Actions
Vault » History » Revision 1
Revision 1/12
| Next »
Peter Amstutz, 02/12/2018 08:11 PM
Vault¶
Going through the docs, I think this would be the simplest way to use Vault in an Arvados container:
- The container input has the path to the desired secret to be read
- The API server creates a new AppRole with role-name as the uuid of the container, and secret as the container token.
- The container (running on compute node) runs with API: true
- The container uses the container's UUID to get the role_id from vault
- The container uses the role_id and container token (secret_id) to authenticate with vault
- The container can now read the secret at the path provided in the input
Updated by Peter Amstutz about 6 years ago · 1 revisions