* add docs for configuring jwt validation pubkeys for vso and update jwt auth docs to mention key rotation
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
* Update audit.mdx
Per the discussion here: https://hashicorp.enterprise.slack.com/archives/CPEPB6WRL/p1656678311708759
This parameter does not apply to DR replication.
This document should specify that the `local` parameter only applies to performance replication because even with this enabled the audit device configuration is still replicated to a DR cluster. This is also the expected and desired behavior.
* Fixed typos
---------
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
* VAULT-21427 change ui references from K/V to KV
* references in docs/
* website json data
* go command errors
* replace Key/Value with Key Value
* add changelog
* update test
* update secret list header badge
* two more test updates
Adding an overview doc for using AWS auth with Vault Secrets Operator
under Secret Sources/Vault/Auth Methods/.
Had to move the AWS and GCP auth pages down one directory to get
around a "mismatched parent directories" error.
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Added clarification for 32 character limit on STS tokens.
Forcing suggestion commit so we can merge and publish the changes.
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Added `vault operator raft snapshot inspect` usage
* Update website/content/docs/commands/operator/raft.mdx
Forcing suggestion commit so we can merge and publish the changes.
---------
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Creating a Vault version explainer
The explainer is a partial that can be used on multiple pages. It gives an overview of our policies and version format and offers some recommendations about staying current.
* Apostrophe typo
Not saying I got all the typos, but got one anyway.
* Add a note about the very rare 4th digit
* Conform to subtitle best practices
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
---------
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
- Noticed that our documentation was out of date, we allow 8192
bit RSA keys to be used as an argument to the various PKI
issuer/key creation APIs.
- Augument some unit tests to verify this continues to work
* fix -log-file so that it uses the correct name and only adds timestamps on rotation
* added some tests for naming/rotation
* changelog
* revert to previous way of getting created time
* remove unused stat
* comment shuffle
* Update changelog/24297.txt
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
* Update website/content/docs/agent-and-proxy/agent/index.mdx
Update 'agent' docs page
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/docs/agent-and-proxy/proxy/index.mdx
Update 'proxy' docs page
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/docs/commands/server.mdx
Update 'server' docs page
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* fix typos
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Pulls in github.com/go-secure-stdlib/plugincontainer@v0.3.0 which exposes a new `Config.Rootless` option to opt in to extra container configuration options that allow establishing communication with a non-root plugin within a rootless container runtime.
* Adds a new "rootless" option for plugin runtimes, so Vault needs to be explicitly told whether the container runtime on the machine is rootless or not. It defaults to false as rootless installs are not the default.
* Updates `run_config.go` to use the new option when the plugin runtime is rootless.
* Adds new `-rootless` flag to `vault plugin runtime register`, and `rootless` API option to the register API.
* Adds rootless Docker installation to CI to support tests for the new functionality.
* Minor test refactor to minimise the number of test Vault cores that need to be made for the external plugin container tests.
* Documentation for the new rootless configuration and the new (reduced) set of restrictions for plugin containers.
* As well as adding rootless support, we've decided to drop explicit support for podman for now, but there's no barrier other than support burden to adding it back again in future so it will depend on demand.
