A new platform for documentation and tutorials is launching soon.

We are migrating Vault documentation into HashiCorp Developer, our new developer experience.

Join Now
Type '/' to Search

»Vault Agent Auto-Auth Cert Method

The cert method uses the configured TLS certificates from the vault stanza of the agent configuration and takes an optional name parameter. There is no option to use certificates which differ from those used in the vault stanza.

It is strongly advised to provide TLS settings in the configuration stanza within the auth method to avoid agent cache, if also enabled, from using the same TLS settings when proxying requests. If TLS settings are not present in the config stanza, Agent will fall back to using TLS settings from the vault Stanza.

»Configuration

  • name (string: optional) - The trusted certificate role which should be used when authenticating with TLS. If a name is not specified, the auth method will try to authenticate against all trusted certificates.

  • ca_cert (string: optional) - Path on the local disk to a single PEM-encoded CA certificate to verify the Vault server's SSL certificate.

  • client_cert (string: optional) - Path on the local disk to a single PEM-encoded client certificate to use for cert auth method authentication.

  • client_key (string: optional) - Path on the local disk to a single PEM-encoded private key matching the client certificate from client_cert.