From f7101b6881f4f2e24f5645c41b0a1df3221c4fbf Mon Sep 17 00:00:00 2001 From: Noah Stride Date: Fri, 29 Sep 2023 16:57:12 +0100 Subject: [PATCH] [v14] Improve explanation of `TBOT_GITLAB_JWT` config in GitLab guide (#32797) * Improve explanation of `TBOT_GITLAB_JWT` config in GitLab guide * Explain why * Explain purpose of `id_tokens` * Clarify a little further * Update docs/pages/machine-id/guides/gitlab.mdx Co-authored-by: Zac Bergquist --------- Co-authored-by: Zac Bergquist --- docs/pages/machine-id/guides/gitlab.mdx | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/pages/machine-id/guides/gitlab.mdx b/docs/pages/machine-id/guides/gitlab.mdx index 09254c5964ce3..7cea45d09d82f 100644 --- a/docs/pages/machine-id/guides/gitlab.mdx +++ b/docs/pages/machine-id/guides/gitlab.mdx @@ -128,12 +128,19 @@ stages: deploy-job: stage: deploy + # id_tokens configures ID Tokens that GitLab will automatically inject into + # the environment of your GitLab run. + # + # See https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html + # for further explanation of the id_tokens configuration in GitLab. id_tokens: - # See https://docs.gitlab.com/ee/ci/secrets/id_token_authentication.html - # for further explanation of the id_tokens configuration. TBOT_GITLAB_JWT: - # An environment variable named TBOT_GITLAB_JWT must exist and contain - # an ID token with an audience that matches your Teleport cluster's name. + # aud for TBOT_GITLAB_JWT must be configured with the name of your + # Teleport cluster. This is not necessarily the address of your Teleport + # cluster and will not include a port or scheme (http/https) + # + # This helps the Teleport Auth Server know that the token is intended for + # it, and not a different service or Teleport cluster. aud: teleport.example.com script: - cd /tmp