Reputation: 51
Is there a way to know expire vault client tokens?
I'm using https://www.vaultproject.io/docs/auth/approle.html to generate vault client tokens,but I want to know tokens expire state. Is that possible ?
Upvotes: 2
Views: 7621
Answers (2)
Reputation: 2707
This is pretty straight forward if you have the token itself, as there are multiple ways to check validity:
vault token lookup
or with a cURL request + jq:
curl -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" https://{{ your-vault-server-here }}/v1/auth/token/lookup-self | jq -re .data.ttl
The first command will fail with a 403 error (and return a non-zero code) if the token is expired, or print out a nicely formatted overview of the token's details (and return zero) if the token is still valid.
The second command does exactly the same with the difference that it prints out the ttl in seconds if the token is valid.
Upvotes: 8
Reputation: 474
You can get lease_duration and compare it with the current date time. If current date time is after lease_duration, token should be expired. Can you please try?
Upvotes: 0
Related Questions
- Detect when a secret changes in Hashicorp Vault
- How to check if token expired in java?
- "Missing client token" when authenticating with login/pass on Hashicorp Vault
- Vault login token expiring unexpectedly
- Vault wrapping token - number of usage
- How to check JWT token expiration time without secret?
- Get secret from hashicorp vault using java application with service token
- How to know the validity of a vault token that is being used for connecting to vault?
- VAULT_CLIENT_TOKEN keeps expiring every 24h
- Is there a way to generate vault client tokens that don't expire at all?