diff options
author | Niall Sheridan <nsheridan@gmail.com> | 2016-10-04 14:37:01 -0700 |
---|---|---|
committer | Niall Sheridan <nsheridan@gmail.com> | 2016-10-06 22:02:39 -0500 |
commit | 17cd70cea546e287713a3d4c086528a85abefa2e (patch) | |
tree | f52ffa10f2065c47445bd6c37f07a57f68074100 /example-server.conf | |
parent | 294020406c257ad4eb1867a1e7fb8b694aefddd2 (diff) |
Add support for Hashicorp Vault
Vault is supported for the following:
As a well-known filesystem for TLS cert, TLS key and SSH signing key.
For configuration secrets for cookie_secret, csrf_secret, oauth_client_id and oauth_client_secret options.
Diffstat (limited to 'example-server.conf')
-rw-r--r-- | example-server.conf | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/example-server.conf b/example-server.conf index fcb6558..9a20c9d 100644 --- a/example-server.conf +++ b/example-server.conf @@ -32,10 +32,16 @@ ssh { permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc"] # Permissions associated with a certificate } -# Optional AWS config. if an aws config is present, the signing key can be read from S3 using the syntax `/s3/bucket/path/to/signing.key`. +# Optional AWS config. if an aws config is present, then files (e.g. signing key or tls cert) can be read from S3 using the syntax `/s3/bucket/path/to/signing.key`. # These can also be set configured using the standard aws-sdk environment variables, IAM roles etc. https://github.com/aws/aws-sdk-go/wiki/configuring-sdk aws { region = "eu-west-1" access_key = "abcdef" secret_key = "xyz123" } + +# Optional Vault config. If a vault config is present then files (e.g. signing key or tls cert) can be read from a vault server using the syntax `/vault/secret/service/key_name`. +vault { + address = "https://127.0.0.1:8200" + token = "83f01274-c6f0-4dae-aab9-13a6fc62772e" +} |