upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-28 04:10:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Update identity token docs (#7195)

Browse source
This commit is contained in:
Jim Kalafut 2019-07-26 09:59:38 -07:00 committed by GitHub
parent e5ac01deb8
commit 7992bdcafc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
website/source/api/secret/identity/tokens.html.md
View file

@ -91,7 +91,9 @@ This endpoint creates or updates a named key which is used by a role to sign tok
- `verification_ttl` `(int or time string: "24h")` - Controls how long the public portion of a signing key will be available for verification after being rotated.
- `algorithm` `(string: "RS256")` - Signing algorithm to use. This will default to `"RS256"`, and is currently the only allowed value.
- `allowed_client_ids` `(list: [])` - Array of role client ids allowed to use this key for signing. If empty, no roles are allowed. If "*", all roles are allowed.
- `algorithm` `(string: "RS256")` - Signing algorithm to use. Allowed values are: RS256 (default), RS384, RS512, ES256, ES384, ES512, EdDSA.
### Sample Payload

17
website/source/docs/secrets/identity/index.html.md
View file

@ -167,12 +167,17 @@ verify the signature. Key are regularly rotated, whereby a new key pair is
generated and the previous _public_ key is retained for a limited time for
verification purposes.
A named key's configuration specifies a rotation period, a verification ttl, and
signing algorithm. Rotation period specifies the frequency at which a new
signing key is generated and the private portion of the previous signing key is
deleted. Verification ttl is the time a public key is retained for verification,
after being rotated. By default, keys are rotated every 24 hours, and continue
to be available for verification for 24 hours after their rotation.
A named key's configuration specifies a rotation period, a verification ttl,
signing algorithm and allowed client IDs. Rotation period specifies the
frequency at which a new signing key is generated and the private portion of the
previous signing key is deleted. Verification ttl is the time a public key is
retained for verification, after being rotated. By default, keys are rotated
every 24 hours, and continue to be available for verification for 24 hours after
their rotation.
A key's list of allowed client IDs limits which roles may reference the key. The
parameter may be set to `*` to allow all roles. The validity evaluation is made
when a token is requested, not during configuration.
### Token Contents and Templates