4f87851926
* update dependencies * remove hard-coded vaultproject.io on local links * remove 'index.html' from internal links * remove '.html' at end of internal links * manual review cleanup Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
39 lines
1.3 KiB
Plaintext
39 lines
1.3 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Vault Agent Auto-Auth GCP Method
|
|
sidebar_title: GCP
|
|
description: GCP Method for Vault Agent Auto-Auth
|
|
---
|
|
|
|
# Vault Agent Auto-Auth GCP Method
|
|
|
|
The `gcp` method performs authentication against the [GCP Auth
|
|
method](/docs/auth/gcp). Both `gce` and `iam`
|
|
authentication types are supported.
|
|
|
|
## Credentials
|
|
|
|
Vault will use the GCP SDK's normal credential chain behavior. You can set a
|
|
static `credentials` value but it is usually not needed. If running on GCE
|
|
using Application Default Credentials, you may need to specify the service
|
|
account and project since ADC does not provide metadata used to automatically
|
|
determine these.
|
|
|
|
## Configuration
|
|
|
|
- `type` `(string: required)` - The type of authentication; must be `gce` or `iam`
|
|
|
|
- `role` `(string: required)` - The role to authenticate against on Vault
|
|
|
|
- `credentials` `(string: optional)` - When using static credentials, the
|
|
contents of the JSON credentials file
|
|
|
|
- `service_account` `(string: optional)` - The service account to use, if it
|
|
cannot be automatically determined
|
|
|
|
- `project` `(string: optional)` - The project to use, if it cannot be
|
|
automatically determined
|
|
|
|
- `jwt_exp` `(string or int: optional)` - The number of minutes a generated JWT
|
|
should be valid for when using the `iam` method; defaults to 15 minutes
|