Non root token that can create new tokens with newly created policy

macmiranda · March 14, 2023, 7:53pm

From the link above:

A list of policies for the token. This must be a subset of the policies belonging to the token making the request, unless the calling token is root or contains sudo capabilities to auth/token/create .

Does the token being used to create the restricted token have the same policy linked to it? I don’t mean the same capabilities because obviously it has more capabilites, I mean the actual policy.

Topic		Replies	Views
Restrict creating tokens to policies with a subset of privileges Vault vault	0	32	December 13, 2024
Help to understand how to create tokens Vault	0	279	March 9, 2021
Admin policy with asterisk and deny to create token Vault	1	448	May 19, 2021
Using "denied_parameters" on Vault Token auth method (API) to deny token for specific policy when capabilities contain sudo Vault	2	27	January 7, 2025
Generate new tokens without needing the root token, approle help somewhat related Vault	6	512	March 4, 2021

Non root token that can create new tokens with newly created policy

Related topics