Vault » History » Version 1
Peter Amstutz, 02/12/2018 08:11 PM
1 | 1 | Peter Amstutz | h1. Vault |
---|---|---|---|
2 | |||
3 | Going through the docs, I think this would be the simplest way to use Vault in an Arvados container: |
||
4 | |||
5 | * The container input has the path to the desired secret to be read |
||
6 | * The API server creates a new AppRole with role-name as the uuid of the container, and secret as the container token. |
||
7 | * The container (running on compute node) runs with API: true |
||
8 | * The container uses the container's UUID to get the role_id from vault |
||
9 | * The container uses the role_id and container token (secret_id) to authenticate with vault |
||
10 | * The container can now read the secret at the path provided in the input |