Query on vault secrets expiry
293 views
Skip to first unread message
Bharath B
Feb 19, 2017, 3:14:24 AM2/19/17
to Vault
Hi,
Is there anyway we can find out the remaining time of a secret, before it expires?
Expiry was set using the "ttl" key, when the secret was written to vault.
Thanks in advance.
Regards,
Bharath B
Jeff Mitchell
Feb 20, 2017, 10:51:02 AM2/20/17
to vault...@googlegroups.com
Hi Bharath,
If you're talking about the generic backend (for instance those under the secret/ namespace) they don't expire and will never be removed until you delete them.
Otherwise, specifically what are you asking about?
Best,
Jeff
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/4dddad13-415b-4d99-9f60-a9ab0c722217%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Bharath B
Feb 22, 2017, 2:00:40 AM2/22/17
to Vault
Hi Jeff,
Thanks for the response.
Now that I got to know in generic backend, the parameters will never be expired, would like to know how can I use the expiry feature of vault.
And is the behavior w.r.t expiration same on the private mounted backends, used for storing the secrets.
Thanks,
Bharath B
On Monday, 20 February 2017 21:21:02 UTC+5:30, Jeff Mitchell wrote:
Hi Bharath,If you're talking about the generic backend (for instance those under the secret/ namespace) they don't expire and will never be removed until you delete them.Otherwise, specifically what are you asking about?Best,Jeff
On Sun, Feb 19, 2017 at 3:14 AM, Bharath B <bharath...@gmail.com> wrote:
Hi,Is there anyway we can find out the remaining time of a secret, before it expires?Expiry was set using the "ttl" key, when the secret was written to vault.Thanks in advance.Regards,Bharath B
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
Craig Sawyer
Mar 1, 2017, 7:05:26 PM3/1/17
to Vault
vault tokens expire magically, you don't have to do anything. Once a token is expired, it is useless. By default tokens expire in 32 days, but you can change this of course, when you create a token; they can also be renewable, if you choose to allow that.
If you want to expire things in the generic backend, you have to do that yourself, vault doesn't do anything for you, other than have a ttl value you can use, see the docs:
https://www.vaultproject.io/docs/secrets/generic/index.html for more information.
otherwise, what backend are you talking about specifically?
-Craig
If you want to expire things in the generic backend, you have to do that yourself, vault doesn't do anything for you, other than have a ttl value you can use, see the docs:
https://www.vaultproject.io/docs/secrets/generic/index.html for more information.
otherwise, what backend are you talking about specifically?
-Craig
Reply all
Reply to author
Forward
0 new messages