identity Block
Placement | job -> group -> task -> identity |
The identity
block allows a task access to its Workload Identity via an
environment variable or file. By default Nomad will create an identity for all
workloads, but it is not exposed to a task.
The following will expose the Workload Identity as an environment variable and file to the task:
job "docs" { group "example" { task "api" { identity { env = true file = true } # ... } }}
identity
Parameters
env
(bool: false)
- If true the workload identity will be available in the task'sNOMAD_TOKEN
environment variable.file
(bool: false)
- If true the workload identity will be available in the task's filesystem via the pathsecrets/nomad_token
. If thetask.user
parameter is set, the token file will only be readable by that user. Otherwise the file is readable by everyone but is protected by parent directory permissions.