add vault_addr section to va config info (#28962)

* add vault_addr section to va config info * Apply suggestions from code review Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com> --------- Co-authored-by: Brian Shumate <brianshumate@users.noreply.github.com>
2025-11-02 03:27:54 +00:00 · 2024-11-22 13:23:13 -06:00
parent 1282c3c68e
commit e02d02f9fa
1 changed files with 12 additions and 0 deletions
--- a/website/content/docs/agent-and-proxy/agent/index.mdx
+++ b/website/content/docs/agent-and-proxy/agent/index.mdx
@@ -298,6 +298,18 @@ runtime metrics about its performance, the auto-auth and the cache status:
 | `vault.agent.cache.hit`          | Number of cache hits                                 | counter |
 | `vault.agent.cache.miss`         | Number of cache misses                               | counter |

+### IMPORTANT: `VAULT_ADDR` usage
+
+If you export the `VAULT_ADDR` environment variable on the Vault Agent instance, that value takes precedence over the value in the configuration file. The Vault Agent uses that to connect to Vault and this can create an infinite loop where the value of `VAULT_ADDR` is used to make a connection, and the Vault Agent ends up trying to connect to itself instead of the server.
+
+When the connection fails, the Vault Agent increments the port and tries again. The agent repeats these attempts, which leads to port exhaustion.
+
+This problem is a result of the precedence order of the 3 different ways to configure the Vault address. They are, in increasing order of priority:
+
+1. Configuration files
+1. Environment variables
+1. CLI flags
+
 ## Start Vault Agent

 To run Vault Agent: