open-vault/website/content/docs/agent/autoauth/methods
tdsacilowski 887e77c2ae
Agent JWT auto auth remove_jwt_after_reading config option (#11969)
Add a new config option for Vault Agent's JWT auto auth
`remove_jwt_after_reading`, which defaults to true. Can stop
Agent from attempting to delete the file, which is useful in k8s
where the service account JWT is mounted as a read-only file
and so any attempt to delete it generates spammy error logs.

When leaving the JWT file in place, the read period for new
tokens is 1 minute instead of 500ms to reflect the assumption
that there will always be a file there, so finding a file does not
provide any signal that it needs to be re-read. Kubernetes
has a minimum TTL of 10 minutes for tokens, so a period of
1 minute gives Agent plenty of time to detect new tokens,
without leaving it too unresponsive. We may want to add a
config option to override these default periods in the future.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
2022-07-25 07:42:09 -06:00
..
alicloud.mdx
approle.mdx docs: update agent sections around auto-auth, caching, and templating (#15195) 2022-04-29 12:10:48 -07:00
aws.mdx updated references from learn to tutorial (#14867) 2022-04-04 10:05:16 -07:00
azure.mdx agent/azure: adds ability to use specific user-assigned managed identities for auto auth (#14214) 2022-02-23 11:43:36 -08:00
cert.mdx
cf.mdx
gcp.mdx auth/gcp: adds note on custom endpoints to configuration section (#15990) 2022-06-15 10:06:58 -07:00
index.mdx
jwt.mdx Agent JWT auto auth remove_jwt_after_reading config option (#11969) 2022-07-25 07:42:09 -06:00
kerberos.mdx
kubernetes.mdx updated references from learn to tutorial (#14866) 2022-04-04 10:04:50 -07:00