»Vault Agent Auto-Auth AliCloud Method

The alicloud method performs authentication against the AliCloud Auth method.

»Credentials

The Vault agent will use the first credential it can successfully obtain in the following order:

  1. Environment variables
  2. A static credential configuration
  3. Instance metadata (recommended)

Wherever possible, we recommend using instance metadata for credentials. These rotate every hour and require no effort on your part to provision, making instance metadata the most secure of the three methods. If using instance metadata and a custom credential_poll_interval, be sure the frequency is set for less than an hour, because instance metadata credentials expire every hour.

Environment variables are given first precedence to provide the ability to quickly override your configuration.

»Configuration

»General

  • role (string: required) - The role to authenticate against on Vault.

  • region (string: required) - The AliCloud region in which the Vault agent resides. Example: "us-west-1".

  • credential_poll_interval (integer: optional) - In seconds, how frequently the Vault agent should check for new credentials.

»Optional Static Credential Configuration (Not Preferred)

If instance metadata is not available, you may provide credential information through the parameters below.