Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS secrets engine generating session tokens #23690

Merged
merged 34 commits into from
Nov 8, 2023
Merged

AWS secrets engine generating session tokens #23690

merged 34 commits into from
Nov 8, 2023

Commits on Oct 12, 2023

  1. AWS Secret Engine: Support Session Tokens 

    Sometimes people will give you an AWS access key and secret and not
be interested in setting up a better approach for key exchange.

In cases like this, options are limited for distributing access to
the key material. However, AWS's STS GetSessionToken can be used
to general ephemeral credentials "underneath" that token. This
at least limits the spread of that root key, and the duration of
its users' access.

It should almost definitely not be used for other use cases, since
it does not limit behavior on an otherwise probably administrative
key.

Closes #12734
    @grahamc @robmonte
    grahamc authored and robmonte committed Oct 12, 2023
    Configuration menu
    Copy the full SHA
    20dd50f View commit details
    Browse the repository at this point in the history

  2. Add a test for SessionTokens, untested: I couldn't get any of the tes… 

    …ts to pass locally.
    @grahamc @robmonte
    grahamc authored and robmonte committed Oct 12, 2023
    Configuration menu
    Copy the full SHA
    0426428 View commit details
    Browse the repository at this point in the history

  3. add a changelog entry

    @grahamc @robmonte
    grahamc authored and robmonte committed Oct 12, 2023
    Configuration menu
    Copy the full SHA
    65a99ed View commit details
    Browse the repository at this point in the history

  4. Document session tokens

    @grahamc @robmonte
    grahamc authored and robmonte committed Oct 12, 2023
    Configuration menu
    Copy the full SHA
    db4c53e View commit details
    Browse the repository at this point in the history

  5. Update the JS for session tokens

    @grahamc @robmonte
    grahamc authored and robmonte committed Oct 12, 2023
    Configuration menu
    Copy the full SHA
    72e3769 View commit details
    Browse the repository at this point in the history

  6. Add suggestions

    @robmonte
    robmonte committed Oct 12, 2023
    Configuration menu
    Copy the full SHA
    1a4afd5 View commit details
    Browse the repository at this point in the history

  7. Fix typo

    @robmonte
    robmonte committed Oct 12, 2023
    Configuration menu
    Copy the full SHA
    57c4199 View commit details
    Browse the repository at this point in the history

  8. Fix broken link

    @robmonte
    robmonte committed Oct 12, 2023
    Configuration menu
    Copy the full SHA
    3f6e24e View commit details
    Browse the repository at this point in the history

Commits on Oct 14, 2023

  1. Fix backticks

    @robmonte
    robmonte committed Oct 14, 2023
    Configuration menu
    Copy the full SHA
    4c8ef89 View commit details
    Browse the repository at this point in the history

Commits on Oct 16, 2023

  1. Disallow setting aws role or policy on a session token-based role

    @robmonte
    robmonte committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    1bc9bf0 View commit details
    Browse the repository at this point in the history

  2. Rename security token to session token

    @robmonte
    robmonte committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    c491b92 View commit details
    Browse the repository at this point in the history

  3. Update check

    @robmonte
    robmonte committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    a8b24ec View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2023

  1. Adjust docs

    @robmonte
    robmonte committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    d8ba1a7 View commit details
    Browse the repository at this point in the history

  2. use time.Until

    @robmonte
    robmonte committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    1051683 View commit details
    Browse the repository at this point in the history

  3. Add changelog

    @robmonte
    robmonte committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    676ed91 View commit details
    Browse the repository at this point in the history

  4. Change security_token to session_token in all locations

    @robmonte
    robmonte committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    a84fec9 View commit details
    Browse the repository at this point in the history

  5. Remove original changelog file

    @robmonte
    robmonte committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    24957d0 View commit details
    Browse the repository at this point in the history

  6. Undo auth docs change

    @robmonte
    robmonte committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    f317c98 View commit details
    Browse the repository at this point in the history

  7. Update api docs

    @robmonte
    robmonte committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    1f5ca35 View commit details
    Browse the repository at this point in the history

  8. Fix error capitalization

    @robmonte
    robmonte committed Oct 17, 2023
    Configuration menu
    Copy the full SHA
    7fdb5d4 View commit details
    Browse the repository at this point in the history

Commits on Oct 18, 2023

  1. Add MFA code support

    @robmonte
    robmonte committed Oct 18, 2023
    Configuration menu
    Copy the full SHA
    69e5059 View commit details
    Browse the repository at this point in the history

Commits on Oct 19, 2023

  1. Update wording 

    Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
    @robmonte @schavis
    robmonte and schavis authored Oct 19, 2023
    Configuration menu
    Copy the full SHA
    7ad5b85 View commit details
    Browse the repository at this point in the history

  2. Update wording

    @robmonte
    robmonte committed Oct 19, 2023
    Configuration menu
    Copy the full SHA
    ada5c08 View commit details
    Browse the repository at this point in the history

Commits on Oct 20, 2023

  1. Update website/content/docs/secrets/aws.mdx 

    Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
    @robmonte @schavis
    robmonte and schavis authored Oct 20, 2023
    Configuration menu
    Copy the full SHA
    eec27c9 View commit details
    Browse the repository at this point in the history

  2. Add lines between note, split long line

    @robmonte
    robmonte committed Oct 20, 2023
    Configuration menu
    Copy the full SHA
    04c10b2 View commit details
    Browse the repository at this point in the history

  3. Fix another page's warning tag

    @robmonte
    robmonte committed Oct 20, 2023
    Configuration menu
    Copy the full SHA
    0a2d59d View commit details
    Browse the repository at this point in the history

  4. Merge branch 'main' into aws-session-token-fork

    @robmonte
    robmonte authored Oct 20, 2023
    Configuration menu
    Copy the full SHA
    7b32e11 View commit details
    Browse the repository at this point in the history

Commits on Oct 24, 2023

  1. Add security_token back to responses, set it as deprecated

    @robmonte
    robmonte committed Oct 24, 2023
    Configuration menu
    Copy the full SHA
    7489461 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'main' into aws-session-token-fork

    @robmonte
    robmonte authored Oct 24, 2023
    Configuration menu
    Copy the full SHA
    0eb2593 View commit details
    Browse the repository at this point in the history

  3. Wording

    @robmonte
    robmonte committed Oct 24, 2023
    Configuration menu
    Copy the full SHA
    3b0dbc4 View commit details
    Browse the repository at this point in the history

Commits on Oct 31, 2023

  1. Add ttl field to response

    @robmonte
    robmonte committed Oct 31, 2023
    Configuration menu
    Copy the full SHA
    a6d9f23 View commit details
    Browse the repository at this point in the history

Commits on Nov 4, 2023

  1. Update builtin/logical/aws/secret_access_keys.go 

    Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
    @robmonte @austingebauer
    robmonte and austingebauer authored Nov 4, 2023
    Configuration menu
    Copy the full SHA
    de36e92 View commit details
    Browse the repository at this point in the history

  2. Update builtin/logical/aws/path_roles.go 

    Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
    @robmonte @austingebauer
    robmonte and austingebauer authored Nov 4, 2023
    Configuration menu
    Copy the full SHA
    cc21967 View commit details
    Browse the repository at this point in the history

  3. Mention ARN in field description

    @robmonte
    robmonte committed Nov 4, 2023
    Configuration menu
    Copy the full SHA
    653dc8f View commit details
    Browse the repository at this point in the history