Im generating a token
vault write consul/roles/service policies=“service,shared-kv,service-kv” local=true ttl=72h max_ttl=0
that expires every 72h, is there any option to renew the token without having to create a new?
Im generating a token
vault write consul/roles/service policies=“service,shared-kv,service-kv” local=true ttl=72h max_ttl=0
that expires every 72h, is there any option to renew the token without having to create a new?
Yes, you can renew the token up to the value set in max_ttl
. So, for example, if you write:
vault write consul/roles/service ... ttl=72h max_ttl=168h
it will generate a 72-hour token that can be renewed up to a maximum of 168 hours.
In the parameters of the Consul secret engine documentation, there is nothing similar to [period](https://developer.hashicorp.com/vault/api-docs/auth/token#period)
, which would allow the token to be continuously renewable.
As Gabriele pointed out, you can renew tokens in Vault. Curious though, what is your use case? Based on your example it looks like you want to use Vault and Consul together but maybe thats just example text.
Ok, thanks, shouldn’t max_ttl=0 be enough, or isn’t 0 an allowed value?