Created
July 3, 2018 14:48
-
-
Save stenio123/de2bd9ee3e34b0733dcd281e7cbd5270 to your computer and use it in GitHub Desktop.
Shows the difference between regular token and periodic token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# All tokens within Vault have an associated TTL (Root is the exception, having "infinite" TTL). | |
# For long running services, Vault allows the creation of "periodic tokens". | |
# These are special types of tokens created for long running services - for example a Jenkins server. | |
# We needed to accomodate the fact that every token in Vault needs to have a ttl, however we expect this service to be long | |
# lived, therefore it allows us to create a special token that can be renewed indefinitely, allowing a Vault admin to have | |
# different max_ttl strategies without impacting long running services. The "period" parameter will work as the TTL for the | |
# token, which needs to be renewed within that period. If it doesn't, Vault will not accept requests using that token | |
# until it is renewed. | |
# Example, confidering default system max_ttl and default_ttl: | |
vault write auth/token/roles/stenio allowed_policies="default" | |
vault token create -role=stenio | |
# Output: | |
Key Value | |
--- ----- | |
token 3cf2ac8a-c42c-2bb7-3c24-c88dca0cebf8 | |
token_accessor a6d5f35d-ce21-cbda-3334-726d982d5d3a | |
token_duration 2764800 | |
token_renewable true | |
token_policies [default] | |
# Now for periodic token: | |
vault write auth/token/roles/stenio-periodic allowed_policies="default" period="24h" | |
# Output | |
Key Value | |
--- ----- | |
token 8f05762d-4806-2f00-54c3-8e648820686d | |
token_accessor a29ce448-6bf8-b52c-1194-adbe8f7fd9ee | |
token_duration 24h0m0s | |
token_renewable true | |
token_policies [default] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment