stenio123/PeriodicToken.sh

## PeriodicToken.sh
# All tokens within Vault have an associated TTL (Root is the exception, having "infinite" TTL).
# For long running services, Vault allows the creation of "periodic tokens".
# These are special types of tokens created for long running services - for example a Jenkins server.
# We needed to accomodate the fact that every token in Vault needs to have a ttl, however we expect this service to be long
# lived, therefore it allows us to create a special token that can be renewed indefinitely, allowing a Vault admin to have
# different max_ttl strategies without impacting long running services. The "period" parameter will work as the TTL for the
# token, which needs to be renewed within that period. If it doesn't, Vault will not accept requests using that token
# until it is renewed.

# Example, confidering default system max_ttl and default_ttl:
vault write auth/token/roles/stenio allowed_policies="default"
vault token create -role=stenio
# Output:
Key            	Value
---            	-----
token          	3cf2ac8a-c42c-2bb7-3c24-c88dca0cebf8
token_accessor 	a6d5f35d-ce21-cbda-3334-726d982d5d3a
token_duration 	2764800
token_renewable	true
token_policies 	[default]

# Now for periodic token:
vault write auth/token/roles/stenio-periodic allowed_policies="default" period="24h"
# Output
Key            	Value
---            	-----
token          	8f05762d-4806-2f00-54c3-8e648820686d
token_accessor 	a29ce448-6bf8-b52c-1194-adbe8f7fd9ee
token_duration 	24h0m0s
token_renewable	true
token_policies 	[default]
	# All tokens within Vault have an associated TTL (Root is the exception, having "infinite" TTL).
	# For long running services, Vault allows the creation of "periodic tokens".
	# These are special types of tokens created for long running services - for example a Jenkins server.
	# We needed to accomodate the fact that every token in Vault needs to have a ttl, however we expect this service to be long
	# lived, therefore it allows us to create a special token that can be renewed indefinitely, allowing a Vault admin to have
	# different max_ttl strategies without impacting long running services. The "period" parameter will work as the TTL for the
	# token, which needs to be renewed within that period. If it doesn't, Vault will not accept requests using that token
	# until it is renewed.

	# Example, confidering default system max_ttl and default_ttl:
	vault write auth/token/roles/stenio allowed_policies="default"
	vault token create -role=stenio
	# Output:
	Key Value
	--- -----
	token 3cf2ac8a-c42c-2bb7-3c24-c88dca0cebf8
	token_accessor a6d5f35d-ce21-cbda-3334-726d982d5d3a
	token_duration 2764800
	token_renewable true
	token_policies [default]

	# Now for periodic token:
	vault write auth/token/roles/stenio-periodic allowed_policies="default" period="24h"
	# Output
	Key Value
	--- -----
	token 8f05762d-4806-2f00-54c3-8e648820686d
	token_accessor a29ce448-6bf8-b52c-1194-adbe8f7fd9ee
	token_duration 24h0m0s
	token_renewable true
	token_policies [default]