Query what tokens have root policy attached

I am working on an auditing question where I am asked to prove who has full right to our vault servers. I know myself and two of my team mates have the root policy attached to their token but how do i provide proof of that? Is there a way i can see who else has the root policy attached to their account?

I found this one this week:

Maybe it could help you out a little bit in your use case.

Thank you very much for the help.

It turns out that the Python script did not work for me. We have so many accessors in our vault that the scripts times out. Here is how we got around it.

  1. First get the list of the accessors
    vault list auth/token/accessors > all_accessors.txt

  2. The Python script would not return the values properly when we did have the accessors list so I wrote this shell script instead.

#!/usr/bin/env bash
# Get list of all accessors
#vault list auth/token/accessors > all_accessors.txt

echo "Token,DisplayName,CreateTime,ExpireTime,Policies" > vault_admins.txt

# make sure tokens starts out empty`
# shellcheck disable=SC2188
> tokens.txt

# jq command to join an array - https://stackoverflow.com/a/32276111
# the .? - https://unix.stackexchange.com/a/530363
while read -r token; do

  echo -n "\"${token}\"," | tee -a tokens.txt
  payload="{\"accessor\": \"${token}\"}"

  curl \
      -s --header "X-Vault-Token: ${VAULT_TOKEN}" \
      --request POST \
      --data "${payload}" \
      "${VAULT_ADDR}/v1/auth/token/lookup-accessor" | \
      jq -r '
        .? |
        [
          .data.display_name,
          (.data.creation_time | tostring),
          (.data.expire_time | tostring),
          (.data.policies | join("|"))
        ] | @csv
      ' | tee -a tokens.txt

  echo | tee -a tokens.txt
  sleep .2
done < all_accessors.txt

grep ',root' tokens.txt >> vault_admins.txt