3-add-example-for-periodic-orphan-token #4
@@ -185,6 +185,10 @@ Their `list` permission only begins one lever deeper at `kv/list/for_rbacgroup_z
|
||||
https://f.q.d.n/ui/vault/secrets/kv/list/for_rbacgroup_zabbix
|
||||
```
|
||||
|
||||
### Permission to create orphan tokens
|
||||
|
||||
The next example will explain orphan tokens. If you've followed examples above your Vault instance will have an `administrators` group with an `administrator` policy assigned to it. Users in that group will already have `write` access to `auth/token/create-orphan` so you can just use one of your `administrators` entities to follow along.
|
||||
|
||||
## Clean-up
|
||||
|
||||
If during any of the above steps you've used the Vault command-line client to authenticate against Vault with your `root` token make sure that client's `~/.vault-token` file is deleted. It contains the verbatim `root` token.
|
||||
|
||||
Reference in New Issue
Block a user