# First of all we are going to start Vault in development mode | |
vault server -dev | |
# Now set your Vault address environment variable | |
export VAULT_ADDR=http://127.0.0.1:8200 | |
# Set the root token variable | |
root_token=ROOT_TOKEN_VALUE | |
# And log into Vault using the root token | |
vault login $root_token | |
# First we are going to create a basic token | |
vault token create -policy=default -ttl=60m | |
# Now let's check out some info on the token | |
vault token lookup TOKEN_VALUE | |
# We can do the same using the accessor, but no ID | |
vault token lookup -accessor ACCESSOR_VALUE | |
# Now let's revoke our token | |
vault token revoke -accessor ACCESSOR_VALUE | |
# Cool, now let's enable an auth method and explore TTL a bit |
# Let's make sure we're logged in as the root token | |
vault login $root_token | |
# Now we'll create a batch token with a ttl of 30m | |
vault token create -type=batch -policy=default -ttl=30m | |
# Wow, look at that id, it's LOOOOOOOOOOOOOOOOOOOOOOOOOOONG | |
# Let's try to lookup the properties of a batch token | |
batch_id=BATCH_TOKEN_ID | |
batch_id=hvb.AAAAAQI0YGLmWCczzo_pxO20clO1h7C3p_KINA_x4pIAoH9gcmhFneynW8FJboIgRLcHcIrm58dvF2hy0VdHqSuRNH5PbhL85TXYkuytfHvE5MU8QunfNwLThXEoXAYaKkyiyHsfyAkHHYKN0uL1VHOf7zm0CNGdLw | |
vault token lookup $batch_id | |
# It's not an orphan and it cannot be renewed | |
vault token renew $batch_id | |
# We are going to try setting max ttl from the mount and user | |
# Start by enabling the max ttl for userpass to 33 days (776h) | |
# Enable userpass auth method | |
vault auth enable -max-lease-ttl=776h userpass | |
# Now we are going to try and configure a user with a great max ttl of 784h | |
# Note: Vault will let you do this, but it won't honor it. | |
vault write auth/userpass/users/ned token_max_ttl=2822400 password=tacos | |
# Let's try logging in as Ned and renewing our token for 34 days (784h) | |
vault login -method=userpass username=ned | |
password - tacos | |
vault token renew -increment=784h | |
# If we changed the max TTL on the mount to 784h, then Vault would honor | |
# the value set at the user level. I leave this as an exercise for you. | |
# Now we can revoke our own token if we're done with our work | |
vault token revoke -self | |
vault token lookup |
# What about a periodic token? Let's create one of those | |
# Login as the root token | |
vault login $root_token | |
# Now create a periodic token | |
vault token create -policy=default -period=2h | |
# And take a look at its properties | |
vault token lookup PERIODIC_TOKEN_ID | |
# Now let's try to renew | |
vault token renew -increment=180m PERIODIC_TOKEN_ID | |
# Looking at the properties again, the ttl is back to 2h | |
# If you supply an increment, Vault ignores it |
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND