[v14] Improve explanation of TBOT_GITLAB_JWT config in GitLab guide (…

…#32797) * Improve explanation of `TBOT_GITLAB_JWT` config in GitLab guide * Explain why * Explain purpose of `id_tokens` * Clarify a little further * Update docs/pages/machine-id/guides/gitlab.mdx Co-authored-by: Zac Bergquist <[email protected]> --------- Co-authored-by: Zac Bergquist <[email protected]>
gravitational · Sep 29, 2023 · f7101b6 · f7101b6
1 parent 8f57a2e
commit f7101b6
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/docs/pages/machine-id/guides/gitlab.mdx b/docs/pages/machine-id/guides/gitlab.mdx
@@ -128,12 +128,19 @@ stages:
 
 deploy-job:
   stage: deploy
+  # id_tokens configures ID Tokens that GitLab will automatically inject into
+  # the environment of your GitLab run.
+  #
+  # See https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html
+  # for further explanation of the id_tokens configuration in GitLab.
   id_tokens:
-    # See https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html
-    # for further explanation of the id_tokens configuration.
     TBOT_GITLAB_JWT:
-      # An environment variable named TBOT_GITLAB_JWT must exist and contain
-      # an ID token with an audience that matches your Teleport cluster's name.
+      # aud for TBOT_GITLAB_JWT must be configured with the name of your
+      # Teleport cluster. This is not necessarily the address of your Teleport
+      # cluster and will not include a port or scheme (http/https)
+      #
+      # This helps the Teleport Auth Server know that the token is intended for
+      # it, and not a different service or Teleport cluster.
       aud: teleport.example.com
   script:
     - cd /tmp