luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Added a note about JWT (#6899)

This commit is contained in:
Yoko 2019-06-18 12:36:51 -07:00 committed by GitHub
parent 659f97a0b7
commit ba82b04b15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
website/source/docs/auth/kubernetes.html.md
View File

@ -84,6 +84,15 @@ list of available configuration options, please see the API documentation.
kubernetes_ca_cert=@ca.crt kubernetes_ca_cert=@ca.crt
``` ```
!> **NOTE:** The pattern Vault uses to authenticate Pods depends on sharing
the JWT token over the network. Given the [security model of
Vault](/docs/internals/security.html), this is allowable because Vault is
part of the trusted compute base. In general, Kubernetes applications should
**not** share this JWT with other applications, as it allows API calls to be
made on behalf of the Pod and can result in unintended access being granted
to 3rd parties.
1. Create a named role: 1. Create a named role:
```text ```text