Commit 0dd976fb authored by Krasimir Angelov's avatar Krasimir Angelov

Add warning to always restrict scope of Vault role

Roles should be restricted to project or namespace, using one of the
provided claims in CI_JOB_JWT.
parent 8dcdd442
......@@ -153,6 +153,9 @@ Combined with GitLab's [protected branches](../../../user/project/protected_bran
For the full list of options, see Vault's [Create Role documentation](https://www.vaultproject.io/api/auth/jwt#create-role).
CAUTION: **Caution**:
Always restrict your roles to project or namespace by using one of the provided claims (e.g. `project_id` or `namespace_id`). Otherwise any JWT generated by this instance may be allowed to authenticate using this role.
Now, configure the JWT Authentication method:
```shell
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment