ValenteFV
Reputation: 13
Can you tell when the secret_id will expire in Vault
I recently updated an AppRole secret_id using the following command
vault write -tls-skip-verify auth/approle/role/my-super-role-name/secret-id secret_id_ttl=4320h
How can I know when that secret-id will expire?
Since I ran the command I know that it will expire in 4320h hours, but is there a way to check the expiration if you didn't create it?
I know you can check secret_id_ttl using
vault read -tls-skip-verify auth/approle/role/my-super-role-name/secret-id-ttl
Key Value
--- -----
secret_id_ttl 4320h
But that only shows how much it was set to initially it doesn't serve as a count down.
Upvotes: 0
Views: 4599
Answers (2)
ittus
Reputation: 22403
You can call lookup path API
vault write auth/approle/role/<role-name>/secret-id/lookup secret_id=<secret-id>
Key Value
--- -----
cidr_list <value>
creation_time <value>
expiration_time <value>
last_updated_time <value>
metadata <value>
secret_id_accessor <value>
secret_id_num_uses <value>
secret_id_ttl <value>
token_bound_cidrs <value>
Upvotes: 1
Red Black
Reputation: 48
This will print info about creation_time, expiration_time, last_updated_time of specified secret-id:
https://www.vaultproject.io/api/auth/approle#read-approle-secret-id
Upvotes: 2
Related Questions
- Detect when a secret changes in Hashicorp Vault
- fetching vault secret value using terraform
- How can I tell when a Azure AD client secret expires?
- Is there a way to know expire vault client tokens?
- Vault: Get key value secrets
- Vault wrapping token - number of usage
- Single use secret in Hashicorp vault
- Set expiry in Azure key vault secret
- VAULT_CLIENT_TOKEN keeps expiring every 24h
- Vault: how to create an secret-id