open-vault/website/content
tdsacilowski 887e77c2ae
Agent JWT auto auth remove_jwt_after_reading config option (#11969)
Add a new config option for Vault Agent's JWT auto auth
`remove_jwt_after_reading`, which defaults to true. Can stop
Agent from attempting to delete the file, which is useful in k8s
where the service account JWT is mounted as a read-only file
and so any attempt to delete it generates spammy error logs.

When leaving the JWT file in place, the read period for new
tokens is 1 minute instead of 500ms to reflect the assumption
that there will always be a file there, so finding a file does not
provide any signal that it needs to be re-read. Kubernetes
has a minimum TTL of 10 minutes for tokens, so a period of
1 minute gives Agent plenty of time to detect new tokens,
without leaving it too unresponsive. We may want to add a
config option to override these default periods in the future.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-25 07:42:09 -06:00
..
api-docs Transform tokenization key auto-rotate docs (#16410) 2022-07-21 15:48:58 -05:00
docs Agent JWT auto auth remove_jwt_after_reading config option (#11969) 2022-07-25 07:42:09 -06:00
partials secrets/db: documents credential types and snowflake key pair auth (#15892) 2022-06-09 15:56:50 -07:00
security.mdx Implement MDX Remote (#10581) 2020-12-17 16:53:33 -05:00