diff --git a/website/pages/docs/agent/index.mdx b/website/pages/docs/agent/index.mdx index ee3e0f5c5..3fad14e7c 100644 --- a/website/pages/docs/agent/index.mdx +++ b/website/pages/docs/agent/index.mdx @@ -60,35 +60,35 @@ These are the currently-available general configuration option: There can at most be one top level `vault` block and it has the following configuration entries: -- `address` `(string: )` - The address of the Vault server. This should +- `address` `(string: )` - The address of the Vault server. This should be a complete URL such as `https://127.0.0.1:8200`. This value can be overridden by setting the `VAULT_ADDR` environment variable. -- `ca_cert` `(string: )` - Path on the local disk to a single PEM-encoded +- `ca_cert` `(string: )` - Path on the local disk to a single PEM-encoded CA certificate to verify the Vault server's SSL certificate. This value can be overridden by setting the `VAULT_CACERT` environment variable. -- `ca_path` `(string: )` - Path on the local disk to a directory of +- `ca_path` `(string: )` - Path on the local disk to a directory of PEM-encoded CA certificates to verify the Vault server's SSL certificate. This value can be overridden by setting the `VAULT_CAPATH` environment variable. -- `client_cert` `(string: )` - Path on the local disk to a single +- `client_cert` `(string: )` - Path on the local disk to a single PEM-encoded CA certificate to use for TLS authentication to the Vault server. This value can be overridden by setting the `VAULT_CLIENT_CERT` environment variable. -- `client_key` `(string: )` - Path on the local disk to a single +- `client_key` `(string: )` - Path on the local disk to a single PEM-encoded private key matching the client certificate from `client_cert`. This value can be overridden by setting the `VAULT_CLIENT_KEY` environment variable. -- `tls_skip_verify` `(string: )` - Disable verification of TLS +- `tls_skip_verify` `(string: )` - Disable verification of TLS certificates. Using this option is highly discouraged as it decreases the security of data transmissions to and from the Vault server. This value can be overridden by setting the `VAULT_SKIP_VERIFY` environment variable. -- `tls_server_name` `(string: )` - Name to use as the SNI host when +- `tls_server_name` `(string: )` - Name to use as the SNI host when connecting via TLS. This value can be overridden by setting the `VAULT_TLS_SERVER_NAME` environment variable.