Merge pull request #8943 from hashicorp/vault-renew-docs

docs: Add a note about auto-renewing the Vault token
This commit is contained in:
Kyle Havlovitz 2020-10-13 14:36:44 -07:00 committed by GitHub
commit d1402b5386
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 2 deletions

View File

@ -1230,7 +1230,10 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
- `address` ((#vault_ca_address)) The address of the Vault server to - `address` ((#vault_ca_address)) The address of the Vault server to
connect to. connect to.
- `token` ((#vault_ca_token)) The Vault token to use. - `token` ((#vault_ca_token)) The Vault token to use. In Consul 1.8.5 and later, if
the token has the [renewable](https://www.vaultproject.io/api-docs/auth/token#renewable)
flag set, Consul will attempt to renew its lease periodically after half the
duration has expired.
- `root_pki_path` ((#vault_ca_root_pki)) The path to use for the root - `root_pki_path` ((#vault_ca_root_pki)) The path to use for the root
CA pki backend in Vault. This can be an existing backend with a CA already CA pki backend in Vault. This can be an existing backend with a CA already

View File

@ -57,7 +57,11 @@ is used if you're adding configuring to the agent's configuration file.
- `Token` / `token` (`string: <required>`) - A token for accessing Vault. - `Token` / `token` (`string: <required>`) - A token for accessing Vault.
This is write-only and will not be exposed when reading the CA configuration. This is write-only and will not be exposed when reading the CA configuration.
This token must have proper privileges for the PKI paths configured. This token must have proper privileges for the PKI paths configured. In Consul
1.8.5 and later, if the token has the [renewable]
(https://www.vaultproject.io/api-docs/auth/token#renewable)
flag set, Consul will attempt to renew its lease periodically after half the
duration has expired.
- `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to - `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to
a PKI secrets engine for the root certificate. If the path doesn't a PKI secrets engine for the root certificate. If the path doesn't