This section covers advanced configuration options and features for Aembit Credential Providers. These features provide additional flexibility and functionality for specific use cases and environments.
Dynamic claims
Section titled “Dynamic claims”Dynamic claims allow you to create personalized and context-aware credentials by extracting values from tokens or environment variables at runtime.
OIDC ID Token dynamic claims
Section titled “OIDC ID Token dynamic claims”Configure dynamic claims for OIDC ID Token Credential Providers to extract and use values from incoming OIDC tokens.
- Extract claims from OIDC token payloads using
${oidc.identityToken.decode.payload.claim_name}syntax - Access environment variables with
${os.environment.VARIABLE_NAME} - Combine values to create custom claim formats
Learn more about OIDC Dynamic Claims
Vault dynamic claims
Section titled “Vault dynamic claims”Configure dynamic claims for Vault Client Token Credential Providers to create workload-specific credentials.
- Collect information from Kubernetes ConfigMaps and environment variables
- Support for Agent Proxy version 1.9.142 and later
- Enable workloads to specify claim values outside the Aembit Tenant UI
Learn more about Vault Dynamic Claims
Multiple Credential Providers
Section titled “Multiple Credential Providers”Learn how to configure and manage multiple Credential Providers in Access Policies using the Aembit Cloud UI.
Configure Multiple Credential Providers
Multiple Credential Providers with Terraform
Section titled “Multiple Credential Providers with Terraform”Automate the configuration of multiple Credential Providers using Terraform for infrastructure-as-code deployments.