887e77c2ae
Add a new config option for Vault Agent's JWT auto auth `remove_jwt_after_reading`, which defaults to true. Can stop Agent from attempting to delete the file, which is useful in k8s where the service account JWT is mounted as a read-only file and so any attempt to delete it generates spammy error logs. When leaving the JWT file in place, the read period for new tokens is 1 minute instead of 500ms to reflect the assumption that there will always be a file there, so finding a file does not provide any signal that it needs to be re-read. Kubernetes has a minimum TTL of 10 minutes for tokens, so a period of 1 minute gives Agent plenty of time to detect new tokens, without leaving it too unresponsive. We may want to add a config option to override these default periods in the future. Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| auth | ||
| cache | ||
| config | ||
| sink | ||
| template | ||
| winsvc | ||
| README.md | ||
| alicloud_end_to_end_test.go | ||
| approle_end_to_end_test.go | ||
| auto_auth_preload_token_end_to_end_test.go | ||
| aws_end_to_end_test.go | ||
| cache_end_to_end_test.go | ||
| cert_end_to_end_test.go | ||
| cf_end_to_end_test.go | ||
| doc.go | ||
| jwt_end_to_end_test.go | ||
| testing.go | ||
README.md
Vault Agent
Vault Agent is a client daemon that provides Auth-Auth, Caching, and Template features.
Vault Agent provides a number of different helper features, specifically addressing the following challenges:
- Automatic authentication
- Secure delivery/storage of tokens
- Lifecycle management of these tokens (renewal & re-authentication)
See the usage documentation on the Vault website here: