Added a note about JWT (#6899)

This commit is contained in:
Yoko 2019-06-18 12:36:51 -07:00 committed by GitHub
parent 659f97a0b7
commit ba82b04b15
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -84,6 +84,15 @@ list of available configuration options, please see the API documentation.
kubernetes_ca_cert=@ca.crt
```
!> **NOTE:** The pattern Vault uses to authenticate Pods depends on sharing
the JWT token over the network. Given the [security model of
Vault](/docs/internals/security.html), this is allowable because Vault is
part of the trusted compute base. In general, Kubernetes applications should
**not** share this JWT with other applications, as it allows API calls to be
made on behalf of the Pod and can result in unintended access being granted
to 3rd parties.
1. Create a named role:
```text