a6d0ae5890
This allows it to authenticate once, then exit once all sinks have reported success. Useful for things like an init container vs. a sidecard container. Also adds command-level testing of it.
1.7 KiB
1.7 KiB
layout | page_title | sidebar_current | description |
---|---|---|---|
docs | Vault Agent | docs-agent | Vault Agent is a client-side daemon that can be used to perform some Vault functionality automatically. |
Vault Agent
Vault Agent is a client daemon that can perform useful tasks.
To get help, run:
$ vault agent -h
Auto-Auth
Vault Agent allows for easy authentication to Vault in a wide variety of environments. Please see the Auto-Auth docs for information.
Auto-Auth functionality takes place within an auto_auth
configuration stanza.
Configuration
These are the currently-available general configuration option:
-
pid_file
(string: "")
- Path to the file in which the agent's Process ID (PID) should be stored -
exit_after_auth
(bool: false)
- If set totrue
, the agent will exit with code0
after a single successful auth, where success means that a token was retrieved and all sinks successfully wrote it
Example Configuration
An example configuration, with very contrived values, follows:
pid_file = "./pidfile"
auto_auth {
method "aws" {
mount_path = "auth/aws-subaccount"
config = {
role = "foobar"
}
}
sink "file" {
config = {
path = "/tmp/file-foo"
}
}
sink "file" {
wrap_ttl = "5m"
aad_env_var = "TEST_AAD_ENV"
dh_type = "curve25519"
dh_path = "/tmp/file-foo-dhpath2"
config = {
path = "/tmp/file-bar"
}
}
}