Quico/vault-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

3-add-example-for-periodic-orphan-token #4

Merged
hygienic-books merged 7 commits from 3-add-example-for-periodic-orphan-token into master 2023-04-25 00:23:44 +00:00
Conversation 0 Commits 7 Files Changed 2 +4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 7f08b52a0c - Show all commits

4
README.md
View File

@ -185,6 +185,10 @@ Their `list` permission only begins one lever deeper at `kv/list/for_rbacgroup_z
https://f.q.d.n/ui/vault/secrets/kv/list/for_rbacgroup_zabbix https://f.q.d.n/ui/vault/secrets/kv/list/for_rbacgroup_zabbix
``` ```
### Permission to create orphan tokens
The next example will explain orphan tokens. If you've followed examples above your Vault instance will have an `administrators` group with an `administrator` policy assigned to it. Users in that group will already have `write` access to `auth/token/create-orphan` so you can just use one of your `administrators` entities to follow along.
## Clean-up ## Clean-up
If during any of the above steps you've used the Vault command-line client to authenticate against Vault with your `root` token make sure that client's `~/.vault-token` file is deleted. It contains the verbatim `root` token. If during any of the above steps you've used the Vault command-line client to authenticate against Vault with your `root` token make sure that client's `~/.vault-token` file is deleted. It contains the verbatim `root` token.