open-vault/website/source/docs/agent/index.html.md
Jeff Mitchell a6d0ae5890
Add exit-after-auth functionality to agent (#5013)
This allows it to authenticate once, then exit once all sinks have
reported success. Useful for things like an init container vs. a
sidecard container.

Also adds command-level testing of it.
2018-07-30 10:37:04 -04:00

70 lines
1.7 KiB
Markdown

---
layout: "docs"
page_title: "Vault Agent"
sidebar_current: "docs-agent"
description: |-
Vault Agent is a client-side daemon that can be used to perform some Vault
functionality automatically.
---
# Vault Agent
Vault Agent is a client daemon that can perform useful tasks.
To get help, run:
```text
$ vault agent -h
```
## Auto-Auth
Vault Agent allows for easy authentication to Vault in a wide variety of
environments. Please see the [Auto-Auth docs](/docs/agent/autoauth/index.html)
for information.
Auto-Auth functionality takes place within an `auto_auth` configuration stanza.
## Configuration
These are the currently-available general configuration option:
- `pid_file` `(string: "")` - Path to the file in which the agent's Process ID
(PID) should be stored
- `exit_after_auth` `(bool: false)` - If set to `true`, the agent will exit
with code `0` after a single successful auth, where success means that a
token was retrieved and all sinks successfully wrote it
## Example Configuration
An example configuration, with very contrived values, follows:
```python
pid_file = "./pidfile"
auto_auth {
method "aws" {
mount_path = "auth/aws-subaccount"
config = {
role = "foobar"
}
}
sink "file" {
config = {
path = "/tmp/file-foo"
}
}
sink "file" {
wrap_ttl = "5m"
aad_env_var = "TEST_AAD_ENV"
dh_type = "curve25519"
dh_path = "/tmp/file-foo-dhpath2"
config = {
path = "/tmp/file-bar"
}
}
}
```