1bcdc Update SSH docs to note that host key verification is not performed. 2017-04-03 10:43:41 -04:00
Vishal Nayak
cf0fb2119f docs: Elaborate the steps for SSH CA backend with 'sshd_config' changes (#2507) 2017-03-19 18:52:15 -04:00
Seth Vargo
0fe2e84e3a
Update titles 2017-03-17 14:37:01 -04:00
Seth Vargo
f64bf8d183
/docs/http -> /api 2017-03-17 14:06:03 -04:00
Seth Vargo
d873469210
Use relative links 2017-03-16 12:04:36 -07:00
Seth Vargo
501cf5d065
Break out API documentation for secret backends 2017-03-16 09:47:06 -07:00
Mike Okner
6f84f7ffd0 Adding allow_user_key_ids field to SSH role config (#2494) 
Adding a boolean field that determines whether users will be allowed to
set the ID of the signed SSH key or whether it will always be the token
display name.  Preventing users from changing the ID and always using
the token name is useful for auditing who actually used a key to access
a remote host since sshd logs key IDs.
 2017-03-16 08:45:11 -04:00
Jeff Mitchell
688104e69a Allow roles to specify whether CSR SANs should be used instead of (#2489) 
request values. Fix up some documentation.

Fixes #2451
Fixes #2488
 2017-03-15 14:38:18 -04:00
Stanislav Grozev
e9086bd85f Remove superfluous argument from SSH CA docs 2017-03-14 10:21:48 -04:00
Stanislav Grozev
5f3397bff5 Reads on ssh/config/ca return the public keys 
If configured/generated.
 2017-03-14 10:21:48 -04:00
Stanislav Grozev
d22796c644 If generating an SSH CA signing key - return the public part 
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
 2017-03-14 10:21:48 -04:00
Vishal Nayak
9af1ca3d2c doc: ssh allowed_users update (#2462) 
* doc: ssh allowed_users update

* added some more context in default_user field
 2017-03-09 10:34:55 -05:00
vishalnayak
4731754077 doc: ssh markdown alignments 2017-03-08 21:58:12 -05:00
Jeff Mitchell
e8e1905c96 Some minor ssh docs updating 2017-03-02 16:47:21 -05:00
Will May
ffb5ee7fda Changes from code review 2017-03-02 14:36:13 -05:00
Will May
f9d853f7f0 Allow internal generation of the signing SSH key pair 2017-03-02 14:36:13 -05:00
Vishal Nayak
d30a833db7 Rework ssh ca (#2419) 
* docs: input format for default_critical_options and default_extensions

* s/sshca/ssh

* Added default_critical_options and default_extensions to the read endpoint of role

* Change default time return value to 0
 2017-03-01 15:50:23 -05:00
Will May
59397250da Changes from code review 
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
 2017-03-01 15:19:18 -05:00
Will May
1d59b965cb Add ability to create SSH certificates 2017-03-01 15:19:18 -05:00
Vishal Nayak
e3016053b3 PKI: Role switch to control lease generation (#2403) 
* pki: Make generation of leases optional

* pki: add tests for upgrading generate_lease

* pki: add tests for leased and non-leased certs

* docs++ pki generate_lease

* Generate lease is applicable for both issuing and signing

* pki: fix tests

* Address review feedback

* Address review feedback
 2017-02-24 12:12:40 -05:00
Jeff Mitchell
5e5d9baabe Add Organization support to PKI backend. (#2380) 
Fixes #2369
 2017-02-16 01:04:29 -05:00
Tommy Murphy
214cd65d55 docs: transit parameter is actually deletion_allowed (#2356) 2017-02-09 15:10:28 -05:00
Brian Vans
32d5d88119 Fixing a few typos in the docs (#2344) 2017-02-07 11:55:29 -05:00
Vishal Nayak
a9121ff733 transit: change batch input format (#2331) 
* transit: change batch input format

* transit: no json-in-json for batch response

* docs: transit: update batch input format

* transit: fix tests after changing response format
 2017-02-06 14:56:16 -05:00
Vishal Nayak
3797666436 Transit: Support batch encryption and decryption (#2143) 
* Transit: Support batch encryption

* Address review feedback

* Make the normal flow go through as a batch request

* Transit: Error out if encryption fails during batch processing

* Transit: Infer the 'derived' parameter based on 'context' being set

* Transit: Batch encryption doc updates

* Transit: Return a JSON string instead of []byte

* Transit: Add batch encryption tests

* Remove plaintext empty check

* Added tests for batch encryption, more coming..

* Added more batch encryption tests

* Check for base64 decoding of plaintext before encrypting

* Transit: Support batch decryption

* Transit: Added tests for batch decryption

* Transit: Doc update for batch decryption

* Transit: Sync the path-help and website docs for decrypt endpoint

* Add batch processing for rewrap

* transit: input validation for context

* transit: add rewrap batch option to docs

* Remove unnecessary variables from test

* transit: Added tests for rewrap use cases

* Address review feedback

* Address review feedback

* Address review feedback

* transit: move input checking out of critical path

* transit: allow empty plaintexts for batch encryption

* transit: use common structs for batch processing

* transit: avoid duplicate creation of structs; add omitempty to response structs

* transit: address review feedback

* transit: fix tests

* address review feedback

* transit: fix tests

* transit: rewrap encrypt user error should not error out

* transit: error out for internal errors
 2017-02-02 14:24:20 -05:00
Chris Hoffman
ad6f815308 Minor transit docs fixes 2017-01-23 22:26:38 -05:00
joe miller
90e32515ea allow roles to set OU value in certificates issued by the pki backend (#2251) 2017-01-23 12:44:45 -05:00
Chris Hoffman
43bae79d01 Adding support for exportable transit keys (#2133) 2017-01-23 11:04:43 -05:00
Erwin de Keijzer
7e27ca924d Fixed rabbitmq documentation 
The docs were inconsistent between readwrite and readonly, the policy
itself evaluates to a readwrite policy, so the inconsistency is solved
by changing the odd occurrence of readonly.
 2017-01-13 08:54:04 +01:00
Matthew Irish
231f00dff2 Transit key actions (#2254) 
* add supports_* for transit key reads

* update transit docs with new supports_* fields
 2017-01-11 10:05:06 -06:00
Elan Ruusamäe
cfbf8bd623 add unix socket example as well (#2193) 2016-12-16 05:13:35 -05:00
Elan Ruusamäe
31e655d597 Update index.html.md (#2191) 
add DSN as link to go-sql-driver/mysql to know the syntax
 2016-12-16 03:37:54 -05:00
Dan Gorst
4835df609d Minor documentation tweak (#2127) 
Should be arn, not policy - latter will error as that assume an inline policy json document
 2016-11-24 07:36:46 -08:00
Jeff Mitchell
6165c3e20f Update docs to fix #2102 2016-11-22 12:19:22 -05:00
Joel Thompson
523de6b4d2 Add information on HMAC verification to transit docs (#2062) 2016-11-07 13:44:14 -05:00
vishalnayak
8293b19a98 Added revocation_sql to the website docs 2016-10-27 12:15:08 -04:00
Chris Hoffman
4406a39da2 Add ability to list keys in transit backend (#1987) 2016-10-18 10:13:01 -04:00
Vishal Nayak
24ab1610f6 Merge pull request #2010 from rajanadar/patch-5 
doc: add doc for the GET lease settings api
 2016-10-18 09:39:23 -04:00
Raja Nadar
a0bb983132 fix indentation 2016-10-15 22:58:25 -07:00
Raja Nadar
b3dd87bb59 doc: add doc for the GET lease settings api 
Vault supports reading of the lease settings, with all values coming back intact. (along with a good warning message as well)
Adding it to the documentation.
 2016-10-15 22:43:50 -07:00
Raja Nadar
4321c51c83 doc: add consistency field in get-role response 2016-10-15 01:15:58 -07:00
Jeff Mitchell
37df43d534 Postgres revocation sql, beta mode (#1972) 2016-10-05 13:52:59 -04:00
Vishal Nayak
4ffd3ec392 Merge pull request #1957 from hashicorp/website-list-userpass 
Added user listing endpoint to userpass docs
 2016-10-04 14:10:49 -04:00
vishalnayak
6b0be2d5c4 Added user listing endpoint to userpass docs 2016-09-30 15:47:33 -04:00
Jeff Mitchell
ff8b570394 Update text around cubbyhole/response 2016-09-29 17:44:15 -04:00
Chris Stevens
32f883acd9 Docs/Website: MySQL config parameter "verify-connection" should be "verify_connection" 
The only instance of `verify-connection` I can find is on this docs page. The API style for parameters is underscores, so this one stands out.

The code for this and the other backends with similar connection verification features seem to use `verify_connection`.
 2016-09-29 14:05:47 -05:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Chris Hoffman
44774c99de Small consul doc fix 2016-09-28 15:11:39 -04:00
Laura Bennett
4cfe098ce4 Merge pull request #1931 from hashicorp/cass-consistency 
Adding consistency into cassandra
 2016-09-27 21:12:02 -04:00
Chris Hoffman
10c8024fa3 Adding support for chained intermediate CAs in pki backend (#1694) 2016-09-27 17:50:17 -07:00
Laura Bennett
6fb9364260 typo correction 2016-09-27 16:38:27 -04:00
Laura Bennett
ae97f14ebd updates to the documents 2016-09-27 16:36:20 -04:00
Jeff Mitchell
8482118ac6 Transit and audit enhancements 2016-09-21 10:49:26 -04:00
Chris Hoffman
cd567eb480 Renaming ttl_max -> max_ttl in mssql backend (#1905) 2016-09-20 12:39:02 -04:00
Raja Nadar
0087541e6f doc: change invalid otp response code to 400 (#1863) 
invalid otp response code is 400 bad request.
 2016-09-08 11:13:13 -04:00
Raja Nadar
f42f765ec4 doc: fixing field name to security_token (#1850) 
response field is security_token, not secret_token.
 2016-09-03 22:40:57 -04:00
Andrew Backhouse
f8c49840fa Update index.html.md (#1819) 
Corrected a minor spelling error.
 2016-08-31 10:02:43 -04:00
Jeff Mitchell
976876ac4b Update website with POST STS path 2016-08-30 10:37:55 -04:00
Jeff Mitchell
1a3d2b6c51 update docs 2016-08-26 17:52:42 -04:00
Jeff Mitchell
c9aa308804 Use key derivation for convergent nonce. (#1794) 
Use key derivation for convergent nonce.

Fixes #1792
 2016-08-26 14:11:03 -04:00
Jeff Mitchell
84cd3c20b3 Remove context-as-nonce, add docs, and properly support datakey 2016-08-07 15:53:40 -04:00
Jeff Mitchell
503a13b17b Remove erroneous information about some endpoints being root-protected 2016-08-04 16:08:54 -04:00
Cameron Stokes
1b66c6534c ~secret/aws: env variable and IAM role usage 2016-08-04 13:02:07 -07:00
Jeff Mitchell
6ce0f86c0f Update DB docs with new SQL specification options 2016-08-03 15:45:56 -04:00
Chris Hoffman
87b4514f44 Missing prefix on roles list 2016-07-29 11:31:26 -04:00
Laura Bennett
c6cc73b3bd Merge pull request #1635 from hashicorp/mysql-idle-conns 
Added maximum idle connections to mysql to close hashicorp/vault#1616
 2016-07-20 15:31:37 -04:00
Laura Bennett
33ed1ffd58 minor formatting edits 2016-07-20 14:42:52 -04:00
Jeff Mitchell
a8a2886538 Merge pull request #1604 from memory/mysql-displayname-2 
concat role name and token displayname to form mysql username
 2016-07-20 14:02:17 -04:00
Nathan J. Mehl
e824f6040b use both role name and token display name to form mysql username 2016-07-20 10:17:00 -07:00
Laura Bennett
7c2c30e5ae update documentation for idle connections 2016-07-20 12:50:07 -04:00
Nathan J. Mehl
83635c16b6 respond to feedback from @vishalnayak 
- split out usernameLength and displaynameLength truncation values,
  as they are different things

- fetch username and displayname lengths from the role, not from
  the request parameters

- add appropriate defaults for username and displayname lengths
 2016-07-20 06:36:51 -07:00
Matt Hurne
0a55ca674b mongodb secret backend documentation: Remove verify_connection from example response to GET /mongodb/config/connection; add documentation for GET /mongodb/config/lease 2016-07-19 12:46:54 -04:00
Nathan J. Mehl
417cf49bb7 allow overriding the default truncation length for mysql usernames 
see https://github.com/hashicorp/vault/issues/1605
 2016-07-12 17:05:43 -07:00
Matt Hurne
2c3b5513df mongodb secret backend: Improve and correct errors in documentation; improve "parameter is required" error response messages 2016-07-07 23:09:45 -04:00
Matt Hurne
f2a3471f37 Update mongodb secret backend documentation to indicate that ttl and max_ttl lease config parameters are optional rather than required 2016-07-07 22:34:00 -04:00
Matt Hurne
a130c7462a mongodb secret backend documentation: Use single quotes around roles JSON to avoid needing to escape double quotes within the JSON 2016-07-07 22:31:35 -04:00
Matt Hurne
2b5b56febd mongodb secret backend: Update documentation 2016-07-05 09:50:23 -04:00
Matt Hurne
7571487c7f Merge branch 'master' into mongodb-secret-backend 2016-07-01 20:39:13 -04:00
Mark Paluch
895eac0405 Address review feedback. 
Switch ConnectTimeout to framework.TypeDurationSecond  with a default of 5. Remove own parsing code.
 2016-07-01 22:26:08 +02:00
Mark Paluch
f85b2b11d3 Support connect_timeout for Cassandra and align timeout. 
The cassandra backend now supports a configurable connect timeout. The timeout is configured using the connect_timeout parameter in the session configuration.  Also align the timeout to 5 seconds which is the default for the Python and Java drivers.

Fixes #1538
 2016-07-01 21:22:37 +02:00
Matt Hurne
f55955c2d8 Rename mongodb secret backend's 'ttl_max' lease configuration field to 'max_ttl' 2016-06-30 09:57:43 -04:00
Matt Hurne
4c97b1982a Add mongodb secret backend 2016-06-29 08:33:06 -04:00
Jeff Mitchell
d46eba8a42 Update PKI docs with key_usge info 2016-06-23 11:07:17 -04:00
vishalnayak
c37ef12834 Added list functionality to logical aws backend's roles 2016-06-20 19:51:04 -04:00
Jeff Mitchell
1c15a56726 Add convergent encryption option to transit. 
Fixes #1537
 2016-06-20 13:17:48 -04:00
Mark Paluch
10ea4bf8d4 Fix RabbitMQ documentation 
Change parameter `uri` to `connection_uri` in code example.
 2016-06-19 17:45:30 +02:00
vishalnayak
75937956aa RabbitMQ docs++ 2016-06-14 10:22:30 -04:00
Jeff Mitchell
5b7e6804e1 Add updated wrapping information 2016-06-14 05:59:50 +00:00
Jeff Mitchell
7479621705 Don't check parsability of a ttl key on write. 
On read we already ignore bad values, so we shouldn't be restricting
this on write; doing so alters expected data-in-data-out behavior. In
addition, don't issue a warning if a given `ttl` value can't be parsed,
as this can quickly get annoying if it's on purpose.

The documentation has been updated/clarified to make it clear that this
is optional behavior that doesn't affect the status of the key as POD
and the `lease_duration` returned will otherwise default to the
system/mount defaults.

Fixes #1505
 2016-06-08 20:14:36 -04:00
Laura Bennett
8fb5ca046c url fix 2016-06-08 14:53:33 -04:00
Laura Bennett
2b3f6d59a5 Updates for pki/certs list functionality 2016-06-08 14:37:57 -04:00
Vishal Nayak
8b15722fb4 Merge pull request #788 from doubledutch/master 
RabbitMQ Secret Backend
 2016-06-08 10:02:24 -04:00
vishalnayak
ab017967e4 Provide option to disable host key checking 2016-06-01 11:08:24 -04:00
vishalnayak
8ae663f498 Allow * to be set for allowed_users 2016-05-30 03:12:43 -04:00
vishalnayak
c945b8b3f2 Do not allow any username to login if allowed_users is not set 2016-05-30 03:01:47 -04:00
Kevin Pike
493f69c657 Update rabbitmq lease docs 2016-05-20 23:28:41 -07:00
Jeff Mitchell
205ba863ea Add cubbyhole wrapping documentation 2016-05-19 13:33:51 -04:00