diff options
| author | Stuart Clark <stuart.clark@Jahingo.com> | 2017-08-08 02:20:56 +0100 |
|---|---|---|
| committer | Dave Henderson <dhenderson@gmail.com> | 2017-08-07 21:20:56 -0400 |
| commit | d2cf55b83fe71d41c3a09b35b280d9a48b24088d (patch) | |
| tree | cc152e6ed7d4f2346d179bb867a683e47a3d9852 /docs | |
| parent | cbc2af15fccdfc43ae6dfc2ae2d88248df039ddb (diff) | |
Vault AWS EC2 auth (#190)
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/content/functions/general.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/docs/content/functions/general.md b/docs/content/functions/general.md index 28f518bd..c3c2cfe0 100644 --- a/docs/content/functions/general.md +++ b/docs/content/functions/general.md @@ -593,6 +593,7 @@ This table describes the currently-supported authentication mechanisms and how t | [`github`](https://www.vaultproject.io/docs/auth/github.html) | Environment variable `$VAULT_AUTH_GITHUB_TOKEN` must be set to an appropriate value.<br/> If the backend is mounted to a different location, set `$VAULT_AUTH_GITHUB_MOUNT`. | | [`userpass`](https://www.vaultproject.io/docs/auth/userpass.html) | Environment variables `$VAULT_AUTH_USERNAME` and `$VAULT_AUTH_PASSWORD` must be set to the appropriate values.<br/> If the backend is mounted to a different location, set `$VAULT_AUTH_USERPASS_MOUNT`. | | [`token`](https://www.vaultproject.io/docs/auth/token.html) | Determined from either the `$VAULT_TOKEN` environment variable, or read from the file `~/.vault-token` | +| [`aws`](https://www.vaultproject.io/docs/auth/aws.html) | As a final option authentication will be attempted using the AWS auth backend. See below for more details. | _**Note:**_ The secret values listed in the above table can either be set in environment variables or provided in files. This can increase security when using @@ -637,6 +638,16 @@ $ echo 'otp={{(datasource "vault" "ssh/creds/test?ip=10.1.2.3&username=user").ke otp=604a4bd5-7afd-30a2-d2d8-80c4aebc6183 ``` +#### Authentication using AWS details + +If running on an EC2 instance authentication will be attempted using the AWS auth backend. The +optional `VAULT_AUTH_AWS_MOUNT` environment variable can be used to set the mount point to use if +it differs from the default of `aws`. Additionally `AWS_TIMEOUT` can be set (in seconds) to a value +to wait for AWS to respond before skipping the attempt. + +If set, the `VAULT_AUTH_AWS_ROLE` environment variable will be used to specify the role to authenticate +using. If not set the AMI ID of the EC2 instance will be used by Vault. + ## `datasourceExists` Tests whether or not a given datasource was defined on the commandline (with the |