AUTH_TOKEN/Cubbyhole Access

jlbprof · August 29, 2022, 1:45pm

Noob here.

I setup 1.11.2 in a container. My question is about AUTH_TOKENs. I create a token and it has the root policy, which is cool for this purpose.

I create a secret:

vault kv put cubbyhole/secret1 key1=value

I can easily get it.

vault kv get cubbyhole/secret1

awesome.

Now if I switch to any other token, even the initial root token, I can no longer view or access that secret.

I want the ability to “revoke” a token, but if I do then I lose any secrets associated with that token.

How can I have a token to create/access tokens created by another token?

Thank you

maxb · August 29, 2022, 2:16pm

The entire purpose of the cubbyhole secrets engine is per-token private temporary storage.

If that’s not what you want to happen, don’t use the cubbyhole secrets engine.

jlbprof · August 29, 2022, 2:45pm

Oh OK, I was not aware of that. Thank you

Topic		Replies	Views
Encrypt user secrets to be secure against anyone Vault	2	398	February 24, 2020
Cubbyhole but with a twist Vault testing , vault	7	880	May 18, 2021
Restrict Cubbyhole secret Vault hcp-terraform , kv , vault , policy-as-code	3	210	July 11, 2023
Entity-scoped cubbyhole Vault	1	448	October 12, 2021
Basic use of a Secret Engine Vault	2	980	March 2, 2020