mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-18 12:37:02 +02:00
5581c26859
* VAULT-12798 testing for jwt symlinks * VAULT-12798 Add testing of jwt removal * VAULT-12798 Update docs for clarity * VAULT-12798 Small change, and changelog * VAULT-12798 Lstat -> Stat * VAULT-12798 remove forgotten comment * VAULT-12798 small refactor, add new config item * VAULT-12798 Require opt-in config for following symlinks for JWT deletion * VAULT-12798 change changelog
31 lines
1.2 KiB
Plaintext
31 lines
1.2 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Vault Agent Auto-Auth JWT Method
|
|
description: JWT Method for Vault Agent Auto-Auth
|
|
---
|
|
|
|
# Vault Agent Auto-Auth JWT Method
|
|
|
|
The `jwt` method reads in a JWT from a file and sends it to the [JWT Auth
|
|
method](/vault/docs/auth/jwt).
|
|
|
|
## Configuration
|
|
|
|
- `path` `(string: required)` - The path to the JWT file
|
|
|
|
- `role` `(string: required)` - The role to authenticate against on Vault
|
|
|
|
- `remove_jwt_after_reading` `(bool: optional, defaults to true)` -
|
|
This can be set to `false` to disable the default behavior of removing the
|
|
JWT after it's been read.
|
|
|
|
- `remove_jwt_follows_symlinks` `(bool: optional, defaults to false)` -
|
|
This can be set to `true` to follow symlinks when removing the JWT after it has been read
|
|
when executing the `remove_jwt_after_reading` behaviour. If set to false, it will delete
|
|
the symlink, not the JWT. Does nothing if `remove_jwt_after_reading` is false.
|
|
|
|
- `jwt_read_period` `(duration: "0.5s", optional)` - The duration after which
|
|
Agent will attempt to read the JWT stored at `path`. Defaults to `1m` if
|
|
`remove_jwt_after_reading` is set to `true`, or `0.5s` otherwise.
|
|
Uses [duration format strings](/docs/concepts/duration-format).
|