How to know the validity of a vault token that is being used for connecting to vault?
Currently, I am connecting to a corporate vault service where I am using a vault token and passing it through below header in my spring cloud config service where properties of all microservices are kept.
curl -X "GET" "http://localhost:8080/my-client-microservice/dev" -H "X-Config-Token: s.myvaulttoken"
where http://localhost:8080 is my spring cloud config service and s.myvaulttoken is my vault token. This is working absolutely fine.
I want to know the validity of this token. What I have read the documentation that token can be of two type: service or batch. I want to know whether this token can be used infinitely (as root tokens validity is infinite).
Since the client microservices require the vault token, I want to figure out the way to know the validity of a token. Can you guys help me to tell more about this?
I followed this link: https://learn.hashicorp.com/vault/getting-started/authentication
Every non-root token has a time-to-live (TTL) associated with it.
For example:
- with a root token, the ttl is 0
vault token lookup -format json | jq .data.ttl 0 with a regular user, the ttl is non-zero
VAULT_TOKEN=$(vault token create -policy default -field token) vault token lookup -format json | jq .data.ttl 2764799
This check is possible through the API as well.
- How to identify what paths can be accessed with what capabilities in hashicorp vault for a given token?
- AWX + Hashicorp Vault django.request Bad Request
- Why does HVAC does not see secrets in HashiCorp Vault?
- HashiCorp Vault 403 Permission Denied issue with Kubernetes Auth
- Unable to get airflow variables in dags from Vault secret backend
- Hashicorp vault - export key from one vault, import into another vault
- HashiCorp Vault to populate kubernetes secrets
- HASHICORP VAULT: How to read multiple items from a file and write them to Vault
- Hashicorp vault how to list all roles
- access property of an object using hash-vault-js
- Vault secrets list permission denied
- How can I encrypt data with an already generated AES 256 GCM 96 key (coming from Hashicorp Vault)?
- Access Denied on vault secrets
- hashicorp vault agent template fails when starts with "no known secret ID"
- Create a Vault UI user using the vault CLI
- Vault does not return token renewed by script
- Getting permission denied error while trying to access any vault secret engines using Spring boot application on kubernetes
- Environment variables concatenation issue with Vault agent-jnject in Kubernetes deployment
- Vault secret fetch using hvac python fails with TypeError where Type of response is <class 'requests.models.Response'>
- Detect when a secret changes in Hashicorp Vault
- My Vault policies does not allow me to create/update/delete secrets
- Vault scaling using Consul
- Hashicorp Vault cli return 403 when trying to use kv
- Cannot install Hashicorp vault in LinuxMint 21.3 : The repository does not have a Release file
- HashiCorp Transit Engine, what permission are required to read the public key?
- Vault Agent Injector - Use init container only (disable sidecar)
- How to call Hashicorp Vault from AWS Lambda in NodeJS with IAM Authentication
- How to use values in Vault annotation content in Helm Chart
- What is the difference between a HashiCorp Vault lease and token accessor?
- Is there a way to allow a user to change it's own password on Hashicorp's Vault UI