Add rotate root docs for azure secrets (#19187)
This commit is contained in:
parent
c6a455c92f
commit
91446e129e
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:improvement
|
||||||
|
website/docs: Add rotate root documentation for azure secrets engine
|
||||||
|
```
|
|
@ -103,6 +103,20 @@ This endpoint generates a renewable set of credentials. The application can logi
|
||||||
using the `client_id`/`client_secret` and will have access provided by configured service
|
using the `client_id`/`client_secret` and will have access provided by configured service
|
||||||
principal or the Azure roles set in the "my-role" configuration.
|
principal or the Azure roles set in the "my-role" configuration.
|
||||||
|
|
||||||
|
## Root Credential Rotation
|
||||||
|
|
||||||
|
If the mount is configured with credentials directly, the credential's key may be
|
||||||
|
rotated to a Vault-generated value that is not accessible by the operator.
|
||||||
|
This will ensure that only Vault is able to access the "root" user that Vault uses to
|
||||||
|
manipulate dynamic & static credentials.
|
||||||
|
|
||||||
|
```shell-session
|
||||||
|
vault write -f azure/rotate-root
|
||||||
|
```
|
||||||
|
|
||||||
|
For more details on this operation, please see the
|
||||||
|
[Root Credential Rotation](/vault/api-docs/secret/azure#rotate-root) API docs.
|
||||||
|
|
||||||
## Roles
|
## Roles
|
||||||
|
|
||||||
Vault roles let you configure either an existing service principal or a set of Azure roles, along with
|
Vault roles let you configure either an existing service principal or a set of Azure roles, along with
|
||||||
|
|
Loading…
Reference in New Issue