Auto-renewing AppRole token

Hi all,

I am facing difficulties auto-renewing an AppRole token using the vault Terraform provider.
The token expires after 20 seconds and doesn’t generate a new one.

Is something missing in the resources?

resource "vault_approle_auth_backend_role" "roles" {
  for_each        = local.policies
  backend         = vault_auth_backend.approle.path
  role_name       = "${each.key}-role"
  token_policies  = ["default", "${each.key}"]
  bind_secret_id  = true
  token_period    = 20
  token_max_ttl   = 0
  token_explicit_max_ttl = 0
  secret_id_ttl = 10
  token_type = "default"
}

resource "vault_approle_auth_backend_role_secret_id" "id" {
  for_each  = local.policies
  backend   = vault_auth_backend.approle.path
  role_name = "${each.key}-role"
}

resource "vault_approle_auth_backend_login" "login" {
  for_each  = local.policies
  backend   = vault_auth_backend.approle.path
  role_id   = vault_approle_auth_backend_role.roles[each.key].role_id
  secret_id = vault_approle_auth_backend_role_secret_id.id[each.key].secret_id
}

Any hints/help would be appreciated.

Thank you,
Cheers

What is using the token that is expiring after 20 seconds?
Are you using it with Vault Agent or something else?

The 20 seconds is set to reduce the time of wait before a token expires while I try things out, nothing is currently using the token.
No, not using Vault Agent for now.

Something needs to actively keep your token alive. Vault will begin counting down the timer once it’s issued. If nothing renews it, it’ll expire.

Vault Agent will renew the token for you. Otherwise you’ll have to issue the renew command before your token expires. You can use the command vault token renew to extend the life of the token. However, since the period is set to 20 seconds you’ll need to renew at least once every 20 seconds.

More info available here: token renew - Command | Vault by HashiCorp