vault

mirror of https://github.com/hashicorp/vault.git synced 2026-03-19 00:57:05 -04:00

History

Joel Thompson d12547c7fa auth/aws: Make identity alias configurable (#5247 ) * auth/aws: Make identity alias configurable This is inspired by #4178, though not quite exactly what is requested there. Rather than just use RoleSessionName as the Identity alias, the full ARN is uses as the Alias. This mitigates against concerns that an AWS role with an insufficiently secured trust policy could allow an attacker to generate arbitrary RoleSessionNames in AssumeRole calls to impersonate anybody in the Identity store that had an alias set up. By using the full ARN, the owner of the identity store has to explicitly trust specific AWS roles in specific AWS accounts to generate an appropriate RoleSessionName to map back to an identity. Fixes #4178 * Respond to PR feedback * Remove CreateOperation Response to PR feedback		2018-09-26 08:27:12 -07:00
..
alicloud	Alibaba auth docs (#5132 )	2018-08-22 10:23:33 -07:00
app-id	More naming cleanup	2017-10-24 09:35:03 -04:00
approle	Docs: update Tidy API (#5374 )	2018-09-20 13:25:33 -04:00
aws	auth/aws: Make identity alias configurable (#5247 )	2018-09-26 08:27:12 -07:00
azure	adding environment to azure auth docs (#5004 )	2018-07-27 08:33:20 -04:00
cert	Changelogify and fix some minor website bits	2018-05-25 10:39:23 -04:00
gcp	Fix GCP auth docs typo (#5017 )	2018-07-31 10:57:34 -04:00
github	Properly capitalize H in GitHub (#4889 )	2018-07-10 08:11:03 -07:00
jwt	Finish updating jwt auth docs	2018-09-10 11:46:50 -04:00
kubernetes	Drop vault.rocks (#4186 )	2018-03-23 11:41:51 -04:00
ldap	Update website ldap url text	2018-05-16 11:58:10 -04:00
okta	Drop vault.rocks (#4186 )	2018-03-23 11:41:51 -04:00
radius	Drop vault.rocks (#4186 )	2018-03-23 11:41:51 -04:00
token	Docs: update Tidy API (#5374 )	2018-09-20 13:25:33 -04:00
userpass	add userpass note on bound cidrs (#4610 )	2018-05-25 14:35:09 -04:00
index.html.md	More naming cleanup	2017-10-24 09:35:03 -04:00