vhsm token

Learn about managing authentication tokens in vHSM server.

The vhsm token command manages authentication tokens in vHSM. Users can create, lookup, renew, and revoke tokens.

Usage

vhsm token <subcommand> [options] [arguments]

Subcommands

Command
Description

Print the capabilities of a token for a given path.

Create a new authentication token.

Retrieve information about a token.

Extend the lease of a token.

Revoke a token and its children.

token capabilities

Fetches the capabilities of a token for a specified path.

Example

List capabilities for the current token on the secret/foo path:

vhsm token capabilities secret/foo

Output

read

List capabilities for a specific token on the database/creds/readonly path:

vhsm token capabilities 96ddf4bc-d217-f3ba-f9bd-017055595017 database/creds/readonly

Output

deny

token create

Creates a new authentication token. This token will inherit policies from the currently authenticated token unless explicitly specified.

Examples

Create a token with specific policies:

vhsm token create -policy=my-policy -policy=other-policy

Create a periodic token:

vhsm token create -period=30m

Options

Option
Description

-policy

Attach a policy to the token. Multiple policies can be added.

-ttl

Set an initial TTL for the token.

-renewable

Allow token renewal (default: true).

-explicit-max-ttl

Set a hard maximum lifetime for the token.

token lookup

Retrieves information about a token. If no token is provided, the currently authenticated token is used.

Examples

Get information about the current token:

vhsm token lookup

Get information about a specific token:

vhsm token lookup 96ddf4bc-d217-f3ba-f9bd-017055595017

Get information via a token's accessor:

vhsm token lookup -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da

token renew

Extends the lease of a token. If no token is provided, the currently authenticated token is used.

Examples

Renew a specific token:

vhsm token renew 96ddf4bc-d217-f3ba-f9bd-017055595017

Renew the currently authenticated token:

vhsm token renew

Renew a token with a specific increment:

vhsm token renew -increment=30m 96ddf4bc-d217-f3ba-f9bd-017055595017

Options

Option

Description

-increment

Request a specific renewal increment.

token revoke

Revokes authentication tokens and their children.

Examples

Revoke a specific token and its children:

vhsm token revoke 96ddf4bc-d217-f3ba-f9bd-017055595017

Revoke a token but leave its children:

vhsm token revoke -mode=orphan 96ddf4bc-d217-f3ba-f9bd-017055595017

Revoke a token using an accessor:

vhsm token revoke -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da

Options

Option
Description

-accessor

Treat argument as an accessor instead of a token.

-mode

Specify revocation mode (orphan to leave children intact).

Last updated

Was this helpful?