blob: 644e9ca544b1007866b3a2c47b9a58b5d14f2e63 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
# This is a sample, partially complete docker-credential-vault-login config
# file.
#
# You will need add (at minimum):
#
# 1. One or more auto_auth.method stanza(s)
# 2. An appropriate vault.address
#
# See the README in /usr/share/doc/docker-credential-vault-login for more.
vault {
# Or via VAULT_ADDR (in the calling docker daemon's context)
address = "https://your.vault.example.com:8200"
}
auto_auth {
/*
* You must add >1 method stanza
*
method "aws" {
mount_path = "auth/aws"
config = {
type = "iam"
role = "foobar"
secret = "secret/registry/all"
}
}
method "approle" {
mount_path = "auth/approle"
config = {
role_id_file_path = "/my-vault-approle-id"
secret_id_file_path = "/my-vault-approle-secret-id"
remove_secret_id_file_after_reading = "false"
secrets = {
"my.registry.example.com" = "secret/registry/internal"
"docker.io" = "secret/registry/docker.io"
}
}
}
*/
# Save a token to the local system to prevent re-authenticating with Vault
# via the provided method(s) each time docker calls this cred helper.
#
# If saving a token to the local filesystem is a security concern you can
# delete this stanza at a moderate performance penalty.
sink "file" {
config = {
path = "/var/lib/docker-credential-vault-login/token"
mode = "0640"
}
}
}
|