From 2b0713b34d41c03c5d9cec8eaa0a4cfc2de5150b Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Tue, 13 Oct 2020 13:56:56 -0700 Subject: [PATCH] docs: Add a note about auto-renewing the Vault token --- website/pages/docs/agent/options.mdx | 5 ++++- website/pages/docs/connect/ca/vault.mdx | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/website/pages/docs/agent/options.mdx b/website/pages/docs/agent/options.mdx index 9d68480e73..34cae896c2 100644 --- a/website/pages/docs/agent/options.mdx +++ b/website/pages/docs/agent/options.mdx @@ -1230,7 +1230,10 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." - `address` ((#vault_ca_address)) The address of the Vault server to connect to. - - `token` ((#vault_ca_token)) The Vault token to use. + - `token` ((#vault_ca_token)) The Vault token to use. In Consul 1.8.5 and later, if + the token has the [renewable](https://www.vaultproject.io/api-docs/auth/token#renewable) + flag set, Consul will attempt to renew its lease periodically after half the + duration has expired. - `root_pki_path` ((#vault_ca_root_pki)) The path to use for the root CA pki backend in Vault. This can be an existing backend with a CA already diff --git a/website/pages/docs/connect/ca/vault.mdx b/website/pages/docs/connect/ca/vault.mdx index 93e579ac0b..3df75c88d8 100644 --- a/website/pages/docs/connect/ca/vault.mdx +++ b/website/pages/docs/connect/ca/vault.mdx @@ -57,7 +57,11 @@ is used if you're adding configuring to the agent's configuration file. - `Token` / `token` (`string: `) - A token for accessing Vault. This is write-only and will not be exposed when reading the CA configuration. - This token must have proper privileges for the PKI paths configured. + This token must have proper privileges for the PKI paths configured. In Consul + 1.8.5 and later, if the token has the [renewable] + (https://www.vaultproject.io/api-docs/auth/token#renewable) + flag set, Consul will attempt to renew its lease periodically after half the + duration has expired. - `RootPKIPath` / `root_pki_path` (`string: `) - The path to a PKI secrets engine for the root certificate. If the path doesn't