update connect/ca's vault AuthMethod conf section

Added list of supported types to Type field. Updated Params field to re-frame as supporting arguments specific to the supported vault-agent auth-auth methods with links to each methods "#configuration" section. Included a Note box to call out limits on parameters supported.
hashicorp · Feb 28, 2023 · f8570df · f8570df
1 parent 6db445b
commit f8570df
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/website/content/docs/connect/ca/vault.mdx b/website/content/docs/connect/ca/vault.mdx
@@ -94,17 +94,14 @@ The key after the slash refers to the corresponding option name in the agent con
   on how to configure individual auth methods. If auth method is provided, Consul will obtain
   a new token from Vault when the token can no longer be renewed.
 
-   - `Type`/ `type` (`string: ""`) - The type of Vault auth method.
+   - `Type`/ `type` (`string: ""`) - The type of Vault auth method. Valid options are "approle", "aws", "azure", "gcp", "jwt" and "kubernetes".
 
    - `MountPath`/ `mount_path` (`string: <AuthMethod.Type>`) - The mount path of the auth method.
       If not provided the auth method type will be used as the mount path.
 
-   - `Params`/`params` (`map: nil`) - The parameters to configure the auth method. Please see
-    [Vault Auth Methods](/vault/docs/auth) for information on how to configure the
-    auth method you wish to use. If using the Kubernetes auth method,
-    Consul will read the service account token from the
-    default mount path `/var/run/secrets/kubernetes.io/serviceaccount/token` if the `jwt` parameter
-    is not provided.
+   - `Params`/`params` (`map: nil`) - The parameters to configure the auth method. The configuration parameters needed will depend on which auth type you are using. Please see the Vault Agent, auto-auth method documentation for details on their configuration options: [AppRole](https://developer.hashicorp.com/vault/docs/agent/autoauth/methods/approle#configuration), [AWS](https://developer.hashicorp.com/vault/docs/agent/autoauth/methods/aws#configuration), [Azure](https://developer.hashicorp.com/vault/docs/agent/autoauth/methods/azure#configuration), [GCP](https://developer.hashicorp.com/vault/docs/agent/autoauth/methods/gcp#configuration), [JWT](https://developer.hashicorp.com/vault/docs/agent/autoauth/methods/jwt#configuration), [Kubernetes](https://developer.hashicorp.com/vault/docs/agent/autoauth/methods/kubernetes#configuration).
+
+   ~> **Note:** Only the authentication related fields are supported, not the optional management fields. E.g. JWT's `path` and `role` are supported but not its `remove_jwt_after_reading` field.
 
 - `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to
   a PKI secrets engine for the root certificate.