mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 22:21:30 +01:00
Code Issues Projects Releases Wiki Activity

add new config option use_annotations_as_alias_metadata for k8s auth on api docs (#24941)

Browse Source
This commit is contained in:
Thy Ton 2024-02-01 11:45:53 -08:00 committed by GitHub
parent 2a566f40fc
commit aab72100fb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/content/api-docs/auth/kubernetes.mdx
View File

@ -42,6 +42,10 @@ access the Kubernetes API.
extracted. Not every installation of Kubernetes exposes these
keys.
- `disable_local_ca_jwt` `(bool: false)` - Disable defaulting to the local CA cert and service account JWT when running in a Kubernetes pod.
- `use_annotations_as_alias_metadata` `(bool: false)` - Use annotations from the client token's associated service account
as alias metadata for the Vault entity. Only annotations with the prefix `vault.hashicorp.com/alias-metadata-` will be used.
For example, if an annotation "vault.hashicorp.com/alias-metadata-foo" is configured, "foo" with its value will be added
to the alias metadata. NOTE: Vault will need permission to read service accounts from the Kubernetes API.
### Deprecated parameters