Toen Creation Default

spawnoflard · November 29, 2020, 1:35am

Hi

I’m possibly missing something really obvious but I’m trying to create an admin token but I want any tokens created by this token to always have a very specific TTL

I’ve looked at perhaps a token role but I want this to be something that the admin token doesn’t specify as a variable i.e vault token create -role etc but just that whenever this token is used to create a token, the token it creates always has a specific ttl

Thanks for any advice

mikegreen · December 1, 2020, 9:42pm

I assume when you say admin token you mean root token?
Root tokens do not have a TTL.
If you wish to have a root-like (aka, admin) token that you can set the TTL, first create a policy, like your_admin
with contents
path "*" { capabilities = ["create", "update", "delete", "read", "list", "sudo"] }

And then create a token with
$ vault token create -policy=your_admin -ttl=5m

Topic		Replies	Views
Hello all! want to create two tokens, for read and write secrets Vault	4	355	June 9, 2022
Admin policy with asterisk and deny to create token Vault	1	441	May 19, 2021
Root token creation Vault	2	431	April 7, 2021
Policy to create tokens Vault	2	994	October 13, 2021
Non root token that can create new tokens with newly created policy Vault	5	319	March 15, 2023

Toen Creation Default

Related topics