How to list existing Vault tokens?

Hi All,

For some time now I am using multinode HC Vault clusters with DynamoDB backend in my environments. I did not found a method to list all existing tokens. Is there any way to list them?

Thanks in advance for the help!

Best regards,
Rafal.

Hi @radecki.rafal,

You can list tokens by their accessors using the vault list auth/token/accessors command. Note that you must have the “sudo” capability on this endpoint per this article: Token - Auth Methods - HTTP API | Vault by HashiCorp

You can look up token details using vault write auth/token/lookup-accessor accessor=${accessor} and revoke a token using vault write auth/token/revoke-accessor accessor=${accessor}. Both of these paths require the “update” permission.

Hopefully this helps.
Jeff