mirror of
https://github.com/hashicorp/vault-action.git
synced 2025-11-09 08:06:55 +00:00
Add retryVaultTokenRetrieval input to README
This commit is contained in:
Max Wagner
parent
5fc6aa310b
commit
c1b8c73d07
1 changed files with 30 additions and 28 deletions
52
README.md
52
README.md
|
|
@ -420,31 +420,33 @@ steps:
|
|||
|
||||
Here are all the inputs available through `with`:
|
||||
|
||||
| Input | Description | Default | Required |
|
||||
| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -------- |
|
||||
| `url` | The URL for the vault endpoint | | ✔ |
|
||||
| `secrets` | A semicolon-separated list of secrets to retrieve. These will automatically be converted to environmental variable keys. See README for more details | | |
|
||||
| `namespace` | The Vault namespace from which to query secrets. Vault Enterprise only, unset by default | | |
|
||||
| `method` | The method to use to authenticate with Vault. | `token` | |
|
||||
| `role` | Vault role for specified auth method | | |
|
||||
| `path` | Custom vault path, if the auth method was enabled at a different path | | |
|
||||
| `token` | The Vault Token to be used to authenticate with Vault | | |
|
||||
| `roleId` | The Role Id for App Role authentication | | |
|
||||
| `secretId` | The Secret Id for App Role authentication | | |
|
||||
| `githubToken` | The Github Token to be used to authenticate with Vault | | |
|
||||
| `jwtPrivateKey` | Base64 encoded Private key to sign JWT | | |
|
||||
| `jwtKeyPassword` | Password for key stored in jwtPrivateKey (if needed) | | |
|
||||
| `jwtGithubAudience` | Identifies the recipient ("aud" claim) that the JWT is intended for |`sigstore`| |
|
||||
| `jwtTtl` | Time in seconds, after which token expires | | 3600 |
|
||||
| `kubernetesTokenPath` | The path to the service-account secret with the jwt token for kubernetes based authentication |`/var/run/secrets/kubernetes.io/serviceaccount/token` | |
|
||||
| `authPayload` | The JSON payload to be sent to Vault when using a custom authentication method. | | |
|
||||
| `extraHeaders` | A string of newline separated extra headers to include on every request. | | |
|
||||
| `exportEnv` | Whether or not export secrets as environment variables. | `true` | |
|
||||
| `exportToken` | Whether or not export Vault token as environment variables (i.e VAULT_TOKEN). | `false` | |
|
||||
| `caCertificate` | Base64 encoded CA certificate the server certificate was signed with. | | |
|
||||
| `clientCertificate` | Base64 encoded client certificate the action uses to authenticate with Vault when mTLS is enabled. | | |
|
||||
| `clientKey` | Base64 encoded client key the action uses to authenticate with Vault when mTLS is enabled. | | |
|
||||
| `tlsSkipVerify` | When set to true, disables verification of server certificates when testing the action. | `false` | |
|
||||
| Input | Description | Default | Required |
|
||||
| -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | -------- |
|
||||
| `url` | The URL for the vault endpoint | | ✔ |
|
||||
| `secrets` | A semicolon-separated list of secrets to retrieve. These will automatically be converted to environmental variable keys. See README for more details | | |
|
||||
| `namespace` | The Vault namespace from which to query secrets. Vault Enterprise only, unset by default | | |
|
||||
| `method` | The method to use to authenticate with Vault. | `token` | |
|
||||
| `role` | Vault role for specified auth method | | |
|
||||
| `path` | Custom vault path, if the auth method was enabled at a different path | | |
|
||||
| `token` | The Vault Token to be used to authenticate with Vault | | |
|
||||
| `roleId` | The Role Id for App Role authentication | | |
|
||||
| `secretId` | The Secret Id for App Role authentication | | |
|
||||
| `githubToken` | The Github Token to be used to authenticate with Vault | | |
|
||||
| `jwtPrivateKey` | Base64 encoded Private key to sign JWT | | |
|
||||
| `jwtKeyPassword` | Password for key stored in jwtPrivateKey (if needed) | | |
|
||||
| `jwtGithubAudience` | Identifies the recipient ("aud" claim) that the JWT is intended for | `sigstore` | |
|
||||
| `jwtTtl` | Time in seconds, after which token expires | | 3600 |
|
||||
| `kubernetesTokenPath` | The path to the service-account secret with the jwt token for kubernetes based authentication | `/var/run/secrets/kubernetes.io/serviceaccount/token` | |
|
||||
| `authPayload` | The JSON payload to be sent to Vault when using a custom authentication method. | | |
|
||||
| `extraHeaders` | A string of newline separated extra headers to include on every request. | | |
|
||||
| `exportEnv` | Whether or not export secrets as environment variables. | `true` | |
|
||||
| `exportToken` | Whether or not export Vault token as environment variables (i.e VAULT_TOKEN). | `false` | |
|
||||
| `caCertificate` | Base64 encoded CA certificate the server certificate was signed with. | | |
|
||||
| `clientCertificate` | Base64 encoded client certificate the action uses to authenticate with Vault when mTLS is enabled. | | |
|
||||
| `clientKey` | Base64 encoded client key the action uses to authenticate with Vault when mTLS is enabled. | | |
|
||||
| `tlsSkipVerify` | When set to true, disables verification of server certificates when testing the action. | `false` | |
|
||||
| `retryVaultTokenRetrieval` | When set to true, attempts to authenticate with Vault will be retried when an HTTP error occurs | `false` | |
|
||||
|
||||
|
||||
## Masking - Hiding Secrets from Logs
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue