scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-03 20:17:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,533 Commits 2,630 Branches 341 Tags
92cc175eb6f19b27ed7ba075eed307fa2b51307b
Commit Graph

40 Commits

Author SHA1 Message Date
Sanad Haj Yahya
835e3ed78d Server: add and support unix listener (UDS) (#18227) 
Co-authored-by: shaj13 <hajsanad@gamil.com>
 2022-12-09 12:28:18 -08:00
Jeff Mitchell
861454e0ed Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) 
* Swap sdk/helper libs to go-secure-stdlib

* Migrate to go-secure-stdlib reloadutil

* Migrate to go-secure-stdlib kv-builder

* Migrate to go-secure-stdlib gatedwriter
 2021-07-15 20:17:31 -04:00
Lars Lehtonen
8d515fec2b command: deprecate errwrap.Wrapf() (#11744) 2021-06-02 09:22:31 -04:00
Brian Kassouf
a24653cc5c Run a more strict formatter over the code (#11312) 
* Update tooling

* Run gofumpt

* go mod vendor
 2021-04-08 09:43:39 -07:00
Brian Kassouf
f5be0716db Revert "Migrate internalshared out (#9727)" (#10141) 
This reverts commit ee6391b691.
 2020-10-13 16:38:21 -07:00
Jeff Mitchell
ee6391b691 Migrate internalshared out (#9727) 
* Migrate internalshared out

* fix merge issue

* fix merge issue

* go mod vendor

Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
 2020-10-12 11:56:24 -07:00
Jeff Mitchell
91b09c09b5 Create configutil and move some common config and setup functions there (#8362) 2020-05-14 09:19:27 -04:00
Jeff Mitchell
5350e670d2 Bump API/SDK and adapt to move from SDK stuff 2020-02-15 14:58:05 -05:00
Jeff Mitchell
6ca61fa265 Bump api/sdk and fix imports 2020-02-13 10:41:16 -05:00
Vishal Nayak
3c7c593bca Agent: Listener refactoring and socket file system permissions (#6397) 
* Listener refactoring and file system permissions

* added listenerutil and move some common code there

* Added test for verifying socket file permissions

* Change default port of agent to 8200

* address review feedback

* Address review feedback

* Read socket options from listener config
 2019-03-14 11:53:14 -07:00
Michel Vocks
9617832784 Print warning when 'tls_cipher_suites' includes blacklisted cipher suites (#6300) 
* Implemented a warning when tls_cipher_suites includes only cipher suites which are not supprted by the HTTP/2 spec

* Added test for cipher suites

* Added hard fail on startup when all defined cipher suites are blacklisted. Added warning when some ciphers are blacklisted.

* Replaced hard failure with warning. Removed bad cipher util function and replaced it by external library.

* Added missing dependency. Fixed renaming of package name.
 2019-03-01 16:48:06 +01:00
Vishal Nayak
e39a5f28df Vault Agent Cache (#6220) 
* vault-agent-cache: squashed 250+ commits

* Add proper token revocation validations to the tests

* Add more test cases

* Avoid leaking by not closing request/response bodies; add comments

* Fix revoke orphan use case; update tests

* Add CLI test for making request over unix socket

* agent/cache: remove namespace-related tests

* Strip-off the auto-auth token from the lookup response

* Output listener details along with configuration

* Add scheme to API address output

* leasecache: use IndexNameLease for prefix lease revocations

* Make CLI accept the fully qualified unix address

* export VAULT_AGENT_ADDR=unix://path/to/socket

* unix:/ to unix://
 2019-02-14 20:10:36 -05:00
Shelby Moore
4a1c826d98 Updated proxy protocol config validation (#4528) 2018-05-09 10:53:44 -04:00
Vishal Nayak
e2bb2ec3b9 Errwrap everywhere (#4252) 
* package api

* package builtin/credential

* package builtin/logical

* package command

* package helper

* package http and logical

* package physical

* package shamir

* package vault

* package vault

* address feedback

* more fixes
 2018-04-05 11:49:21 -04:00
Bharath B
06524611cd Config parameter "tls_disable_client_certs" is wrongly evaluated. (#4049) 2018-02-28 10:07:23 -05:00
Chris Hoffman
098c66a624 Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Jeff Mitchell
6faf8365e9 Add option to disable client certificate requesting. (#3373) 
Fixes #3372
 2017-09-25 14:41:46 -04:00
Doyoon Kim
f855da7a89 Moved PROXY protocol wrap to execute before the TLS wrap (#3195) 2017-08-23 12:00:09 -04:00
Gobin Sougrakpam
f166016ae8 tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Jeff Mitchell
c6615e1b51 Add a -dev-three-node option for devs. (#3081) 2017-07-31 11:28:06 -04:00
Jeff Mitchell
22e06c05e8 Convert listener arguments to map[string]interface{} (#2905) 
This allows people to use more natural constructs, e.g. for tls_disable
it can be a bool, int, or string.
 2017-06-22 20:29:53 +01:00
Jeff Mitchell
317c664370 Add option to require valid client certificates (#2457) 2017-03-08 10:21:31 -05:00
Roman Vynar
51bb8bc544 Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 13:48:35 -05:00
Jeff Mitchell
ad62b32ff0 Rejig where the reload functions live 2016-09-30 00:07:22 -04:00
Jeff Mitchell
fda9473681 Trim leading/trailing space around PEM bundles. 
Fixes #1634
 2016-07-20 13:57:49 -04:00
vishalnayak
ee6ba1e85e Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
Jeff Mitchell
d32283ba49 Initial Atlas listener implementation 2016-06-02 14:05:47 -04:00
Jeff Mitchell
14f538556e Don't generate an ID; use address for the ID. Generally speaking we'll need to sane against what's in the config 2016-03-11 17:28:03 -05:00
Jeff Mitchell
ca40e06f5d Don't inline factory 2016-03-11 17:02:44 -05:00
Jeff Mitchell
9f2f5b1c61 Retool to have reloading logic run in command/server 2016-03-11 16:47:03 -05:00
Jeff Mitchell
7e52796aae Add reload capability for Vault listener certs. No tests (other than 
manual) yet, and no documentation yet.
 2016-03-11 14:05:52 -05:00
Armon Dadgar
5c085d3718 server: sanity check value for 'tls_disable' 2015-11-25 11:37:57 -08:00
Armon Dadgar
676f6d4233 server: import sha512. Fixes #448 2015-07-23 13:51:45 -07:00
Karl Gutwin
04c5596822 Avoid unnecessary abbreviation 2015-07-22 23:28:46 -04:00
Karl Gutwin
3ed4f2f9e1 Allow specifying a TLS minimum version 2015-07-22 23:19:41 -04:00
Armon Dadgar
61f2e86f4e command/listener: Request TLS client cert. Fixes #214 2015-05-20 16:01:40 -07:00
Armon Dadgar
723860fa96 command: Set minimum TLS version to 1.2 2015-04-13 19:09:44 -07:00
Mitchell Hashimoto
a196d194a1 command/server: cleaner output 2015-04-04 12:06:41 -07:00
Mitchell Hashimoto
9564f8bcc2 command/server: support TLS 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
69d28396ca command/server: tcp listener 2015-03-13 12:53:08 -07:00