Reputation: 1
Token Life cycle managment
Does VaultSharp manage token life cycle? I am using VaultSharp and see the token lease duration is set at 3,600 seconds. I ran some tests within that time using a singleton instance of the VaultClient object. Everything worked as expected. Only the first API call triggered a call to login and all subsequent calls went through. Once an hour passed, a call to encrypt just threw an exception with a permission denied error. VaultSharp did not make any attempts to renew the lease or authenticate to get a new token behind the scenes. I was previously using VaultAgent and token life cycle was managed via VaultAgent. I was hoping VaultSharp would eliminate the need to use VaultAgent.
Upvotes: 0
Views: 631
Answers (1)
Reputation: 9499
VaultSharp doesn't do token lifecycle management, at this point in time.
Vault agent is a client side daemon that runs on its own. VaultSharp is intended to be integrated into an application programmatically.
You are correct on your initial observation. VaultSharp performs the login operation only once. After that the Vault token is used for ever.
At this point, the expectation is for the consumer of the library to record the lease expiration time, and renew the creds accordingly.
If you strongly wish for the lifecycle feature, please create a GH feature request and I'll triage it.
Upvotes: 1
Related Questions
- Vault login token expiring unexpectedly
- Vault wrapping token - number of usage
- What does this third Azure Token lifetime refer to?
- What is Lifespan value for ID Token?
- VAULT_CLIENT_TOKEN keeps expiring every 24h
- Salesforce - Immortal access token
- Azure refresh token expiration scenario
- OpenStack API token lifespan extension
- Account activation and password reset tokens
- Authorize.net Token Expiration