Vault Approle token - is there a way to extend token_duration?


just a question about approle token duration. Due to my tests, I can see that the maximum token duration is 768h and cannot be extended. Is there a way to make it permanent? I see it’s making a bit complicated things for integration with OpenStack Barbican, where the vault is a backed for secret stores. In barbican configuration you need to apply:

root_token_id =
approle_role_id =
approle_secret_id =

So if I will use a bit different token than root_token I need to refresh it every 768h. Is there a way to extend this period?
Cause in the other hand I need to execute such commands one time per month:

ROLE_ID=$(vault read -format=yaml auth/approle/role/barbican-test-2/role-id | grep role_id | awk '{print $2}')
SECRET_ID=$(vault write -f -format=json auth/approle/role/barbican-test-2/secret-id | jq -r '.data.secret_id')
vault write auth/approle/login role_id=$ROLE_ID secret_id=$SECRET_ID
echo $ROLE_ID

to get a new token.

Thanks in advance for your hints.

Best regards,