Is there a way to generate vault client tokens that don't expire at all? -


i'm using https://www.vaultproject.io/docs/auth/approle.html generate vault client tokens,but want them never expire @ all. possible ?

no, in fact bad idea(tm). can close however. can set max ttl's out 10 years, or something, , have not expire. but, bad security perspective. goal here is, able easily rotate secrets @ time. i.e. see stole secret login, should able , set new password , code/programs using secrets should handle it, getting new values vault when ttl expires.

this applies everything, vault tokens included.


Comments

Post a Comment

Popular posts from this blog

Ansible warning on jinja2 braces on when -

i using code in vars my_var: "{{lookup('env','my_var') | default(true, true)}}" i using like - include: task.yml when: my_var this worked without issue in ansible 2.2 in ansible 2.3 warning this [warning]: when statements should not include jinja2 templating delimiters such {{ }} or {% %}. found: {{lookup('env','my_var') | default(true, true)}} so if use my_var: "lookup('env','my_var') | default(true, true)" , mean remove {{ }} , no warning my_var evaluated true no matter if pass false env variable. works fine in previous code gave how can fix it? the cleanest way set fact instead of using template in variable (it prevent lookup plugin being called multiple times in included tasks - not huge performance gain, cleaner): - set_fact: my_var: "{{lookup('env','my_var') | default(true, true)}}" also mind evaluate true in cases when environment my_var diff...
Read more

Parsing a protocol message from Go by Java -

i write server(go)-client(java) programe, , use protobuf communication. define proto file , share between server , client. in server side: compile shared proto file go protoc serialize object proto.marshal send client make request service in client side: compile shared proto file java protoc get bytes transferred via http deserialize bytes object. here following error: "com.google.protobuf.invalidprotocolbufferexception: while parsing protocol message, input ended unexpectedly in middle of field. mean either input has been truncated or embedded message misreported own length." i confirmed http work fine , value of bytes received in client side same bytes send server. have same problem on this? here proto file syntax = "proto3"; package tutorial; message person { string name = 1; int32 id = 2; string email = 3; enum phonetype { mobile = 0; home = 1; work = 2; } message phonenumber { ...
Read more

html - How to custom Bootstrap grid height? -

why bootstrap grid has height 591.067 ? did height came ? .main-post { padding: 20px; background-color: #fff; border: 1px solid #d8d8d8; margin-bottom: 100px; } .main-post .post-categories { margin-bottom: 10px } .main-post h3 { margin: 0 0 10px; color: #777; letter-spacing: -1px; font-weight: bold } .main-post .post-author, .main-post .post-date, .main-post .post-comments { font-size: 12px } .main-post img { display: block; margin: 10px 0; } .main-post .post-summary { line-height: 1.7; color: #888 } .main-post { color: #999 } <div class="col-sm-6"> <div class="main-post"> <h3 class="post-title"> <a href="#"> post title </a> </...
Read more