mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-16 19:47:02 +02:00
f48c70a449
* VAULT-15546 First pass at Vault Proxy docs * VAULT-15546 correct errors * VAULT-15546 fully qualify paths * VAULT-15546 remove index * VAULT-15546 Some typos and clean up * VAULT-15546 fix link * VAULT-15546 Add redirects so old links stay working * VAULT-15546 more explicit redirects * VAULT-15546 typo fixes * Suggestions for Vault Agent & Vault Proxy docs (#20612) * Rename 'agentandproxy' to 'agent-and-proxy' for better URL * Update the index pages for each section * VAULT-15546 fix link typo --------- Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
67 lines
1.9 KiB
Plaintext
67 lines
1.9 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Vault Auto-Auth Token File Method
|
|
description: Token File Method for Vault Auto-Auth
|
|
---
|
|
|
|
# Vault Auto-Auth Token File Method
|
|
|
|
~> Note: This authentication method is tailored for the development experience,
|
|
and to facilitate getting started with Vault Agent and Vault Proxy. Vault Agent and
|
|
Vault Proxy should never be configured to use this auto-auth method in a production environment.
|
|
|
|
The `token_file` method reads in an existing, valid Vault token from a file, and uses that
|
|
token in lieu of authenticating itself. While it's a first class auto-auth method for all intents
|
|
and purposes, it naturally doesn't authenticate itself, as it requires a token from elsewhere. Like
|
|
other auto-auth methods, this method will attempt to renew the token, as appropriate.
|
|
|
|
This auto-auth method is especially useful when testing Vault Agent or Vault Proxy without needing to set up
|
|
any authentication methods in Vault. For long-running Agent or Proxy processes, we strongly recommend another
|
|
auto-auth method, such that Agent and Proxy are issuing their own own authentication requests to Vault.
|
|
|
|
## Configuration
|
|
|
|
- `token_file_path` `(string: required)` - The path to the file with the token inside. This token cannot be a wrapping token.
|
|
|
|
## Example Configuration
|
|
|
|
An example configuration for Vault Agent, using the `token_file` method to enable [auto-auth](/vault/docs/agent-and-proxy/autoauth), follows:
|
|
|
|
```hcl
|
|
pid_file = "./pidfile"
|
|
|
|
vault {
|
|
address = "https://127.0.0.1:8200"
|
|
}
|
|
|
|
auto_auth {
|
|
method {
|
|
type = "token_file"
|
|
|
|
config = {
|
|
token_file_path = "/home/username/.vault-token"
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
api_proxy {
|
|
use_auto_auth_token = true
|
|
}
|
|
|
|
listener "tcp" {
|
|
address = "127.0.0.1:8100"
|
|
tls_disable = true
|
|
}
|
|
|
|
template {
|
|
source = "/etc/vault/server.key.ctmpl"
|
|
destination = "/etc/vault/server.key"
|
|
}
|
|
|
|
template {
|
|
source = "/etc/vault/server.crt.ctmpl"
|
|
destination = "/etc/vault/server.crt"
|
|
}
|
|
```
|