luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

docs: add tls settings on cert auto-auth's config page (#9848)

Browse source
This commit is contained in:
Calvin Leung Huang 2020-08-27 19:21:32 -07:00 committed by GitHub
parent a71798a445
commit 0d723e54a9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
website/pages/docs/agent/autoauth/methods/cert.mdx
View file

@ -11,10 +11,23 @@ The `cert` method uses the configured TLS certificates from the `vault` stanza o
the agent configuration and takes an optional `name` parameter. There is no option
to use certificates which differ from those used in the `vault` stanza.
See TLS settings in the [`vault` Stanza](/docs/agent#vault-stanza)
It is strongly advised to provide TLS settings in the configuration stanza
within the auth method to avoid agent cache, if also enabled, from using the
same TLS settings when proxying requests. If TLS settings are not present in the
config stanza, Agent will fall back to using TLS settings from the [`vault`
Stanza](/docs/agent#vault-stanza).
## Configuration
- `name` `(string: optional)` - The trusted certificate role which should be used
when authenticating with TLS. If a `name` is not specified, the auth method will
try to authenticate against [all trusted certificates](/docs/auth/cert#authentication).
- `ca_cert` `(string: optional)` - Path on the local disk to a single
PEM-encoded CA certificate to verify the Vault server's SSL certificate.
- `client_cert` `(string: optional)` - Path on the local disk to a single
PEM-encoded client certificate to use for cert auth method authentication.
- `client_key` `(string: optional)` - Path on the local disk to a single
PEM-encoded private key matching the client certificate from client_cert.