Vault » History » Version 1
Peter Amstutz, 02/12/2018 08:11 PM
| 1 | 1 | Peter Amstutz | h1. Vault |
|---|---|---|---|
| 2 | |||
| 3 | Going through the docs, I think this would be the simplest way to use Vault in an Arvados container: |
||
| 4 | |||
| 5 | * The container input has the path to the desired secret to be read |
||
| 6 | * The API server creates a new AppRole with role-name as the uuid of the container, and secret as the container token. |
||
| 7 | * The container (running on compute node) runs with API: true |
||
| 8 | * The container uses the container's UUID to get the role_id from vault |
||
| 9 | * The container uses the role_id and container token (secret_id) to authenticate with vault |
||
| 10 | * The container can now read the secret at the path provided in the input |