Toen Creation Default


I’m possibly missing something really obvious but I’m trying to create an admin token but I want any tokens created by this token to always have a very specific TTL

I’ve looked at perhaps a token role but I want this to be something that the admin token doesn’t specify as a variable i.e vault token create -role etc but just that whenever this token is used to create a token, the token it creates always has a specific ttl

Thanks for any advice

I assume when you say admin token you mean root token?
Root tokens do not have a TTL.
If you wish to have a root-like (aka, admin) token that you can set the TTL, first create a policy, like your_admin
with contents
path "*" { capabilities = ["create", "update", "delete", "read", "list", "sudo"] }

And then create a token with
$ vault token create -policy=your_admin -ttl=5m