Skip to content
This repository has been archived by the owner on Jul 1, 2024. It is now read-only.

Commit

Permalink
typo + expiration clarification
Browse files Browse the repository at this point in the history
  • Loading branch information
@glena
glena committed May 16, 2024
1 parent d119521 commit ba2743d
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions themes/default/content/docs/pulumi-cloud/deployments/customer-managed-agents.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,13 +46,13 @@ If you are running the agent inside a firewall ensure to allow outbound requests

### Leveraging OpenID Authentication

It is possible to use OpenID authentication to fetch Pulumi Pool tokens dynamically instead ofconfiguring a static token for the agents. You must first register the OpenID provider as a trusted OIDC issuer in your Pulumi account, as documented at [OIDC documentation](/docs/pulumi-cloud/oidc/client).
It is possible to use OpenID authentication to fetch Pulumi Pool tokens dynamically instead of configuring a static token for the agents. You must first register the OpenID provider as a trusted OIDC issuer in your Pulumi account, as documented at [OIDC documentation](/docs/pulumi-cloud/oidc/client).

After registering the provider, this other information is required by the agent:

- `organization_name`: your Pulumi Organization name
- `runner_pool_id`: the pool ID that the instance will connect to
- `token_expiration` (optional): the expiration for the tokens requested by the agent
- `token_expiration` (optional): the expiration in seconds for the tokens requested by the agent
- `oidc_token_file`: the location of the file where the OIDC token will be dumped

The agent will attempt to read the `oidc_token_file` for a fresh OIDC token and exchange it automatically for a Pulumi token every time the Pulumi token expires.
Expand Down

0 comments on commit ba2743d

Please sign in to comment.