I ran some more tests with both terraform and using the vault cli.
Via the cli (using command: vault token create -policy=policy-terraform-azure-us-infrastructure-nonprod), the token does NOT expire prematurely.
via api
Key Value
accessor V9VscJA4BKClDV39u9dbw4DO
creation_time 1608249503
creation_ttl 768h
display_name token
entity_id n/a
expire_time 2021-01-18T18:58:23.9558101-05:00
explicit_max_ttl 0s
id s.qFidqi9u1YMbvHx1G7pl86tm
issue_time 2020-12-17T18:58:23.9558243-05:00
meta
num_uses 0
orphan false
path auth/token/create
policies [default policy-terraform-azure-us-infrastructure-nonprod]
renewable true
ttl 767h26m55s
type service
When creating the token via terraform, the it will be revoked after 20 minutes:
Key Value
accessor 9BIFNxQLNsySQMh1OmLJUM08
creation_time 1608258318
creation_ttl 768h
display_name token-token
entity_id n/a
expire_time 2021-01-18T21:25:18.9475961-05:00
explicit_max_ttl 0s
id s.RgoFkiKBbkMjmC1S9Qn3XYXm
issue_time 2020-12-17T21:25:18.9476091-05:00
meta
num_uses 0
orphan false
path auth/token/create
policies [default policy-terraform-azure-us-infrastructure-nonprod]
renewable true
ttl 767h40m45s
type service
I’m not seeing a difference between the two.