Using JSON Web Tokens + Vault Token as API Keys

502 views
Skip to first unread message

walter.za...@gmail.com

unread,
Mar 26, 2018, 4:56:55 PM3/26/18
to Vault
Using JSON Web Tokens + Vault Token as API Keys

Hi, I need to create a token without expiration. 

My goal is handling the vault token with JWT.  How to shows in this article


the flow is the following, 

a user requests the key -> API requests Vault token -> create the JWT token with for example:

{
   email, 
   vault_token
}

but, vault_token has an expiration, I need the ability to set never expires


any chance to do that?
Message has been deleted

Jeff Mitchell

unread,
Mar 26, 2018, 5:45:43 PM3/26/18
to Vault
Hi,

You cannot create a token without an expiration, but you can create a token with a very, very, very long expiration period.

However, most JWTs have a validity period...I'm not sure why you'd want to have it live forever. What's your use case?

Best,
Jeff

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/e497fc6d-f741-40ae-a86b-4dd24d1bb058%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Message has been deleted

walter.za...@gmail.com

unread,
Mar 26, 2018, 6:16:21 PM3/26/18
to Vault


Hi Jeff, I appreciate your answer. My case is that I need a API Token for my App equal to has Github for example. Never expiring and only it will be able to revoke by own user. More o less how to explains this article:


https://auth0.com/blog/using-json-web-tokens-as-api-keys/

Jeff Mitchell

unread,
Mar 27, 2018, 9:49:01 AM3/27/18
to Vault
Hi Walter,

I'm still not sure I understand how Vault fits into this -- generally it is a very bad idea for Vault tokens to never expire -- but if you want, you can bump up your system max TTL value and issue tokens that expire in 999 years.

Best,
Jeff

On Mon, Mar 26, 2018 at 6:16 PM, <walter.za...@gmail.com> wrote:


Hi Jeff, I appreciate your answer. My case is that I need a API Token for my App equal to has Github for example. Never expiring and only it will be able to revoke by own user. More o less how to explains this article:


https://auth0.com/blog/using-json-web-tokens-as-api-keys/

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/1b41f705-17db-4b62-a8a0-2d6f7c8bb077%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages