mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 11:07:00 +02:00
Code Issues Projects Releases Wiki Activity
6,740 Commits 2,843 Branches 445 Tags 454 MiB
d3a2844a75
Commit Graph

339 Commits

Author SHA1 Message Date
Jeff Mitchell
6c21b3b693 Remove JWT for the 0.3 release; it needs a lot of rework. 2015-09-24 16:23:44 -04:00
Dominic Luechinger
886c67892d Fixes docs for new JWT secret backend 2015-09-24 16:47:17 +02:00
Spencer Herzberg
66e0cb2175 docs: pg username not prefixed with vault- 
due to
05fa4a4a48,
vault no longer prefixes the username with `vault-`
 2015-09-22 10:14:47 -05:00
Jeff Mitchell
791ae62db3 Minor doc update to SSH 2015-09-21 16:26:07 -04:00
Jeff Mitchell
fa53293b7b Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values 2015-09-21 16:14:30 -04:00
Jeff Mitchell
08a81a3364 Update transit backend documentation, and also return the min decryption 
value in a read operation on the key.
 2015-09-21 16:13:43 -04:00
Jeff Mitchell
a57eb45b50 Add API endpoint documentation to cubbyhole 2015-09-21 16:13:36 -04:00
Jeff Mitchell
e4cab7afe5 Add API endpoint documentation to generic 2015-09-21 16:13:29 -04:00
Jeff Mitchell
46073e4470 Enhance transit backend: 
* Remove raw endpoint from transit
* Add multi-key structure
* Add enable, disable, rewrap, and rotate functionality
* Upgrade functionality, and record creation time of keys in metadata. Add flag in config function to control the minimum decryption version, and enforce that in the decrypt function
* Unit tests for everything
 2015-09-18 14:41:05 -04:00
Jeff Mitchell
c80fdb4bdc Add documentation for cubbyhole 2015-09-15 13:50:37 -04:00
Brian Lalor
ade8c31469 Remove unused param to 'vault write aws/roles/deploy' 
The name is taken from the path, not the request body.  Having the duplicate key is confusing.
 2015-09-06 06:57:39 -04:00
Armon Dadgar
c3ba4fc147 Merge pull request #590 from MarkVLK/patch-1 
Update mysql docs markdown to fix grammar error
 2015-09-04 19:13:50 -07:00
MarkVLK
ac44229d18 Update transit docs markdown to add missing word 
Added the presumably missing *decrypt* from "encrypt/data" in the first sentence.
 2015-09-04 17:11:34 -07:00
MarkVLK
94c6df8d65 Update mysql docs markdown to fix grammar error 
Changed "... used to **generated** those credentials" to "... used to **generate** those credentials."
 2015-09-04 17:05:45 -07:00
Vishal Nayak
4d3f68a631 Merge pull request #578 from hashicorp/exclude-cidr-list 
Vault SSH: Added exclude_cidr_list option to role
 2015-08-28 07:59:46 -04:00
vishalnayak
1226251d14 Vault SSH: Added exclude_cidr_list option to role 2015-08-27 23:19:55 -04:00
Jeff Mitchell
f84c8b8681 Deprecate lease -> ttl in PKI backend, and default to system TTL values if not given. This prevents issuing certificates with a longer duration than the maximum lease TTL configured in Vault. Fixes #470. 2015-08-27 12:24:37 -07:00
vishalnayak
06ac073684 Vault SSH: Docs for default CIDR value 2015-08-27 13:10:15 -04:00
vishalnayak
630f348dbf Vault SSH: Provide key option specifications for dynamic keys 2015-08-27 11:41:29 -04:00
Jeff Mitchell
e7f2a54720 Rejig Lease terminology internally; also, put a few JSON names back to their original values 2015-08-20 22:27:01 -07:00
Jeff Mitchell
c35fbca5e0 Update help text for TTL values in generic backend 2015-08-20 17:59:30 -07:00
Jeff Mitchell
358849fbc3 Change "lease" parameter in the generic backend to be "ttl" to reduce confusion. "lease" is now deprecated but will remain valid until 0.4. 
Fixes #528.
 2015-08-20 16:41:25 -07:00
Vishal Nayak
41db9d25c7 Merge pull request #385 from hashicorp/vishal/vault 
SSH Secret Backend for Vault
 2015-08-20 10:03:15 -07:00
Bernhard K. Weisshuhn
e0e0c43202 avoid dashes in generated usernames for cassandra to avoid quoting issues 2015-08-20 11:15:28 +02:00
vishalnayak
36bf873a47 Vault SSH: 1024 is default key size and removed 4096 2015-08-19 12:51:33 -07:00
vishalnayak
2e6a087d22 Vault SSH: doc update 2015-08-18 11:50:32 -07:00
vishalnayak
d63726b41b Vault SSH: Documentation update and minor refactoring changes. 2015-08-17 18:22:03 -07:00
vishalnayak
a98b3befd9 Vault SSH: Website page for SSH backend 2015-08-14 12:41:26 -07:00
vishalnayak
2ac3cabf87 Merging changes from master 2015-08-12 09:28:16 -07:00
vishalnayak
18db544d26 Vault SSH: Website doc v1. Removed path_echo 2015-08-12 09:25:28 -07:00
Erik Kristensen
d877b713e9 initial pass at JWT secret backend 2015-08-06 17:49:44 -06:00
Fabian Ruff
d2074132aa fix doc for pki/revoke API 2015-07-29 14:28:12 +02:00
Justin LaRose
e697b7c057 Cassandra secret backend doc update for connection config - "hosts" instead of "host" 2015-07-23 03:07:29 -04:00
Armon Dadgar
dc5ecc3eed website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar
c062345146 secret/transit: address PR feedback 2015-07-05 19:58:31 -06:00
Armon Dadgar
5838f8da50 website: document derived keys in secret/transit 2015-07-05 14:47:16 -07:00
Jeff Mitchell
035c430eb2 Address some issues from code review. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:27:23 -04:00
Jeff Mitchell
1faaf20b92 A Cassandra secrets backend. 
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:04:01 -04:00
Jeff Mitchell
d8ed14a603 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell
435aefc072 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Jeff Mitchell
23ba605068 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00
Armon Dadgar
ba24d891fd website: document transit upsert behavior 2015-06-17 18:51:58 -07:00
Armon Dadgar
7c31e29295 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Jeff Mitchell
79164f38ad Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Ryan Currah
35f1cfeb77 Do not output the trailing newline in encoding. 
Added -n to echo command to prevent newlines from showing up in encoding.
 2015-06-13 12:03:57 -04:00
Jeff Mitchell
067fbc9078 Fix a docs-out-of-date bug. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-12 16:33:00 -04:00
Jeff Mitchell
0ee9735a5a Fix some out-of-date examples. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 21:17:05 -04:00
Jeff Mitchell
20ac7a46f7 Add acceptance tests 
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Jeff Mitchell
530b67bbb9 Initial PKI backend implementation. 
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Armon Dadgar
9b879d3434 Merge pull request #263 from sheldonh/iam-policy 
List IAM permissions required by root credentials
 2015-06-01 13:16:51 +02:00
Armon Dadgar
35b10a7a9a Merge pull request #261 from jsok/consul-lease 
Add ability to configure consul lease durations
 2015-06-01 13:04:28 +02:00
Chad Whitacre
adb777cc0f Provide missing verb 2015-05-31 17:19:34 -04:00
certifiedloud
2521e90ef7 replaced confusing term 'physical' with 'storage'. 2015-05-27 14:44:17 -06:00
Sheldon Hearn
5a28f0bcbd Missed a few IAM permissions 2015-05-27 16:42:12 +02:00
Sheldon Hearn
7cba6f84de List IAM permissions required by root credentials 2015-05-27 16:28:24 +02:00
Jonathan Sokolowski
b872babb7b website: Update /consul/roles/ parameters 2015-05-27 09:54:15 +10:00
Armon Dadgar
2d9b12b853 website: Document overwrite behavior. Fixes #182 2015-05-11 10:58:29 -07:00
Mitchell Hashimoto
9f9527ddc3 Merge pull request #54 from pborreli/typos 
website: fixed typos
 2015-04-28 11:37:49 -07:00
Emil Hessman
4079905682 website: merge 2015-04-28 20:36:27 +02:00
Pascal Borreli
bbd3ce341a Fixed typos 2015-04-28 19:36:16 +01:00
Emil Hessman
79b098b89e website: address minor doc typos 2015-04-28 20:32:04 +02:00
Andrew Williams
cfe60c4846 website: fix small typo 2015-04-28 13:21:44 -05:00
Mat Elder
680f55aee6 msyql to consul on consul backend docs 2015-04-28 14:11:42 -04:00
Armon Dadgar
2bcba24561 website: remove TODO from transit quickstart 2015-04-27 14:58:53 -07:00
Armon Dadgar
478a5965ee secret/aws: Using roles instead of policy 2015-04-27 14:20:28 -07:00
Armon Dadgar
aaf10cd624 Do not root protect role configurations 2015-04-27 14:07:20 -07:00
Armon Dadgar
3330d43d44 secret/postgres: secret/mysql: roles endpoints root protected 2015-04-27 14:04:10 -07:00
Armon Dadgar
f159750509 secret/consul: replace policy with roles, and prefix the token path 2015-04-27 13:59:56 -07:00
Armon Dadgar
d425ca22df secret/transit: rename policy to keys 2015-04-27 13:52:47 -07:00
Armon Dadgar
b80f3e4e06 website: API consistency 2015-04-27 12:30:46 -07:00
Armon Dadgar
26b5dc20c6 website: aws API 2015-04-27 12:26:23 -07:00
Armon Dadgar
27902b1d06 website: make PG quickstart like MySQL 2015-04-27 12:16:07 -07:00
Armon Dadgar
fd00322981 website: adding postgresql API docs 2015-04-27 11:17:13 -07:00
Armon Dadgar
e44fd556a8 website: document Consul APIs 2015-04-27 11:08:47 -07:00
Seth Vargo
6b62366d2b Add Quick Start for Postgresql 2015-04-27 09:30:21 -04:00
Seth Vargo
ad8f1f3659 Add Quick Start for AWS 2015-04-27 09:29:16 -04:00
Armon Dadgar
e7298e1169 website: start consul api 2015-04-26 22:03:38 -07:00
Armon Dadgar
d6a1344bfd website: consul quickstart 2015-04-26 22:03:38 -07:00
Armon Dadgar
7db392217c website: adding mysql quickstart and API 2015-04-26 22:03:38 -07:00
Armon Dadgar
a6ec8e7685 website: quickstart + API for transit 2015-04-26 22:03:38 -07:00
Armon Dadgar
3670757628 website: quickstart for generic 2015-04-26 22:03:38 -07:00
Armon Dadgar
cc69073b37 website: adding mysql docs skeleton 2015-04-25 12:10:53 -07:00
Mitchell Hashimoto
8f49e8a919 website: postgresql backend 2015-04-18 22:47:23 -07:00
Mitchell Hashimoto
06c4e52377 logical/aws: move root creds config to config/root 2015-04-18 22:21:31 -07:00
Mitchell Hashimoto
d77faa2760 website: transit backend 2015-04-17 12:56:31 -07:00
Mitchell Hashimoto
1dac233812 website: add a couple more secret backend sections 2015-04-13 20:42:07 -07:00
Mitchell Hashimoto
061f6cfd2f website: consul secret backend 2015-04-10 20:26:01 -07:00
Mitchell Hashimoto
148129030b website: aws secret backend 2015-04-10 20:24:45 -07:00
Mitchell Hashimoto
87ebb09ca8 website: secrets index 2015-04-09 23:31:26 -07:00