summaryrefslogtreecommitdiff
path: root/doc/integration/vault.md
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-02-18 10:34:06 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-02-18 10:34:06 +0000
commit859a6fb938bb9ee2a317c46dfa4fcc1af49608f0 (patch)
treed7f2700abe6b4ffcb2dcfc80631b2d87d0609239 /doc/integration/vault.md
parent446d496a6d000c73a304be52587cd9bbc7493136 (diff)
downloadgitlab-ce-859a6fb938bb9ee2a317c46dfa4fcc1af49608f0.tar.gz
Add latest changes from gitlab-org/gitlab@13-9-stable-eev13.9.0-rc42
Diffstat (limited to 'doc/integration/vault.md')
-rw-r--r--doc/integration/vault.md21
1 files changed, 12 insertions, 9 deletions
diff --git a/doc/integration/vault.md b/doc/integration/vault.md
index 3c49cd47509..362ae36389b 100644
--- a/doc/integration/vault.md
+++ b/doc/integration/vault.md
@@ -18,12 +18,15 @@ The following assumes you already have Vault installed and running.
1. **Get the OpenID Connect client ID and secret from GitLab:**
- First you must create a GitLab application to obtain an application ID and secret for authenticating into Vault. To do this, sign in to GitLab and follow these steps:
-
- 1. On GitLab, click your avatar on the top-right corner, and select your user **Settings > Applications**.
- 1. Fill out the application **Name** and [**Redirect URI**](https://www.vaultproject.io/docs/auth/jwt#redirect-uris),
- making sure to select the **OpenID** scope.
- 1. Save application.
+ First you must create a GitLab application to obtain an application ID and secret for authenticating into Vault.
+ To do this, sign in to GitLab and follow these steps:
+
+ 1. In the top-right corner, select your avatar.
+ 1. Select **Edit profile**.
+ 1. In the left sidebar, select **Applications**.
+ 1. Fill out the application **Name** and [**Redirect URI**](https://www.vaultproject.io/docs/auth/jwt#redirect-uris).
+ 1. Select the **OpenID** scope.
+ 1. Select **Save application**.
1. Copy client ID and secret, or keep the page open for reference.
![GitLab OAuth provider](img/gitlab_oauth_vault_v12_6.png)
@@ -44,7 +47,7 @@ The following assumes you already have Vault installed and running.
Success! Enabled oidc auth method at: oidc/
```
-1. **Write the OIDC config:**
+1. **Write the OIDC configuration:**
Next, Vault needs to be given the application ID and secret generated by GitLab.
@@ -67,7 +70,7 @@ The following assumes you already have Vault installed and running.
Success! Data written to: auth/oidc/config
```
-1. **Write the OIDC Role Config:**
+1. **Write the OIDC Role Configuration:**
Now that Vault has a GitLab application ID and secret, it needs to know the [**Redirect URIs**](https://www.vaultproject.io/docs/auth/jwt#redirect-uris) and scopes given to GitLab during the application creation process. The redirect URIs need to match where your Vault instance is running. The `oidc_scopes` field needs to include the `openid`. Similarly to the previous step, replace `your_application_id` with the generated application ID from GitLab:
@@ -108,7 +111,7 @@ The following assumes you already have Vault installed and running.
Here's a short explanation of what this command does:
- 1. In the **Write the OIDC Role Config** (step 4), we created a role called
+ 1. In the **Write the OIDC Role Configuration** (step 4), we created a role called
`demo`. We set `role=demo` so Vault knows which configuration we'd like to
sign in with.
1. To set Vault to use the `OIDC` sign-in method, we set `-method=oidc`.