I am using a certificate to generate a token to access the Vault UI. It works as expected but it doesn’t seem to renew. The UI signs out after the initial TTL expires. The cert auth has a max ttl of 3600 and the certificate has a ttl of 900 and a max ttl of 3600.
I am using the following to generate the token::
RESPONSE=$(curl -s \
--request POST \
--cert .ssh/${ENV}-cert.pem \
--key .ssh/${ENV}-rsa.pem \
--data "{\"name\": \"${NAME}-vault-ui\"}" \
https://vault.us.$DNS/v1/auth/cert/login)
echo $RESPONSE
The client_token has the correct TTL and “renewable”:true. What am I missing?
I am on Vault 1.6.1