krd/vault-redux
1
0
Fork 0
Code

Merge branch 'master-oss' into 0.10-beta

Browse Source
This commit is contained in:
Jeff Mitchell 2018-03-27 12:40:30 -04:00
commit 4b45cb7f91
115 changed files with 1183 additions and 552 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CHANGELOG.md
View File

@ -32,8 +32,17 @@ FEATURES:
through to backends on a per-mount basis. This is useful in various cases
when plugins are interacting with external services.
IMPROVEMENTS:
* secret/cassandra: Update Cassandra storage delete function to not use batch
operations [GH-4054]
BUG FIXES:
* auth/token: Revoke-orphan and tidy operations now correctly cleans up the
parent prefix entry in the underlying storage backend. These operations also
mark corresponding child tokens as orphans by removing the parent/secondary
index from the entries. [GH-4193]
* replication: Fix a panic on some non-64-bit platforms
* replication: Fix invalidation of policies on performance secondaries
@ -139,7 +148,7 @@ BUG FIXES:
automatically connect to a performance primary after that performance
primary has been promoted to a DR primary from a DR secondary
* ui: Fix behavior when a value contains a `.`
## 0.9.4 (February 20th, 2018)
SECURITY:
@ -214,7 +223,7 @@ BUG FIXES:
* command/status: Fix panic when status returns 500 from leadership lookup
[GH-3998]
* identity: Fix race when creating entities [GH-3932]
* plugin/gRPC: Fixed an issue with list requests and raw responses coming from
* plugin/gRPC: Fixed an issue with list requests and raw responses coming from
plugins using gRPC transport [GH-3881]
* plugin/gRPC: Fix panic when special paths are not set [GH-3946]
* secret/pki: Verify a name is a valid hostname before adding to DNS SANs
@ -273,24 +282,24 @@ DEPRECATIONS/CHANGES:
disabled or the state is still being discovered. As a result, an LB check
can positively verify that the node is both not `disabled` and is not a DR
secondary, and avoid sending traffic to it if either is true.
* PKI Secret Backend Roles parameter types: For `ou` and `organization`
in role definitions in the PKI secret backend, input can now be a
comma-separated string or an array of strings. Reading a role will
* PKI Secret Backend Roles parameter types: For `ou` and `organization`
in role definitions in the PKI secret backend, input can now be a
comma-separated string or an array of strings. Reading a role will
now return arrays for these parameters.
* Plugin API Changes: The plugin API has been updated to utilize golang's
context.Context package. Many function signatures now accept a context
object as the first parameter. Existing plugins will need to pull in the
latest Vault code and update their function signatures to begin using
latest Vault code and update their function signatures to begin using
context and the new gRPC transport.
FEATURES:
* **gRPC Backend Plugins**: Backend plugins now use gRPC for transport,
* **gRPC Backend Plugins**: Backend plugins now use gRPC for transport,
allowing them to be written in other languages.
* **Brand New CLI**: Vault has a brand new CLI interface that is significantly
streamlined, supports autocomplete, and is almost entirely backwards
compatible.
* **UI: PKI Secret Backend (Enterprise)**: Configure PKI secret backends,
* **UI: PKI Secret Backend (Enterprise)**: Configure PKI secret backends,
create and browse roles and certificates, and issue and sign certificates via
the listed roles.
@ -299,7 +308,7 @@ IMPROVEMENTS:
* auth/aws: Handle IAM headers produced by clients that formulate numbers as
ints rather than strings [GH-3763]
* auth/okta: Support JSON lists when specifying groups and policies [GH-3801]
* autoseal/hsm: Attempt reconnecting to the HSM on certain kinds of issues,
* autoseal/hsm: Attempt reconnecting to the HSM on certain kinds of issues,
including HA scenarios for some Gemalto HSMs.
(Enterprise)
* cli: Output password prompts to stderr to make it easier to pipe an output
@ -333,8 +342,8 @@ BUG FIXES:
be capped by the local max TTL [GH-3814]
* secret/database: Fix an issue where plugins were not closed properly if they
failed to initialize [GH-3768]
* ui: mounting a secret backend will now properly set `max_lease_ttl` and
`default_lease_ttl` when specified - previously both fields set
* ui: mounting a secret backend will now properly set `max_lease_ttl` and
`default_lease_ttl` when specified - previously both fields set
`default_lease_ttl`.
## 0.9.1 (December 21st, 2017)
@ -491,7 +500,7 @@ DEPRECATIONS/CHANGES:
optional and enables configuration of the seal type to use for additional
data protection, such as using HSM or Cloud KMS solutions to encrypt and
decrypt data.
FEATURES:
* **RSA Support for Transit Backend**: Transit backend can now generate RSA

117
api/sys_plugins.go Normal file
View File

@ -0,0 +1,117 @@
package api
import (
"fmt"
"net/http"
)
// ListPluginsInput is used as input to the ListPlugins function.
type ListPluginsInput struct{}
// ListPluginsResponse is the response from the ListPlugins call.
type ListPluginsResponse struct {
// Names is the list of names of the plugins.
Names []string
}
// ListPlugins lists all plugins in the catalog and returns their names as a
// list of strings.
func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) {
path := "/v1/sys/plugins/catalog"
req := c.c.NewRequest("LIST", path)
resp, err := c.c.RawRequest(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result struct {
Data struct {
Keys []string `json:"keys"`
} `json:"data"`
}
if err := resp.DecodeJSON(&result); err != nil {
return nil, err
}
return &ListPluginsResponse{Names: result.Data.Keys}, nil
}
// GetPluginInput is used as input to the GetPlugin function.
type GetPluginInput struct {
Name string `json:"-"`
}
// GetPluginResponse is the response from the GetPlugin call.
type GetPluginResponse struct {
Args []string `json:"args"`
Builtin bool `json:"builtin"`
Command string `json:"command"`
Name string `json:"name"`
SHA256 string `json:"sha256"`
}
func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error) {
path := fmt.Sprintf("/v1/sys/plugins/catalog/%s", i.Name)
req := c.c.NewRequest(http.MethodGet, path)
resp, err := c.c.RawRequest(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
var result GetPluginResponse
err = resp.DecodeJSON(&result)
if err != nil {
return nil, err
}
return &result, err
}
// RegisterPluginInput is used as input to the RegisterPlugin function.
type RegisterPluginInput struct {
// Name is the name of the plugin. Required.
Name string `json:"-"`
// Args is the list of args to spawn the process with.
Args []string `json:"args,omitempty"`
// Command is the command to run.
Command string `json:"command,omitempty"`
// SHA256 is the shasum of the plugin.
SHA256 string `json:"sha256,omitempty"`
}
// RegisterPlugin registers the plugin with the given information.
func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error {
path := fmt.Sprintf("/v1/sys/plugins/catalog/%s", i.Name)
req := c.c.NewRequest(http.MethodPut, path)
if err := req.SetJSONBody(i); err != nil {
return err
}
resp, err := c.c.RawRequest(req)
if err == nil {
defer resp.Body.Close()
}
return err
}
// DeregisterPluginInput is used as input to the DeregisterPlugin function.
type DeregisterPluginInput struct {
// Name is the name of the plugin. Required.
Name string `json:"-"`
}
// DeregisterPlugin removes the plugin with the given name from the plugin
// catalog.
func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error {
path := fmt.Sprintf("/v1/sys/plugins/catalog/%s", i.Name)
req := c.c.NewRequest(http.MethodDelete, path)
resp, err := c.c.RawRequest(req)
if err == nil {
defer resp.Body.Close()
}
return err
}

2
command/auth_enable.go
View File

@ -132,7 +132,7 @@ func (c *AuthEnableCommand) Flags() *FlagSets {
f.StringVar(&StringVar{
Name: "plugin-name",
Target: &c.flagPluginName,
Completion: complete.PredictAnything,
Completion: c.PredictVaultPlugins(),
Usage: "Name of the auth method plugin. This plugin name must already " +
"exist in the Vault server's plugin catalog.",
})

28
command/base_predict.go
View File

@ -139,6 +139,11 @@ func (b *BaseCommand) PredictVaultAuths() complete.Predictor {
return NewPredict().VaultAuths()
}
// PredictVaultPlugins returns a predictor for installed plugins.
func (b *BaseCommand) PredictVaultPlugins() complete.Predictor {
return NewPredict().VaultPlugins()
}
// PredictVaultPolicies returns a predictor for "folders". See PredictVaultFiles
// for more information and restrictions.
func (b *BaseCommand) PredictVaultPolicies() complete.Predictor {
@ -177,6 +182,13 @@ func (p *Predict) VaultAuths() complete.Predictor {
return p.filterFunc(p.auths)
}
// VaultPlugins returns a predictor for Vault's plugin catalog. This is a public
// API for consumers, but you probably want BaseCommand.PredictVaultPlugins
// instead.
func (p *Predict) VaultPlugins() complete.Predictor {
return p.filterFunc(p.plugins)
}
// VaultPolicies returns a predictor for Vault "folders". This is a public API for
// consumers, but you probably want BaseCommand.PredictVaultPolicies instead.
func (p *Predict) VaultPolicies() complete.Predictor {
@ -310,6 +322,22 @@ func (p *Predict) auths() []string {
return list
}
// plugins returns a sorted list of the plugins in the catalog.
func (p *Predict) plugins() []string {
client := p.Client()
if client == nil {
return nil
}
result, err := client.Sys().ListPlugins(nil)
if err != nil {
return nil
}
plugins := result.Names
sort.Strings(plugins)
return plugins
}
// policies returns a sorted list of the policies stored in this Vault
// server.
func (p *Predict) policies() []string {

54
command/base_predict_test.go
View File

@ -299,6 +299,60 @@ func TestPredict_Mounts(t *testing.T) {
})
}
func TestPredict_Plugins(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
badClient, badCloser := testVaultServerBad(t)
defer badCloser()
cases := []struct {
name string
client *api.Client
exp []string
}{
{
"not_connected_client",
badClient,
nil,
},
{
"good_path",
client,
[]string{
"cassandra-database-plugin",
"hana-database-plugin",
"mongodb-database-plugin",
"mssql-database-plugin",
"mysql-aurora-database-plugin",
"mysql-database-plugin",
"mysql-legacy-database-plugin",
"mysql-rds-database-plugin",
"postgresql-database-plugin",
},
},
}
t.Run("group", func(t *testing.T) {
for _, tc := range cases {
tc := tc
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
p := NewPredict()
p.client = tc.client
act := p.plugins()
if !reflect.DeepEqual(act, tc.exp) {
t.Errorf("expected %q to be %q", act, tc.exp)
}
})
}
})
}
func TestPredict_Policies(t *testing.T) {
t.Parallel()

2
command/secrets_enable.go
View File

@ -149,7 +149,7 @@ func (c *SecretsEnableCommand) Flags() *FlagSets {
f.StringVar(&StringVar{
Name: "plugin-name",
Target: &c.flagPluginName,
Completion: complete.PredictAnything,
Completion: c.PredictVaultPlugins(),
Usage: "Name of the secrets engine plugin. This plugin name must already " +
"exist in Vault's plugin catalog.",
})

20
physical/cassandra/cassandra.go
View File

@ -294,13 +294,21 @@ func (c *CassandraBackend) Delete(ctx context.Context, key string) error {
defer metrics.MeasureSince([]string{"cassandra", "delete"}, time.Now())
stmt := fmt.Sprintf(`DELETE FROM "%s" WHERE bucket = ? AND key = ?`, c.table)
batch := gocql.NewBatch(gocql.LoggedBatch)
for _, bucket := range c.buckets(key) {
batch.Entries = append(batch.Entries, gocql.BatchEntry{
Stmt: stmt,
Args: []interface{}{bucket, key}})
results := make(chan error)
buckets := c.buckets(key)
for _, bucket := range buckets {
go func(bucket string) {
results <- c.sess.Query(stmt, bucket, key).Exec()
}(bucket)
}
return c.sess.ExecuteBatch(batch)
for i := 0; i < len(buckets); i++ {
if err := <-results; err != nil {
return err
}
}
return nil
}
// List is used ot list all the keys under a given

82
vault/token_store.go
View File

@ -159,7 +159,7 @@ func NewTokenStore(ctx context.Context, c *Core, config *logical.BackendConfig)
},
&framework.Path{
Pattern: "accessors/?$",
Pattern: "accessors/$",
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ListOperation: t.tokenStoreAccessorList,
@ -1169,6 +1169,39 @@ func (ts *TokenStore) revokeSalted(ctx context.Context, saltedId string) (ret er
}
}
// Mark all children token as orphan by removing
// their parent index, and clear the parent entry.
//
// Marking the token as orphan is the correct behavior in here since
// revokeTreeSalted will ensure that they are deleted anyways if it's not an
// explicit call to orphan the child tokens (the delete occurs at the leaf
// node and uses parent prefix, not entry.Parent, to build the tree for
// traversal).
parentPath := parentPrefix + saltedId + "/"
children, err := ts.view.List(ctx, parentPath)
if err != nil {
return fmt.Errorf("failed to scan for children: %v", err)
}
for _, child := range children {
entry, err := ts.lookupSalted(ctx, child, true)
if err != nil {
return fmt.Errorf("failed to get child token: %v", err)
}
lock := locksutil.LockForKey(ts.tokenLocks, entry.ID)
lock.Lock()
entry.Parent = ""
err = ts.store(ctx, entry)
if err != nil {
lock.Unlock()
return fmt.Errorf("failed to update child token: %v", err)
}
lock.Unlock()
}
if err = logical.ClearView(ctx, ts.view.SubView(parentPath)); err != nil {
return fmt.Errorf("failed to delete entry: %v", err)
}
// Now that the entry is not usable for any revocation tasks, nuke it
path := lookupPrefix + saltedId
if err = ts.view.Delete(ctx, path); err != nil {
@ -1322,17 +1355,30 @@ func (ts *TokenStore) handleTidy(ctx context.Context, req *logical.Request, data
return nil, fmt.Errorf("failed to fetch secondary index entries: %v", err)
}
var countParentList, deletedCountParentList int64
var countParentEntries, deletedCountParentEntries, countParentList, deletedCountParentList int64
// Scan through the secondary index entries; if there is an entry
// with the token's salt ID at the end, remove it
for _, parent := range parentList {
countParentEntries++
// Get the children
children, err := ts.view.List(ctx, parentPrefix+parent)
if err != nil {
tidyErrors = multierror.Append(tidyErrors, fmt.Errorf("failed to read secondary index: %v", err))
continue
}
// First check if the salt ID of the parent exists, and if not mark this so
// that deletion of children later with this loop below applies to all
// children
originalChildrenCount := int64(len(children))
exists, _ := ts.lookupSalted(ctx, strings.TrimSuffix(parent, "/"), true)
if exists == nil {
ts.logger.Trace("token: deleting invalid parent prefix entry", "index", parentPrefix+parent)
}
var deletedChildrenCount int64
for _, child := range children {
countParentList++
if countParentList%500 == 0 {
@ -1342,17 +1388,43 @@ func (ts *TokenStore) handleTidy(ctx context.Context, req *logical.Request, data
// Look up tainted entries so we can be sure that if this isn't
// found, it doesn't exist. Doing the following without locking
// since appropriate locks cannot be held with salted token IDs.
// Also perform deletion if the parent doesn't exist any more.
te, _ := ts.lookupSalted(ctx, child, true)
if te == nil {
// If the child entry is not nil, but the parent doesn't exist, then turn
// that child token into an orphan token. Theres no deletion in this case.
if te != nil && exists == nil {
lock := locksutil.LockForKey(ts.tokenLocks, te.ID)
lock.Lock()
te.Parent = ""
err = ts.store(ctx, te)
if err != nil {
tidyErrors = multierror.Append(tidyErrors, fmt.Errorf("failed to convert child token into an orphan token: %v", err))
}
lock.Unlock()
continue
}
// Otherwise, if the entry doesn't exist, or if the parent doesn't exist go
// on with the delete on the secondary index
if te == nil || exists == nil {
index := parentPrefix + parent + child
ts.logger.Trace("token: deleting invalid secondary index", "index", index)
err = ts.view.Delete(ctx, index)
if err != nil {
tidyErrors = multierror.Append(tidyErrors, fmt.Errorf("failed to delete secondary index: %v", err))
continue
}
deletedCountParentList++
deletedChildrenCount++
}
}
// Add current children deleted count to the total count
deletedCountParentList += deletedChildrenCount
// N.B.: We don't call delete on the parent prefix since physical.Backend.Delete
// implementations should be in charge of deleting empty prefixes.
// If we deleted all the children, then add that to our deleted parent entries count.
if originalChildrenCount == deletedChildrenCount {
deletedCountParentEntries++
}
}
var countAccessorList,
@ -1447,6 +1519,8 @@ func (ts *TokenStore) handleTidy(ctx context.Context, req *logical.Request, data
}
}
ts.logger.Debug("token: number of entries scanned in parent prefix", "count", countParentEntries)
ts.logger.Debug("token: number of entries deleted in parent prefix", "count", deletedCountParentEntries)
ts.logger.Debug("token: number of tokens scanned in parent index list", "count", countParentList)
ts.logger.Debug("token: number of tokens revoked in parent index list", "count", deletedCountParentList)
ts.logger.Debug("token: number of accessors scanned", "count", countAccessorList)

181
vault/token_store_test.go
View File

@ -310,7 +310,7 @@ func TestTokenStore_HandleRequest_ListAccessors(t *testing.T) {
}
ts.revokeSalted(context.Background(), salted)
req := logical.TestRequest(t, logical.ListOperation, "accessors")
req := logical.TestRequest(t, logical.ListOperation, "accessors/")
resp, err := ts.HandleRequest(context.Background(), req)
if err != nil {
@ -758,6 +758,10 @@ func TestTokenStore_Revoke_Orphan(t *testing.T) {
if err != nil {
t.Fatalf("err: %v", err)
}
// Unset the expected token parent's ID
ent2.Parent = ""
if !reflect.DeepEqual(out, ent2) {
t.Fatalf("bad: expected:%#v\nactual:%#v", ent2, out)
}
@ -1417,6 +1421,19 @@ func TestTokenStore_HandleRequest_RevokeOrphan(t *testing.T) {
t.Fatalf("bad: %v", out)
}
// Check that the parent entry is properly cleaned up
saltedID, err := ts.SaltID(context.Background(), "child")
if err != nil {
t.Fatal(err)
}
children, err := ts.view.List(context.Background(), parentPrefix+saltedID+"/")
if err != nil {
t.Fatalf("err: %v", err)
}
if len(children) != 0 {
t.Fatalf("bad: %v", children)
}
// Sub-child should exist!
out, err = ts.Lookup(context.Background(), "sub-child")
if err != nil {
@ -3404,7 +3421,7 @@ func TestTokenStore_HandleTidyCase1(t *testing.T) {
// present, the list operation should return only one key.
accessorListReq := &logical.Request{
Operation: logical.ListOperation,
Path: "accessors",
Path: "accessors/",
ClientToken: root,
}
resp, err = ts.HandleRequest(context.Background(), accessorListReq)
@ -3514,6 +3531,166 @@ func TestTokenStore_HandleTidyCase1(t *testing.T) {
}
}
// Create a set of tokens along with a child token for each of them, delete the
// token entry while leaking accessors, invoke tidy and check if the dangling
// accessor entry is getting removed and check if child tokens are still present
// and turned into orphan tokens.
func TestTokenStore_HandleTidy_parentCleanup(t *testing.T) {
var resp *logical.Response
var err error
_, ts, _, root := TestCoreWithTokenStore(t)
// List the number of accessors. Since there is only root token
// present, the list operation should return only one key.
accessorListReq := &logical.Request{
Operation: logical.ListOperation,
Path: "accessors/",
ClientToken: root,
}
resp, err = ts.HandleRequest(context.Background(), accessorListReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%v", err, resp)
}
numberOfAccessors := len(resp.Data["keys"].([]string))
if numberOfAccessors != 1 {
t.Fatalf("bad: number of accessors. Expected: 1, Actual: %d", numberOfAccessors)
}
for i := 1; i <= 100; i++ {
// Create a token
tokenReq := &logical.Request{
Operation: logical.UpdateOperation,
Path: "create",
ClientToken: root,
Data: map[string]interface{}{
"policies": []string{"policy1"},
},
}
resp, err = ts.HandleRequest(context.Background(), tokenReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%v", err, resp)
}
tut := resp.Auth.ClientToken
// Create a child token
tokenReq = &logical.Request{
Operation: logical.UpdateOperation,
Path: "create",
ClientToken: tut,
Data: map[string]interface{}{
"policies": []string{"policy1"},
},
}
resp, err = ts.HandleRequest(context.Background(), tokenReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%v", err, resp)
}
// Creation of another token should end up with incrementing the number of
// accessors the storage
resp, err = ts.HandleRequest(context.Background(), accessorListReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%v", err, resp)
}
numberOfAccessors = len(resp.Data["keys"].([]string))
if numberOfAccessors != (i*2)+1 {
t.Fatalf("bad: number of accessors. Expected: %d, Actual: %d", i+1, numberOfAccessors)
}
// Revoke the token while leaking other items associated with the
// token. Do this by doing what revokeSalted used to do before it was
// fixed, i.e., by deleting the storage entry for token and its
// cubbyhole and by not deleting its secondary index, its accessor and
// associated leases.
saltedTut, err := ts.SaltID(context.Background(), tut)
if err != nil {
t.Fatal(err)
}
_, err = ts.lookupSalted(context.Background(), saltedTut, true)
if err != nil {
t.Fatalf("failed to lookup token: %v", err)
}
// Destroy the token index
path := lookupPrefix + saltedTut
if ts.view.Delete(context.Background(), path); err != nil {
t.Fatalf("failed to delete token entry: %v", err)
}
// Destroy the cubby space
err = ts.destroyCubbyhole(context.Background(), saltedTut)
if err != nil {
t.Fatalf("failed to destroyCubbyhole: %v", err)
}
// Leaking of accessor should have resulted in no change to the number
// of accessors
resp, err = ts.HandleRequest(context.Background(), accessorListReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%v", err, resp)
}
numberOfAccessors = len(resp.Data["keys"].([]string))
if numberOfAccessors != (i*2)+1 {
t.Fatalf("bad: number of accessors. Expected: %d, Actual: %d", (i*2)+1, numberOfAccessors)
}
}
tidyReq := &logical.Request{
Path: "tidy",
Operation: logical.UpdateOperation,
ClientToken: root,
}
resp, err = ts.HandleRequest(context.Background(), tidyReq)
if err != nil {
t.Fatal(err)
}
if resp != nil && resp.IsError() {
t.Fatalf("resp: %#v", resp)
}
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%v", err, resp)
}
// Tidy should have removed all the dangling accessor entries
resp, err = ts.HandleRequest(context.Background(), accessorListReq)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%v", err, resp)
}
// The number of accessors should be equal to number of valid child tokens
// (100) + the root token (1)
keys := resp.Data["keys"].([]string)
numberOfAccessors = len(keys)
if numberOfAccessors != 101 {
t.Fatalf("bad: number of accessors. Expected: 1, Actual: %d", numberOfAccessors)
}
req := logical.TestRequest(t, logical.UpdateOperation, "lookup-accessor")
for _, accessor := range keys {
req.Data = map[string]interface{}{
"accessor": accessor,
}
resp, err := ts.HandleRequest(context.Background(), req)
if err != nil {
t.Fatalf("err: %s", err)
}
if resp.Data == nil {
t.Fatalf("response should contain data")
}
// These tokens should now be orphaned
if resp.Data["orphan"] != true {
t.Fatalf("token should be orphan")
}
}
}
func TestTokenStore_TidyLeaseRevocation(t *testing.T) {
exp := mockExpiration(t)
ts := exp.tokenStore

28
website/source/api/auth/approle/index.html.md
View File

@ -30,7 +30,7 @@ This endpoint returns a list the existing AppRoles in the method.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/approle/role
http://127.0.0.1:8200/v1/auth/approle/role
```
### Sample Response
@ -116,7 +116,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/approle/role/application1
http://127.0.0.1:8200/v1/auth/approle/role/application1
```
## Read AppRole
@ -136,7 +136,7 @@ Reads the properties of an existing AppRole.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/approle/role/application1
http://127.0.0.1:8200/v1/auth/approle/role/application1
```
### Sample Response
@ -182,7 +182,7 @@ Deletes an existing AppRole from the method.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/approle/role/application1
http://127.0.0.1:8200/v1/auth/approle/role/application1
```
## Read AppRole Role ID
@ -202,7 +202,7 @@ Reads the RoleID of an existing AppRole.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/approle/role/application1/role-id
http://127.0.0.1:8200/v1/auth/approle/role/application1/role-id
```
### Sample Response
@ -249,7 +249,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/approle/role/application1/role-id
http://127.0.0.1:8200/v1/auth/approle/role/application1/role-id
```
### Sample Response
@ -306,7 +306,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/approle/role/application1/secret-id
http://127.0.0.1:8200/v1/auth/approle/role/application1/secret-id
```
### Sample Response
@ -345,7 +345,7 @@ This includes the accessors for "custom" SecretIDs as well.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/approle/role/application1/secret-id
http://127.0.0.1:8200/v1/auth/approle/role/application1/secret-id
```
### Sample Response
@ -398,7 +398,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--payload @payload.json \
https://vault.rocks/v1/auth/approle/role/application1/secret-id/lookup
http://127.0.0.1:8200/v1/auth/approle/role/application1/secret-id/lookup
```
## Destroy AppRole Secret ID
@ -429,7 +429,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--payload @payload.json \
https://vault.rocks/v1/auth/approle/role/application1/secret-id/destroy
http://127.0.0.1:8200/v1/auth/approle/role/application1/secret-id/destroy
```
## Read AppRole Secret ID Accessor
@ -460,7 +460,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--payload @payload.json \
https://vault.rocks/v1/auth/approle/role/application1/secret-id-accessor/lookup
http://127.0.0.1:8200/v1/auth/approle/role/application1/secret-id-accessor/lookup
```
## Destroy AppRole Secret ID Accessor
@ -491,7 +491,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--payload @payload.json \
https://vault.rocks/v1/auth/approle/role/application1/secret-id-accessor/destroy
http://127.0.0.1:8200/v1/auth/approle/role/application1/secret-id-accessor/destroy
```
## Create Custom AppRole Secret ID
@ -531,7 +531,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/approle/role/application1/custom-secret-id
http://127.0.0.1:8200/v1/auth/approle/role/application1/custom-secret-id
```
### Sample Response
@ -582,7 +582,7 @@ AppRole (such as client IP CIDR) are also evaluated.
$ curl \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/approle/login
http://127.0.0.1:8200/v1/auth/approle/login
```
### Sample Response

64
website/source/api/auth/aws/index.html.md
View File

@ -81,7 +81,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/aws/config/client
http://127.0.0.1:8200/v1/auth/aws/config/client
```
## Read Config
@ -97,7 +97,7 @@ Returns the previously configured AWS access credentials.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/aws/config/client
http://127.0.0.1:8200/v1/auth/aws/config/client
```
### Sample Response
@ -129,7 +129,7 @@ Deletes the previously configured AWS access credentials.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/aws/config/client
http://127.0.0.1:8200/v1/auth/aws/config/client
```
## Create Certificate Configuration
@ -170,7 +170,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/aws/config/certificate/test-cert
http://127.0.0.1:8200/v1/auth/aws/config/certificate/test-cert
```
## Read Certificate Configuration
@ -190,7 +190,7 @@ Returns the previously configured AWS public key.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/aws/config/certificate/test-cert
http://127.0.0.1:8200/v1/auth/aws/config/certificate/test-cert
```
### Sample Response
@ -218,7 +218,7 @@ Removes the previously configured AWS public key.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/aws/config/certificate/test-cert
http://127.0.0.1:8200/v1/auth/aws/config/certificate/test-cert
```
## List Certificate Configurations
@ -235,7 +235,7 @@ Lists all the AWS public certificates that are registered with the method.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/aws/config/certificates
http://127.0.0.1:8200/v1/auth/aws/config/certificates
```
### Sample Response
@ -285,7 +285,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/aws/config/sts/111122223333
http://127.0.0.1:8200/v1/auth/aws/config/sts/111122223333
```
## Read STS Role
@ -307,7 +307,7 @@ Returns the previously configured STS role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/aws/config/sts/111122223333
http://127.0.0.1:8200/v1/auth/aws/config/sts/111122223333
```
### Sample Response
@ -334,7 +334,7 @@ Lists all the AWS Account IDs for which an STS role is registered.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/aws/config/sts
http://127.0.0.1:8200/v1/auth/aws/config/sts
```
### Sample Response
@ -364,7 +364,7 @@ Deletes a previously configured AWS account/STS role association.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/aws/config/sts
http://127.0.0.1:8200/v1/auth/aws/config/sts
```
## Configure Identity Whitelist Tidy Operation
@ -398,7 +398,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/aws/config/tidy/identity-whitelist
http://127.0.0.1:8200/v1/auth/aws/config/tidy/identity-whitelist
```
## Read Identity Whitelist Tidy Settings
@ -414,7 +414,7 @@ Returns the previously configured periodic whitelist tidying settings.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/aws/config/tidy/identity-whitelist
http://127.0.0.1:8200/v1/auth/aws/config/tidy/identity-whitelist
```
### Sample Response
@ -442,7 +442,7 @@ Deletes the previously configured periodic whitelist tidying settings.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/aws/config/tidy/identity-whitelist
http://127.0.0.1:8200/v1/auth/aws/config/tidy/identity-whitelist
```
## Configure Role Tag Blacklist Tidy Operation
@ -476,7 +476,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/aws/config/tidy/roletag-blacklist
http://127.0.0.1:8200/v1/auth/aws/config/tidy/roletag-blacklist
```
## Read Role Tag Blacklist Tidy Settings
@ -492,7 +492,7 @@ Returns the previously configured periodic blacklist tidying settings.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/aws/config/tidy/roletag-blacklist
http://127.0.0.1:8200/v1/auth/aws/config/tidy/roletag-blacklist
```
### Sample Response
@ -520,7 +520,7 @@ Deletes the previously configured periodic blacklist tidying settings.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/aws/config/tidy/roletag-blacklist
http://127.0.0.1:8200/v1/auth/aws/config/tidy/roletag-blacklist
```
## Create Role
@ -705,7 +705,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/aws/role/dev-role
http://127.0.0.1:8200/v1/auth/aws/role/dev-role
```
## Read Role
@ -725,7 +725,7 @@ Returns the previously registered role configuration.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/aws/role/dev-role
http://127.0.0.1:8200/v1/auth/aws/role/dev-role
```
### Sample Response
@ -761,7 +761,7 @@ Lists all the roles that are registered with the method.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/aws/roles
http://127.0.0.1:8200/v1/auth/aws/roles
```
### Sample Response
@ -795,7 +795,7 @@ Deletes the previously registered role.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/aws/role/dev-role
http://127.0.0.1:8200/v1/auth/aws/role/dev-role
```
## Create Role Tags
@ -855,7 +855,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/aws/role/dev-api-and-web-role/tag
http://127.0.0.1:8200/v1/auth/aws/role/dev-api-and-web-role/tag
```
### Sample Response
@ -948,7 +948,7 @@ along with its RSA digest can be supplied to this endpoint.
$ curl \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/aws/login
http://127.0.0.1:8200/v1/auth/aws/login
```
### Sample Response
@ -999,7 +999,7 @@ token.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/auth/aws/roletag-blacklist/djE6MDlWcDBxR3V5Qjg9OmE9YW1pLWZjZTNjNjk2OnA9ZGVmYXVsdCxwcm9kOmQ9ZmFsc2U6dD0zMDBoMG0wczp1UExLQ1F4cXNlZlJocnAxcW1WYTF3c1FWVVhYSkc4VVpQLwo=
http://127.0.0.1:8200/v1/auth/aws/roletag-blacklist/djE6MDlWcDBxR3V5Qjg9OmE9YW1pLWZjZTNjNjk2OnA9ZGVmYXVsdCxwcm9kOmQ9ZmFsc2U6dD0zMDBoMG0wczp1UExLQ1F4cXNlZlJocnAxcW1WYTF3c1FWVVhYSkc4VVpQLwo=
```
### Read Role Tag Blacklist Information
@ -1021,7 +1021,7 @@ Returns the blacklist entry of a previously blacklisted role tag.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/aws/roletag-blacklist/djE6MDlWcDBxR3V5Qjg9OmE9YW1pLWZjZTNjNjk2OnA9ZGVmYXVsdCxwcm9kOmQ9ZmFsc2U6dD0zMDBoMG0wczp1UExLQ1F4cXNlZlJocnAxcW1WYTF3c1FWVVhYSkc4VVpQLwo=
http://127.0.0.1:8200/v1/auth/aws/roletag-blacklist/djE6MDlWcDBxR3V5Qjg9OmE9YW1pLWZjZTNjNjk2OnA9ZGVmYXVsdCxwcm9kOmQ9ZmFsc2U6dD0zMDBoMG0wczp1UExLQ1F4cXNlZlJocnAxcW1WYTF3c1FWVVhYSkc4VVpQLwo=
```
@ -1050,7 +1050,7 @@ Lists all the role tags that are blacklisted.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/aws/roletag-blacklist
http://127.0.0.1:8200/v1/auth/aws/roletag-blacklist
```
### Sample Response
@ -1086,7 +1086,7 @@ Deletes a blacklisted role tag.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/aws/roletag-blacklist/djE6MDlWcDBxR3V5Qjg9OmE9YW1pLWZjZTNjNjk2OnA9ZGVmYXVsdCxwcm9kOmQ9ZmFsc2U6dD0zMDBoMG0wczp1UExLQ1F4cXNlZlJocnAxcW1WYTF3c1FWVVhYSkc4VVpQLwo=
http://127.0.0.1:8200/v1/auth/aws/roletag-blacklist/djE6MDlWcDBxR3V5Qjg9OmE9YW1pLWZjZTNjNjk2OnA9ZGVmYXVsdCxwcm9kOmQ9ZmFsc2U6dD0zMDBoMG0wczp1UExLQ1F4cXNlZlJocnAxcW1WYTF3c1FWVVhYSkc4VVpQLwo=
```
## Tidy Blacklist Tags
@ -1110,7 +1110,7 @@ Cleans up the entries in the blacklist based on expiration time on the entry and
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/auth/aws/tidy/roletag-blacklist
http://127.0.0.1:8200/v1/auth/aws/tidy/roletag-blacklist
```
### Read Identity Whitelist Information
@ -1133,7 +1133,7 @@ successful login.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/aws/identity-whitelist/i-aab47d37
http://127.0.0.1:8200/v1/auth/aws/identity-whitelist/i-aab47d37
```
@ -1165,7 +1165,7 @@ $ curl \
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/aws/roletag-blacklist
http://127.0.0.1:8200/v1/auth/aws/roletag-blacklist
```
### Sample Response
@ -1200,7 +1200,7 @@ Deletes a cache of the successful login from an instance.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/aws/identity-whitelist/i-aab47d37
http://127.0.0.1:8200/v1/auth/aws/identity-whitelist/i-aab47d37
```
## Tidy Identity Whitelist Entries
@ -1224,5 +1224,5 @@ Cleans up the entries in the whitelist based on expiration time and
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/auth/aws/tidy/identity-whitelist
http://127.0.0.1:8200/v1/auth/aws/tidy/identity-whitelist
```

18
website/source/api/auth/cert/index.html.md
View File

@ -71,7 +71,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json
https://vault.rocks/v1/auth/cert/certs/test-ca
http://127.0.0.1:8200/v1/auth/cert/certs/test-ca
```
## Read CA Certificate Role
@ -91,7 +91,7 @@ Gets information associated with the named role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/cert/certs/test-ca
http://127.0.0.1:8200/v1/auth/cert/certs/test-ca
```
### Sample Response
@ -130,7 +130,7 @@ Lists configured certificate names.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/cert/certs
http://127.0.0.1:8200/v1/auth/cert/certs
### Sample Response
@ -169,7 +169,7 @@ Deletes the named role and CA cert from the method mount.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/cert/certs/cert1
http://127.0.0.1:8200/v1/auth/cert/certs/cert1
```
## Create CRL
@ -201,7 +201,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--date @payload.json \
https://vault.rocks/v1/auth/cert/crls/custom-crl
http://127.0.0.1:8200/v1/auth/cert/crls/custom-crl
```
## Read CRL
@ -223,7 +223,7 @@ arbitrary size, these are returned as strings.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/cert/crls/custom-crl
http://127.0.0.1:8200/v1/auth/cert/crls/custom-crl
```
### Sample Response
@ -261,7 +261,7 @@ Deletes the named CRL from the auth method mount.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/cert/crls/cert1
http://127.0.0.1:8200/v1/auth/cert/crls/cert1
```
## Configure TLS Certificate Method
@ -293,7 +293,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--date @payload.json \
https://vault.rocks/v1/auth/cert/certs/cert1
http://127.0.0.1:8200/v1/auth/cert/certs/cert1
```
## Login with TLS Certificate Method
@ -329,7 +329,7 @@ https://tools.ietf.org/html/rfc6125#section-2.3)
$ curl \
--request POST \
--date @payload.json \
https://vault.rocks/v1/auth/cert/login
http://127.0.0.1:8200/v1/auth/cert/login
```
### Sample Response

20
website/source/api/auth/gcp/index.html.md
View File

@ -60,7 +60,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/gcp/config
http://127.0.0.1:8200/v1/auth/gcp/config
```
## Read Config
@ -76,7 +76,7 @@ Returns the previously configured config, including credentials.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/gcp/config
http://127.0.0.1:8200/v1/auth/gcp/config
```
### Sample Response
@ -110,7 +110,7 @@ Deletes the previously configured GCP config and credentials.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/gcp/config
http://127.0.0.1:8200/v1/auth/gcp/config
```
## Create Role
@ -226,7 +226,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/gcp/role/dev-role
http://127.0.0.1:8200/v1/auth/gcp/role/dev-role
```
## Edit Service Accounts For IAM Role
@ -268,7 +268,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/gcp/role/dev-role
http://127.0.0.1:8200/v1/auth/gcp/role/dev-role
```
## Edit Labels For GCE Role
@ -308,7 +308,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/gcp/role/dev-role
http://127.0.0.1:8200/v1/auth/gcp/role/dev-role
```
## Read Role
@ -328,7 +328,7 @@ Returns the previously registered role configuration.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/gcp/role/dev-role
http://127.0.0.1:8200/v1/auth/gcp/role/dev-role
```
### Sample Response
@ -372,7 +372,7 @@ Lists all the roles that are registered with the plugin.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/gcp/roles
http://127.0.0.1:8200/v1/auth/gcp/roles
```
### Sample Response
@ -407,7 +407,7 @@ Deletes the previously registered role.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/gcp/role/dev-role
http://127.0.0.1:8200/v1/auth/gcp/role/dev-role
```
## Login
@ -445,7 +445,7 @@ entity and then authorizes the entity for the given role.
$ curl \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/gcp/login
http://127.0.0.1:8200/v1/auth/gcp/login
```
### Sample Response

142
website/source/api/auth/github/index.html.md
View File

@ -50,7 +50,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/github/config
http://127.0.0.1:8200/v1/auth/github/config
```
## Read Configuration
@ -66,7 +66,7 @@ Reads the GitHub configuration.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/github/config
http://127.0.0.1:8200/v1/auth/github/config
```
### Sample Response
@ -87,6 +87,142 @@ $ curl \
}
```
## Map GitHub Teams
Map a list of policies to a team that exists in the configured GitHub organization.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/github/map/teams/:team_name` | `204 (empty body)` |
### Parameters
- `key` `(string)` - GitHub team name in "slugified" format
- `value` `(string)` - Comma separated list of policies to assign
### Sample Payload
```json
{
"value": "dev-policy"
}
```
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/auth/github/map/teams/dev
```
## Read Team Mapping
Reads the GitHub team policy mapping.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/github/map/teams:team_name` | `200 application/json` |
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/auth/github/map/teams/dev
```
### Sample Response
```json
{
"request_id": "812229d7-a82e-0b20-c35b-81ce8c1b9fa6",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"key": "dev",
"value": "dev-policy"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
```
## Map GitHub Users
Map a list of policies to a specific GitHub user exists in the configured
organization.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/auth/github/map/users/:user_name` | `204 (empty body)` |
### Parameters
- `key` `(string)` - GitHub user name
- `value` `(string)` - Comma separated list of policies to assign
### Sample Payload
```json
{
"value": "sethvargo-policy"
}
```
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/auth/github/map/users/sethvargo
```
The user with username `sethvargo` will be assigned the `sethvargo-policy`
policy **in addition to** any team policies.
## Read User Mapping
Reads the GitHub user policy mapping.
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `GET` | `/auth/github/map/users:user_name` | `200 application/json` |
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/auth/github/map/users/sethvargo
```
### Sample Response
```json
{
"request_id": "764b6f88-efba-51bd-ed62-cf1c9e80e37a",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"key": "sethvargo",
"value": "sethvargo-policy"
},
"wrap_info": null,
"warnings": null,
"auth": null
}
```
## Login
Login using GitHub access token.
@ -112,7 +248,7 @@ Login using GitHub access token.
```
$ curl \
--request POST \
https://vault.rocks/v1/auth/github/login
http://127.0.0.1:8200/v1/auth/github/login
```
### Sample Response

14
website/source/api/auth/kubernetes/index.html.md
View File

@ -56,7 +56,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/kubernetes/config
http://127.0.0.1:8200/v1/auth/kubernetes/config
```
## Read Config
@ -72,7 +72,7 @@ Returns the previously configured config, including credentials.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/kubernetes/config
http://127.0.0.1:8200/v1/auth/kubernetes/config
```
### Sample Response
@ -138,7 +138,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/kubernetes/role/dev-role
http://127.0.0.1:8200/v1/auth/kubernetes/role/dev-role
```
## Read Role
@ -157,7 +157,7 @@ Returns the previously registered role configuration.
```text
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/kubernetes/role/dev-role
http://127.0.0.1:8200/v1/auth/kubernetes/role/dev-role
```
### Sample Response
@ -193,7 +193,7 @@ Lists all the roles that are registered with the auth method.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/kubernetes/role
http://127.0.0.1:8200/v1/auth/kubernetes/role
```
### Sample Response
@ -227,7 +227,7 @@ Deletes the previously registered role.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/kubernetes/role/dev-role
http://127.0.0.1:8200/v1/auth/kubernetes/role/dev-role
```
## Login
@ -263,7 +263,7 @@ entity and then authorizes the entity for the given role.
$ curl \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/kubernetes/login
http://127.0.0.1:8200/v1/auth/kubernetes/login
```
### Sample Response

22
website/source/api/auth/ldap/index.html.md
View File

@ -76,7 +76,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/ldap/config
http://127.0.0.1:8200/v1/auth/ldap/config
```
### Sample Payload
@ -112,7 +112,7 @@ This endpoint retrieves the LDAP configuration for the auth method.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/ldap/config
http://127.0.0.1:8200/v1/auth/ldap/config
```
### Sample Response
@ -160,7 +160,7 @@ This endpoint returns a list of existing groups in the method.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/ldap/groups
http://127.0.0.1:8200/v1/auth/ldap/groups
```
### Sample Response
@ -199,7 +199,7 @@ This endpoint returns the policies associated with a LDAP group.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/ldap/groups/admins
http://127.0.0.1:8200/v1/auth/ldap/groups/admins
```
### Sample Response
@ -248,7 +248,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/ldap/groups/admins
http://127.0.0.1:8200/v1/auth/ldap/groups/admins
```
## Delete LDAP Group
@ -269,7 +269,7 @@ This endpoint deletes the LDAP group and policy association.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/ldap/groups/admins
http://127.0.0.1:8200/v1/auth/ldap/groups/admins
```
## List LDAP Users
@ -286,7 +286,7 @@ This endpoint returns a list of existing users in the method.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/ldap/users
http://127.0.0.1:8200/v1/auth/ldap/users
```
### Sample Response
@ -325,7 +325,7 @@ This endpoint returns the policies associated with a LDAP user.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/ldap/users/mitchellh
http://127.0.0.1:8200/v1/auth/ldap/users/mitchellh
```
### Sample Response
@ -377,7 +377,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/ldap/users/mitchellh
http://127.0.0.1:8200/v1/auth/ldap/users/mitchellh
```
## Delete LDAP User
@ -398,7 +398,7 @@ This endpoint deletes the LDAP user and policy association.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/ldap/users/mitchellh
http://127.0.0.1:8200/v1/auth/ldap/users/mitchellh
```
## Login with LDAP User
@ -428,7 +428,7 @@ This endpoint allows you to log in with LDAP credentials
$ curl \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/ldap/login/mitchellh
http://127.0.0.1:8200/v1/auth/ldap/login/mitchellh
```
### Sample Response

22
website/source/api/auth/okta/index.html.md
View File

@ -57,7 +57,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/okta/config
http://127.0.0.1:8200/v1/auth/okta/config
```
## Read Configuration
@ -73,7 +73,7 @@ Reads the Okta configuration.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/okta/config
http://127.0.0.1:8200/v1/auth/okta/config
```
### Sample Response
@ -109,7 +109,7 @@ List the users configurated in the Okta method.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/okta/users
http://127.0.0.1:8200/v1/auth/okta/users
```
### Sample Response
@ -161,7 +161,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/okta/users/fred
http://127.0.0.1:8200/v1/auth/okta/users/fred
```
## Read User
@ -181,7 +181,7 @@ Reads the properties of an existing username.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/okta/users/test-user
http://127.0.0.1:8200/v1/auth/okta/users/test-user
```
### Sample Response
@ -221,7 +221,7 @@ Deletes an existing username from the method.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/okta/users/test-user
http://127.0.0.1:8200/v1/auth/okta/users/test-user
```
## List Groups
@ -238,7 +238,7 @@ List the groups configurated in the Okta method.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/okta/groups
http://127.0.0.1:8200/v1/auth/okta/groups
```
### Sample Response
@ -289,7 +289,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/okta/groups/admins
http://127.0.0.1:8200/v1/auth/okta/groups/admins
```
## Read Group
@ -309,7 +309,7 @@ Reads the properties of an existing group.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/okta/groups/admins
http://127.0.0.1:8200/v1/auth/okta/groups/admins
```
### Sample Response
@ -348,7 +348,7 @@ Deletes an existing group from the method.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/okta/users/test-user
http://127.0.0.1:8200/v1/auth/okta/users/test-user
```
## Login
@ -378,7 +378,7 @@ Login with the username and password.
$ curl \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/okta/login/fred
http://127.0.0.1:8200/v1/auth/okta/login/fred
```
### Sample Response

12
website/source/api/auth/radius/index.html.md
View File

@ -56,7 +56,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/radius/config
http://127.0.0.1:8200/v1/auth/radius/config
```
## Register User
@ -87,7 +87,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/radius/users/test-user
http://127.0.0.1:8200/v1/auth/radius/users/test-user
```
## Read User
@ -107,7 +107,7 @@ Reads the properties of an existing username.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/radius/users/test-user
http://127.0.0.1:8200/v1/auth/radius/users/test-user
```
### Sample Response
@ -143,7 +143,7 @@ Deletes an existing username from the method.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/radius/users/test-user
http://127.0.0.1:8200/v1/auth/radius/users/test-user
```
## List Users
@ -160,7 +160,7 @@ List the users registered with the method.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/radius/users
http://127.0.0.1:8200/v1/auth/radius/users
```
### Sample Response
@ -210,7 +210,7 @@ Login with the username and password.
$ curl \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/radius/login/test-user
http://127.0.0.1:8200/v1/auth/radius/login/test-user
```
### Sample Response

32
website/source/api/auth/token/index.html.md
View File

@ -28,7 +28,7 @@ large numbers of tokens and their associated leases at once.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/auth/token/accessors
http://127.0.0.1:8200/v1/auth/token/accessors
```
### Sample Response
@ -123,7 +123,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/token/create
http://127.0.0.1:8200/v1/auth/token/create
```
### Sample Response
@ -172,7 +172,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/token/lookup
http://127.0.0.1:8200/v1/auth/token/lookup
```
### Sample Response
@ -209,7 +209,7 @@ Returns information about the current client token.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/token/lookup-self
http://127.0.0.1:8200/v1/auth/token/lookup-self
```
### Sample Response
@ -260,7 +260,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/token/lookup-accessor
http://127.0.0.1:8200/v1/auth/token/lookup-accessor
```
### Sample Response
@ -321,7 +321,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/token/renew
http://127.0.0.1:8200/v1/auth/token/renew
```
### Sample Response
@ -373,7 +373,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/token/renew-self
http://127.0.0.1:8200/v1/auth/token/renew-self
```
### Sample Response
@ -423,7 +423,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/token/revoke
http://127.0.0.1:8200/v1/auth/token/revoke
```
## Revoke a Token (Self)
@ -441,7 +441,7 @@ revoked, all dynamic secrets generated with it are also revoked.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/auth/token/revoke-self
http://127.0.0.1:8200/v1/auth/token/revoke-self
```
## Revoke a Token Accessor
@ -473,7 +473,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/token/revoke-accessor
http://127.0.0.1:8200/v1/auth/token/revoke-accessor
```
## Revoke Token and Orphan Children
@ -507,7 +507,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/token/revoke-orphan
http://127.0.0.1:8200/v1/auth/token/revoke-orphan
```
## Read Token Role
@ -527,7 +527,7 @@ Fetches the named role configuration.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/token/roles/nomad
http://127.0.0.1:8200/v1/auth/token/roles/nomad
```
### Sample Response
@ -568,7 +568,7 @@ List available token roles.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST
https://vault.rocks/v1/auth/token/roles
http://127.0.0.1:8200/v1/auth/token/roles
```
### Sample Response
@ -653,7 +653,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST
--data @payload.json
https://vault.rocks/v1/auth/token/roles/nomad
http://127.0.0.1:8200/v1/auth/token/roles/nomad
```
## Delete Token Role
@ -674,7 +674,7 @@ This endpoint deletes the named token role.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/token/roles/admins
http://127.0.0.1:8200/v1/auth/token/roles/admins
```
## Tidy Tokens
@ -694,5 +694,5 @@ storage method so should be used sparingly.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/auth/token/tidy
http://127.0.0.1:8200/v1/auth/token/tidy
```

14
website/source/api/auth/userpass/index.html.md
View File

@ -51,7 +51,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/userpass/users/mitchellh
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh
```
## Read User
@ -67,7 +67,7 @@ Reads the properties of an existing username.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/userpass/users/mitchellh
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh
```
### Sample Response
@ -105,7 +105,7 @@ This endpoint deletes the user from the method.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/auth/userpass/users/mitchellh
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh
```
## Update Password on User
@ -136,7 +136,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/userpass/users/mitchellh/password
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh/password
```
## Update Policies on User
@ -167,7 +167,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/userpass/users/mitchellh/policies
http://127.0.0.1:8200/v1/auth/userpass/users/mitchellh/policies
```
## List Users
@ -184,7 +184,7 @@ List available userpass users.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST
https://vault.rocks/v1/auth/userpass/users
http://127.0.0.1:8200/v1/auth/userpass/users
```
### Sample Response
@ -227,7 +227,7 @@ Login with the username and password.
$ curl \
--request POST \
--data @payload.json \
https://vault.rocks/v1/auth/userpass/login/mitchellh
http://127.0.0.1:8200/v1/auth/userpass/login/mitchellh
```
### Sample Response

18
website/source/api/secret/aws/index.html.md
View File

@ -77,7 +77,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/aws/config/root
http://127.0.0.1:8200/v1/aws/config/root
```
## Configure Lease
@ -114,7 +114,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/aws/config/lease
http://127.0.0.1:8200/v1/aws/config/lease
```
## Read Lease
@ -130,7 +130,7 @@ This endpoint returns the current lease settings for the AWS secrets engine.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/aws/config/lease
http://127.0.0.1:8200/v1/aws/config/lease
```
### Sample Response
@ -172,7 +172,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/aws/roles/example-role
http://127.0.0.1:8200/v1/aws/roles/example-role
```
### Sample Payloads
@ -212,7 +212,7 @@ exist, a 404 is returned.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/aws/roles/example-role
http://127.0.0.1:8200/v1/aws/roles/example-role
```
### Sample Responses
@ -251,7 +251,7 @@ This endpoint lists all existing roles in the secrets engine.
$ curl
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/aws/roles
http://127.0.0.1:8200/v1/aws/roles
```
### Sample Response
@ -286,7 +286,7 @@ exist, a 404 is returned.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/aws/roles/example-role
http://127.0.0.1:8200/v1/aws/roles/example-role
```
## Generate IAM Credentials
@ -308,7 +308,7 @@ role must be created before queried.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/aws/creds/example-role
http://127.0.0.1:8200/v1/aws/creds/example-role
```
### Sample Response
@ -361,7 +361,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/aws/sts/example-role
http://127.0.0.1:8200/v1/aws/sts/example-role
```
### Sample Response

10
website/source/api/secret/cassandra/index.html.md
View File

@ -105,7 +105,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/cassandra/config/connection
http://127.0.0.1:8200/v1/cassandra/config/connection
```
## Create Role
@ -156,7 +156,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/cassandra/roles/my-role
http://127.0.0.1:8200/v1/cassandra/roles/my-role
```
## Read Role
@ -177,7 +177,7 @@ This endpoint queries the role definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/cassandra/roles/my-role
http://127.0.0.1:8200/v1/cassandra/roles/my-role
```
### Sample Response
@ -212,7 +212,7 @@ This endpoint deletes the role definition.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/cassandra/roles/my-role
http://127.0.0.1:8200/v1/cassandra/roles/my-role
```
## Generate Credentials
@ -234,7 +234,7 @@ role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/cassandra/creds/my-role
http://127.0.0.1:8200/v1/cassandra/creds/my-role
```
### Sample Response

12
website/source/api/secret/consul/index.html.md
View File

@ -53,7 +53,7 @@ $ curl \
--request POST \
--header "X-Vault-Token: ..." \
--data @payload.json \
https://vault.rocks/v1/consul/config/access
http://127.0.0.1:8200/v1/consul/config/access
```
## Create/Update Role
@ -108,7 +108,7 @@ $ curl \
--request POST \
--header "X-Vault-Token: ..." \
--data @payload.json \
https://vault.rocks/v1/consul/roles/example-role
http://127.0.0.1:8200/v1/consul/roles/example-role
```
## Read Role
@ -130,7 +130,7 @@ If no role exists with that name, a 404 is returned.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/consul/roles/example-role
http://127.0.0.1:8200/v1/consul/roles/example-role
```
### Sample Response
@ -159,7 +159,7 @@ This endpoint lists all existing roles in the secrets engine.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/consul/roles
http://127.0.0.1:8200/v1/consul/roles
```
### Sample Response
@ -194,7 +194,7 @@ not exist, this endpoint will still return a successful response.
$ curl \
--request DELETE \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/consul/roles/example-role
http://127.0.0.1:8200/v1/consul/roles/example-role
```
## Generate Credential
@ -216,7 +216,7 @@ definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/consul/creds/example-role
http://127.0.0.1:8200/v1/consul/creds/example-role
```
### Sample Response

8
website/source/api/secret/cubbyhole/index.html.md
View File

@ -35,7 +35,7 @@ This endpoint retrieves the secret at the specified location.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/cubbyhole/my-secret
http://127.0.0.1:8200/v1/cubbyhole/my-secret
```
### Sample Response
@ -73,7 +73,7 @@ not return a value. The values themselves are not accessible via this command.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/cubbyhole/my-secret
http://127.0.0.1:8200/v1/cubbyhole/my-secret
```
### Sample Response
@ -129,7 +129,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/cubbyhole/my-secret
http://127.0.0.1:8200/v1/cubbyhole/my-secret
```
## Delete Secret
@ -151,5 +151,5 @@ This endpoint deletes the secret at the specified location.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/cubbyhole/my-secret
http://127.0.0.1:8200/v1/cubbyhole/my-secret
```

2
website/source/api/secret/databases/cassandra.html.md
View File

@ -95,7 +95,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/cassandra/config/connection
http://127.0.0.1:8200/v1/cassandra/config/connection
```
## Statements

2
website/source/api/secret/databases/hanadb.html.md
View File

@ -55,7 +55,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/database/config/hana
http://127.0.0.1:8200/v1/database/config/hana
```
## Statements

20
website/source/api/secret/databases/index.html.md
View File

@ -60,7 +60,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/database/config/mysql
http://127.0.0.1:8200/v1/database/config/mysql
```
## Read Connection
@ -82,7 +82,7 @@ This endpoint returns the configuration settings for a connection.
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
https://vault.rocks/v1/database/config/mysql
http://127.0.0.1:8200/v1/database/config/mysql
```
### Sample Response
@ -116,7 +116,7 @@ are returned, not any values.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/database/config
http://127.0.0.1:8200/v1/database/config
```
### Sample Response
@ -148,7 +148,7 @@ This endpoint deletes a connection.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/database/config/mysql
http://127.0.0.1:8200/v1/database/config/mysql
```
## Reset Connection
@ -171,7 +171,7 @@ with the configuration stored in the barrier.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/database/reset/mysql
http://127.0.0.1:8200/v1/database/reset/mysql
```
## Create Role
@ -236,7 +236,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/database/roles/my-role
http://127.0.0.1:8200/v1/database/roles/my-role
```
## Read Role
@ -257,7 +257,7 @@ This endpoint queries the role definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/database/roles/my-role
http://127.0.0.1:8200/v1/database/roles/my-role
```
### Sample Response
@ -291,7 +291,7 @@ returned, not any values.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/database/roles
http://127.0.0.1:8200/v1/database/roles
```
### Sample Response
@ -327,7 +327,7 @@ This endpoint deletes the role definition.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/database/roles/my-role
http://127.0.0.1:8200/v1/database/roles/my-role
```
## Generate Credentials
@ -349,7 +349,7 @@ role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/database/creds/my-role
http://127.0.0.1:8200/v1/database/creds/my-role
```
### Sample Response

2
website/source/api/secret/databases/mongodb.html.md
View File

@ -50,7 +50,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/database/config/mongodb
http://127.0.0.1:8200/v1/database/config/mongodb
```
## Statements

2
website/source/api/secret/databases/mssql.html.md
View File

@ -55,7 +55,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/database/config/mssql
http://127.0.0.1:8200/v1/database/config/mssql
```
## Statements

2
website/source/api/secret/databases/mysql-maria.html.md
View File

@ -55,7 +55,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/database/config/mysql
http://127.0.0.1:8200/v1/database/config/mysql
```
## Statements

2
website/source/api/secret/databases/oracle.html.md
View File

@ -55,7 +55,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/database/config/oracle
http://127.0.0.1:8200/v1/database/config/oracle
```
## Statements

2
website/source/api/secret/databases/postgresql.html.md
View File

@ -55,7 +55,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/database/config/postgresql
http://127.0.0.1:8200/v1/database/config/postgresql
```
## Statements

10
website/source/api/secret/identity/entity-alias.html.md
View File

@ -53,7 +53,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/entity-alias
http://127.0.0.1:8200/v1/identity/entity-alias
```
### Sample Response
@ -84,7 +84,7 @@ This endpoint queries the entity alias by its identifier.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/identity/entity-alias/id/34982d3d-e3ce-5d8b-6e5f-b9bb34246c31
http://127.0.0.1:8200/v1/identity/entity-alias/id/34982d3d-e3ce-5d8b-6e5f-b9bb34246c31
```
### Sample Response
@ -154,7 +154,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/entity-alias/id/34982d3d-e3ce-5d8b-6e5f-b9bb34246c31
http://127.0.0.1:8200/v1/identity/entity-alias/id/34982d3d-e3ce-5d8b-6e5f-b9bb34246c31
```
### Sample Response
@ -186,7 +186,7 @@ This endpoint deletes an alias from its corresponding entity.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/identity/entity-alias/id/34982d3d-e3ce-5d8b-6e5f-b9bb34246c31
http://127.0.0.1:8200/v1/identity/entity-alias/id/34982d3d-e3ce-5d8b-6e5f-b9bb34246c31
```
### List Entity Aliases by ID
@ -204,7 +204,7 @@ This endpoint returns a list of available entity aliases by their identifiers.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/identity/entity-alias/id
http://127.0.0.1:8200/v1/identity/entity-alias/id
```
### Sample Response

10
website/source/api/secret/identity/entity.html.md
View File

@ -45,7 +45,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/entity
http://127.0.0.1:8200/v1/identity/entity
```
### Sample Response
@ -76,7 +76,7 @@ This endpoint queries the entity by its identifier.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/identity/entity/id/8d6a45e5-572f-8f13-d226-cd0d1ec57297
http://127.0.0.1:8200/v1/identity/entity/id/8d6a45e5-572f-8f13-d226-cd0d1ec57297
```
### Sample Response
@ -141,7 +141,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/entity/id/8d6a45e5-572f-8f13-d226-cd0d1ec57297
http://127.0.0.1:8200/v1/identity/entity/id/8d6a45e5-572f-8f13-d226-cd0d1ec57297
```
### Sample Response
@ -173,7 +173,7 @@ This endpoint deletes an entity and all its associated aliases.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/identity/entity/id/8d6a45e5-572f-8f13-d226-cd0d1ec57297
http://127.0.0.1:8200/v1/identity/entity/id/8d6a45e5-572f-8f13-d226-cd0d1ec57297
```
## List Entities by ID
@ -191,7 +191,7 @@ This endpoint returns a list of available entities by their identifiers.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/identity/entity/id
http://127.0.0.1:8200/v1/identity/entity/id
```
### Sample Response

8
website/source/api/secret/identity/group-alias.html.md
View File

@ -44,7 +44,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/group-alias
http://127.0.0.1:8200/v1/identity/group-alias
```
### Sample Response
@ -75,7 +75,7 @@ This endpoint queries the group alias by its identifier.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/identity/group-alias/id/ca726050-d8ac-6f1f-4210-3b5c5b613824
http://127.0.0.1:8200/v1/identity/group-alias/id/ca726050-d8ac-6f1f-4210-3b5c5b613824
```
### Sample Response
@ -115,7 +115,7 @@ This endpoint deletes a group alias.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/identity/group-alias/id/ca726050-d8ac-6f1f-4210-3b5c5b613824
http://127.0.0.1:8200/v1/identity/group-alias/id/ca726050-d8ac-6f1f-4210-3b5c5b613824
```
## List Entities by ID
@ -133,7 +133,7 @@ This endpoint returns a list of available group aliases by their identifiers.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/identity/group-alias/id
http://127.0.0.1:8200/v1/identity/group-alias/id
```
### Sample Response

10
website/source/api/secret/identity/group.html.md
View File

@ -53,7 +53,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/group
http://127.0.0.1:8200/v1/identity/group
```
### Sample Response
@ -84,7 +84,7 @@ This endpoint queries the group by its identifier.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/identity/group/id/363926d8-dd8b-c9f0-21f8-7b248be80ce1
http://127.0.0.1:8200/v1/identity/group/id/363926d8-dd8b-c9f0-21f8-7b248be80ce1
```
### Sample Response
@ -159,7 +159,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/group/id/363926d8-dd8b-c9f0-21f8-7b248be80ce1
http://127.0.0.1:8200/v1/identity/group/id/363926d8-dd8b-c9f0-21f8-7b248be80ce1
```
### Sample Response
@ -191,7 +191,7 @@ This endpoint deletes a group.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/identity/group/id/363926d8-dd8b-c9f0-21f8-7b248be80ce1
http://127.0.0.1:8200/v1/identity/group/id/363926d8-dd8b-c9f0-21f8-7b248be80ce1
```
## List Groups by ID
@ -209,7 +209,7 @@ This endpoint returns a list of available groups by their identifiers.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/identity/group/id
http://127.0.0.1:8200/v1/identity/group/id
```
### Sample Response

12
website/source/api/secret/identity/identity-groups.html.md
View File

@ -46,7 +46,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/group
http://127.0.0.1:8200/v1/identity/group
```
### Sample Response
@ -98,7 +98,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/group/id/454ceeb5-76d7-a131-b92a-7ecfb15523e8
http://127.0.0.1:8200/v1/identity/group/id/454ceeb5-76d7-a131-b92a-7ecfb15523e8
```
### Sample Response
@ -129,7 +129,7 @@ This endpoint reads the group by its ID.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/identity/group/id/454ceeb5-76d7-a131-b92a-7ecfb15523e8
http://127.0.0.1:8200/v1/identity/group/id/454ceeb5-76d7-a131-b92a-7ecfb15523e8
```
### Sample Response
@ -173,7 +173,7 @@ This endpoint deleted the group by its ID.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/identity/group/id/454ceeb5-76d7-a131-b92a-7ecfb15523e8
http://127.0.0.1:8200/v1/identity/group/id/454ceeb5-76d7-a131-b92a-7ecfb15523e8
```
@ -192,7 +192,7 @@ This endpoint lists all the groups by their ID.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/identity/group/id
http://127.0.0.1:8200/v1/identity/group/id
```
### Sample Response
@ -240,7 +240,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/lookup/group
http://127.0.0.1:8200/v1/identity/lookup/group
```
### Sample Response

4
website/source/api/secret/identity/lookup.html.md
View File

@ -46,7 +46,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/lookup/entity
http://127.0.0.1:8200/v1/identity/lookup/entity
```
### Sample Response
@ -108,7 +108,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/identity/lookup/group
http://127.0.0.1:8200/v1/identity/lookup/group
```
### Sample Response

18
website/source/api/secret/mongodb/index.html.md
View File

@ -54,7 +54,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/mongodb/config/connection
http://127.0.0.1:8200/v1/mongodb/config/connection
```
### Sample Response
@ -88,7 +88,7 @@ including passwords, if any.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/mongodb/config/connection
http://127.0.0.1:8200/v1/mongodb/config/connection
```
### Sample Response
@ -141,7 +141,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/mongodb/config/lease
http://127.0.0.1:8200/v1/mongodb/config/lease
```
## Read Lease
@ -157,7 +157,7 @@ This endpoint queries the lease configuration.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/mongodb/config/lease
http://127.0.0.1:8200/v1/mongodb/config/lease
```
### Sample Response
@ -209,7 +209,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/mongodb/roles/my-role
http://127.0.0.1:8200/v1/mongodb/roles/my-role
```
## Read Role
@ -230,7 +230,7 @@ This endpoint queries the role definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/mongodb/roles/my-role
http://127.0.0.1:8200/v1/mongodb/roles/my-role
```
### Sample Response
@ -265,7 +265,7 @@ returned, not any values.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/mongodb/roles
http://127.0.0.1:8200/v1/mongodb/roles
```
### Sample Response
@ -306,7 +306,7 @@ This endpoint deletes the role definition.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/mongodb/roles/my-role
http://127.0.0.1:8200/v1/mongodb/roles/my-role
```
## Generate Credentials
@ -328,7 +328,7 @@ role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/mongodb/creds/my-role
http://127.0.0.1:8200/v1/mongodb/creds/my-role
```
### Sample Response

14
website/source/api/secret/mssql/index.html.md
View File

@ -57,7 +57,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/mssql/config/connection
http://127.0.0.1:8200/v1/mssql/config/connection
```
## Configure Lease
@ -93,7 +93,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/mssql/config/lease
http://127.0.0.1:8200/v1/mssql/config/lease
```
## Create Role
@ -127,7 +127,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/mssql/roles/my-role
http://127.0.0.1:8200/v1/mssql/roles/my-role
```
## Read Role
@ -148,7 +148,7 @@ This endpoint queries the role definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/mssql/roles/my-role
http://127.0.0.1:8200/v1/mssql/roles/my-role
```
### Sample Response
@ -176,7 +176,7 @@ returned, not any values.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/mssql/roles
http://127.0.0.1:8200/v1/mssql/roles
```
### Sample Response
@ -212,7 +212,7 @@ This endpoint deletes the role definition.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/mssql/roles/my-role
http://127.0.0.1:8200/v1/mssql/roles/my-role
```
## Generate Credentials
@ -234,7 +234,7 @@ role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/mssql/creds/my-role
http://127.0.0.1:8200/v1/mssql/creds/my-role
```
### Sample Response

14
website/source/api/secret/mysql/index.html.md
View File

@ -59,7 +59,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/mysql/config/connection
http://127.0.0.1:8200/v1/mysql/config/connection
```
## Configure Lease
@ -96,7 +96,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/mysql/config/lease
http://127.0.0.1:8200/v1/mysql/config/lease
```
## Create Role
@ -148,7 +148,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/mysql/roles/my-role
http://127.0.0.1:8200/v1/mysql/roles/my-role
```
## Read Role
@ -169,7 +169,7 @@ This endpoint queries the role definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/mysql/roles/my-role
http://127.0.0.1:8200/v1/mysql/roles/my-role
```
### Sample Response
@ -197,7 +197,7 @@ returned, not any values.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/mysql/roles
http://127.0.0.1:8200/v1/mysql/roles
```
### Sample Response
@ -233,7 +233,7 @@ This endpoint deletes the role definition.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/mysql/roles/my-role
http://127.0.0.1:8200/v1/mysql/roles/my-role
```
## Generate Credentials
@ -255,7 +255,7 @@ role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/mysql/creds/my-role
http://127.0.0.1:8200/v1/mysql/creds/my-role
```
### Sample Response

20
website/source/api/secret/nomad/index.html.md
View File

@ -53,7 +53,7 @@ $ curl \
--request POST \
--header "X-Vault-Token: ..." \
--data @payload.json \
https://vault.rocks/v1/nomad/config/access
http://127.0.0.1:8200/v1/nomad/config/access
```
## Read Access Configuration
@ -69,7 +69,7 @@ This endpoint queries for information about the Nomad connection.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/nomad/config/access
http://127.0.0.1:8200/v1/nomad/config/access
```
### Sample Response
@ -114,7 +114,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/nomad/config/lease
http://127.0.0.1:8200/v1/nomad/config/lease
```
## Read Lease Configuration
@ -130,7 +130,7 @@ This endpoint queries for information about the Lease TTL for the specified moun
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/nomad/config/lease
http://127.0.0.1:8200/v1/nomad/config/lease
```
### Sample Response
@ -156,7 +156,7 @@ This endpoint deletes the lease configuration.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/nomad/config/lease
http://127.0.0.1:8200/v1/nomad/config/lease
```
## Create/Update Role
@ -202,7 +202,7 @@ $ curl \
--request POST \
--header "X-Vault-Token: ..." \
--data @payload.json \
https://vault.rocks/v1/nomad/role/monitoring
http://127.0.0.1:8200/v1/nomad/role/monitoring
```
## Read Role
@ -224,7 +224,7 @@ If no role exists with that name, a 404 is returned.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/nomad/role/monitoring
http://127.0.0.1:8200/v1/nomad/role/monitoring
```
### Sample Response
@ -256,7 +256,7 @@ This endpoint lists all existing roles in the backend.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/nomad/role
http://127.0.0.1:8200/v1/nomad/role
```
### Sample Response
@ -291,7 +291,7 @@ not exist, this endpoint will still return a successful response.
$ curl \
--request DELETE \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/nomad/role/example-role
http://127.0.0.1:8200/v1/nomad/role/example-role
```
## Generate Credential
@ -313,7 +313,7 @@ definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/nomad/creds/example
http://127.0.0.1:8200/v1/nomad/creds/example
```
### Sample Response

48
website/source/api/secret/pki/index.html.md
View File

@ -62,7 +62,7 @@ This is an unauthenticated endpoint.
```
$ curl \
https://vault.rocks/v1/pki/ca/pem
http://127.0.0.1:8200/v1/pki/ca/pem
```
### Sample Response
@ -87,7 +87,7 @@ This is an unauthenticated endpoint.
```
$ curl \
https://vault.rocks/v1/pki/ca_chain
http://127.0.0.1:8200/v1/pki/ca_chain
```
### Sample Response
@ -121,7 +121,7 @@ This is an unauthenticated endpoint.
```
$ curl \
https://vault.rocks/v1/pki/cert/crl
http://127.0.0.1:8200/v1/pki/cert/crl
```
### Sample Response
@ -148,7 +148,7 @@ This endpoint returns a list of the current certificates by serial number only.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/pki/certs
http://127.0.0.1:8200/v1/pki/certs
```
### Sample Response
@ -225,7 +225,7 @@ marked valid.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/pki/config/crl
http://127.0.0.1:8200/v1/pki/config/crl
```
### Sample Response
@ -270,7 +270,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/config/crl
http://127.0.0.1:8200/v1/pki/config/crl
```
## Read URLs
@ -286,7 +286,7 @@ This endpoint fetches the URLs to be encoded in generated certificates.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/pki/config/urls
http://127.0.0.1:8200/v1/pki/config/urls
```
### Sample Response
@ -345,7 +345,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/config/urls
http://127.0.0.1:8200/v1/pki/config/urls
```
## Read CRL
@ -366,7 +366,7 @@ This is an unauthenticated endpoint.
```
$ curl \
https://vault.rocks/v1/pki/crl/pem
http://127.0.0.1:8200/v1/pki/crl/pem
```
### Sample Response
@ -391,7 +391,7 @@ certificates being revoked.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/pki/crl/rotate
http://127.0.0.1:8200/v1/pki/crl/rotate
```
### Sample Response
@ -505,7 +505,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/intermediate/generate/internal
http://127.0.0.1:8200/v1/pki/intermediate/generate/internal
```
```json
@ -556,7 +556,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/intermediate/set-signed
http://127.0.0.1:8200/v1/pki/intermediate/set-signed
```
## Generate Certificate
@ -632,7 +632,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/issue/my-role
http://127.0.0.1:8200/v1/pki/issue/my-role
```
### Sample Response
@ -685,7 +685,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/revoke
http://127.0.0.1:8200/v1/pki/revoke
```
### Sample Response
@ -867,7 +867,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/roles/my-role
http://127.0.0.1:8200/v1/pki/roles/my-role
```
## Read Role
@ -888,7 +888,7 @@ This endpoint queries the role definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/pki/roles/my-role
http://127.0.0.1:8200/v1/pki/roles/my-role
```
### Sample Response
@ -927,7 +927,7 @@ returned, not any values.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/pki/roles
http://127.0.0.1:8200/v1/pki/roles
```
### Sample Response
@ -964,7 +964,7 @@ revoke certificates previously issued under this role.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/pki/roles/my-role
http://127.0.0.1:8200/v1/pki/roles/my-role
```
## Generate Root
@ -1091,7 +1091,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/root/generate/internal
http://127.0.0.1:8200/v1/pki/root/generate/internal
```
### Sample Response
@ -1127,7 +1127,7 @@ _This endpoint requires sudo/root privileges._
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/pki/root
http://127.0.0.1:8200/v1/pki/root
```
## Sign Intermediate
@ -1243,7 +1243,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/root/sign-intermediate
http://127.0.0.1:8200/v1/pki/root/sign-intermediate
```
### Sample Response
@ -1303,7 +1303,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/root/sign-self-issued
http://127.0.0.1:8200/v1/pki/root/sign-self-issued
```
### Sample Response
@ -1444,7 +1444,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/sign-verbatim
http://127.0.0.1:8200/v1/pki/sign-verbatim
```
### Sample Response
@ -1505,5 +1505,5 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/pki/tidy
http://127.0.0.1:8200/v1/pki/tidy
```

14
website/source/api/secret/postgresql/index.html.md
View File

@ -62,7 +62,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/postgresql/config/connection
http://127.0.0.1:8200/v1/postgresql/config/connection
```
## Configure Lease
@ -99,7 +99,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/postgresql/config/lease
http://127.0.0.1:8200/v1/postgresql/config/lease
```
## Create Role
@ -142,7 +142,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/postgresql/roles/my-role
http://127.0.0.1:8200/v1/postgresql/roles/my-role
```
## Read Role
@ -163,7 +163,7 @@ This endpoint queries the role definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/postgresql/roles/my-role
http://127.0.0.1:8200/v1/postgresql/roles/my-role
```
### Sample Response
@ -191,7 +191,7 @@ returned, not any values.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/postgresql/roles
http://127.0.0.1:8200/v1/postgresql/roles
```
### Sample Response
@ -227,7 +227,7 @@ This endpoint deletes the role definition.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/postgresql/roles/my-role
http://127.0.0.1:8200/v1/postgresql/roles/my-role
```
## Generate Credentials
@ -249,7 +249,7 @@ role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/postgresql/creds/my-role
http://127.0.0.1:8200/v1/postgresql/creds/my-role
```
### Sample Response

12
website/source/api/secret/rabbitmq/index.html.md
View File

@ -56,7 +56,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/rabbitmq/config/connection
http://127.0.0.1:8200/v1/rabbitmq/config/connection
```
## Configure Lease
@ -89,7 +89,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/rabbitmq/config/lease
http://127.0.0.1:8200/v1/rabbitmq/config/lease
```
## Create Role
@ -126,7 +126,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/rabbitmq/roles/my-role
http://127.0.0.1:8200/v1/rabbitmq/roles/my-role
```
## Read Role
@ -147,7 +147,7 @@ This endpoint queries the role definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/rabbitmq/roles/my-role
http://127.0.0.1:8200/v1/rabbitmq/roles/my-role
```
### Sample Response
@ -180,7 +180,7 @@ This endpoint deletes the role definition.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/rabbitmq/roles/my-role
http://127.0.0.1:8200/v1/rabbitmq/roles/my-role
```
## Generate Credentials
@ -202,7 +202,7 @@ role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/rabbitmq/creds/my-role
http://127.0.0.1:8200/v1/rabbitmq/creds/my-role
```
### Sample Response

34
website/source/api/secret/ssh/index.html.md
View File

@ -47,7 +47,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/ssh/keys/my-key
http://127.0.0.1:8200/v1/ssh/keys/my-key
```
## Delete Key
@ -70,7 +70,7 @@ This endpoint deletes a named key.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/ssh/keys/my-key
http://127.0.0.1:8200/v1/ssh/keys/my-key
```
## Create Role
@ -218,7 +218,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/ssh/roles/my-role
http://127.0.0.1:8200/v1/ssh/roles/my-role
```
## Read Role
@ -239,7 +239,7 @@ This endpoint queries a named role.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/ssh/roles/my-role
http://127.0.0.1:8200/v1/ssh/roles/my-role
```
### Sample Response
@ -301,7 +301,7 @@ returned, not any values.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/ssh/roles
http://127.0.0.1:8200/v1/ssh/roles
```
### Sample Response
@ -346,7 +346,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
--data @payload.json \
https://vault.rocks/v1/ssh/roles/my-role
http://127.0.0.1:8200/v1/ssh/roles/my-role
```
## List Zero-Address Roles
@ -362,7 +362,7 @@ This endpoint returns the list of configured zero-address roles.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/ssh/config/zeroaddress
http://127.0.0.1:8200/v1/ssh/config/zeroaddress
```
### Sample Response
@ -411,7 +411,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/ssh/config/zeroaddress
http://127.0.0.1:8200/v1/ssh/config/zeroaddress
```
## Delete Zero-Address Role
@ -428,7 +428,7 @@ This endpoint deletes the zero-address roles configuration.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/ssh/config/zeroaddress
http://127.0.0.1:8200/v1/ssh/config/zeroaddress
```
## Generate SSH Credentials
@ -464,7 +464,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/ssh/creds/my-role
http://127.0.0.1:8200/v1/ssh/creds/my-role
```
### Sample Response
@ -540,7 +540,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/ssh/lookup
http://127.0.0.1:8200/v1/ssh/lookup
```
### Sample Response
@ -592,7 +592,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/ssh/verify
http://127.0.0.1:8200/v1/ssh/verify
### Sample Response
@ -647,7 +647,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/ssh/config/ca
http://127.0.0.1:8200/v1/ssh/config/ca
```
### Sample Response
@ -682,7 +682,7 @@ This endpoint deletes the CA information for the backend via an SSH key pair.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/ssh/config/ca
http://127.0.0.1:8200/v1/ssh/config/ca
```
## Read Public Key (Unauthenticated)
@ -697,7 +697,7 @@ endpoint.
### Sample Request
```
$ curl https://vault.rocks/v1/ssh/public_key
$ curl http://127.0.0.1:8200/v1/ssh/public_key
```
### Sample Response
@ -719,7 +719,7 @@ This endpoint reads the configured/generated public key.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/ssh/config/ca
http://127.0.0.1:8200/v1/ssh/config/ca
```
### Sample Response
@ -788,7 +788,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/ssh/sign/my-key
http://127.0.0.1:8200/v1/ssh/sign/my-key
```
### Sample Response

14
website/source/api/secret/totp/index.html.md
View File

@ -67,7 +67,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/totp/keys/my-key
http://127.0.0.1:8200/v1/totp/keys/my-key
```
### Sample Payload
@ -87,7 +87,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/totp/keys/my-key
http://127.0.0.1:8200/v1/totp/keys/my-key
```
### Sample Response
@ -124,7 +124,7 @@ This endpoint queries the key definition.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/totp/keys/my-key
http://127.0.0.1:8200/v1/totp/keys/my-key
```
### Sample Response
@ -156,7 +156,7 @@ returned, not any values.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/totp/keys
http://127.0.0.1:8200/v1/totp/keys
```
### Sample Response
@ -192,7 +192,7 @@ This endpoint deletes the key definition.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/totp/keys/my-key
http://127.0.0.1:8200/v1/totp/keys/my-key
```
## Generate Code
@ -214,7 +214,7 @@ key.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/totp/code/my-key
http://127.0.0.1:8200/v1/totp/code/my-key
```
### Sample Response
@ -257,7 +257,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/totp/code/my-key
http://127.0.0.1:8200/v1/totp/code/my-key
```
### Sample Response

36
website/source/api/secret/transit/index.html.md
View File

@ -77,7 +77,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/keys/my-key
http://127.0.0.1:8200/v1/transit/keys/my-key
```
## Read Key
@ -102,7 +102,7 @@ type.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/transit/keys/my-key
http://127.0.0.1:8200/v1/transit/keys/my-key
```
### Sample Response
@ -144,7 +144,7 @@ actual keys themselves).
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/transit/keys
http://127.0.0.1:8200/v1/transit/keys
```
### Sample Response
@ -182,7 +182,7 @@ catastrophic operation, the `deletion_allowed` tunable must be set in the key's
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/transit/keys/my-key
http://127.0.0.1:8200/v1/transit/keys/my-key
```
## Update Key Configuration
@ -233,7 +233,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/keys/my-key/config
http://127.0.0.1:8200/v1/transit/keys/my-key/config
```
## Rotate Key
@ -254,7 +254,7 @@ decryption operations.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/transit/keys/my-key/rotate
http://127.0.0.1:8200/v1/transit/keys/my-key/rotate
```
## Export Key
@ -291,7 +291,7 @@ be valid.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/transit/export/encryption-key/my-key/1
http://127.0.0.1:8200/v1/transit/export/encryption-key/my-key/1
```
### Sample Response
@ -391,7 +391,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/encrypt/my-key
http://127.0.0.1:8200/v1/transit/encrypt/my-key
```
### Sample Response
@ -460,7 +460,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/decrypt/my-key
http://127.0.0.1:8200/v1/transit/decrypt/my-key
```
### Sample Response
@ -535,7 +535,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/rewrap/my-key
http://127.0.0.1:8200/v1/transit/rewrap/my-key
```
### Sample Response
@ -599,7 +599,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/datakey/plaintext/my-key
http://127.0.0.1:8200/v1/transit/datakey/plaintext/my-key
```
### Sample Response
@ -644,7 +644,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/random/164
http://127.0.0.1:8200/v1/transit/random/164
```
### Sample Response
@ -696,7 +696,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/hash/sha2-512
http://127.0.0.1:8200/v1/transit/hash/sha2-512
```
### Sample Response
@ -755,7 +755,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/hmac/my-key/sha2-512
http://127.0.0.1:8200/v1/transit/hmac/my-key/sha2-512
```
### Sample Response
@ -829,7 +829,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/sign/my-key/sha2-512
http://127.0.0.1:8200/v1/transit/sign/my-key/sha2-512
```
### Sample Response
@ -905,7 +905,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/verify/my-key/sha2-512
http://127.0.0.1:8200/v1/transit/verify/my-key/sha2-512
```
### Sample Response
@ -938,7 +938,7 @@ restore the key.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/transit/backup/aes
http://127.0.0.1:8200/v1/transit/backup/aes
```
### Sample Response
@ -982,5 +982,5 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/transit/restore
http://127.0.0.1:8200/v1/transit/restore
```

2
website/source/api/system/audit-hash.html.md
View File

@ -51,7 +51,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/audit-hash/example-audit
http://127.0.0.1:8200/v1/sys/audit-hash/example-audit
```
### Sample Response

6
website/source/api/system/audit.html.md
View File

@ -29,7 +29,7 @@ available audit devices).
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/audit
http://127.0.0.1:8200/v1/sys/audit
```
### Sample Response
@ -95,7 +95,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/audit/example-audit
http://127.0.0.1:8200/v1/sys/audit/example-audit
```
## Disable Audit Device
@ -120,5 +120,5 @@ This endpoint disables the audit device at the given path.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/audit/example-audit
http://127.0.0.1:8200/v1/sys/audit/example-audit
```

10
website/source/api/system/auth.html.md
View File

@ -25,7 +25,7 @@ This endpoint lists all enabled auth methods.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/auth
http://127.0.0.1:8200/v1/sys/auth
```
### Sample Response
@ -127,7 +127,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/auth/my-auth
http://127.0.0.1:8200/v1/sys/auth/my-auth
```
## Disable Auth Method
@ -152,7 +152,7 @@ This endpoint disables the auth method at the given auth path.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/auth/my-auth
http://127.0.0.1:8200/v1/sys/auth/my-auth
```
## Read Auth Method Tuning
@ -177,7 +177,7 @@ without `sudo` via `sys/mounts/auth/[auth-path]/tune`._
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/auth/my-auth/tune
http://127.0.0.1:8200/v1/sys/auth/my-auth/tune
```
### Sample Response
@ -243,5 +243,5 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/auth/my-auth/tune
http://127.0.0.1:8200/v1/sys/auth/my-auth/tune
```

2
website/source/api/system/capabilities-accessor.html.md
View File

@ -50,7 +50,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/capabilities-accessor
http://127.0.0.1:8200/v1/sys/capabilities-accessor
```
### Sample Response

2
website/source/api/system/capabilities-self.html.md
View File

@ -47,7 +47,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/capabilities-self
http://127.0.0.1:8200/v1/sys/capabilities-self
```
### Sample Response

2
website/source/api/system/capabilities.html.md
View File

@ -48,7 +48,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/capabilities
http://127.0.0.1:8200/v1/sys/capabilities
```
### Sample Response

8
website/source/api/system/config-auditing.html.md
View File

@ -26,7 +26,7 @@ This endpoint lists the request headers that are configured to be audited.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/config/auditing/request-headers
http://127.0.0.1:8200/v1/sys/config/auditing/request-headers
```
### Sample Response
@ -62,7 +62,7 @@ This endpoint lists the information for the given request header.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/config/auditing/request-headers/my-header
http://127.0.0.1:8200/v1/sys/config/auditing/request-headers/my-header
```
### Sample Response
@ -106,7 +106,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/config/auditing/request-headers/my-header
http://127.0.0.1:8200/v1/sys/config/auditing/request-headers/my-header
```
## Delete Audit Request Header
@ -126,5 +126,5 @@ This endpoint disables auditing of the given request header.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/config/auditing/request-headers/my-header
http://127.0.0.1:8200/v1/sys/config/auditing/request-headers/my-header
```

6
website/source/api/system/config-control-group.html.md
View File

@ -26,7 +26,7 @@ This endpoint returns the current Control Group configuration.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/config/control-group
http://127.0.0.1:8200/v1/sys/config/control-group
```
### Sample Response
@ -64,7 +64,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/config/control-group
http://127.0.0.1:8200/v1/sys/config/control-group
```
## Delete Control Group Settings
@ -81,5 +81,5 @@ This endpoint removes any control group configuration.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/config/control-group
http://127.0.0.1:8200/v1/sys/config/control-group
```

6
website/source/api/system/config-cors.html.md
View File

@ -26,7 +26,7 @@ This endpoint returns the current CORS configuration.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/config/cors
http://127.0.0.1:8200/v1/sys/config/cors
```
### Sample Response
@ -78,7 +78,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/config/cors
http://127.0.0.1:8200/v1/sys/config/cors
```
## Delete CORS Settings
@ -95,5 +95,5 @@ This endpoint removes any CORS configuration.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/config/cors
http://127.0.0.1:8200/v1/sys/config/cors
```

4
website/source/api/system/control-group.html.md
View File

@ -35,7 +35,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/control-group/authorize
http://127.0.0.1:8200/v1/sys/control-group/authorize
```
### Sample Response
@ -75,7 +75,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/control-group/request
http://127.0.0.1:8200/v1/sys/control-group/request
```
### Sample Response

8
website/source/api/system/generate-root.html.md
View File

@ -24,7 +24,7 @@ attempt.
```
$ curl \
https://vault.rocks/v1/sys/generate-root/attempt
http://127.0.0.1:8200/v1/sys/generate-root/attempt
```
### Sample Response
@ -82,7 +82,7 @@ generation attempt can take place at a time. One (and only one) of `otp` or
$ curl \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/generate-root/attempt
http://127.0.0.1:8200/v1/sys/generate-root/attempt
```
### Sample Response
@ -113,7 +113,7 @@ progress made. This must be called to change the OTP or PGP key being used.
```
$ curl \
--request DELETE \
https://vault.rocks/v1/sys/generate-root/attempt
http://127.0.0.1:8200/v1/sys/generate-root/attempt
```
## Provide Key Share to Generate Root
@ -149,7 +149,7 @@ nonce must be provided with each call.
$ curl \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/generate-root/update
http://127.0.0.1:8200/v1/sys/generate-root/update
```
### Sample Response

2
website/source/api/system/health.html.md
View File

@ -52,7 +52,7 @@ The default status codes are:
```
$ curl \
https://vault.rocks/v1/sys/health
http://127.0.0.1:8200/v1/sys/health
```
### Sample Response

4
website/source/api/system/init.html.md
View File

@ -22,7 +22,7 @@ This endpoint returns the initialization status of Vault.
```
$ curl \
https://vault.rocks/v1/sys/init
http://127.0.0.1:8200/v1/sys/init
```
### Sample Response
@ -95,7 +95,7 @@ Additionally, the following options are only supported on Vault Pro/Enterprise:
$ curl \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/init
http://127.0.0.1:8200/v1/sys/init
```
### Sample Response

2
website/source/api/system/leader.html.md
View File

@ -25,7 +25,7 @@ of Vault.
```
$ curl \
https://vault.rocks/v1/sys/leader
http://127.0.0.1:8200/v1/sys/leader
```
### Sample Response

12
website/source/api/system/leases.html.md
View File

@ -37,7 +37,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/leases/lookup
http://127.0.0.1:8200/v1/sys/leases/lookup
```
### Sample Response
@ -70,7 +70,7 @@ This endpoint returns a list of lease ids.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/sys/leases/lookup/aws/creds/deploy/
http://127.0.0.1:8200/v1/sys/leases/lookup/aws/creds/deploy/
```
### Sample Response
@ -119,7 +119,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/leases/renew
http://127.0.0.1:8200/v1/sys/leases/renew
```
### Sample Response
@ -159,7 +159,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/leases/revoke
http://127.0.0.1:8200/v1/sys/leases/revoke
```
## Revoke Force
@ -191,7 +191,7 @@ this endpoint should be tightly controlled.
$ curl \
--header "X-Vault-Token: ..." \
--request PUT \
https://vault.rocks/v1/sys/leases/revoke-force/aws/creds
http://127.0.0.1:8200/v1/sys/leases/revoke-force/aws/creds
```
## Revoke Prefix
@ -218,5 +218,5 @@ used to revoke very large numbers of secrets/tokens at once.
$ curl \
--header "X-Vault-Token: ..." \
--request PUT \
https://vault.rocks/v1/sys/leases/revoke-prefix/aws/creds
http://127.0.0.1:8200/v1/sys/leases/revoke-prefix/aws/creds
```

4
website/source/api/system/license.html.md
View File

@ -27,7 +27,7 @@ This endpoint returns information about the currently installed license.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/license
http://127.0.0.1:8200/v1/sys/license
```
### Sample Response
@ -83,5 +83,5 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/license
http://127.0.0.1:8200/v1/sys/license
```

6
website/source/api/system/mfa-duo.html.md
View File

@ -52,7 +52,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/mfa/method/duo/my_duo
http://127.0.0.1:8200/v1/sys/mfa/method/duo/my_duo
```
## Read Duo MFA Method
@ -74,7 +74,7 @@ name.
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
https://vault.rocks/v1/sys/mfa/method/duo/my_duo
http://127.0.0.1:8200/v1/sys/mfa/method/duo/my_duo
```
@ -114,6 +114,6 @@ This endpoint deletes a Duo MFA method.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/mfa/method/duo/my_duo
http://127.0.0.1:8200/v1/sys/mfa/method/duo/my_duo
```

6
website/source/api/system/mfa-okta.html.md
View File

@ -51,7 +51,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/mfa/method/okta/my_okta
http://127.0.0.1:8200/v1/sys/mfa/method/okta/my_okta
```
## Read Okta MFA Method
@ -73,7 +73,7 @@ name.
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
https://vault.rocks/v1/sys/mfa/method/okta/my_okta
http://127.0.0.1:8200/v1/sys/mfa/method/okta/my_okta
```
@ -112,6 +112,6 @@ This endpoint deletes a Okta MFA method.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/mfa/method/okta/my_okta
http://127.0.0.1:8200/v1/sys/mfa/method/okta/my_okta
```

6
website/source/api/system/mfa-pingid.html.md
View File

@ -44,7 +44,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/mfa/method/pingid/ping
http://127.0.0.1:8200/v1/sys/mfa/method/pingid/ping
```
## Read PingiD MFA Method
@ -66,7 +66,7 @@ name.
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
https://vault.rocks/v1/sys/mfa/method/pingid/ping
http://127.0.0.1:8200/v1/sys/mfa/method/pingid/ping
```
@ -106,6 +106,6 @@ This endpoint deletes a PingID MFA method.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/mfa/method/pingid/ping
http://127.0.0.1:8200/v1/sys/mfa/method/pingid/ping
```

12
website/source/api/system/mfa-totp.html.md
View File

@ -48,7 +48,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/mfa/method/totp/my_totp
http://127.0.0.1:8200/v1/sys/mfa/method/totp/my_totp
```
## Read TOTP MFA Method
@ -70,7 +70,7 @@ name.
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
https://vault.rocks/v1/sys/mfa/method/totp/my_totp
http://127.0.0.1:8200/v1/sys/mfa/method/totp/my_totp
```
@ -112,7 +112,7 @@ This endpoint deletes a TOTP MFA method.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/mfa/method/totp/my_totp
http://127.0.0.1:8200/v1/sys/mfa/method/totp/my_totp
```
@ -136,7 +136,7 @@ method name.
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
https://vault.rocks/v1/sys/mfa/method/totp/my_totp/generate
http://127.0.0.1:8200/v1/sys/mfa/method/totp/my_totp/generate
```
### Sample Response
@ -182,7 +182,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json
https://vault.rocks/v1/sys/mfa/method/totp/my_totp/admin-generate
http://127.0.0.1:8200/v1/sys/mfa/method/totp/my_totp/admin-generate
```
### Sample Response
@ -231,5 +231,5 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json
https://vault.rocks/v1/sys/mfa/method/totp/my_totp/admin-destroy
http://127.0.0.1:8200/v1/sys/mfa/method/totp/my_totp/admin-destroy
```

10
website/source/api/system/mounts.html.md
View File

@ -23,7 +23,7 @@ This endpoints lists all the mounted secrets engines.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/mounts
http://127.0.0.1:8200/v1/sys/mounts
```
### Sample Response
@ -145,7 +145,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/mounts/my-mount
http://127.0.0.1:8200/v1/sys/mounts/my-mount
```
## Disable Secrets Engine
@ -162,7 +162,7 @@ This endpoint disables the mount point specified in the URL.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/mounts/my-mount
http://127.0.0.1:8200/v1/sys/mounts/my-mount
```
## Read Mount Configuration
@ -180,7 +180,7 @@ be the system default or a mount-specific value.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/mounts/my-mount/tune
http://127.0.0.1:8200/v1/sys/mounts/my-mount/tune
```
### Sample Response
@ -244,5 +244,5 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/mounts/my-mount/tune
http://127.0.0.1:8200/v1/sys/mounts/my-mount/tune
```

8
website/source/api/system/plugins-catalog.html.md
View File

@ -26,7 +26,7 @@ This endpoint lists the plugins in the catalog.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST
https://vault.rocks/v1/sys/plugins/catalog
http://127.0.0.1:8200/v1/sys/plugins/catalog
```
### Sample Response
@ -86,7 +86,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/plugins/catalog/example-plugin
http://127.0.0.1:8200/v1/sys/plugins/catalog/example-plugin
```
## Read Plugin
@ -111,7 +111,7 @@ This endpoint returns the configuration data for the plugin with the given name.
$ curl \
--header "X-Vault-Token: ..." \
--request GET \
https://vault.rocks/v1/sys/plugins/catalog/example-plugin
http://127.0.0.1:8200/v1/sys/plugins/catalog/example-plugin
```
### Sample Response
@ -149,5 +149,5 @@ This endpoint removes the plugin with the given name.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/plugins/catalog/example-plugin
http://127.0.0.1:8200/v1/sys/plugins/catalog/example-plugin
```

2
website/source/api/system/plugins-reload-backend.html.md
View File

@ -43,5 +43,5 @@ This endpoint reloads mounted plugin backends.
$ curl \
--header "X-Vault-Token: ..." \
--request PUT
https://vault.rocks/v1/sys/plugins/reload/backend
http://127.0.0.1:8200/v1/sys/plugins/reload/backend
```

24
website/source/api/system/policies.html.md
View File

@ -26,7 +26,7 @@ This endpoint lists all configured ACL policies.
```
$ curl \
-X LIST --header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/policies/acl
http://127.0.0.1:8200/v1/sys/policies/acl
```
### Sample Response
@ -55,7 +55,7 @@ This endpoint retrieves information about the named ACL policy.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/policies/acl/my-policy
http://127.0.0.1:8200/v1/sys/policies/acl/my-policy
```
### Sample Response
@ -99,7 +99,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/policies/acl/my-policy
http://127.0.0.1:8200/v1/sys/policies/acl/my-policy
```
## Delete ACL Policy
@ -123,7 +123,7 @@ acts as an empty policy.)
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/policies/acl/my-policy
http://127.0.0.1:8200/v1/sys/policies/acl/my-policy
```
## List RGP Policies
@ -139,7 +139,7 @@ This endpoint lists all configured RGP policies.
```
$ curl \
-X LIST --header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/policies/rgp
http://127.0.0.1:8200/v1/sys/policies/rgp
```
### Sample Response
@ -168,7 +168,7 @@ This endpoint retrieves information about the named RGP policy.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/policies/rgp/webapp
http://127.0.0.1:8200/v1/sys/policies/rgp/webapp
```
### Sample Response
@ -218,7 +218,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/policies/rgp/webapp
http://127.0.0.1:8200/v1/sys/policies/rgp/webapp
```
## Delete RGP Policy
@ -242,7 +242,7 @@ acts as an empty policy.)
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/policies/rgp/webapp
http://127.0.0.1:8200/v1/sys/policies/rgp/webapp
```
## List EGP Policies
@ -264,7 +264,7 @@ path, this endpoint returns two identifiers:
```
$ curl \
-X LIST --header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/policies/egp
http://127.0.0.1:8200/v1/sys/policies/egp
```
### Sample Response
@ -293,7 +293,7 @@ This endpoint retrieves information about the named EGP policy.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/policies/egp/breakglass
http://127.0.0.1:8200/v1/sys/policies/egp/breakglass
```
### Sample Response
@ -350,7 +350,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/policies/egp/breakglass
http://127.0.0.1:8200/v1/sys/policies/egp/breakglass
```
## Delete EGP Policy
@ -372,5 +372,5 @@ This endpoint deletes the EGP policy with the given name from all paths on which
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/policies/egp/breakglass
http://127.0.0.1:8200/v1/sys/policies/egp/breakglass
```

8
website/source/api/system/policy.html.md
View File

@ -23,7 +23,7 @@ This endpoint lists all configured policies.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/policy
http://127.0.0.1:8200/v1/sys/policy
```
### Sample Response
@ -52,7 +52,7 @@ This endpoint retrieve the policy body for the named policy.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/policy/my-policy
http://127.0.0.1:8200/v1/sys/policy/my-policy
```
### Sample Response
@ -94,7 +94,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/policy/my-policy
http://127.0.0.1:8200/v1/sys/policy/my-policy
```
## Delete Policy
@ -117,5 +117,5 @@ affect all users associated with this policy.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/policy/my-policy
http://127.0.0.1:8200/v1/sys/policy/my-policy
```

8
website/source/api/system/raw.html.md
View File

@ -34,7 +34,7 @@ system.
```
$ curl \
---header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/raw/secret/foo
http://127.0.0.1:8200/v1/sys/raw/secret/foo
```
### Sample Response
@ -77,7 +77,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/raw/secret/foo
http://127.0.0.1:8200/v1/sys/raw/secret/foo
```
## List Raw
@ -98,7 +98,7 @@ This endpoint returns a list keys for a given path prefix.
$ curl \
--header "X-Vault-Token: ..." \
--request LIST \
https://vault.rocks/v1/sys/raw/logical
http://127.0.0.1:8200/v1/sys/raw/logical
```
### Sample Response
@ -135,5 +135,5 @@ storage backend and not the logical path that is exposed via the mount system.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/raw/secret/foo
http://127.0.0.1:8200/v1/sys/raw/secret/foo
```

12
website/source/api/system/rekey-recovery-key.html.md
View File

@ -25,7 +25,7 @@ This endpoint reads the configuration and progress of the current rekey attempt.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/rekey-recovery-key/init
http://127.0.0.1:8200/v1/sys/rekey-recovery-key/init
```
### Sample Response
@ -97,7 +97,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/rekey-recovery-key/init
http://127.0.0.1:8200/v1/sys/rekey-recovery-key/init
```
## Cancel Rekey
@ -116,7 +116,7 @@ rekey.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/rekey-recovery-key/init
http://127.0.0.1:8200/v1/sys/rekey-recovery-key/init
```
## Read Backup Key
@ -134,7 +134,7 @@ fingerprint to hex-encoded PGP-encrypted key.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/rekey-recovery-key/backup
http://127.0.0.1:8200/v1/sys/rekey-recovery-key/backup
```
### Sample Response
@ -162,7 +162,7 @@ This endpoint deletes the backup copy of PGP-encrypted recovery key shares.
$ curl \
--header "X-Vault-Token" \
--request DELETE \
https://vault.rocks/v1/sys/rekey-recovery-key/backup
http://127.0.0.1:8200/v1/sys/rekey-recovery-key/backup
```
## Submit Key
@ -199,7 +199,7 @@ $ curl \
--header "X-Vault-Token" \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/rekey-recovery-key/update
http://127.0.0.1:8200/v1/sys/rekey-recovery-key/update
```
### Sample Response

12
website/source/api/system/rekey.html.md
View File

@ -28,7 +28,7 @@ This endpoint reads the configuration and progress of the current rekey attempt.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/rekey/init
http://127.0.0.1:8200/v1/sys/rekey/init
```
### Sample Response
@ -99,7 +99,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/rekey/init
http://127.0.0.1:8200/v1/sys/rekey/init
```
## Cancel Rekey
@ -118,7 +118,7 @@ rekey.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/rekey/init
http://127.0.0.1:8200/v1/sys/rekey/init
```
## Read Backup Key
@ -136,7 +136,7 @@ hex-encoded PGP-encrypted key.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/rekey/backup
http://127.0.0.1:8200/v1/sys/rekey/backup
```
### Sample Response
@ -164,7 +164,7 @@ This endpoint deletes the backup copy of PGP-encrypted unseal keys.
$ curl \
--header "X-Vault-Token" \
--request DELETE \
https://vault.rocks/v1/sys/rekey/backup
http://127.0.0.1:8200/v1/sys/rekey/backup
```
## Submit Key
@ -201,7 +201,7 @@ $ curl \
--header "X-Vault-Token" \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/rekey/update
http://127.0.0.1:8200/v1/sys/rekey/update
```
### Sample Response

2
website/source/api/system/remount.html.md
View File

@ -40,5 +40,5 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/remount
http://127.0.0.1:8200/v1/sys/remount
```

28
website/source/api/system/replication-dr.html.md
View File

@ -25,7 +25,7 @@ This is an authenticated endpoint.
```
$ curl \
https://vault.rocks/v1/sys/replication/dr/status
http://127.0.0.1:8200/v1/sys/replication/dr/status
```
### Sample Response
@ -87,7 +87,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/dr/primary/enable
http://127.0.0.1:8200/v1/sys/replication/dr/primary/enable
```
## Demote DR Primary
@ -107,7 +107,7 @@ DR replication set without wiping local storage.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/sys/replication/dr/primary/demote
http://127.0.0.1:8200/v1/sys/replication/dr/primary/demote
```
## Disable DR Primary
@ -129,7 +129,7 @@ will require a wipe of the underlying storage.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/sys/replication/dr/primary/disable
http://127.0.0.1:8200/v1/sys/replication/dr/primary/disable
```
## Generate DR Secondary Token
@ -156,7 +156,7 @@ identifier can later be used to revoke a DR secondary's access.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/replication/dr/primary/secondary-token?id=us-east-1
http://127.0.0.1:8200/v1/sys/replication/dr/primary/secondary-token?id=us-east-1
```
### Sample Response
@ -207,7 +207,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/dr/primary/revoke-secondary
http://127.0.0.1:8200/v1/sys/replication/dr/primary/revoke-secondary
```
## Enable DR Secondary
@ -254,7 +254,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/dr/secondary/enable
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/enable
```
## Promote DR Secondary
@ -306,7 +306,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/dr/secondary/promote
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/promote
```
### Sample Response
@ -382,7 +382,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/dr/secondary/update-primary
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/update-primary
```
## Generate Disaster Recovery Operation Token
@ -405,7 +405,7 @@ attempt.
```
$ curl \
https://vault.rocks/v1/sys/replication/dr/secondary/generate-operation-token/attempt
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/generate-operation-token/attempt
```
### Sample Response
@ -463,7 +463,7 @@ generation attempt can take place at a time. One (and only one) of `otp` or
$ curl \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/replication/dr/secondary/generate-operation-token/attempt
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/generate-operation-token/attempt
```
### Sample Response
@ -494,7 +494,7 @@ progress made. This must be called to change the OTP or PGP key being used.
```
$ curl \
--request DELETE \
https://vault.rocks/v1/sys/replication/dr/secondary/generate-operation-token/attempt
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/generate-operation-token/attempt
```
## Provide Key Share to Generate Token
@ -530,7 +530,7 @@ nonce must be provided with each call.
$ curl \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/replication/dr/secondary/generate-operation-token/update
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/generate-operation-token/update
```
### Sample Response
@ -579,5 +579,5 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/dr/secondary/operation-token/delete
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/operation-token/delete
```

26
website/source/api/system/replication-performance.html.md
View File

@ -25,7 +25,7 @@ This is an authenticated endpoint.
```
$ curl \
https://vault.rocks/v1/sys/replication/performance/status
http://127.0.0.1:8200/v1/sys/replication/performance/status
```
### Sample Response
@ -91,7 +91,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/performance/primary/enable
http://127.0.0.1:8200/v1/sys/replication/performance/primary/enable
```
## Demote Performance Primary
@ -111,7 +111,7 @@ replication set without wiping local storage.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/sys/replication/performance/primary/demote
http://127.0.0.1:8200/v1/sys/replication/performance/primary/demote
```
## Disable Performance Primary
@ -134,7 +134,7 @@ they have connected before) will require a wipe of the underlying storage.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/sys/replication/performance/primary/disable
http://127.0.0.1:8200/v1/sys/replication/performance/primary/disable
```
## Generate Performance Secondary Token
@ -171,7 +171,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/performance/primary/secondary-token
http://127.0.0.1:8200/v1/sys/replication/performance/primary/secondary-token
```
### Sample Response
@ -222,7 +222,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/performance/primary/revoke-secondary
http://127.0.0.1:8200/v1/sys/replication/performance/primary/revoke-secondary
```
## Create Mounts Filter
@ -261,7 +261,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/performance/primary/mount-filter/us-east-1
http://127.0.0.1:8200/v1/sys/replication/performance/primary/mount-filter/us-east-1
```
## Read Mounts Filter
@ -282,7 +282,7 @@ for a secondary.
```
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/sys/replication/performance/primary/mount-filter/us-east-1
http://127.0.0.1:8200/v1/sys/replication/performance/primary/mount-filter/us-east-1
```
### Sample Response
@ -312,7 +312,7 @@ This endpoint is used to delete the mount filters for a secondary.
$ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
https://vault.rocks/v1/sys/replication/performance/primary/mount-filter/us-east-1
http://127.0.0.1:8200/v1/sys/replication/performance/primary/mount-filter/us-east-1
```
## Enable Performance Secondary
@ -359,7 +359,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/performance/secondary/enable
http://127.0.0.1:8200/v1/sys/replication/performance/secondary/enable
```
## Promote Performance Secondary
@ -393,7 +393,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/performance/secondary/promote
http://127.0.0.1:8200/v1/sys/replication/performance/secondary/promote
```
## Disable Performance Secondary
@ -418,7 +418,7 @@ underlying storage.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/sys/replication/performance/secondary/disable
http://127.0.0.1:8200/v1/sys/replication/performance/secondary/disable
```
## Update Performance Secondary's Primary
@ -465,5 +465,5 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/replication/performance/secondary/update-primary
http://127.0.0.1:8200/v1/sys/replication/performance/secondary/update-primary
```

6
website/source/api/system/replication.html.md
View File

@ -25,7 +25,7 @@ example: an error has caused replication to stop syncing.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/sys/replication/recover
http://127.0.0.1:8200/v1/sys/replication/recover
```
### Sample Response
@ -51,7 +51,7 @@ depending on the number and size of objects in the data store.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/sys/replication/reindex
http://127.0.0.1:8200/v1/sys/replication/reindex
```
### Sample Response
@ -77,7 +77,7 @@ This is an authenticated endpoint.
```
$ curl \
https://vault.rocks/v1/sys/replication/status
http://127.0.0.1:8200/v1/sys/replication/status
```
### Sample Response

2
website/source/api/system/rotate.html.md
View File

@ -27,5 +27,5 @@ the new key, while old values are decrypted with previous encryption keys.
$ curl \
--header "X-Vault-Token: ..." \
--request PUT \
https://vault.rocks/v1/sys/rotate
http://127.0.0.1:8200/v1/sys/rotate
```

2
website/source/api/system/seal-status.html.md
View File

@ -23,7 +23,7 @@ endpoint.
```
$ curl \
https://vault.rocks/v1/sys/seal-status
http://127.0.0.1:8200/v1/sys/seal-status
```
### Sample Response

2
website/source/api/system/seal.html.md
View File

@ -26,5 +26,5 @@ Standby nodes should be restarted to get the same effect. Requires a token with
$ curl \
--header "X-Vault-Token: ..." \
--request PUT \
https://vault.rocks/v1/sys/seal
http://127.0.0.1:8200/v1/sys/seal
```

2
website/source/api/system/step-down.html.md
View File

@ -29,5 +29,5 @@ the path.
$ curl \
--header "X-Vault-Token: ..." \
--request PUT \
https://vault.rocks/v1/sys/step-down
http://127.0.0.1:8200/v1/sys/step-down
```

4
website/source/api/system/tools.html.md
View File

@ -41,7 +41,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/tools/random/164
http://127.0.0.1:8200/v1/sys/tools/random/164
```
### Sample Response
@ -93,7 +93,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/tools/hash/sha2-512
http://127.0.0.1:8200/v1/sys/tools/hash/sha2-512
```
### Sample Response

2
website/source/api/system/unseal.html.md
View File

@ -46,7 +46,7 @@ Either the `key` or `reset` parameter must be provided; if both are provided,
$ curl \
--request PUT \
--data @payload.json \
https://vault.rocks/v1/sys/unseal
http://127.0.0.1:8200/v1/sys/unseal
```
### Sample Response

2
website/source/api/system/wrapping-lookup.html.md
View File

@ -37,7 +37,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/wrapping/lookup
http://127.0.0.1:8200/v1/sys/wrapping/lookup
```
### Sample Response

2
website/source/api/system/wrapping-rewrap.html.md
View File

@ -41,7 +41,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/wrapping/lookup
http://127.0.0.1:8200/v1/sys/wrapping/lookup
```
### Sample Response

2
website/source/api/system/wrapping-unwrap.html.md
View File

@ -50,7 +50,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/wrapping/unwrap
http://127.0.0.1:8200/v1/sys/wrapping/unwrap
```
### Sample Response

2
website/source/api/system/wrapping-wrap.html.md
View File

@ -44,7 +44,7 @@ $ curl \
--header "X-Vault-Wrap-TTL: 60" \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/wrapping/wrap
http://127.0.0.1:8200/v1/sys/wrapping/wrap
```
### Sample Response

2
website/source/docs/auth/app-id.html.md
View File

@ -76,7 +76,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--method POST \
--data '{"user_id": ":user_id"}' \
https://vault.rocks/v1/auth/app-id/login/:app_id
http://127.0.0.1:8200/v1/auth/app-id/login/:app_id
```
## Configuration

10
website/source/docs/auth/approle.html.md
View File

@ -52,7 +52,7 @@ at a different path, use that value instead of `approle`.
$ curl \
--request POST \
--data '{"role_id":"988a9df-...","secret_id":"37b74931..."}' \
https://vault.rocks/v1/auth/approle/login
http://127.0.0.1:8200/v1/auth/approle/login
```
The response will contain the token at `auth.client_token`:
@ -126,7 +126,7 @@ management tool.
--header "X-Vault-Token: ..." \
--request POST \
--data '{"type": "approle"}' \
https://vault.rocks/v1/sys/auth/approle
http://127.0.0.1:8200/v1/sys/auth/approle
```
1. Create an AppRole with desired set of policies:
@ -136,7 +136,7 @@ management tool.
--header "X-Vault-Token: ..." \
--request POST \
--data '{"policies": "dev-policy,test-policy"}' \
https://vault.rocks/v1/auth/approle/role/my-role
http://127.0.0.1:8200/v1/auth/approle/role/my-role
```
1. Fetch the identifier of the role:
@ -144,7 +144,7 @@ management tool.
```sh
$ curl \
--header "X-Vault-Token: ..." \
https://vault.rocks/v1/auth/approle/role/my-role/role-id
http://127.0.0.1:8200/v1/auth/approle/role/my-role/role-id
```
The response will look like:
@ -163,7 +163,7 @@ management tool.
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://vault.rocks/v1/auth/approle/role/my-role/secret-id
http://127.0.0.1:8200/v1/auth/approle/role/my-role/secret-id
```
The response will look like:

4
website/source/docs/auth/aws.html.md
View File

@ -45,8 +45,8 @@ from the [EC2 Metadata Service][aws-ec2-mds]. In addition to data itself, AWS
also provides the PKCS#7 signature of the data, and publishes the public keys
(by region) which can be used to verify the signature.
1. The AWS EC2 instance makes a request to Vault with the Instance Identity
Document and the PKCS#7 signature of the document.
1. The AWS EC2 instance makes a request to Vault with the PKCS#7 signature.
The PKCS#7 signature contains the Instance Identity Document within itself.
1. Vault verifies the signature on the PKCS#7 document, ensuring the information
is certified accurate by AWS. This process validates both the validity and

2
website/source/docs/auth/cert.html.md
View File

@ -88,7 +88,7 @@ $ curl \
--cert cert.pem \
--key key.pem \
--data '{"name": "web"}' \
https://vault.rocks/v1/auth/cert/login
http://127.0.0.1:8200/v1/auth/cert/login
```
## Configuration

8
website/source/docs/auth/gcp.html.md
View File

@ -66,7 +66,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"role": "dev-role", "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."}' \
https://vault.rocks/v1/auth/gcp/login
http://127.0.0.1:8200/v1/auth/gcp/login
```
The response will contain the token at `auth.client_token`:
@ -148,7 +148,7 @@ management tool.
--header "X-Vault-Token: ..." \
--request POST \
--data '{"type": "gcp"}' \
https://vault.rocks/v1/sys/auth/gcp
http://127.0.0.1:8200/v1/sys/auth/gcp
```
1. Configure the GCP auth method:
@ -158,7 +158,7 @@ management tool.
--header "X-Vault-Token: ..." \
--request POST \
--data '{"credentials": "{...}"}' \
https://vault.rocks/v1/auth/gcp/config
http://127.0.0.1:8200/v1/auth/gcp/config
```
1. Create a role:
@ -168,7 +168,7 @@ management tool.
--header "X-Vault-Token: ..." \
--request POST \
--data '{"type": "iam", "project": "project-123456", ...}' \
https://vault.rocks/v1/auth/gcp/role/dev-role
http://127.0.0.1:8200/v1/auth/gcp/role/dev-role
```
### Plugin Setup

2
website/source/docs/auth/github.html.md
View File

@ -42,7 +42,7 @@ at a different path, use that value instead of `github`.
$ curl \
--request POST \
--data '{"token": "MY_TOKEN"}' \
https://vault.rocks/v1/auth/github/login
http://127.0.0.1:8200/v1/auth/github/login
```
The response will contain a token at `auth.client_token`:

2
website/source/docs/auth/kubernetes.html.md
View File

@ -34,7 +34,7 @@ at a different path, use that value instead of `kubernetes`.
$ curl \
--request POST \
--data '{"jwt": "your_service_account_jwt", "role": "demo"}' \
https://vault.rocks/v1/auth/kubernetes/login
http://127.0.0.1:8200/v1/auth/kubernetes/login
```
The response will contain a token at `auth.client_token`:

2
website/source/docs/auth/ldap.html.md
View File

@ -58,7 +58,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"password": "foo"}' \
https://vault.rocks/v1/auth/ldap/login/mitchellh=
http://127.0.0.1:8200/v1/auth/ldap/login/mitchellh=
```
The response will be in JSON. For example:

2
website/source/docs/auth/mfa.html.md
View File

@ -52,7 +52,7 @@ MFA information should be sent in the POST body encoded as JSON.
$ curl \
--request POST \
--data '{"password": "test", "passcode": "111111"}' \
https://vault.rocks/v1/auth/userpass/login/my-username
http://127.0.0.1:8200/v1/auth/userpass/login/my-username
```
The response is the same as for the original method.

2
website/source/docs/auth/okta.html.md
View File

@ -36,7 +36,7 @@ $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data '{"password": "MY_PASSWORD"}' \
https://vault.rocks/v1/auth/okta/login/my-username
http://127.0.0.1:8200/v1/auth/okta/login/my-username
```
The response will contain a token at `auth.client_token`:

Some files were not shown because too many files have changed in this diff Show More