web/lukegbcom/2022-04-07: explain why tokend ACLs are more permissive...

This commit is contained in:
Luke Granger-Brown 2022-04-08 02:10:22 +01:00
parent 78ccb6a571
commit 65236b2c0c

View file

@ -189,7 +189,7 @@ the local Vault Agent, with a token issued that has a subset of the powers of
the original server-wide token.
The ACLs on talking to `tokend` are much more permissive than those for talking
directly to the Vault agent.
directly to the Vault agent, because the token you get depends on your identity.
## `secretsmgr`