kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-05 09:55:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

More review fixes

Browse Source
This commit is contained in:
Charlie Voiselle
2017-08-01 12:05:28 -04:00
parent c11042fec6
commit 1bc65e1ad4
1 changed files with 14 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
website/source/docs/vault-integration/index.html.md
View File

@@ -236,22 +236,23 @@ token_renewable true
token_policies [default nomad-server]
```
The `-orphan` flag is included when generating the Nomad server token above to
prevent revocation of the token when its parent expires. Vault typically
creates tokens with a parent-child relationship. When an ancestor token is revoked, all of its descendant tokens and their associated leases are revoked as well.
The `-orphan` flag is included when generating the Nomad server token above to
prevent revocation of the token when its parent expires. Vault typically
creates tokens with a parent-child relationship. When an ancestor token is
revoked, all of its descendant tokens and their associated leases are revoked
as well.
When generating Nomad's Vault token, we need to ensure that revocation of the
parent token does not revoke Nomad's token. To prevent this behavior we
specify the `-orphan` flag when we create the Nomad's Vault token. All
other tokens generated by Nomad for jobs will be generated using the policy
default of `orphan = false`
When generating Nomad's Vault token, we need to ensure that revocation of the
parent token does not revoke Nomad's token. To prevent this behavior we
specify the `-orphan` flag when we create the Nomad's Vault token. All
other tokens generated by Nomad for jobs will be generated using the policy
default of `orphan = false`.
More general information about creating orphan tokens can be found in the
Vault documentation, specifically at
[Token Hierarchies and Orphan Tokens][tokenhierarchy].
More information about creating orphan tokens can be found in
[Vault's Token Hierarchies and Orphan Tokens documentation][tokenhierarchy].
The token can then be set in the server configuration's
[`vault` stanza][config], as a command-line flag, or via an environment
The token can then be set in the server configuration's
[`vault` stanza][config], as a command-line flag, or via an environment
variable.
```