Vault token renewal(auto unseal transit secrets engine)

vault token lookup a.cczpxxxxxxxFokdz5s2

Key Value


accessor hxxxxxxxxxxxtK
creation_time 1589530772
creation_ttl 768h
display_name token
entity_id n/a
expire_time 2020-05-25T08:55:13.322094476Z
explicit_max_ttl 0s
id s.BzzpSsNZcUV8vQbkFokdz5s2
issue_time 2020-05-15T08:19:32.641192522Z
last_renewal 2020-05-25T07:55:13.322094631Z
last_renewal_time 1590393313
meta
num_uses 0
orphan false
path auth/token/create
policies [autounseal default]
renewable true
ttl 53m48s
type service

i am using the above token for auto unseal(transit secrets engine) by exporting it as a ENV variable.

what should i do once creation_ttl is met, after creation_ttl is met, i cannot renew the same token?

Hi sgoogal,

It sounds like you might be looking for periodic tokens.

1 Like

You need to setup period time from your token so that It can renew token automatically and does not expired.
You can try to below Script to renew.
vault token create -orphan=true -renewable=true -period=5m