vault

mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-04 04:28:08 +00:00

Author	SHA1	Message	Date
Alexander Scheel	8e7f2076a2	Remove dynamic keys from SSH Secrets Engine (#18874 ) * Remove dynamic keys from SSH Secrets Engine This removes the functionality of Vault creating keys and adding them to the authorized keys file on hosts. This functionality has been deprecated since Vault version 0.7.2. The preferred alternative is to use the SSH CA method, which also allows key generation but places limits on TTL and doesn't require Vault reach out to provision each key on the specified host, making it much more secure. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove dynamic ssh references from documentation Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog entry Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Remove dynamic key secret type entirely Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Clarify changelog language Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add removal notice to the website Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>	2023-01-31 16:02:22 -05:00
Lars Lehtonen	7ca2caf3d0	builtin: deprecate errwrap.Wrapf() throughout (#11430 ) * audit: deprecate errwrap.Wrapf() * builtin/audit/file: deprecate errwrap.Wrapf() * builtin/crediential/app-id: deprecate errwrap.Wrapf() * builtin/credential/approle: deprecate errwrap.Wrapf() * builtin/credential/aws: deprecate errwrap.Wrapf() * builtin/credentials/token: deprecate errwrap.Wrapf() * builtin/credential/github: deprecate errwrap.Wrapf() * builtin/credential/cert: deprecate errwrap.Wrapf() * builtin/logical/transit: deprecate errwrap.Wrapf() * builtin/logical/totp: deprecate errwrap.Wrapf() * builtin/logical/ssh: deprecate errwrap.Wrapf() * builtin/logical/rabbitmq: deprecate errwrap.Wrapf() * builtin/logical/postgresql: deprecate errwrap.Wrapf() * builtin/logical/pki: deprecate errwrap.Wrapf() * builtin/logical/nomad: deprecate errwrap.Wrapf() * builtin/logical/mssql: deprecate errwrap.Wrapf() * builtin/logical/database: deprecate errwrap.Wrapf() * builtin/logical/consul: deprecate errwrap.Wrapf() * builtin/logical/cassandra: deprecate errwrap.Wrapf() * builtin/logical/aws: deprecate errwrap.Wrapf()	2021-04-22 11:20:59 -04:00
Brian Kassouf	a24653cc5c	Run a more strict formatter over the code (#11312 ) * Update tooling * Run gofumpt * go mod vendor	2021-04-08 09:43:39 -07:00
Anthony Dong	9950383f6a	ssh backend: support at character in role name (#8038 )	2020-01-21 11:46:29 +01:00
Jeff Mitchell	278bdd1f4e	Switch to go modules (#6585 ) * Switch to go modules * Make fmt	2019-04-13 03:44:06 -04:00
Jeff Mitchell	170521481d	Create sdk/ and api/ submodules (#6583 )	2019-04-12 17:54:35 -04:00
Jim Kalafut	a54603039d	Run goimports across the repository (#6010 ) The result will still pass gofmtcheck and won't trigger additional changes if someone isn't using goimports, but it will avoid the piecemeal imports changes we've been seeing.	2019-01-08 16:48:57 -08:00
Vishal Nayak	e2bb2ec3b9	Errwrap everywhere (#4252 ) * package api * package builtin/credential * package builtin/logical * package command * package helper * package http and logical * package physical * package shamir * package vault * package vault * address feedback * more fixes	2018-04-05 11:49:21 -04:00
Brian Kassouf	c0815bd2b0	Add context to the NewSalt function (#4102 )	2018-03-08 11:21:11 -08:00
Brian Kassouf	8142b42d95	Add context to storage backends and wire it through a lot of places (#3817 )	2018-01-19 01:44:44 -05:00
Brian Kassouf	78adac0a24	Pass context to backends (#3750 ) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers	2018-01-08 10:31:38 -08:00
Jeff Mitchell	eb0e7cd0d2	Don't write salts in initialization, look up on demand (#2702 )	2017-05-09 17:51:09 -04:00
Jeff Mitchell	2fbd973001	Add logic to skip initialization in some cases and some invalidation logic	2017-05-05 15:01:52 -04:00
vishalnayak	b408c95e0d	ssh: Use temporary file to store the identity file	2016-10-18 12:50:12 -04:00
vishalnayak	b632ef58e4	Add allowed_roles to ssh-helper-config and return role name from verify call	2016-07-05 11:14:29 -04:00
vishalnayak	8ae663f498	Allow * to be set for allowed_users	2016-05-30 03:12:43 -04:00
vishalnayak	c945b8b3f2	Do not allow any username to login if allowed_users is not set	2016-05-30 03:01:47 -04:00
Jeff Mitchell	2eb08d3bde	Make backends much more consistent: 1) Use the new LeaseExtend 2) Use default values controlled by mount tuning/system defaults instead of a random hard coded value 3) Remove grace periods	2016-01-29 20:03:37 -05:00
Jeff Mitchell	21f91f73bb	Update deps, and adjust usage of go-uuid to match new return values	2016-01-13 13:40:08 -05:00
Jeff Mitchell	45e32756ea	WriteOperation -> UpdateOperation	2016-01-08 13:03:03 -05:00
Jeff Mitchell	a0308e6858	Migrate 'uuid' to 'go-uuid' to better fit HC naming convention	2015-12-16 12:56:20 -05:00
Jeff Mitchell	0ea4271ddb	Use split-out hashicorp/uuid	2015-10-12 14:07:12 -04:00
Jeff Mitchell	fa53293b7b	Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values	2015-09-21 16:14:30 -04:00
vishalnayak	22ff8fc8ad	Vault SSH: Store roles as slice of strings	2015-08-31 17:03:46 -04:00
vishalnayak	f72befc9c6	Vault SSH: ZeroAddress CRUD test	2015-08-30 14:20:16 -04:00
vishalnayak	79be357030	Vault SSH: Zeroaddress roles and CIDR overlap check	2015-08-29 15:24:15 -04:00
vishalnayak	1226251d14	Vault SSH: Added exclude_cidr_list option to role	2015-08-27 23:19:55 -04:00
vishalnayak	630f348dbf	Vault SSH: Provide key option specifications for dynamic keys	2015-08-27 11:41:29 -04:00
Jeff Mitchell	99041b5b6d	Merge pull request #561 from hashicorp/fix-wild-cards Allow hyphens in endpoint patterns of most backends	2015-08-21 11:40:42 -07:00
vishalnayak	41678f18ae	Vault: Fix wild card paths for all backends	2015-08-21 00:56:13 -07:00
Jeff Mitchell	97112665e8	Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod	2015-08-20 18:00:51 -07:00
vishalnayak	d63726b41b	Vault SSH: Documentation update and minor refactoring changes.	2015-08-17 18:22:03 -07:00
vishalnayak	a98b3befd9	Vault SSH: Website page for SSH backend	2015-08-14 12:41:26 -07:00
vishalnayak	ffaf80167d	Vault SSH: CLI embellishments	2015-08-13 16:55:47 -07:00
vishalnayak	3958136a78	Vault SSH: Introduced allowed_users option. Added helpers getKey and getOTP	2015-08-13 14:18:30 -07:00
vishalnayak	9b1ea2f20c	Vault SSH: Helper for OTP creation and role read	2015-08-13 11:12:30 -07:00
vishalnayak	3d77058773	Vault SSH: Mandate default_user. Other refactoring	2015-08-13 10:36:31 -07:00
vishalnayak	2dd82aeb9a	Vault SSH: cidr to cidr_list	2015-08-13 08:46:55 -07:00
vishalnayak	1a1ce742dd	Vault SSH: Default lease duration, policy/ to role/	2015-08-12 17:36:27 -07:00
vishalnayak	d1b75e9d28	Vault SSH: Default lease of 5 min for SSH secrets	2015-08-12 17:10:35 -07:00
vishalnayak	0542fd8389	Vault SSH: uninstall dynamic keys using script	2015-08-06 15:50:12 -04:00
vishalnayak	c26782acad	Vault SSH: Script to install dynamic keys in target	2015-08-06 14:48:19 -04:00
vishalnayak	8dbbb8b8e6	Vault SSH: CRUD test case for OTP Role	2015-07-31 13:24:23 -04:00
vishalnayak	9aa02ad560	Vault SSH: Review Rework	2015-07-29 14:21:36 -04:00
Vishal Nayak	6a91529f4e	Vault SSH: admin_user/default_user fix	2015-07-27 15:03:10 -04:00
Vishal Nayak	6c5548ca7b	Vault SSH: Refactoring	2015-07-27 13:02:31 -04:00
Vishal Nayak	0a4854e542	Vault SSH: Dynamic Key test case fix	2015-07-24 12:13:26 -04:00
Vishal Nayak	9d4c5f718b	Vault SSH: keys/ designated special path	2015-07-23 18:12:13 -04:00

48 Commits