scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 03:27:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: adds more targeted guidance for GCP workload identity (#24620)

Browse Source 
* docs: adds more targeted guidance for GCP workload identity

* hopefully fix markdown
This commit is contained in:
Austin Gebauer
2023-12-21 10:25:08 -08:00
committed by GitHub
parent 082d2a6412
commit 84bc8b1743
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
website/content/docs/secrets/gcp.mdx
View File

@@ -453,14 +453,16 @@ Cloud][cloud-creds]. In addition to specifying `credentials` directly via Vault
configuration, you can also get configuration from the following values **on the configuration, you can also get configuration from the following values **on the
Vault server**: Vault server**:
1. The environment variables `GOOGLE_APPLICATION_CREDENTIALS`. This is specified 1. The `GOOGLE_APPLICATION_CREDENTIALS` environment variable. This is specified
as the **path** to a Google Cloud credentials file, typically for a service as the **path** to a Google Cloud credentials file, typically for a service
account. If this environment variable is present, the resulting credentials are account. If this environment variable is present, the resulting credentials are
used. If the credentials are invalid, an error is returned. used. If the credentials are invalid, an error is returned.
1. Default instance credentials. When no environment variable is present, the 1. The identity of a Google Cloud [workload][workloads-ids]. When Vault server is running
default service account credentials are used. This is useful when running Vault on a Google workload like [Google Compute Engine][gce] or [Google Kubernetes Engine][gke],
on [Google Compute Engine][gce] or [Google Kubernetes Engine][gke] identity associated with the workload is automatically used. To configure Google Compute
Engine with an identity, see [attached service accounts][attached-service-accounts]. To
configure Google Kubernetes Engine with an identity, see [GKE workload identity][gke-workload-ids].
For more information on service accounts, please see the [Google Cloud Service For more information on service accounts, please see the [Google Cloud Service
Accounts documentation][service-accounts]. Accounts documentation][service-accounts].
@@ -692,6 +694,9 @@ for more details.
[resource-name-relative]: https://cloud.google.com/apis/design/resource_names#relative_resource_name [resource-name-relative]: https://cloud.google.com/apis/design/resource_names#relative_resource_name
[quotas]: https://cloud.google.com/compute/quotas [quotas]: https://cloud.google.com/compute/quotas
[service-accounts]: https://cloud.google.com/compute/docs/access/service-accounts [service-accounts]: https://cloud.google.com/compute/docs/access/service-accounts
[workloads-ids]: https://cloud.google.com/iam/docs/workload-identities
[attached-service-accounts]: https://cloud.google.com/iam/docs/workload-identities#attached-service-accounts
[gke-workload-ids]: https://cloud.google.com/iam/docs/workload-identities#kubernetes-workload-identity
## Upgrade guides ## Upgrade guides