Is there a way to generate vault client tokens that don't expire at all? -


i'm using https://www.vaultproject.io/docs/auth/approle.html generate vault client tokens,but want them never expire @ all. possible ?

no, in fact bad idea(tm). can close however. can set max ttl's out 10 years, or something, , have not expire. but, bad security perspective. goal here is, able easily rotate secrets @ time. i.e. see stole secret login, should able , set new password , code/programs using secrets should handle it, getting new values vault when ttl expires.

this applies everything, vault tokens included.


Comments

Popular posts from this blog

Ansible warning on jinja2 braces on when -

Parsing a protocol message from Go by Java -

html - How to custom Bootstrap grid height? -