vault token
This command groups subcommands for interacting with tokens. Users can create, lookup, renew, and revoke tokens
Subcommands
| Name | Description |
|---|---|
capabilities | Fetches the capabilities of a token for a given path. If a TOKEN is provided as an argument, the '/sys/capabilities' endpoint and permission is used. If no TOKEN is provided, the '/sys/capabilities-self' endpoint and permission is used with the locally authenticated token |
create | Creates a new token that can be used for authentication. This token will be created as a child of the currently authenticated token. The generated token will inherit all policies and permissions of the currently authenticated token unless you explicitly define a subset list policies to assign to the token |
lookup | Displays information about a token or accessor. If a TOKEN is not provided, the locally authenticated token is use |
renew | Renews a token's lease, extending the amount of time it can be used. If a TOKEN is not provided, the locally authenticated token is used. A token accessor can be used as well. Lease renewal will fail if the token is not renewable, the token has already been revoked, or if the token has already reached its maximum TTL |
revoke | Revokes authentication tokens and their children. If a TOKEN is not provided, the locally authenticated token is used. The '-mode' flag can be used to control the behavior of the revocation. See the '-mode' flag documentation for more information |