mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-24 08:01:07 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
40 lines
1.7 KiB
Plaintext
40 lines
1.7 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Auto-auth with GCP
|
|
description: >-
|
|
Use Google Cloud Platform (GCP) for auto-authentication with Vault Agent or
|
|
Vault Proxy.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# Auto-auth method: Google Cloud Platform (GCP)
|
|
|
|
The `gcp` method performs authentication against the [GCP Auth
|
|
method](/vault/docs/auth/gcp). Both `gce` and `iam`
|
|
authentication types are supported.
|
|
|
|
## Credentials
|
|
|
|
Vault will use the GCP SDK's normal credential chain behavior. You can set a
|
|
static `credentials` value, but it is usually not needed. If running on GCE
|
|
using Application Default Credentials, you may need to specify the service
|
|
account and project since ADC does not provide metadata used to automatically
|
|
determine these.
|
|
|
|
## Configuration
|
|
|
|
- `type` `(string: required)` - The type of authentication; must be `gce` or `iam`
|
|
|
|
- `role` `(string: required)` - The role to authenticate against on Vault
|
|
|
|
- `credentials` `(string: optional)` - When using static credentials, the
|
|
contents of the JSON credentials file
|
|
|
|
- `service_account` `(string: optional)` - The service account to use, if it
|
|
cannot be automatically determined
|
|
|
|
- `jwt_exp` `(string or int: optional)` - The number of minutes a generated JWT
|
|
should be valid for when using the `iam` method; defaults to 15 minutes
|