This project is mirrored from https://gitee.com/NQL886/vault.git. Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
  1. 10 Jan, 2019 6 commits
  2. 09 Jan, 2019 10 commits
  3. 08 Jan, 2019 3 commits
    • Jim Kalafut's avatar
      changelog++ · 60be7410
      Jim Kalafut authored
      60be7410
    • Julien Blache's avatar
      FoundationDB backend TLS support and housekeeping (#5800) · 29471c88
      Julien Blache authored
      * Fix typo in documentation
      
      * Update fdb-go-install.sh for new release tags
      
      * Exclude FoundationDB bindings from vendoring, delete vendored copy
      
      FoundationDB bindings are tightly coupled to the server version and
      client library version used in a specific deployment. Bindings need
      to be installed using the fdb-go-install.sh script, as documented in
      the foundationdb backend documentation.
      
      * Add TLS support to FoundationDB backend
      
      TLS support appeared in FoundationDB 5.2.4, raising the minimum API version
      for TLS-aware FoundationDB code to 520.
      
      * Update documentation for FoundationDB TLS support
      29471c88
    • Seth Vargo's avatar
      Fix formatting (#6009) · 0e0f356a
      Seth Vargo authored
      The new markdown parser is less forgiving
      0e0f356a
  4. 07 Jan, 2019 5 commits
  5. 04 Jan, 2019 8 commits
    • Chris Hoffman's avatar
      changelog++ · 50e31e54
      Chris Hoffman authored
      50e31e54
    • Chris Hoffman's avatar
      changelog++ · 3a68a8b8
      Chris Hoffman authored
      3a68a8b8
    • Seth Vargo's avatar
      Reduce required permissions for the GCPCKMS auto-unsealer (#5999) · 92935941
      Seth Vargo authored
      This changes the behavior of the GCPCKMS auto-unsealer setup to attempt
      encryption instead of a key lookup. Key lookups are a different API
      method not covered by roles/cloudkms.cryptoKeyEncrypterDecrypter. This
      means users must grant an extended scope to their service account
      (granting the ability to read key data) which only seems to be used to
      validate the existence of the key.
      
      Worse, the only roles that include this permission are overly verbose
      (e.g. roles/viewer which gives readonly access to everything in the
      project and roles/cloudkms.admin which gives full control over all key
      operations). This leaves the user stuck between choosing to create a
      custom IAM role (which isn't fun) or grant overly broad permissions.
      
      By changing to an encrypt call, we get better verification of the unseal
      permissions and users can reduce scope to a single role.
      92935941
    • Jeff Mitchell's avatar
      changelog++ · 916dc767
      Jeff Mitchell authored
      916dc767
    • Jeff Mitchell's avatar
      Don't read AWS env vars (#5974) · 9af595ec
      Jeff Mitchell authored
      * Don't read AWS env vars
      
      Let AWS SDK env cred chain provider do it for us
      
      Fixes #5965
      9af595ec
    • Jeff Mitchell's avatar
      Change credential_types output to credential_type (#5975) · 2dcd0aed
      Jeff Mitchell authored
      Fixes #5972
      2dcd0aed
    • Jim Kalafut's avatar
      Add tests for OpenAPI operation ids (#5998) · cefe45d3
      Jim Kalafut authored
      cefe45d3
    • Seth Vargo's avatar
      Fix audit docs (#6000) · 02f17391
      Seth Vargo authored
      These appear to have been converted to (bad) HTML. This returns them to
      their original markdown format.
      02f17391
  6. 03 Jan, 2019 5 commits
  7. 20 Dec, 2018 3 commits