Token help - how to create and manage

farslayer9 · March 3, 2021, 3:30pm

I need help with tokens, and I’m a noob I guess. I"ve installed a non-dev vault, gotten my root token, vault is unseals and I’ve enabled the approle auth.

Now I don’t understand how to interact with this auth method, esp. over the API. TO do anything via the API requires a token, but I’m supposed to disable the root token. How do I get a token to use in the API calls? HOw do I get a token for other API calls, such as to create a policy? I need serious help here, I Know I"m just missing something simple.

THanks,

Richard

stuart-c · March 4, 2021, 12:41pm

You only need a token to interact with secrets or configuration APIs. You don’t need a token to login (for example using AppRole).

So the normal process would be:

Initialise Vault and obtain unseal/recovery key(s) and initial root token
Use root token for initial config, including setup of other auth methods
Revoke root token
Use Vault - login using AppRole, Kubernetes, AWs, etc.
If further config is needed (which needs a root token) generate using unseal/recovery keys, make config changes and then revoke again.

Topic		Replies	Views
Generate new tokens without needing the root token, approle help somewhat related Vault	6	555	March 4, 2021
Ask for good use of tokens Vault	3	288	January 20, 2023
Token capabiliites for getting AppRole role-id and secret Vault	2	332	November 5, 2020
Vault can be accessed without root token (or any token) Vault	5	1922	January 24, 2024
Help to understand how to create tokens Vault	0	289	March 9, 2021

Token help - how to create and manage

Related topics