Delete accessor wich does not have a token!

Hello,

i get a “permission denied” on some accessorids when trying to do a lookup using the root token,

# vault token lookup --accessor TGnFFShx0o0zuGAP8oOjWnUy
Error looking up token: Error making API request.

URL: POST https://127.0.0.1:8200/v1/auth/token/lookup-accessor
Code: 403. Errors:

* 1 error occurred:
        * permission denied

It works fine for others so it is not a permissions issue in generell.
When i try to delete the “token” i get “token not found”

vault token revoke --accessor TGnFFShx0o0zuGAP8oOjWnUy
Error revoking token: Error making API request.

URL: POST https://127.0.0.1:8200/v1/auth/token/revoke-accessor
Code: 400. Errors:

* token not found

I would like to delete those accessors but i have no idea how to do so.

So here are my questions:

  1. Any ideas why there areaccessorids with no linked tokens
  2. how can i remove those accessors?
# vault version
Vault v1.16.3 (e92d9a57018f43360e2e3717b3b6a7f650c88f4c), built 2024-05-29T14:28:42Z

Thanks in advance
Andi

  • List item

Hi @andreaskaminski75,

I found another threat with a similar problem:

Did you try tidying the Token store already? No success guarantees though :sweat_smile:

I’m not sure about the exact reason for this behavior. These kind of bugs were only documented in way older releases (e.g., Vault 0.6.4, Upgrading to Vault 0.6.4 - Guides | Vault | HashiCorp Developer).

Best,
Andreas

Hi @andreas.gruhler
thanks for your help.
I saw the other thread too but in this one there was a token linked to the accessor so it’s different

But the tidying fixed the issue.
Thanks again
Kind regards
Andi

1 Like