Update Vault Integration docs to reflect the change in Vault JWT validation behaviour (!156784) · Merge requests · GitLab.org / GitLab · GitLab

Адриан Тодоров requested to merge 9gadriantodorov/gitlab:9gadriantodorov-master-patch-12493 into master Jun 19, 2024

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA

What does this MR do and why?

This MR updates the docs of the GitLab + HashiCorp Vault integration to reflect the need for bound_audiences to be defined to validate the JWT audience (cf. https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.17.x#jwt-auth-login-requires-bound-audiences-on-the-role ). If bound_audiences are not defined on the Vault JWT role, but an aud is present in the JWT (which it is in the case of GitLab CI JWT ID Tokens), the auth is refused.

MR acceptance checklist

It's a minor documentation change to reflect the new behaviour in Vault, so looks good.

Edited Jun 19, 2024 by 🤖 GitLab Bot 🤖