Nomad
identity Block
Placement | job -> group -> task -> identity |
The identity
block allows a task access to its Workload Identity via an
environment variable or file. By default Nomad will create an identity for all
workloads, but it is not exposed to a task.
The following will expose the Workload Identity as an environment variable and file to the task:
job "docs" {
group "example" {
task "api" {
identity {
env = true
file = true
}
# ...
}
}
}
identity
Parameters
env
(bool: false)
- If true the workload identity will be available in the task'sNOMAD_TOKEN
environment variable.file
(bool: false)
- If true the workload identity will be available in the task's filesystem via the pathsecrets/nomad_token
. If thetask.user
parameter is set, the token file will only be readable by that user. Otherwise the file is readable by everyone but is protected by parent directory permissions.