vhsm token

Learn about managing authentication tokens in vHSM server.

The vhsm token command manages authentication tokens in vHSM. Users can create, lookup, renew, and revoke tokens.

Usage

vhsm token <subcommand> [options] [arguments]

Subcommands

Command

Description

Print the capabilities of a token for a given path.

Create a new authentication token.

Retrieve information about a token.

Extend the lease of a token.

Revoke a token and its children.

`token capabilities`

Fetches the capabilities of a token for a specified path.

Example

List capabilities for the current token on the secret/foo path:

vhsm token capabilities secret/foo

Output

read

List capabilities for a specific token on the database/creds/readonly path:

vhsm token capabilities 96ddf4bc-d217-f3ba-f9bd-017055595017 database/creds/readonly

Output

deny

`token create`

Creates a new authentication token. This token will inherit policies from the currently authenticated token unless explicitly specified.

Examples

Create a token with specific policies:

vhsm token create -policy=my-policy -policy=other-policy

Create a periodic token:

vhsm token create -period=30m

Options

Option

Description

-policy

Attach a policy to the token. Multiple policies can be added.

-ttl

Set an initial TTL for the token.

-renewable

Allow token renewal (default: true).

-explicit-max-ttl

Set a hard maximum lifetime for the token.

`token lookup`

Retrieves information about a token. If no token is provided, the currently authenticated token is used.

Examples

Get information about the current token:

vhsm token lookup

Get information about a specific token:

vhsm token lookup 96ddf4bc-d217-f3ba-f9bd-017055595017

Get information via a token's accessor:

vhsm token lookup -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da

`token renew`

Extends the lease of a token. If no token is provided, the currently authenticated token is used.

Examples

Renew a specific token:

vhsm token renew 96ddf4bc-d217-f3ba-f9bd-017055595017

Renew the currently authenticated token:

vhsm token renew

Renew a token with a specific increment:

vhsm token renew -increment=30m 96ddf4bc-d217-f3ba-f9bd-017055595017

Options

Option

Description

-increment

Request a specific renewal increment.

`token revoke`

Revokes authentication tokens and their children.

Examples

Revoke a specific token and its children:

vhsm token revoke 96ddf4bc-d217-f3ba-f9bd-017055595017

Revoke a token but leave its children:

vhsm token revoke -mode=orphan 96ddf4bc-d217-f3ba-f9bd-017055595017

Revoke a token using an accessor:

vhsm token revoke -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da

Options

Option

Description

-accessor

Treat argument as an accessor instead of a token.

-mode

Specify revocation mode (orphan to leave children intact).

Previousvhsm auth Nextvhsm policy

Last updated 1 month ago

Was this helpful?

vhsm token

Learn about managing authentication tokens in vHSM server.

The vhsm token command manages authentication tokens in vHSM. Users can create, lookup, renew, and revoke tokens.

Usage

vhsm token <subcommand> [options] [arguments]

Subcommands

Command

Description

Print the capabilities of a token for a given path.

Create a new authentication token.

Retrieve information about a token.

Extend the lease of a token.

Revoke a token and its children.

`token capabilities`

Fetches the capabilities of a token for a specified path.

Example

List capabilities for the current token on the secret/foo path:

vhsm token capabilities secret/foo

Output

read

List capabilities for a specific token on the database/creds/readonly path:

vhsm token capabilities 96ddf4bc-d217-f3ba-f9bd-017055595017 database/creds/readonly

Output

deny

`token create`

Creates a new authentication token. This token will inherit policies from the currently authenticated token unless explicitly specified.

Examples

Create a token with specific policies:

vhsm token create -policy=my-policy -policy=other-policy

Create a periodic token:

vhsm token create -period=30m

Options

Option

Description

-policy

Attach a policy to the token. Multiple policies can be added.

-ttl

Set an initial TTL for the token.

-renewable

Allow token renewal (default: true).

-explicit-max-ttl

Set a hard maximum lifetime for the token.

`token lookup`

Retrieves information about a token. If no token is provided, the currently authenticated token is used.

Examples

Get information about the current token:

vhsm token lookup

Get information about a specific token:

vhsm token lookup 96ddf4bc-d217-f3ba-f9bd-017055595017

Get information via a token's accessor:

vhsm token lookup -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da

`token renew`

Extends the lease of a token. If no token is provided, the currently authenticated token is used.

Examples

Renew a specific token:

vhsm token renew 96ddf4bc-d217-f3ba-f9bd-017055595017

Renew the currently authenticated token:

vhsm token renew

Renew a token with a specific increment:

vhsm token renew -increment=30m 96ddf4bc-d217-f3ba-f9bd-017055595017

Options

Option

Description

-increment

Request a specific renewal increment.

`token revoke`

Revokes authentication tokens and their children.

Examples

Revoke a specific token and its children:

vhsm token revoke 96ddf4bc-d217-f3ba-f9bd-017055595017

Revoke a token but leave its children:

vhsm token revoke -mode=orphan 96ddf4bc-d217-f3ba-f9bd-017055595017

Revoke a token using an accessor:

vhsm token revoke -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da

Options

Option

Description

-accessor

Treat argument as an accessor instead of a token.

-mode

Specify revocation mode (orphan to leave children intact).

Previousvhsm auth Nextvhsm policy

Last updated 1 month ago

Was this helpful?