4f87851926
* update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
39 lines
1.6 KiB
Plaintext
39 lines
1.6 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Vault Agent Auto-Auth AppRole Method
|
|
sidebar_title: AppRole
|
|
description: AppRole Method for Vault Agent Auto-Auth
|
|
---
|
|
|
|
# Vault Agent Auto-Auth AppRole Method
|
|
|
|
The `approle` method reads in a role ID and a secret ID from files and sends
|
|
the values to the [AppRole Auth
|
|
method](/docs/auth/approle).
|
|
|
|
The method caches values and it is safe to delete the role ID/secret ID files
|
|
after they have been read. In fact, by default, after reading the secret ID,
|
|
the agent will delete the file. New files or values written at the expected
|
|
locations will be used on next authentication and the new values will be
|
|
cached.
|
|
|
|
## Configuration
|
|
|
|
- `role_id_file_path` `(string: required)` - The path to the file with role ID
|
|
|
|
- `secret_id_file_path` `(string: optional)` - The path to the file with secret
|
|
ID.
|
|
If not set, only the `role-id` will be used. \
|
|
In that case, the AppRole should have `bind_secret_id` set to `false` otherwise Vault Agent wouldn't be able to login.
|
|
|
|
- `remove_secret_id_file_after_reading` `(bool: optional, defaults to true)` -
|
|
This can be set to `false` to disable the default behavior of removing the
|
|
secret ID file after it's been read.
|
|
|
|
- `secret_id_response_wrapping_path` `(string: optional)` - If set, the value
|
|
at `secret_id_file_path` will be expected to be a [Response-Wrapping
|
|
Token](/docs/concepts/response-wrapping)
|
|
containing the output of the secret ID retrieval endpoint for the role (e.g.
|
|
`auth/approle/role/webservers/secret-id`) and the creation path for the
|
|
response-wrapping token must match the value set here.
|