luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/docs/platform/k8s/csi/configurations.mdx
Jason O'Donnell 194f1b3937
docs: add missing csi mount config (#11518)
2021-05-03 16:54:20 -04:00

59 lines
2.4 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Vault CSI Provider Configurations
description: This section documents the configurables for the Vault CSI Provider.
---
# Secret Class Provider Configurations
The following parameters are supported by the Vault provider:
- `roleName` `(string: "")` - Name of the role to be used during login with Vault.
- `vaultAddress` `(string: "")` - The address of the Vault server.
- `vaultNamespace` `(string: "")` - The Vault [namespace](/docs/enterprise/namespaces) to use.
- `vaultKubernetesMountPath` `(string: "kubernetes")` - The mount path of the Kubernetes authentication
method in Vault.
- `vaultSkipTLSVerify` `(string: "false")` - When set to true, skips verification of the Vault server
certificiate. Setting this to true is not recommended for production.
- `vaultCACertPath` `(string: "")` - The path on disk where the Vault CA certificate can be found
when verifying the Vault server certificate.
- `vaultCADirectory` `(string: "")` - The directory on disk where the Vault CA certificate can be found
when verifying the Vault server certificate.
- `vaultTLSClientCertPath` `(string: "")` - The path on disk where the client certificate can be found
for mTLS communications with Vault.
- `vaultTLSClientKeyPath` `(string: "")` - The path on disk where the client key can be found
for mTLS communications with Vault.
- `vaultTLSServerName` `(string: "")` - The name to use as the SNI host when connecting via TLS.
- `vaultKubernetesMountPath` `(string: "kubernetes")` - The name of the auth mount used for login.
At this time only the Kubernetes auth method is supported.
- `objects` `(array)` - An array of secrets to retrieve from Vault.
- `objectName` `(string: "")` - The alias of the object which can be referenced within the secret provider class and
the name of the secret file.
- `method` `(string: "GET")` - The type of HTTP request. Supported values include "GET" and "PUT".
- `secretPath` `(string: "")` - The path in Vault where the secret is located.
- `secretKey` `(string: "")` - The key in the Vault secret to extract. If omitted, the whole response from Vault will be written as JSON.
- `secretArgs` `(map: {})` - Additional arguments to be sent to Vault for a specific secret. Arguments can vary
for different secret engines. For example:
```yaml
secretArgs:
common_name: 'test.example.com'
ttl: '24h'
```
Reference in a new issue View git blame Copy permalink