docs: Add a note about auto-renewing the Vault token

This commit is contained in:
Kyle Havlovitz 2020-10-13 13:56:56 -07:00
parent 2491177d37
commit 37f95e6e79
2 changed files with 9 additions and 2 deletions

View File

@ -1230,7 +1230,10 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
- `address` ((#vault_ca_address)) The address of the Vault server to
connect to.
- `token` ((#vault_ca_token)) The Vault token to use.
- `token` ((#vault_ca_token)) The Vault token to use. In Consul 1.8.5 and later, if
the token has the [renewable](https://www.vaultproject.io/api-docs/auth/token#renewable)
flag set, Consul will attempt to renew its lease periodically after half the
duration has expired.
- `root_pki_path` ((#vault_ca_root_pki)) The path to use for the root
CA pki backend in Vault. This can be an existing backend with a CA already

View File

@ -57,7 +57,11 @@ is used if you're adding configuring to the agent's configuration file.
- `Token` / `token` (`string: <required>`) - A token for accessing Vault.
This is write-only and will not be exposed when reading the CA configuration.
This token must have proper privileges for the PKI paths configured.
This token must have proper privileges for the PKI paths configured. In Consul
1.8.5 and later, if the token has the [renewable]
(https://www.vaultproject.io/api-docs/auth/token#renewable)
flag set, Consul will attempt to renew its lease periodically after half the
duration has expired.
- `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to
a PKI secrets engine for the root certificate. If the path doesn't