mirror of
https://github.com/hashicorp/vault.git
synced 2025-11-24 04:01:37 +01:00
0c9affe582
* new documentation website * ci job adjustment * update to latest version on downloads page * remove transition-period scripts * add netlify toml file * fix docs patch * fix ci config? * revert go.mod changes * a couple last markdown formatting fixes
26 lines
1.0 KiB
Plaintext
26 lines
1.0 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Vault Agent Auto-Auth File Sink
|
|
sidebar_title: File
|
|
description: File sink for Vault Agent Auto-Auth
|
|
---
|
|
|
|
# Vault Agent Auto-Auth File Sink
|
|
|
|
The `file` sink writes tokens, optionally response-wrapped and/or encrypted, to
|
|
a file. This may be a local file or a file mapped via some other process (NFS,
|
|
Gluster, CIFS, etc.).
|
|
|
|
Once the sink writes the file, it is up to the client to control lifecycle;
|
|
generally it is best for the client to remove the file as soon as it is seen.
|
|
|
|
It is also best practice to write the file to a ramdisk, ideally an encrypted
|
|
ramdisk, and use appropriate filesystem permissions. The file is currently
|
|
written with `0640` permissions as default, but can be overridden with the optional
|
|
'mode' setting.
|
|
|
|
## Configuration
|
|
|
|
- `path` `(string: required)` - The path to use to write the token file
|
|
- `mode` `(int: optional)` - A string containing an octal number representing the bit pattern for the file mode, similar to chmod. Set to "0000" to prevent Vault from modifying the file mode
|