From 65236b2c0c16e2ba210a84a6eaaff677555ce4bb Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Fri, 8 Apr 2022 02:10:22 +0100 Subject: [PATCH] web/lukegbcom/2022-04-07: explain why tokend ACLs are more permissive... --- web/lukegbcom/posts/2022-04-07-vault-and-me.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/lukegbcom/posts/2022-04-07-vault-and-me.md b/web/lukegbcom/posts/2022-04-07-vault-and-me.md index 6a3178f987..d49db7b3f5 100644 --- a/web/lukegbcom/posts/2022-04-07-vault-and-me.md +++ b/web/lukegbcom/posts/2022-04-07-vault-and-me.md @@ -189,7 +189,7 @@ the local Vault Agent, with a token issued that has a subset of the powers of the original server-wide token. The ACLs on talking to `tokend` are much more permissive than those for talking -directly to the Vault agent. +directly to the Vault agent, because the token you get depends on your identity. ## `secretsmgr`