Vault cli - revoke-self & revoke-orphan
193 views
Skip to first unread message
Stuart Ingram
Aug 11, 2016, 9:42:49 AM8/11/16
to Vault
Good morning,
I seem to be missing this in the docs, I am looking for the vault cli equivalent forms to call
/auth/token/revoke-self/
/auth/token/revoke-orphan[/token]
The cli revoke command has a -mode parameter but I've not seen documentation on what are the valid enumerations for this.
Any assistance is appreciated
Thanks
- Stuart
I seem to be missing this in the docs, I am looking for the vault cli equivalent forms to call
/auth/token/revoke-self/
/auth/token/revoke-orphan[/token]
The cli revoke command has a -mode parameter but I've not seen documentation on what are the valid enumerations for this.
Any assistance is appreciated
Thanks
- Stuart
Jeff Mitchell
Aug 11, 2016, 10:10:01 AM8/11/16
to vault...@googlegroups.com
Hi Stuart,
There's information about the mode flag in the help output for "token-revoke":
...
* With the "orphan" value, only the specific token will be revoked.
All of its children will be orphaned.
...
To use revoke-self, simply do not specify a token -- the calling token
will be used with the revoke-self endpoint.
Best,
Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/25cca3c6-71bd-4232-bedd-e4b502d8ab6b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
There's information about the mode flag in the help output for "token-revoke":
...
* With the "orphan" value, only the specific token will be revoked.
All of its children will be orphaned.
...
To use revoke-self, simply do not specify a token -- the calling token
will be used with the revoke-self endpoint.
Best,
Jeff
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/25cca3c6-71bd-4232-bedd-e4b502d8ab6b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Stuart Ingram
Aug 11, 2016, 10:38:59 AM8/11/16
to Vault
Thanks Jeff, I'd missed the documentation for -mode at the top in the help.
Just running 'vault token-revoke' fails, stating "token-revoke expects one argument", this is in version 0.6
Thanks
- Stuart
Just running 'vault token-revoke' fails, stating "token-revoke expects one argument", this is in version 0.6
Thanks
- Stuart
Jeff Mitchell
Aug 11, 2016, 8:09:09 PM8/11/16
to vault...@googlegroups.com
Hi Stuart,
Sorry, my bad. I forgot that token-renew and token-lookup work this
way, but token-revoke doesn't to minimize the chance that you'll
accidentally revoke your own token when simply trying to get the
command usage.
Best,
Jeff
> https://groups.google.com/d/msgid/vault-tool/8534e21c-cd84-41a9-a895-6c488a47edd1%40googlegroups.com.
Sorry, my bad. I forgot that token-renew and token-lookup work this
way, but token-revoke doesn't to minimize the chance that you'll
accidentally revoke your own token when simply trying to get the
command usage.
Best,
Jeff
Stuart Ingram
Aug 17, 2016, 8:11:45 PM8/17/16
to Vault
Thanks Jeff for the confirmation, appreciated.
I wondered what your thoughts were on including the cli equivalent with each API definition in the documentation. I know as a new user there are some subtleties that make things initially confusing.
I wondered what your thoughts were on including the cli equivalent with each API definition in the documentation. I know as a new user there are some subtleties that make things initially confusing.
Reply all
Reply to author
Forward
0 new messages