HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Nomad
Nomad Home

You are viewing documentation for version v1.5.x. View latest version.

identity Block

Placementjob -> group -> task -> identity

The identity block allows a task access to its Workload Identity via an environment variable or file. By default Nomad will create an identity for all workloads, but it is not exposed to a task.

The following will expose the Workload Identity as an environment variable and file to the task:

job "docs" {
  group "example" {
    task "api" {

      identity {
        env  = true
        file = true
      }

      # ...
    }
  }
}

identity Parameters

  • env (bool: false) - If true the workload identity will be available in the task's NOMAD_TOKEN environment variable.
  • file (bool: false) - If true the workload identity will be available in the task's filesystem via the path secrets/nomad_token. If the task.user parameter is set, the token file will only be readable by that user. Otherwise the file is readable by everyone but is protected by parent directory permissions.