From bdcdce4cff71d1642e249cdcd1cbb8b784770108 Mon Sep 17 00:00:00 2001 From: Ben McClelland Date: Mon, 10 Jun 2024 20:35:09 -0700 Subject: [PATCH] fix: add vault iam service docs to systemd service config --- extra/example.conf | 48 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 14 deletions(-) diff --git a/extra/example.conf b/extra/example.conf index ef017003..f84213cc 100644 --- a/extra/example.conf +++ b/extra/example.conf @@ -190,20 +190,25 @@ ROOT_SECRET_ACCESS_KEY= # as a dedicated IAM service. #VGW_IAM_DIR= -# The ldap options will enable the LDAP IAM service with accounts stored in an -# external LDAP service. The VGW_IAM_LDAP_ACCESS_ATR, VGW_IAM_LDAP_SECRET_ATR, -# and VGW_IAM_LDAP_ROLE_ATR define the LDAP attributes that map to access, -# secret credentials and role respectively. The other options are used to -# connect to the LDAP service. -#VGW_IAM_LDAP_URL= -#VGW_IAM_LDAP_BASE_DN= -#VGW_IAM_LDAP_BIND_DN= -#VGW_IAM_LDAP_BIND_PASS= -#VGW_IAM_LDAP_QUERY_BASE= -#VGW_IAM_LDAP_OBJECT_CLASSES= -#VGW_IAM_LDAP_ACCESS_ATR= -#VGW_IAM_LDAP_SECRET_ATR= -#VGW_IAM_LDAP_ROLE_ATR= +# The Vault options will enable the Vault IAM service with accounts stored in +# the HashiCorp Vault service. The Vault URL is the address and port of the +# Vault server with the format :. A root taken can be used for +# testing, but it is recommended to use the role based authentication in +# production. The Vault server certificate, client certificate, and client +# certificate key are optional, and will default to not verifying the server +# certificate and not using client certificates. The Vault server certificate +# is used to verify the Vault server, and the client certificate and key are +# used to authenticate the gateway to the Vault server. See wiki documentation +# for an example of using Vault in dev mode with the gateway. +#VGW_IAM_VAULT_ENDPOINT_URL= +#VGW_IAM_VAULT_SECRET_STORAGE_PATH= +#VGW_IAM_VAULT_MOUNT_PATH= +#VGW_IAM_VAULT_ROOT_TOKEN= +#VGW_IAM_VAULT_ROLE_ID= +#VGW_IAM_VAULT_ROLE_SECRET= +#VGW_IAM_VAULT_SERVER_CERT= +#VGW_IAM_VAULT_CLIENT_CERT= +#VGW_IAM_VAULT_CLIENT_CERT_KEY= # The VGW_S3 IAM service is similar to the internal IAM service, but instead # stores the account information JSON encoded in an S3 object. This should use @@ -218,6 +223,21 @@ ROOT_SECRET_ACCESS_KEY= #VGW_S3_IAM_BUCKET= #VGW_S3_IAM_NO_VERIFY= +# The LDAP options will enable the LDAP IAM service with accounts stored in an +# external LDAP service. The VGW_IAM_LDAP_ACCESS_ATR, VGW_IAM_LDAP_SECRET_ATR, +# and VGW_IAM_LDAP_ROLE_ATR define the LDAP attributes that map to access, +# secret credentials and role respectively. The other options are used to +# connect to the LDAP service. +#VGW_IAM_LDAP_URL= +#VGW_IAM_LDAP_BASE_DN= +#VGW_IAM_LDAP_BIND_DN= +#VGW_IAM_LDAP_BIND_PASS= +#VGW_IAM_LDAP_QUERY_BASE= +#VGW_IAM_LDAP_OBJECT_CLASSES= +#VGW_IAM_LDAP_ACCESS_ATR= +#VGW_IAM_LDAP_SECRET_ATR= +#VGW_IAM_LDAP_ROLE_ATR= + ############### # IAM caching # ###############