Add updated wrapping information
This commit is contained in:
parent
112a8e8870
commit
04a03bcb54
|
@ -51,3 +51,9 @@ trusted third party simply to ensure that the private key corresponding to the
|
|||
eventual certificate remains private. The end service can be assured that only
|
||||
it will see the generated private key and that any malfeasance is detected.
|
||||
This can significantly reduce the complexity of any relaying third party.
|
||||
|
||||
One final note: if the wrapped response is an authentication response
|
||||
containing a Vault token, the token's accessor will be made available in the
|
||||
returned wrap information. This allows privileged callers to generate tokens
|
||||
for clients and revoke these tokens (and their created leases) at an
|
||||
appropriate time, while never being exposed to the actual generated token IDs.
|
||||
|
|
|
@ -58,6 +58,11 @@ If using the CLI, passing the wrapping token's ID to the `vault unwrap` command
|
|||
will return the original value; `-format` and `-field` can be set like with
|
||||
`vault read`.
|
||||
|
||||
If the original response is an authentication response containing a token, the
|
||||
token's accessor will be made available to the caller. This allows a privileged
|
||||
caller to generate tokens for clients and be able to manage the tokens'
|
||||
lifecycle while not being exposed to the actual client token IDs.
|
||||
|
||||
## Quick Start
|
||||
|
||||
The `cubbyhole` backend allows for writing keys with arbitrary values.
|
||||
|
|
Loading…
Reference in a new issue