Nomad Secretless Authentication
HashiCorp Nomad supports workload identity for secretless authentication to cloud providers and services.
Overview
Nomad's workload identity feature provides each task with an identity token that can be used for authentication without storing credentials. This enables:
- No Stored Credentials: Workload identity tokens replace secrets
- Cloud Provider Integration: AWS, GCP, Azure authentication
- Vault Integration: Native HashiCorp Vault authentication
- Task-Level Identity: Each task receives its own identity
Key Capabilities
- Workload identity token generation
- OIDC token claims with task metadata
- Integration with cloud provider OIDC endpoints
- Vault JWT authentication
- Task and namespace identity
Contributing
This page is a placeholder. We need your help to create comprehensive documentation!
What we need:
- Complete setup guide for Nomad workload identity
- Job specification examples
- AWS, GCP, Azure provider configuration
- Vault JWT auth integration
- Token claim structure and validation
- Identity template configuration
- Troubleshooting guide
- Integration guides (e.g., nomad-to-aws, nomad-to-vault)
How to contribute:
- Open an issue to discuss content
- Submit a pull request with documentation
- Share your Nomad workload identity setup