From dd1ba4a79e4d462ab35cf7e5fbbde7be1c2cb40a Mon Sep 17 00:00:00 2001 From: Armon Dadgar Date: Mon, 27 Apr 2015 12:38:04 -0700 Subject: [PATCH] website: Adding CIDR block config to app-id --- website/source/docs/auth/app-id.html.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/website/source/docs/auth/app-id.html.md b/website/source/docs/auth/app-id.html.md index 111d0a6f9f..6fdfcc9bbc 100644 --- a/website/source/docs/auth/app-id.html.md +++ b/website/source/docs/auth/app-id.html.md @@ -79,14 +79,15 @@ example is shown below, use `vault help` for more details. $ vault write auth/app-id/map/app-id/foo value=root display_name=foo ... -$ vault write auth/app-id/map/user-id/bar value=foo +$ vault write auth/app-id/map/user-id/bar value=foo cidr_block=10.0.0.0/16 ... ``` The above creates an App ID "foo" that associates with the policy "root". The `display_name` sets the display name for audit logs and secrets. Next, we configure the user ID "bar" and say that the user ID bar -can be paired with "foo". +can be paired with "foo" but only in client is in the "10.0.0.0/16" CIDR block. +The `cidr_block` configuration is optional. This means that if a client authenticates and provide both "foo" and "bar", then the app ID will authenticate that client with the policy "root".