* Update cert metadata docs
- Add missing enterprise notices on parameters and titles
- Mention that the metadata parameter is a base64 encoded string
- Tweak the no_store_metadata description
- Update some entries within the PKI considerations page
* Add serial_number to read certificate metadata sample response
* Update fields sign-verbatim is affected by the specified role
* clarify behavior of list operations when no results found
* Update website/content/api-docs/index.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* add note around CRL rotation not occuring on revoke if auto_rebuild is enabled
A note to clarify that revocation will not trigger a rotation of the CRL if auto_rebuild of the CRL is set to true/enabled.
* fix links
fix links
* Update pki.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update pki.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* PKI: Change sign-intermediate to truncate notAfter by default
- The PKI sign-intermediate API allowed an end-user to request a TTL
value that would extend beyond the signing issuer's notAfter. This would
generate an invalid CA chain when properly validated.
- We are now changing the default behavior to truncate the returned certificate
to the signing issuer's notAfter.
- End-users can get the old behavior by configuring the signing issuer's
leaf_not_after_behavior field to permit, and call sign-intermediary
with the new argument enforce_leaf_not_after_behavior to true. The
new argument could also be used to enforce an error instead of truncating
behavior if the signing issuer's leaf_not_after_behavior is set to err.
* Add cl
* Add cl and upgrade note
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Adding a note to clarify to customers that the standby nodes will not respond to metrics requests to this API endpoint
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Document tokenization DELETE
* typo
* Update website/content/api-docs/secret/transform.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* VAULT-24469 use sys/seal-status instead of internal version endpoint
* Update tests and mirage handlers
* Revert "VAULT-20669: Add New Authenticated Endpoint for Version (#23740)"
This reverts commit 550c99ae3b.
* Readded version_test.go
* Reverted any old changes on versionlgo
---------
Co-authored-by: divyaac <divyaac@berkeley.edu>
* Support OCSP responses without a NextUpdate value set
- Validate that the ThisUpdate value is
properly prior to our current time and
if NextUpdate is set that, ThisUpdate is
before NextUpdate.
- If we don't have a value for NextUpdate just compare against ThisUpdate.
* Add ocsp_this_update_max_ttl support to cert auth
- Allow configuring a maximum TTL of the OCSP response based on the
ThisUpdate time like OpenSSL does
- Add test to validate that we don't cache OCSP responses with no NextUpdate
* Add cl
* Add missing ` in docs
* Rename ocsp_this_update_max_ttl to ocsp_this_update_max_age
* Missed a few TTL references
* Fix error message
* Docs: New parameter for the K8s Secrets roles
* Fix: Apply text correction from review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Peter Wilson <peter.wilson@hashicorp.com>
* allows use of pre-hashed passwords with userpass backend
* Remove unneeded error
* Single error check after switch
* use param name quoted in error message
* updated test for quoted param in error
* white space fixes for markdown doc
* More whitespace fixes
* added changelog
* Password/pre-hashed password are only required on 'create' operation
* docs indentation
* Update website/content/docs/auth/userpass.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Updated docs
* Check length of hash too
* Update builtin/credential/userpass/path_user_password_test.go
:)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* PKI EST docs
Initial draft of the PKI EST setup and API docs for feedback
* Add missing enable_sentinel_parsing param to API docs
* Update grammar
* Some API doc feedback
* Note about dedicated auth mounts
* Additional PR feedback
---------
Co-authored-by: Scott G. Miller <smiller@hashicorp.com>
* Add note around OCSP GET request issue
- Fix some broken TOC links
- Add a note in the api-docs and in the considerations page
around Vault having issues with OCSP GET requests and that
POST requests should be preferred.
- Add existing known issue to all branches that are affected.
* Fix links to partial file for 1.12 and 1.13 upgrade docs
* Add new /sys/well-known interface to get information about registered labels
- Add two new interfaces LIST/GET /sys/well-known which will provide
a list of keys which are registered labels within the /.well-known space on
the local server, along with a detailed info map for each
- Add GET /sys/well-known/<label> to get details on a specific registered label
- Add docs and tests for the new api endpoints
* Add test doc and remove copied comment
* Rename returned fields to use snake case
* Remove extra newline added when resolving the merge conflict
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* remove uiCustomMessagePaths from System backend paths
* adjust documentation
* grammar improvements in docs
* add ENT badge to custom-message api docs page in ToC
