From 5a317a1a32904dc6d65797f8ab73b511c5f2e587 Mon Sep 17 00:00:00 2001 From: Nicolas Corrarello Date: Mon, 6 Nov 2017 15:13:50 +0000 Subject: [PATCH] Updated documentation --- website/source/api/secret/nomad/index.html.md | 33 +++++++++++++++++++ .../source/docs/secrets/nomad/index.html.md | 9 +++++ 2 files changed, 42 insertions(+) diff --git a/website/source/api/secret/nomad/index.html.md b/website/source/api/secret/nomad/index.html.md index d3379b285..1b46c4ece 100644 --- a/website/source/api/secret/nomad/index.html.md +++ b/website/source/api/secret/nomad/index.html.md @@ -52,6 +52,39 @@ $ curl \ https://vault.rocks/v1/nomad/config/access ``` +## Configure Lease + +This endpoint configures the lease settings for generated tokens. + +| Method | Path | Produces | +| :------- | :--------------------------- | :--------------------- | +| `POST` | `/nomad/config/lease` | `204 (empty body)` | + +### Parameters + +- `ttl` `(int: 0)` – Specifies the lease ttl provided in seconds. + +- `max_ttl` `(int: 0)` – Specifies the maximum ttl provided in seconds. + +### Sample Payload + +```json +{ + "ttl": 1800, + "max_ttl": 3600 +} +``` + +### Sample Request + +``` +$ curl \ + --header "X-Vault-Token: ..." \ + --request POST \ + --data @payload.json \ + https://vault.rocks/v1/nomad/config/lease +``` + ## Create/Update Role This endpoint creates or updates the Nomad role definition in Vault. If the role does not exist, it will be created. If the role already exists, it will receive diff --git a/website/source/docs/secrets/nomad/index.html.md b/website/source/docs/secrets/nomad/index.html.md index 754426762..aa987e779 100644 --- a/website/source/docs/secrets/nomad/index.html.md +++ b/website/source/docs/secrets/nomad/index.html.md @@ -28,6 +28,15 @@ Unlike the `generic` backend, the `nomad` backend is not mounted by default. $ vault mount nomad Successfully mounted 'nomad' at 'nomad'! ``` + +Optionally, we can configure the lease settings for credentials generated +by Vault. This is done by writing to the `config/lease` key: + +``` +$ vault write nomad/config/lease ttl=3600 max_ttl=86400 +Success! Data written to: nomad/config/lease +``` + For a quick start, you can use the SecretID token provided by the [Nomad ACL bootstrap process](https://www.nomadproject.io/guides/acl.html#generate-the-initial-token), although this is discouraged for production deployments.