Token help - how to create and manage

I need help with tokens, and I’m a noob I guess. I"ve installed a non-dev vault, gotten my root token, vault is unseals and I’ve enabled the approle auth.

Now I don’t understand how to interact with this auth method, esp. over the API. TO do anything via the API requires a token, but I’m supposed to disable the root token. How do I get a token to use in the API calls? HOw do I get a token for other API calls, such as to create a policy? I need serious help here, I Know I"m just missing something simple.



You only need a token to interact with secrets or configuration APIs. You don’t need a token to login (for example using AppRole).

So the normal process would be:

  1. Initialise Vault and obtain unseal/recovery key(s) and initial root token
  2. Use root token for initial config, including setup of other auth methods
  3. Revoke root token
  4. Use Vault - login using AppRole, Kubernetes, AWs, etc.
  5. If further config is needed (which needs a root token) generate using unseal/recovery keys, make config changes and then revoke again.