diff --git a/website/content/docs/agent/autoauth/methods/approle.mdx b/website/content/docs/agent/autoauth/methods/approle.mdx index 3f81242d7885..3371c139d959 100644 --- a/website/content/docs/agent/autoauth/methods/approle.mdx +++ b/website/content/docs/agent/autoauth/methods/approle.mdx @@ -77,7 +77,7 @@ auto_auth { } -cache { +api_proxy { use_auto_auth_token = true } diff --git a/website/content/docs/agent/autoauth/methods/token_file.mdx b/website/content/docs/agent/autoauth/methods/token_file.mdx new file mode 100644 index 000000000000..7b4bfe311f1e --- /dev/null +++ b/website/content/docs/agent/autoauth/methods/token_file.mdx @@ -0,0 +1,66 @@ +--- +layout: docs +page_title: Vault Agent Auto-Auth Token File Method +description: Token File Method for Vault Agent Auto-Auth +--- + +# Vault Agent Auto-Auth Token File Method + +~> Note: This authentication method is tailored for the development experience, +and to facilitate getting started with Vault Agent. Vault Agent should never be configured to use +this auto-auth method in a production environment. + +The `token_file` method reads in an existing, valid Vault token from a file, and uses that +token in lieu of authenticating itself. While it's a first class auto-auth method for all intents +and purposes, it naturally doesn't authenticate itself, as it requires a token from elsewhere. Like +other auto-auth methods, Agent will attempt to renew the token, as appropriate. + +This auto-auth method is especially useful when testing Vault Agent without needing to set up +any authentication methods in Vault. For long-running Agent processes, we strongly recommend another +auto-auth method, such that Agent is issuing its own authentication requests to Vault. + +## Configuration + +- `token_file_path` `(string: required)` - The path to the file with the token inside. This token cannot be a wrapping token. + +## Example Configuration + +An example configuration, using the `token_file` method to enable [auto-auth](/docs/agent/autoauth), follows: + +```hcl +pid_file = "./pidfile" + +vault { + address = "https://127.0.0.1:8200" +} + +auto_auth { + method { + type = "token_file" + + config = { + token_file_path = "~/.vault-token" + } + } +} + + +api_proxy { + use_auto_auth_token = true +} + +listener "tcp" { + address = "127.0.0.1:8100" + tls_disable = true +} + +template { + source = "/etc/vault/server.key.ctmpl" + destination = "/etc/vault/server.key" +} + +template { + source = "/etc/vault/server.crt.ctmpl" + destination = "/etc/vault/server.crt" +} +``` diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index ebc46f1624c6..83765ce0e23b 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -901,6 +901,10 @@ { "title": "Kubernetes", "path": "agent/autoauth/methods/kubernetes" + }, + { + "title": "Token File", + "path": "agent/autoauth/methods/token_file" } ] },