Skip to content

Commit e735727

Browse files
Anders ÅstrandAndersAstrand
Anders Åstrand
authored and
AndersAstrand
committed
Do not encourage root token use for vault
We should probably not encourage anyone to use a root token for vault keyring providers. We use "secret_token" elsewhere, so use that consistently.
1 parent b7d2f15 commit e735727

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

contrib/pg_tde/documentation/docs/multi-tenant-setup.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -83,14 +83,14 @@ You must do these steps for every database where you have created the extension.
8383
The Vault server setup is out of scope of this document.
8484
8585
```sql
86-
SELECT pg_tde_add_database_key_provider_vault_v2('provider-name','root_token','url','mount','ca_path');
86+
SELECT pg_tde_add_database_key_provider_vault_v2('provider-name','secret_token','url','mount','ca_path');
8787
```
8888
8989
where:
9090
9191
* `url` is the URL of the Vault server
9292
* `mount` is the mount point where the keyring should store the keys
93-
* `root_token` is an access token with read and write access to the above mount point
93+
* `secret_token` is an access token with read and write access to the above mount point
9494
* [optional] `ca_path` is the path of the CA file used for SSL verification
9595
9696
<i warning>:material-information: Warning:</i> This example is for testing purposes only:

contrib/pg_tde/documentation/docs/setup.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -77,14 +77,14 @@ Load the `pg_tde` at startup time. The extension requires additional shared memo
7777
The Vault server setup is out of scope of this document.
7878
7979
```
80-
SELECT pg_tde_add_global_key_provider_vault_v2('provider-name','root_token','url','mount','ca_path');
80+
SELECT pg_tde_add_global_key_provider_vault_v2('provider-name','secret_token','url','mount','ca_path');
8181
```
8282
8383
where:
8484
8585
* `url` is the URL of the Vault server
8686
* `mount` is the mount point where the keyring should store the keys
87-
* `root_token` is an access token with read and write access to the above mount point
87+
* `secret_token` is an access token with read and write access to the above mount point
8888
* [optional] `ca_path` is the path of the CA file used for SSL verification
8989
9090
<i warning>:material-information: Warning:</i> This example is for testing purposes only:

0 commit comments

Comments
 (0)