vault

scottk/vault

Fork 0

mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-27 15:23:52 +00:00

Commit Graph

Author	SHA1	Message	Date
hashicorp-copywrite[bot]	0b12cdcfd1	[COMPLIANCE] License changes (#22290 ) * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>	2023-08-10 18:14:03 -07:00
Steven Clark	0b9f4048af	Add External Account Binding support to ACME (#20523 ) * Add Vault APIS to create, list, delete ACME EAB keys - Add Vault authenticated APIs to create, list and delete ACME EAB keys. - Add supporting tests for all new apis * Add require_eab to acme configuration * Add EAB support to ACME * Add EAB support to ACME * PR feedback 1 - Address missing err return within DeleteEab - Move verifyEabPayload to acme_jws.go no code changes in this PR - Update error message returned for error on account storage with EAB. * PR feedback 2 - Verify JWK signature payload after signature verification * Introduce an ACME eab_policy in configuration - Instead of a boolean on/off for require_eab, introduce named policies for ACME behaviour enforcing eab. - The default policy of always-required, will force new accounts to have an EAB, and all operations in the future, will make sure the account has an EAB associated with it. - Two other policies, not-required will allow any anonymous users to use ACME within PKI and 'new-account-required' will enforce new accounts going forward to require an EAB, but existing accounts will still be allowed to use ACME if they don't have an EAB associated with the account. - Having 'always-required' as a policy, will override the environment variable to disable public acme as well. * Add missing go-docs to new tests. * Add valid eab_policy values in error message.	2023-05-15 13:15:20 -04:00

Author

SHA1

Message

Date

hashicorp-copywrite[bot]

0b12cdcfd1

[COMPLIANCE] License changes (#22290 )

* Adding explicit MPL license for sub-package.

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Adding explicit MPL license for sub-package.

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Updating the license from MPL to Business Source License.

Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.

* add missing license headers

* Update copyright file headers to BUS-1.1

* Fix test that expected exact offset on hcl file

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>

2023-08-10 18:14:03 -07:00

Steven Clark

0b9f4048af

Add External Account Binding support to ACME (#20523 )

* Add Vault APIS to create, list, delete ACME EAB keys

 - Add Vault authenticated APIs to create, list and delete ACME
   EAB keys.
 - Add supporting tests for all new apis

* Add require_eab to acme configuration

* Add EAB support to ACME

* Add EAB support to ACME

* PR feedback 1

 - Address missing err return within DeleteEab
 - Move verifyEabPayload to acme_jws.go no code changes in this PR
 - Update error message returned for error on account storage with EAB.

* PR feedback 2

 - Verify JWK signature payload after signature verification

* Introduce an ACME eab_policy in configuration

 - Instead of a boolean on/off for require_eab, introduce named policies for ACME behaviour enforcing eab.
 - The default policy of always-required, will force new accounts to have an EAB, and all operations in the future, will make sure the account has an EAB associated with it.
 - Two other policies, not-required will allow any anonymous users to use ACME within PKI and 'new-account-required' will enforce new accounts going forward to require an EAB, but existing accounts will still be allowed to use ACME if they don't have an EAB associated with the account.
 - Having 'always-required' as a policy, will override the environment variable to disable public acme as well.

* Add missing go-docs to new tests.

* Add valid eab_policy values in error message.

2023-05-15 13:15:20 -04:00

2 Commits