1.7 KiB
1.7 KiB
| layout | page_title | sidebar_title | sidebar_current | description |
|---|---|---|---|---|
| docs | Vault Agent | Vault Agent | docs-agent | Vault Agent is a client-side daemon that can be used to perform some Vault functionality automatically. |
Vault Agent
Vault Agent is a client daemon that can perform useful tasks.
To get help, run:
$ vault agent -h
Auto-Auth
Vault Agent allows for easy authentication to Vault in a wide variety of environments. Please see the Auto-Auth docs for information.
Auto-Auth functionality takes place within an auto_auth configuration stanza.
Configuration
These are the currently-available general configuration option:
-
pid_file(string: "")- Path to the file in which the agent's Process ID (PID) should be stored -
exit_after_auth(bool: false)- If set totrue, the agent will exit with code0after a single successful auth, where success means that a token was retrieved and all sinks successfully wrote it
Example Configuration
An example configuration, with very contrived values, follows:
pid_file = "./pidfile"
auto_auth {
method "aws" {
mount_path = "auth/aws-subaccount"
config = {
type = "iam"
role = "foobar"
}
}
sink "file" {
config = {
path = "/tmp/file-foo"
}
}
sink "file" {
wrap_ttl = "5m"
aad_env_var = "TEST_AAD_ENV"
dh_type = "curve25519"
dh_path = "/tmp/file-foo-dhpath2"
config = {
path = "/tmp/file-bar"
}
}
}