Vault token renewal(auto unseal transit secrets engine)

sgoogal · May 25, 2020, 8:28am

vault token lookup a.cczpxxxxxxxFokdz5s2

Key Value

accessor hxxxxxxxxxxxtK
creation_time 1589530772
creation_ttl 768h
display_name token
entity_id n/a
expire_time 2020-05-25T08:55:13.322094476Z
explicit_max_ttl 0s
id s.BzzpSsNZcUV8vQbkFokdz5s2
issue_time 2020-05-15T08:19:32.641192522Z
last_renewal 2020-05-25T07:55:13.322094631Z
last_renewal_time 1590393313
meta
num_uses 0
orphan false
path auth/token/create
policies [autounseal default]
renewable true
ttl 53m48s
type service

i am using the above token for auto unseal(transit secrets engine) by exporting it as a ENV variable.

what should i do once creation_ttl is met, after creation_ttl is met, i cannot renew the same token?

ncabatoff · May 26, 2020, 5:31pm

Hi sgoogal,

It sounds like you might be looking for periodic tokens.

JWZ9vX · May 31, 2021, 3:44am

You need to setup period time from your token so that It can renew token automatically and does not expired.
You can try to below Script to renew.
vault token create -orphan=true -renewable=true -period=5m

Topic		Replies	Views
Key renewal for "Auto-unseal using Transit Secrets Engine" Vault	12	4093	September 20, 2021
Periodic Token not Renewing Vault	4	558	October 6, 2021
Transit autounseal tokens aren't renewing themselves Vault	7	2918	February 5, 2020
Tokens becomes invalid after self renewal Vault	0	539	July 9, 2020
Auto-renewing AppRole token Vault vault	3	2732	January 31, 2022

Vault token renewal(auto unseal transit secrets engine)

Related topics