Update Vault credential library templating section (#2679)

* Update Vault credential library templating section

* Add request body to intro

* Update website/content/docs/concepts/domain-model/credential-libraries.mdx

Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>

* Minor rewrite

Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>
pull/2699/head
Dan Heath 3 years ago committed by GitHub
parent 07a823c520
commit 70a1302cd9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -39,25 +39,18 @@ A Vault credential library has the following additional attributes:
### Vault Credential Library Parameter Templating
Some of the secrets engines that generate dynamic users for external systems provide the ability for Vault operators to customize how usernames are generated for those external systems.
For more information, refer to [Username Templating](https://developer.hashicorp.com/vault/docs/concepts/username-templating/).
In some cases it can be useful to provide information about a Boundary user or account when making a call to Vault. For example, this can allow picking the correct role when asking for database credentials (if roles are separated per-user), or providing a value to encode in an X.509 certificate generated by Vault. As of Boundary 0.11.1, you can template user and account information into either the path in Vault, the `POST` request body, or both.
The following Vault template parameters are supported in Boundary.
Note that account values are tied to the account associated with the token used to make the call:
- `{{.User.Id}}` - The user's ID.
Prior to Boundary 0.11.1, `{{user.id}}` must be used instead.
Boundary 0.11.1+ changes this for consistency with other places within Boundary that are gaining templating support, but supports both formats for backwards compatibility.
- `{{.User.Name}}` - The user's name from the user resource.
- `{{.User.FullName}}` - The user's name from the account corresponding to the primary auth method in the user's scope.
This value may not be populated, or it may be different from the account name used in the template.
- `{{.User.Email}}` - The user's email address from the account corresponding to the primary auth method in the user's scope.
This value may not be populated, or it may be different from the account name used in the template.
- `{{.Account.Id}}` - The account's ID.
Prior to Boundary 0.11.1, `{{account.id}}` must be used instead.
Boundary 0.11.1+ changes this for consistency with other places within Boundary that are gaining templating support, but supports both formats for backwards compatibility.
- `{{.Account.Name}}` - The name of the account from the account resource.
- `{{.Account.LoginName}}` - The account's login name, if a login name is used by that type of account.
- `{{.Account.Subject}}` - The account's subject, if a subject is used by that type of account.

Loading…
Cancel
Save