mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-24 20:21:09 +01:00
Code Issues Projects Releases Wiki Activity
6,745 Commits 2,848 Branches 460 Tags
Commit Graph

1152 Commits

Author SHA1 Message Date
Armon Dadgar
49cdf87ab9 website: fixing details about HA backends 2015-07-24 12:11:45 -07:00
Armon Dadgar
f9e853afc0 Merge pull request #449 from JustinLaRose/master 
Cassandra secret backend doc update for connection config
 2015-07-23 13:42:59 -07:00
Armon Dadgar
69e5100eb4 Merge pull request #447 from kgutwin/f-tlsvers 
Specify Vault listener minimum TLS version
 2015-07-23 13:42:42 -07:00
Armon Dadgar
3f7853cd53 Merge pull request #433 from infame-io/feature/s3_sts 
Granting S3 backend temporary access
 2015-07-23 13:33:58 -07:00
Karl Gutwin
46838b2b7e Document warning for using lower TLS versions 2015-07-23 11:54:45 -04:00
Lauro Balderas
8d574d2eaa S3 backend session token documentation updated 2015-07-23 22:53:20 +10:00
Justin LaRose
e697b7c057 Cassandra secret backend doc update for connection config - "hosts" instead of "host" 2015-07-23 03:07:29 -04:00
Karl Gutwin
04c5596822 Avoid unnecessary abbreviation 2015-07-22 23:28:46 -04:00
Karl Gutwin
3ad703eba6 TLS minimum version documentation 2015-07-22 23:21:18 -04:00
Armon Dadgar
3c7f311181 Merge pull request #419 from nbrownus/telemetry_names 
Disable hostname prefix for runtime telemetry
 2015-07-22 15:38:23 -07:00
Bradley Girardeau
709b91fbd1 ldap: change setting user policies to setting user groups 2015-07-20 11:33:39 -07:00
Bradley Girardeau
675dc28c70 ldap: add documentation for setting policies based on user 2015-07-14 16:13:40 -07:00
Nate Brown
bb11e27ba1 Docs for the telemetry object 2015-07-14 15:45:45 -07:00
Bradley Girardeau
cbb6b64ce6 ldap: add ability to login with a userPrincipalName (user@upndomain) 2015-07-14 15:37:46 -07:00
Armon Dadgar
dc5ecc3eed website: fixing lots of references to vault help 2015-07-13 20:12:09 +10:00
Armon Dadgar
e6cf9dcb63 website: help command is now path-help 2015-07-13 20:03:29 +10:00
Armon Dadgar
fce7c43b98 physical/zk: Fixing node representation. Fixes #416 2015-07-13 19:33:23 +10:00
Armon Dadgar
0cc974bd66 website: fixing documentation errors. Fixes #412 2015-07-13 19:10:44 +10:00
Armon Dadgar
10f23df605 website: update HA status, discourage ZK 2015-07-13 19:01:32 +10:00
Matt Button
6d2eca31f1 Remove documentation that was copied from the terraform project 2015-07-12 16:52:24 +00:00
mootpt
40d2834310 fixed secrets backend url 
minor doc fix
 2015-07-06 11:11:58 -07:00
mootpt
e8fb47048b pointed authentication backend to proper location 
pointed authentication backend to proper location
 2015-07-06 10:42:14 -07:00
Armon Dadgar
ab489f3208 Merge pull request #400 from hashicorp/f-glob 
Change ACL semantics, use explicit glob and deny has highest precedence
 2015-07-06 11:15:49 -06:00
Armon Dadgar
d9c7349ad3 website: clarify changes in addition to feedback 2015-07-06 11:10:09 -06:00
Armon Dadgar
c062345146 secret/transit: address PR feedback 2015-07-05 19:58:31 -06:00
Armon Dadgar
5e40a66b7c website: update for glob matching 2015-07-05 17:43:13 -06:00
Armon Dadgar
5838f8da50 website: document derived keys in secret/transit 2015-07-05 14:47:16 -07:00
Armon Dadgar
d77efbd716 http: support ?standbyok for 200 status on standby. Fixes #389 2015-07-02 17:49:35 -07:00
Bradley Girardeau
0ef2eca24f ldap: add starttls support and option to specificy ca certificate 2015-07-02 15:49:51 -07:00
Armon Dadgar
f7602dd44a Merge pull request #380 from kgutwin/cert-cli 
Enable TLS client cert authentication via the CLI
 2015-06-30 11:44:28 -07:00
Armon Dadgar
a8537b220e website: document insecure_tls for LDAP backend 2015-06-30 09:42:18 -07:00
Jeff Mitchell
035c430eb2 Address some issues from code review. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:27:23 -04:00
Karl Gutwin
6668a6d7ef Website docs. 2015-06-30 09:18:39 -04:00
Jeff Mitchell
1faaf20b92 A Cassandra secrets backend. 
Supports creation and deletion of users in Cassandra using flexible CQL queries.

TLS, including client authentication, is supported.

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-30 09:04:01 -04:00
Jeff Mitchell
d8ed14a603 Merge remote-tracking branch 'upstream/master' into f-pki 2015-06-19 13:01:26 -04:00
Jeff Mitchell
435aefc072 A few things: 
* Add comments to every non-obvious (e.g. not basic read/write handler type) function
* Remove revoked/ endpoint, at least for now
* Add configurable CRL lifetime
* Cleanup
* Address some comments from code review

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-19 12:48:18 -04:00
Armon Dadgar
46ba8d10a5 physical/mysql: cleanup and documentation 2015-06-18 14:31:00 -07:00
Jeff Mitchell
23ba605068 Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-18 15:22:58 -04:00
Armon Dadgar
ba24d891fd website: document transit upsert behavior 2015-06-17 18:51:58 -07:00
Armon Dadgar
7c31e29295 website: update the transit documentation 2015-06-17 18:45:29 -07:00
Jeff Mitchell
79164f38ad Merge branch 'master' into f-pki 2015-06-16 13:43:25 -04:00
Armon Dadgar
61f7c098f7 Merge pull request #341 from ryancurrah/ryancurrah-doc-transit-echofix 
Do not output the trailing newline in encoding.
 2015-06-15 17:36:01 -07:00
Seth Vargo
b9112733f3 Document longest-prefix match 
Fixes https://github.com/hashicorp/vault/issues/331
 2015-06-15 14:29:20 -04:00
Ryan Currah
35f1cfeb77 Do not output the trailing newline in encoding. 
Added -n to echo command to prevent newlines from showing up in encoding.
 2015-06-13 12:03:57 -04:00
Jeff Mitchell
067fbc9078 Fix a docs-out-of-date bug. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-12 16:33:00 -04:00
Jeff Mitchell
0ee9735a5a Fix some out-of-date examples. 
Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-11 21:17:05 -04:00
Jeff Mitchell
20ac7a46f7 Add acceptance tests 
* CA bundle uploading
* Basic role creation
* Common Name restrictions
* IP SAN restrictions
* EC + RSA keys
* Various key usages
* Lease times
* CA fetching in various formats
* DNS SAN handling

Also, fix a bug when trying to get code signing certificates.

Not tested:
* Revocation (I believe this is impossible with the current testing framework)

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Jeff Mitchell
530b67bbb9 Initial PKI backend implementation. 
Complete:
* Up-to-date API documents
* Backend configuration (root certificate and private key)
* Highly granular role configuration
* Certificate generation
* CN checking against role
* IP and DNS subject alternative names
* Server, client, and code signing usage types
* Later certificate (but not private key) retrieval
* CRL creation and update
* CRL/CA bare endpoints (for cert extensions)
* Revocation (both Vault-native and by serial number)
* CRL force-rotation endpoint

Missing:
* OCSP support (can't implement without changes in Vault)
* Unit tests

Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>
 2015-06-08 00:06:09 -04:00
Justin Campbell
a8850ed5ed docs: Fix examples of auth via JSON 
For both userpass and LDAP
 2015-06-04 10:38:11 -04:00
Armon Dadgar
9b879d3434 Merge pull request #263 from sheldonh/iam-policy 
List IAM permissions required by root credentials
 2015-06-01 13:16:51 +02:00