stale-belgium-7295
10/20/2023, 4:32 AMvault auth enable jwt
• configure the jwt auth method:
vault write auth/jwt/config \
oidc_discovery_url="<https://api.pulumi.com/oidc>" \
bound_issuer="<https://api.pulumi.com/oidc>" \
default_role="example-role"
• create a role
vault write auth/jwt/role/example-role-1 role_type=jwt policies=<SCOPED_VAULT_POLICY> ttl=1h user_claim=sub bound_audiences=<NAME_OF_YOUR_PULUMI_CLOUD_ORG_ASSOCIATED_WITH_YOUR_DEPLOYMENT>