mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 23:21:08 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
38 lines
1.8 KiB
Plaintext
38 lines
1.8 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Auto-auth with file sinks
|
|
description: >-
|
|
Use file sinks for auto-authentication with Vault Agent or Vault Proxy.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# Auto-auth sink: File
|
|
|
|
The `file` sink writes tokens, optionally response-wrapped and/or encrypted, to
|
|
a file. This may be a local file or a file mapped via some other process (NFS,
|
|
Gluster, CIFS, etc.).
|
|
|
|
Once the sink writes the file, it is up to the client to control lifecycle;
|
|
generally it is best for the client to remove the file as soon as it is seen.
|
|
|
|
It is also best practice to write the file to a ramdisk, ideally an encrypted
|
|
ramdisk, and use appropriate filesystem permissions. The file is currently
|
|
written with `0640` permissions as default, but can be overridden with the optional
|
|
'mode' setting.
|
|
|
|
## Configuration
|
|
|
|
- `path` `(string: required)` - The path to use to write the token file
|
|
- `mode` `(int: optional)` - Octal number string representing the bit pattern for the file mode, similar to `chmod`.
|
|
- `owner` `(int: optional)` - The UID to use for the token file. Defaults to the current user ID.
|
|
- `group` `(int: optional)` - The GID to use for token file. Defaults to the current group ID.
|
|
|
|
<Note>
|
|
|
|
Configuration options for response-wrapping and encryption for the sink
|
|
file are located within the [options common to all sinks](/vault/docs/agent-and-proxy/autoauth#configuration-sinks) documentation.
|
|
|
|
</Note>
|