diff --git a/website/source/docs/agent/cloud-auto-join.html.md b/website/source/docs/agent/cloud-auto-join.html.md index 5fe41179ae..19b3a6ea71 100644 --- a/website/source/docs/agent/cloud-auto-join.html.md +++ b/website/source/docs/agent/cloud-auto-join.html.md @@ -123,6 +123,8 @@ When using tags the only permission needed is `Microsoft.Network/networkInterfac When using Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`. +~> **Note:** If the Consul cluster is hosted on Azure, Consul can use Managed Service Identities (MSI) to access Azure instead of an environment variable and shared client id and secret. MSI must be enabled on the VMs hosting Consul, and it is the preferred configuration since MSI prevents your Azure credentials from being stored in Consul configuration. This feature is supported from Consul 1.7 and above. + ### Google Compute Engine This returns the first private IP address of all servers in the given @@ -402,4 +404,4 @@ $ consul agent -retry-join "provider=k8s label_selector=\"app=consul,component=s - `field_selector` (optional) - the field selector for matching pods. The Kubernetes token used by the provider needs to have permissions to list pods -in the desired namespace. \ No newline at end of file +in the desired namespace.