mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-24 08:01:07 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
65 lines
2.7 KiB
Plaintext
65 lines
2.7 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Auto-auth with AliCloud
|
|
description: >-
|
|
Use AliCloud for auto-authentication with Vault Agent or Vault Proxy.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# Auto-auth method: AliCloud
|
|
|
|
The `alicloud` method performs authentication against the [AliCloud Auth
|
|
method](/vault/docs/auth/alicloud).
|
|
|
|
## Credentials
|
|
|
|
Auto-auth will use the first credential it can successfully obtain in the following order:
|
|
|
|
1. [Environment variables](https://github.com/aliyun/alibaba-cloud-sdk-go/blob/master/sdk/auth/credentials/providers/env.go)
|
|
2. A static credential configuration
|
|
3. Instance metadata (recommended)
|
|
|
|
Wherever possible, we recommend using instance metadata for credentials. These rotate every hour
|
|
and require no effort on your part to provision, making instance metadata the most secure of the three methods. If
|
|
using instance metadata _and_ a custom `credential_poll_interval`, be sure the frequency is set for
|
|
less than an hour, because instance metadata credentials expire every hour.
|
|
|
|
Environment variables are given first precedence to provide the ability to quickly override your
|
|
configuration.
|
|
|
|
## Configuration
|
|
|
|
### General
|
|
|
|
- `role` `(string: required)` - The role to authenticate against on Vault.
|
|
|
|
- `region` `(string: required)` - The AliCloud region in which the Vault agent resides. Example: "us-west-1".
|
|
|
|
- `credential_poll_interval` `(integer: optional)` - In seconds, how frequently the Vault agent should check for new credentials.
|
|
|
|
### Optional static credential configuration (Not preferred)
|
|
|
|
If instance metadata is not available, you may provide credential information through the parameters below.
|
|
|
|
- `access_key` `(string: optional)` - The access key to use.
|
|
|
|
- `secret_key` `(string: optional)` - The secret key to use.
|
|
|
|
- `access_token` `(string: optional)` - The access token to use.
|
|
|
|
- `role_arn` `(string: optional)` - The role ARN to use.
|
|
|
|
- `role_session_name` `(string: optional)` - The role session name to use.
|
|
|
|
- `role_session_expiration` `(string: optional)` - The role session expiration to use.
|
|
|
|
- `private_key` `(string: optional)` - The private key to use.
|
|
|
|
- `public_key_id` `(string: optional)` - The public key ID to use.
|
|
|
|
- `session_expiration` `(string: optional)` - The session expiration to use.
|
|
|
|
- `role_name` `(string: optional)` - The role name to use.
|