Store a value to storage to signal that initialization is in progress. Look for
this entry when trying to unseal using stored keys, and bail out if the entry is
found.
* wip
* Unit test the CRL limit, wire up config
* Bigger error
* API docs
* wording
* max_crl_entries, + ignore 0 or < -1 values to the config endpoint
* changelog
* rename field in docs
* Update website/content/api-docs/secret/pki/index.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* Update website/content/api-docs/secret/pki/index.mdx
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
---------
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
* added changelog update records for 1.18.0, 1.17.7, 1.16.11, and 1.15.16
* removed the word enterprise to make consistant
* revert WIF chnage log item wording
* updated the backport versions to denote that they are enterprise releases
---------
Co-authored-by: lursu <leland.ursu@hashicorp.com>
* Add field to API docs, add small section to overview
* Update examples, wording
* Update github API docs
* Apply suggestions from code review
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
* Update wording
* Be a little more specific on repository owner
* Put BETA tag on each org field, put visibility explanation in paragraph
* Add org secrets limitation
* Add sys/activation-flags page
* Update Vercel granularity note
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/docs/sync/vercelproject.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Small rewording, remove optional tags with defaults
---------
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* [transit-pkcs1v15] transit support for the pkcs1v15 padding scheme – without UI tests (yet).
* [transit-pkcs1v15] renamed padding_scheme parameter in transit documentation.
* [transit-pkcs1v15] add changelog file.
* [transit-pkcs1v15] remove the algorithm path as padding_scheme is chosen by parameter.
* Update ui/app/templates/components/transit-key-action/datakey.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/templates/components/transit-key-action/datakey.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/templates/components/transit-key-action/datakey.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update website/content/api-docs/secret/transit.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/api-docs/secret/transit.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Update website/content/api-docs/secret/transit.mdx
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* Add warnings to PKCS1v1.5 usage
* Update transit
* Update transit, including separating encrypt/decrypt paddings for rewrap
* Clean up factory use in the presence of padding
* address review feedback
* remove defaults
* lint
* more lint
* Some fixes for UI issues
- Fix padding scheme dropdown console error by adding values
to the transit-key-actions.hbs
- Populate both padding scheme drop down menus within rewrap,
not just the one padding_scheme
- Do not submit a padding_scheme value through POST for non-rsa keys
* Fix Transit rewrap API to use decrypt_padding_scheme, encrypt_padding_scheme
- Map the appropriate API fields for the RSA padding scheme to the
batch items within the rewrap API
- Add the ability to create RSA keys within the encrypt API endpoint
- Add test case for rewrap api that leverages the padding_scheme fields
* Fix code linting issues
* simply padding scheme enum
* Apply suggestions from code review
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Fix padding_scheme processing on data key api
- The data key api was using the incorrect parameter name for
the padding scheme
- Enforce that padding_scheme is only used on RSA keys, we
are punting on supporting it for managed keys at the moment.
* Add tests for parsePaddingSchemeArg
* Add missing copywrite headers
* Some small UI fixes
* Add missing param to datakey in api-docs
* Do not send padding_scheme for non-RSA key types within UI
* add UI tests for transit key actions form
---------
Co-authored-by: Marcel Lanz <marcellanz@n-1.ch>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
Co-authored-by: Steve Clark <steven.clark@hashicorp.com>
Co-authored-by: claire bontempo <cbontempo@hashicorp.com>
* Update azure.mdx
Update Azure secrets engine docs to use AZURE_SDK_GO_LOGGING for Azure debug
* Update azure.mdx
Update Azure Auth engine docs to use AZURE_SDK_GO_LOGGING for Azure debug
* Add a missing parameter
* Update website/content/docs/configuration/replication.mdx
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* Fix the cross referencing link
---------
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
* use alias for router injection
* update @router declarations in engine files
* fix remaining pki router imports
* dynamically set router based on owner
* address replication routers
* update markdown docs
* use non-deprecated import for getOwner
* revert out of scope changes
* add transition-to test
* VAULT-31402: Add verification for all container images
Add verification for all container images that are generated as part of
the build. Before this change we only ever tested a limited subset of
"default" containers based on Alpine Linux that we publish via the
Docker hub and AWS ECR.
Now we support testing all Alpine and UBI based container images. We
also verify the repository and tag information embedded in each by
deploying them and verifying the repo and tag metadata match our
expectations.
This does change the k8s scenario interface quite a bit. We now take in
an archive image and set image/repo/tag information based on the
scenario variants.
To enable this I also needed to add `tar` to the UBI base image. It was
already available in the Alpine image and is used to copy utilities to
the image when deploying and configuring the cluster via Enos.
Since some images contain multiple tags we also add samples for each
image and randomly select which variant to test on a given PR.
Signed-off-by: Ryan Cragun <me@ryan.ec>
* include user-agent header in audit by default
* add user-agent audit tests
* update audit default headers docs
* add changelog entry
* remove temp changes from TestAuditedHeadersConfig_ApplyConfig
* more TestAuditedHeadersConfig_ApplyConfig fixes
* add some test comments
* verify type assertions in TestAudit_Headers
* more type assertion checks
* Set region parameter to be used for STS only on AWS secrets engine
* Add changelog
* Fix formatting
* region fix when not setting iam_endpoint or sts_endpoint
* Add 'sts_region' parameter for AWS secrets engine.
* Update TestBackend_PathConfigRoot for aws secrets
* Update changelog entry
---------
Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>
