Parameter |
Choices/Defaults |
Comments |
authtype
-
|
Choices:
- token
- userpass
- github
- ldap
- approle
Default:
"token or environment variable `VAULT_AUTHTYPE`"
|
authentication type
|
aws_header
-
|
Default:
"to environment variable `VAULT_AWS_HEADER`"
|
X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks.
|
ca_cert
-
|
Default:
"to environment variable `VAULT_CACERT`"
|
Path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
|
ca_path
-
|
Default:
"to environment variable `VAULT_CAPATH`"
|
Path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate. If ca_cert is specified, its value will take precedence
|
client_cert
-
|
Default:
"to environment variable `VAULT_CLIENT_CERT`"
|
Path to a PEM-encoded client certificate for TLS authentication to the Vault server
|
client_key
-
|
Default:
"to environment variable `VAULT_CLIENT_KEY`"
|
Path to an unencrypted PEM-encoded private key matching the client certificate
|
display_name
-
|
|
A display name to associate with this token
|
explicit_max_ttl
-
|
|
An explicit maximum lifetime for the token
|
id
-
|
|
The token value that clients will use to authenticate with vault
|
lease
-
|
|
If specified, the lease time will be this value. (e.g. 1h)
|
login_mount_point
-
|
Default:
"value of authtype or environment varialbe `VAULT_LOGIN_MOUNT_POINT`"
|
authentication mount point
|
metadata
-
|
|
Metadata to associate with the token
|
namespace
-
|
Default:
"to environment variable VAULT_NAMESPACE"
|
namespace for vault
|
no_default_policy
-
|
Default:
"no"
|
If specified, the token will not have the "default" policy included in its policy set
|
no_parent
-
|
|
If specified, the token will have no parent
|
num_uses
-
|
|
The number of times this token can be used until it is automatically revoked
|
orphan
-
|
|
If specified, the token will have no parent. Only This prevents the new token from being revoked with your token.
|
password
-
|
Default:
"to environment variable `VAULT_PASSWORD`"
|
password to login to vault.
|
period
-
|
|
If specified, every renewal will use the given period. Periodic tokens do not expire (unless explicit_max_ttl is also provided).
|
policies
-
|
|
List of Policy to associate with this token.
|
renewable
-
|
|
Whether or not the token is renewable to extend its TTL up to Vault's configured maximum TTL for tokens
|
role
-
|
|
If set, the token will be created against the named role
|
token
-
|
Default:
"to environment variable `VAULT_TOKEN`"
|
token for vault
|
ttl
-
|
|
Initial TTL to associate with the token; renewals can extend this value.
|
url
-
|
Default:
"to environment variable `VAULT_ADDR`"
|
url for vault
|
username
-
|
Default:
"to environment variable `VAULT_USER`"
|
username to login to vault.
|
verify
-
|
Default:
"to environment variable `VAULT_SKIP_VERIFY`"
|
If set, do not verify presented TLS certificate before communicating with Vault server. Setting this variable is not recommended except during testing
|
wrap_ttl
-
|
|
Indicates that the response should be wrapped in a cubbyhole token with the requested TTL.
|