scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 09:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Azure Auth - rotate-root documentation (#18780)

Browse Source 
* add documentation for rotate root

* commit suggestions

* move api permissions section
This commit is contained in:
Milena Zlaticanin
2023-02-08 18:14:28 -07:00
committed by GitHub
parent 0445667b60
commit 8958d00263
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
website/content/api-docs/auth/azure.mdx
View File

@@ -111,6 +111,28 @@ $ curl \
https://127.0.0.1:8200/v1/auth/azure/config
```
## Rotate Root
This endpoint generates a new client secret for the root account defined in the config. The
value generated will only be known by Vault.
| Method | Path |
| :----- | :------------------- |
| `POST` | `/azure/rotate-root` |
### Parameters
There are no parameters to this operation.
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
https://127.0.0.1:8200/v1/auth/azure/rotate-root
```
## Create Role
Registers a role in the method. Role types have specific entities

11
website/content/docs/auth/azure.mdx
View File

@@ -39,6 +39,8 @@ The following Azure [role assignments](https://learn.microsoft.com/en-us/azure/r
must be granted to the Azure AD application in order for the auth method to access Azure
APIs during authentication.
### Role Assignments
~> **Note:** The role assignments are only required when the
[`vm_name`](/vault/api-docs/auth/azure#vm_name), [`vmss_name`](/vault/api-docs/auth/azure#vmss_name),
or [`resource_id`](/vault/api-docs/auth/azure#resource_id) parameters are used on login.
@@ -54,6 +56,15 @@ or [`resource_id`](/vault/api-docs/auth/azure#resource_id) parameters are used o
[vmss-flex]: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#scale-sets-with-flexible-orchestration
[managed-identities]: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identities-status
### API Permissions
The following [API permissions](https://learn.microsoft.com/en-us/azure/active-directory/develop/permissions-consent-overview#types-of-permissions)
must be assigned to the service principal provided to Vault for managing the root rotation in Azure:
| Permission Name | Type |
| ----------------------------- | ----------- |
| Application.ReadWrite.All | Application |
## Authentication
### Via the CLI