Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VAULT-12564 Docs for token file auth method #18783

Merged
merged 6 commits into from
Jan 25, 2023
Merged

VAULT-12564 Docs for token file auth method #18783

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6156195
VAULT-12564 Docs for token file auth method
VioletHynes Jan 20, 2023
a702e91
VAULT-12564 fix typo
VioletHynes Jan 20, 2023
7d4e77f
VAULT-12564 nav data
VioletHynes Jan 20, 2023
be87eff
VAULT-12564 Add note, remove token file removal config
VioletHynes Jan 24, 2023
e676344
VAULT-12564 stronger wording
VioletHynes Jan 25, 2023
b5b7b2b
VAULT-12564 auth -> auto-auth
VioletHynes Jan 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion website/content/docs/agent/autoauth/methods/approle.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ auto_auth {
}
cache {
api_proxy {
use_auto_auth_token = true
}
Expand Down
66 changes: 66 additions & 0 deletions website/content/docs/agent/autoauth/methods/token_file.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
---
layout: docs
page_title: Vault Agent Auto-Auth Token File Method
description: Token File Method for Vault Agent Auto-Auth
---

# Vault Agent Auto-Auth Token File Method

peteski22 marked this conversation as resolved.
Show resolved Hide resolved
~> Note: This authentication method is tailored for the development experience,
and to facilitate getting started with Vault Agent. Vault Agent should never be configured to use
this auto-auth method in a production environment.

The `token_file` method reads in an existing, valid Vault token from a file, and uses that
token in lieu of authenticating itself. While it's a first class auto-auth method for all intents
and purposes, it naturally doesn't authenticate itself, as it requires a token from elsewhere. Like
other auto-auth methods, Agent will attempt to renew the token, as appropriate.

This auto-auth method is especially useful when testing Vault Agent without needing to set up
any authentication methods in Vault. For long-running Agent processes, we strongly recommend another
auto-auth method, such that Agent is issuing its own authentication requests to Vault.

## Configuration

- `token_file_path` `(string: required)` - The path to the file with the token inside. This token cannot be a wrapping token.

## Example Configuration

An example configuration, using the `token_file` method to enable [auto-auth](/docs/agent/autoauth), follows:

```hcl
pid_file = "./pidfile"
vault {
address = "https://127.0.0.1:8200"
}
auto_auth {
method {
type = "token_file"
config = {
token_file_path = "~/.vault-token"
}
}
}
api_proxy {
use_auto_auth_token = true
}
listener "tcp" {
address = "127.0.0.1:8100"
tls_disable = true
}
template {
source = "/etc/vault/server.key.ctmpl"
destination = "/etc/vault/server.key"
}
template {
source = "/etc/vault/server.crt.ctmpl"
destination = "/etc/vault/server.crt"
}
```
4 changes: 4 additions & 0 deletions website/data/docs-nav-data.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -901,6 +901,10 @@
{
"title": "Kubernetes",
"path": "agent/autoauth/methods/kubernetes"
},
{
"title": "Token File",
"path": "agent/autoauth/methods/token_file"
}
]
},
Expand Down