-
Notifications
You must be signed in to change notification settings - Fork 4.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
VAULT-12564 Docs for token file auth method (#18783)
* VAULT-12564 Docs for token file auth method * VAULT-12564 fix typo * VAULT-12564 nav data * VAULT-12564 Add note, remove token file removal config * VAULT-12564 stronger wording * VAULT-12564 auth -> auto-auth
- Loading branch information
1 parent
37b1ab1
commit 46c7f7e
Showing
3 changed files
with
71 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -77,7 +77,7 @@ auto_auth { | |
| } | ||
| cache { | ||
| api_proxy { | ||
| use_auto_auth_token = true | ||
| } | ||
|
|
||
66 changes: 66 additions & 0 deletions
66
website/content/docs/agent/autoauth/methods/token_file.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| --- | ||
| layout: docs | ||
| page_title: Vault Agent Auto-Auth Token File Method | ||
| description: Token File Method for Vault Agent Auto-Auth | ||
| --- | ||
|
|
||
| # Vault Agent Auto-Auth Token File Method | ||
|
|
||
| ~> Note: This authentication method is tailored for the development experience, | ||
| and to facilitate getting started with Vault Agent. Vault Agent should never be configured to use | ||
| this auto-auth method in a production environment. | ||
|
|
||
| The `token_file` method reads in an existing, valid Vault token from a file, and uses that | ||
| token in lieu of authenticating itself. While it's a first class auto-auth method for all intents | ||
| and purposes, it naturally doesn't authenticate itself, as it requires a token from elsewhere. Like | ||
| other auto-auth methods, Agent will attempt to renew the token, as appropriate. | ||
|
|
||
| This auto-auth method is especially useful when testing Vault Agent without needing to set up | ||
| any authentication methods in Vault. For long-running Agent processes, we strongly recommend another | ||
| auto-auth method, such that Agent is issuing its own authentication requests to Vault. | ||
|
|
||
| ## Configuration | ||
|
|
||
| - `token_file_path` `(string: required)` - The path to the file with the token inside. This token cannot be a wrapping token. | ||
|
|
||
| ## Example Configuration | ||
|
|
||
| An example configuration, using the `token_file` method to enable [auto-auth](/docs/agent/autoauth), follows: | ||
|
|
||
| ```hcl | ||
| pid_file = "./pidfile" | ||
| vault { | ||
| address = "https://127.0.0.1:8200" | ||
| } | ||
| auto_auth { | ||
| method { | ||
| type = "token_file" | ||
| config = { | ||
| token_file_path = "~/.vault-token" | ||
| } | ||
| } | ||
| } | ||
| api_proxy { | ||
| use_auto_auth_token = true | ||
| } | ||
| listener "tcp" { | ||
| address = "127.0.0.1:8100" | ||
| tls_disable = true | ||
| } | ||
| template { | ||
| source = "/etc/vault/server.key.ctmpl" | ||
| destination = "/etc/vault/server.key" | ||
| } | ||
| template { | ||
| source = "/etc/vault/server.crt.ctmpl" | ||
| destination = "/etc/vault/server.crt" | ||
| } | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters