Vault token that does not exipire

I am using Vault Kubernetes auth method for authenticate services against Vault and I wonder if I can generate a token with this auth method which does not expire.

Not a good idea from security point of view. However you can configure vault to have extremely large “ttl” . Here a link to configure the same. Token Management | Vault - HashiCorp Learn

1 Like

A better way to do it is with periodic service tokens because if it gets stolen then at least the holder has to know to renew it within the period. On the other hand you don’t want to make the period very short, to allow a little for downtime under normal operations.