Generate orphan token of the same policy without revoking the previous one

CamilaBetim · July 27, 2021, 3:17pm

I’m generating an orphan token for integration with the boundary. I use boundary-controller and otp policies (for ssh secret access). The structure is as follows:

But I’m having a problem, when I generate another token with these same policies, the previously generated token is revoked. How do I generate another orphan token with the same policies as another token that has already been generated? Without any being revoked?

It is also necessary that they keep renewing themselves, as shown in the previous configuration in the image

Note: The way I managed to make it work is by creating a policy for each token

mikegreen · July 27, 2021, 10:35pm

Can you post the command/responses for the entire test?
You should not be creating a unique policy for each token.

CamilaBetim · July 29, 2021, 12:28pm

The return is exactly like that. I hid the returned token. But when I generate a new token with the same policies, the old token is revoked.

Are there any settings I need to go through to fix this?

Topic		Replies	Views
Vault cli: how to create orphan token with role Vault vault	4	2483	March 10, 2021
Create an orphan token with limited access HCP Vault vault	0	298	January 9, 2023
Create token issues (child policies must be subset of parent) Vault	3	4621	September 13, 2022
Custom token metadata Vault	0	253	June 16, 2020
Error creating token: child policies must be subset of parent Vault	2	1828	May 26, 2021

Generate orphan token of the same policy without revoking the previous one

Related topics