AppRole

AppRole Settings

AppRoles are an authentication method (auth method) for machines or Applications. The AppRole Login requires 2 information:

Role_ID:
The Role_ID is like a username for the AppRole. This can be included in the Application's image. This can be regenerated at any time if it is compromised.
Secret_ID:
The Secret_ID is like a Password for the AppRole, but you can create more than one per AppRole. The Secret_ID should be added to the Application differently than the Role_ID, for example, with an API endpoint for your Application.

We recommend keeping the token_ttl, secret_id_ttl and the secret_id_num_of_use as short as possible, this minimizes the risk.

Role name

Secret_ID Bind CIDR

Secret_ID Number of uses

Secret_ID TTL

Token Explicit Max TTL

Token Period

Token Bind CIDR

Token Number of uses

Token TTL

Token Max TTL

Permissions

Here you define the Operations on a specific Path that your AppRole can perform.

In this section, you can set who can administrate this AppRole. You have the option to include entire groups of which you are a member, as well as individual users who are also members of groups you belong to.

Admin groups (you should add the group of your team here.)

Admin Users

Secret_ID

Role_ID:

It is also a good idea to get the token accessor from your Application after the login. In this case, the token can be easily revoked by an admin.

Accessor	Comment	Expires in	Remaining Uses	Actions

Approle logs

Time stamp	Message

Permissions

secret-id