Starting: 1st of Every Month 
+91 8409492687 
Contact@DevOpsSchool.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First of all we are going to start Vault in development mode | |
| vault server -dev | |
| # Now set your Vault address environment variable | |
| export VAULT_ADDR=http://127.0.0.1:8200 | |
| # Set the root token variable | |
| root_token=ROOT_TOKEN_VALUE | |
| # And log into Vault using the root token | |
| vault login $root_token | |
| # First we are going to create a basic token | |
| vault token create -policy=default -ttl=60m | |
| # Now let's check out some info on the token | |
| vault token lookup TOKEN_VALUE | |
| # We can do the same using the accessor, but no ID | |
| vault token lookup -accessor ACCESSOR_VALUE | |
| # Now let's revoke our token | |
| vault token revoke -accessor ACCESSOR_VALUE | |
| # Cool, now let's enable an auth method and explore TTL a bit |
by
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Let's make sure we're logged in as the root token | |
| vault login $root_token | |
| # Now we'll create a batch token with a ttl of 30m | |
| vault token create -type=batch -policy=default -ttl=30m | |
| # Wow, look at that id, it's LOOOOOOOOOOOOOOOOOOOOOOOOOOONG | |
| # Let's try to lookup the properties of a batch token | |
| batch_id=BATCH_TOKEN_ID | |
| batch_id=hvb.AAAAAQI0YGLmWCczzo_pxO20clO1h7C3p_KINA_x4pIAoH9gcmhFneynW8FJboIgRLcHcIrm58dvF2hy0VdHqSuRNH5PbhL85TXYkuytfHvE5MU8QunfNwLThXEoXAYaKkyiyHsfyAkHHYKN0uL1VHOf7zm0CNGdLw | |
| vault token lookup $batch_id | |
| # It's not an orphan and it cannot be renewed | |
| vault token renew $batch_id | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # We are going to try setting max ttl from the mount and user | |
| # Start by enabling the max ttl for userpass to 33 days (776h) | |
| # Enable userpass auth method | |
| vault auth enable -max-lease-ttl=776h userpass | |
| # Now we are going to try and configure a user with a great max ttl of 784h | |
| # Note: Vault will let you do this, but it won't honor it. | |
| vault write auth/userpass/users/ned token_max_ttl=2822400 password=tacos | |
| # Let's try logging in as Ned and renewing our token for 34 days (784h) | |
| vault login -method=userpass username=ned | |
| password - tacos | |
| vault token renew -increment=784h | |
| # If we changed the max TTL on the mount to 784h, then Vault would honor | |
| # the value set at the user level. I leave this as an exercise for you. | |
| # Now we can revoke our own token if we're done with our work | |
| vault token revoke -self | |
| vault token lookup |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # What about a periodic token? Let's create one of those | |
| # Login as the root token | |
| vault login $root_token | |
| # Now create a periodic token | |
| vault token create -policy=default -period=2h | |
| # And take a look at its properties | |
| vault token lookup PERIODIC_TOKEN_ID | |
| # Now let's try to renew | |
| vault token renew -increment=180m PERIODIC_TOKEN_ID | |
| # Looking at the properties again, the ttl is back to 2h | |
| # If you supply an increment, Vault ignores it |
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND
