Add `nonce` configuration parameter to agent AWS auto-auth documentation (#10926)

* Update aws.mdx Was looking how to give the vault agent with AWS auth-auth the same nonce, but saw it wasn't documented. Dove through the code, found https://github.com/hashicorp/vault/blob/master/command/agent/auth/aws/aws.go#L139 and https://github.com/hashicorp/vault/blob/master/command/agent/auth/aws/aws.go#L215 (tried to call out the importance and point to docs, know setting `nonce` poorly could be very bad!) * add line breaks * Apply suggestions from code review Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> Co-authored-by: hghaf099 <83242695+hghaf099@users.noreply.github.com> Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2021-10-13 07:45:34 -07:00 · 2021-10-13 07:45:34 -07:00 · 810282d469
parent ae40d1c2c9
commit 810282d469
1 changed files with 4 additions and 0 deletions
--- a/website/content/docs/agent/autoauth/methods/aws.mdx
+++ b/website/content/docs/agent/autoauth/methods/aws.mdx
@ -56,6 +56,10 @@ parameters unset in your configuration.
 - `header_value` `(string: optional)` - If configured in Vault, the value to use for
  [`iam_server_id_header_value`](/api/auth/aws#iam_server_id_header_value).

+- `nonce` `(string: optional)` - If not provided, Vault will generate a new UUID every time `vault agent` runs. 
+  If set, make sure you understand the importance of generating a good, unique `nonce` and protecting it. 
+  See [Client Nonce](/docs/auth/aws#client-nonce) for more information.
+
 ## Learn

 Refer to the [Vault Agent with