docs: Update agent autoauth sinks examples (#17229)

2026-06-09 08:55:13 -04:00 · 2022-09-21 14:19:16 -04:00 · 2022-09-21 14:19:16 -04:00 · c3c323d8d8
commit c3c323d8d8
parent d8b7fbd2a4
1 changed files with 125 additions and 3 deletions
--- a/website/content/docs/agent/autoauth/index.mdx
+++ b/website/content/docs/agent/autoauth/index.mdx
@ -198,11 +198,52 @@ These configuration values are common to all Sinks:
 - `config` `(object: required)` - Configuration of the sink itself. See the
  sidebar for information about each sink.

-### Auto Auth Example
+### Auto Auth Examples
+
+Auto-Auth configuration objects take two separate forms when specified in HCL
+and JSON. The following examples are meant to clarify the differences between
+the two formats.
+
+#### Sinks (HCL Format)
+
+The HCL format may define any number of sink objects with an optional wrapping
+`sinks {...}` object.
+
+~> Note: The [corresponding JSON format](#sinks-json-format) _must_ specify a
+`"sinks" : [...]` array to encapsulate all `sink` JSON objects.

 ```hcl
-# Other Vault Agent configuration blocks
-# ...
+// Other Vault Agent configuration blocks
+// ...
+
+auto_auth {
+  method {
+    type = "approle"
+
+    config = {
+      role_id_file_path = "/etc/vault/roleid"
+      secret_id_file_path = "/etc/vault/secretid"
+    }
+  }
+
+  sinks {
+    sink {
+      type = "file"
+
+      config = {
+        path = "/tmp/file-foo"
+      }
+    }
+  }
+}
+```
+
+The following valid HCL omits the wrapping `sinks` object while specifying
+multiple sinks.
+
+```hcl
+// Other Vault Agent configuration blocks
+// ...

 auto_auth {
  method {
@ -221,5 +262,86 @@ auto_auth {
      path = "/tmp/file-foo"
    }
  }
+
+  sink {
+    type = "file"
+
+    config = {
+      path = "/tmp/file-bar"
+    }
+  }
 }
 ```
+
+#### Sinks (JSON format)
+
+The following JSON configuration illustrates the need for a `sinks: [...]` array
+wrapping any number of `sink` objects.
+
+```json
+{
+  "auto_auth" : {
+    "method" : [
+      {
+        type = "approle"
+
+        config = {
+          role_id_file_path = "/etc/vault/roleid"
+          secret_id_file_path = "/etc/vault/secretid"
+        }
+      }
+    ],
+    "sinks" : [
+      {
+        "sink" : {
+          type = "file"
+
+          config = {
+            path = "/tmp/file-foo"
+          }
+        }
+      }
+    ]
+  }
+}
+```
+
+Multiple sinks are defined by appending more `sink` objects within the `sinks`
+array:
+
+```json
+{
+  "auto_auth" : {
+    "method" : [
+      {
+        type = "approle"
+
+        config = {
+          role_id_file_path = "/etc/vault/roleid"
+          secret_id_file_path = "/etc/vault/secretid"
+        }
+      }
+    ],
+    "sinks" : [
+      {
+        "sink" : {
+          type = "file"
+
+          config = {
+            path = "/tmp/file-foo"
+          }
+        }
+      },
+      {
+        "sink" : {
+          type = "file"
+
+          config = {
+            path = "/tmp/file-bar"
+          }
+        }
+      }
+    ]
+  }
+}
+```