You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running Vault with the CAP_IPC_LOCK capability set (the default), this plugin won't work unless the plugin binary file also has the capability set using the setcap cap_ipc_lock=+ep $VAULT_CIRCLECI_AUTH_PLUGIN_PATH.
The vault Docker image runs the above mentioned command on the vault binary file, and only that file, which rules out a scheme where the plugin binary file is volume mounted into the Docker container running Vault. The alternative is to build a Docker image based on the vault Docker image then adds the plugin binary file, and extends the entry point script so that it also sets the capability on the plugin binary file.
The text was updated successfully, but these errors were encountered:
When running Vault with the CAP_IPC_LOCK capability set (the default), this plugin won't work unless the plugin binary file also has the capability set using the
setcap cap_ipc_lock=+ep $VAULT_CIRCLECI_AUTH_PLUGIN_PATH.The vault Docker image runs the above mentioned command on the
vaultbinary file, and only that file, which rules out a scheme where the plugin binary file is volume mounted into the Docker container running Vault. The alternative is to build a Docker image based on the vault Docker image then adds the plugin binary file, and extends the entry point script so that it also sets the capability on the plugin binary file.The text was updated successfully, but these errors were encountered: