AUTH_TOKEN/Cubbyhole Access

Noob here.

I setup 1.11.2 in a container. My question is about AUTH_TOKENs. I create a token and it has the root policy, which is cool for this purpose.

I create a secret:

vault kv put cubbyhole/secret1 key1=value

I can easily get it.

vault kv get cubbyhole/secret1


Now if I switch to any other token, even the initial root token, I can no longer view or access that secret.

I want the ability to “revoke” a token, but if I do then I lose any secrets associated with that token.

How can I have a token to create/access tokens created by another token?

Thank you

The entire purpose of the cubbyhole secrets engine is per-token private temporary storage.

If that’s not what you want to happen, don’t use the cubbyhole secrets engine.

You may be looking for KV - Secrets Engines - HTTP API | Vault by HashiCorp instead.

Oh OK, I was not aware of that. Thank you