Vault Auto-Auth OCI (Oracle Cloud infrastructure) method
The oci
method performs authentication against the OCI Auth
method.
Credentials
The method use to authenticate is set using the type
parameter. Valid values are apikey
to authenticate using
API Key credentials and instance
for Instance Principal credentials.
If apikey
is used, the Vault agent will use the first credential it can successfully obtain in the following order:
- Environment variables:
- Configuration file in
$HOME/.oci/config
- Path to configuration file defined in the
OCI_CONFIG_FILE
environment variable - Configuration file in
$HOME/.obmcs/config
Wherever possible, we recommend using instance principal for credentials. These are rotated automatically by OCI
and require no effort on your part to provision, making instance principal the most secure of the three methods. If
using instance principal and a custom credential_poll_interval
, be sure the frequency is set to a value that is less
than OCI's rotation frequency. This is currently documented as
multiple times a day,
but from experience, credentials are rotated every 10 to 15 minutes.
Configuration
General
type
(string: required)
- The type of authentication to use. Valid values areapikey
andinstance
.role
(string: required)
- The role to authenticate against on Vault.credential_poll_interval
(duration: "60s", optional)
- In seconds, how frequently the Vault auto-auth method should check for new credentials.