open-vault/command/agent
tdsacilowski 887e77c2ae
Agent JWT auto auth remove_jwt_after_reading config option (#11969)
Add a new config option for Vault Agent's JWT auto auth
`remove_jwt_after_reading`, which defaults to true. Can stop
Agent from attempting to delete the file, which is useful in k8s
where the service account JWT is mounted as a read-only file
and so any attempt to delete it generates spammy error logs.

When leaving the JWT file in place, the read period for new
tokens is 1 minute instead of 500ms to reflect the assumption
that there will always be a file there, so finding a file does not
provide any signal that it needs to be re-read. Kubernetes
has a minimum TTL of 10 minutes for tokens, so a period of
1 minute gives Agent plenty of time to detect new tokens,
without leaving it too unresponsive. We may want to add a
config option to override these default periods in the future.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-25 07:42:09 -06:00
..
auth Agent JWT auto auth remove_jwt_after_reading config option (#11969) 2022-07-25 07:42:09 -06:00
cache VAULT-5935 agent: redact renew-self if using auto auth (#15380) 2022-05-12 09:25:55 -07:00
config Fix agent use_auto_auth_token force test (#16313) 2022-07-15 19:12:59 -04:00
sink OSS changes for ent pr (#13696) 2022-01-19 09:43:12 -08:00
template agent: add disable_idle_connections configurable (#15986) 2022-06-16 18:06:22 -04:00
winsvc Convert to Go 1.17 go:build directive (#13579) 2022-01-05 12:02:03 -06:00
alicloud_end_to_end_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
approle_end_to_end_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
auto_auth_preload_token_end_to_end_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
aws_end_to_end_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
cache_end_to_end_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
cert_end_to_end_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
cf_end_to_end_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
doc.go Vault Agent Template (#7652) 2019-10-18 16:21:46 -05:00
jwt_end_to_end_test.go Revert the WithContext changes to vault tests (#14947) 2022-04-07 15:12:58 -04:00
README.md Vault Agent Template (#7652) 2019-10-18 16:21:46 -05:00
testing.go Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00

Vault Agent

Vault Agent is a client daemon that provides Auth-Auth, Caching, and Template features.

Vault Agent provides a number of different helper features, specifically addressing the following challenges:

  • Automatic authentication
  • Secure delivery/storage of tokens
  • Lifecycle management of these tokens (renewal & re-authentication)

See the usage documentation on the Vault website here: