This project is mirrored from https://gitee.com/NQL886/vault.git.
Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
- 10 Jan, 2019 6 commits
-
-
Matthew Irish authored
* don't prevent model save when the model is in the error state on secrets creation * add test
-
Dilan Bellinghoven authored
* Added Docker credential helper to list of Third-Party tools * website/source/api/relatedtools.html.md: Fixed a typo
-
Yoko authored
-
vishalnayak authored
-
ncabatoff authored
-
nathan r. hruby authored
-
- 09 Jan, 2019 10 commits
-
-
Vishal Nayak authored
* Add option to configure ec2_alias values * Doc updates * Fix overwriting of previous config value * s/configEntry/config * Fix formatting * Address review feedback * Address review feedback
-
Calvin Leung Huang authored
-
Vishal Nayak authored
* fix cubbyhole deletion * Fix error handling * Move the cubbyhole tidy logic to token store and track the revocation count * Move fetching of cubby keys before the tidy loop * Fix context getting cancelled * Test the cubbyhole cleanup logic * Add progress counter for cubbyhole cleanup * Minor polish * Use map instead of slice for faster computation * Add test for cubbyhole deletion * Add a log statement for deletion * Add SHA1 hashed tokens into the mix
-
Matthew Irish authored
* add dot-to-dash helper * fix context menu on policy page and add test for deletion * use dot-to-dash where we use confirm component * fix acceptance test
-
ncabatoff authored
-
Yoko authored
-
Brian Kassouf authored
-
Giacomo Tirabassi authored
* intial work for influxdb secret plugin * fixed typo * added comment * added documentation * added tests * fixed tests * added vendoring * minor testing issue with hardcoded values * minor fixes
-
Jim Kalafut authored
Currently used for enum output in OpenAPI.
-
Jim Kalafut authored
The result will still pass gofmtcheck and won't trigger additional changes if someone isn't using goimports, but it will avoid the piecemeal imports changes we've been seeing.
-
- 08 Jan, 2019 3 commits
-
-
Jim Kalafut authored
-
Julien Blache authored
* Fix typo in documentation * Update fdb-go-install.sh for new release tags * Exclude FoundationDB bindings from vendoring, delete vendored copy FoundationDB bindings are tightly coupled to the server version and client library version used in a specific deployment. Bindings need to be installed using the fdb-go-install.sh script, as documented in the foundationdb backend documentation. * Add TLS support to FoundationDB backend TLS support appeared in FoundationDB 5.2.4, raising the minimum API version for TLS-aware FoundationDB code to 520. * Update documentation for FoundationDB TLS support
-
Seth Vargo authored
The new markdown parser is less forgiving
-
- 07 Jan, 2019 5 commits
-
-
Calvin Leung Huang authored
-
Pierre-Alain TORET authored
-
Jeff Escalante authored
-
Thomas Kula authored
-
Aric Walker authored
-
- 04 Jan, 2019 8 commits
-
-
Chris Hoffman authored
-
Chris Hoffman authored
-
Seth Vargo authored
This changes the behavior of the GCPCKMS auto-unsealer setup to attempt encryption instead of a key lookup. Key lookups are a different API method not covered by roles/cloudkms.cryptoKeyEncrypterDecrypter. This means users must grant an extended scope to their service account (granting the ability to read key data) which only seems to be used to validate the existence of the key. Worse, the only roles that include this permission are overly verbose (e.g. roles/viewer which gives readonly access to everything in the project and roles/cloudkms.admin which gives full control over all key operations). This leaves the user stuck between choosing to create a custom IAM role (which isn't fun) or grant overly broad permissions. By changing to an encrypt call, we get better verification of the unseal permissions and users can reduce scope to a single role.
-
Jeff Mitchell authored
-
Jeff Mitchell authored
* Don't read AWS env vars Let AWS SDK env cred chain provider do it for us Fixes #5965
-
Jeff Mitchell authored
Fixes #5972
-
Jim Kalafut authored
-
Seth Vargo authored
These appear to have been converted to (bad) HTML. This returns them to their original markdown format.
-
- 03 Jan, 2019 5 commits
-
-
Iain Gray authored
* Update DG to Vault 1.0 * as per comments - chrishoffman * Removed stray bracket and added quotes * updated as per conversations with Dan
-
bjorndolk authored
* Docker support for postgres backend testing * Bug in handling of postgres connection url for non docker testing * Test should fail if it cannot retrieve pg version * internal helperfunctions pascalCasing
-
Mike Wickett authored
-
Graham Land authored
* Add KMS Rekey example I've had customers looking for AWS KMS rekeying examples today - when using pgp keys. This example would have clarified what they needed to do. * Replaced KMS reference with Auto Unseal ``` bash Rekey an Auto Unseal vault and encrypt the resulting recovery keys with PGP: ```
-
Chris Hoffman authored
-
- 20 Dec, 2018 3 commits
-
-
Becca Petrin authored
docs: Clarify the utility of DynamoDB capacities
-
Matthew Irish authored
* don't pass id when using createRecord * add find nearest ancestor mixin * re-throw the error if we've deleted something and encounter a 404 * use the with-nav-to-nearest-ancestor mixin * add some comments * add acceptance test to verify new behavior * yield final transition in ec task
-
Pawel Gorczynski authored
Extended info message regarding VAULT_ADDR env variable for Windows when running `server -dev` (#5970) * Improved info message for Windows when running `server -dev` Improvement for https://github.com/hashicorp/vault/issues/3405 * output updated to: You may need to set the following environment variable: PowerShell: $env:VAULT_ADDR="http://127.0.0.1:8200" cmd.exe: set VAULT_ADDR=http://127.0.0.1:8200
-