identity Block

Placement	`job -> group -> task -> identity`

The identity block allows a task access to its Workload Identity via an environment variable or file. By default Nomad will create an identity for all workloads, but it is not exposed to a task.

The following will expose the Workload Identity as an environment variable and file to the task:

job "docs" {
  group "example" {
    task "api" {

      identity {
        env  = true
        file = true
      }

      # ...
    }
  }
}

`identity` Parameters

env (bool: false) - If true the workload identity will be available in the task's NOMAD_TOKEN environment variable.
file (bool: false) - If true the workload identity will be available in the task's filesystem via the path secrets/nomad_token. If the task.user parameter is set, the token file will only be readable by that user. Otherwise the file is readable by everyone but is protected by parent directory permissions.

Task API

It can be convenient to combine workload identity with Nomad's Task API for enabling tasks to access the Nomad API.

identity Block

identity Parameters

Task API

`identity` Parameters