Hi Team,
We are using the consul-template(v0.19.5 (57b6c71)) with vault to store the secrets. But it is observed that the consul-template stopped automatically after the default TTL of 768 hours. We have observed that the max_ttl showed less than the ttl value in the consul-template log.
consul-template[15318]: 2019/12/18 05:51:55.181836 [WARN] vault.token: TTL of “768h0m0s” exceeded the effective max_ttl of “767h59m56s”; TTL value is capped accordingly.
We tried to reproduce this issue with lesser value of TTL but we are not able to set the TTL more than max_ttl value. We have created the role using below command, and it automatically set TTL as 768 hours when we run the vault login command.
vault write auth/gcp/role/test-role type=“iam” project_id=gcp-project-id policies=“test-rw” bound_service_accounts=test-account@gcp-project-id.iam.gserviceaccount.com
Please help me with the work around to fix this.