vhsm token
Learn about managing authentication tokens in vHSM server.
The vhsm token command manages authentication tokens in vHSM. Users can create, lookup, renew, and revoke tokens.
Usage
Subcommands
Print the capabilities of a token for a given path.
Create a new authentication token.
Retrieve information about a token.
Extend the lease of a token.
Revoke a token and its children.
token capabilities
token capabilitiesFetches the capabilities of a token for a specified path.
Example
List capabilities for the current token on the secret/foo path:
Output
List capabilities for a specific token on the database/creds/readonly path:
Output
token create
token createCreates a new authentication token. This token will inherit policies from the currently authenticated token unless explicitly specified.
Examples
Create a token with specific policies:
Create a periodic token:
Options
-policy
Attach a policy to the token. Multiple policies can be added.
-ttl
Set an initial TTL for the token.
-renewable
Allow token renewal (default: true).
-explicit-max-ttl
Set a hard maximum lifetime for the token.
token lookup
token lookupRetrieves information about a token. If no token is provided, the currently authenticated token is used.
Examples
Get information about the current token:
Get information about a specific token:
Get information via a token's accessor:
token renew
token renewExtends the lease of a token. If no token is provided, the currently authenticated token is used.
Examples
Renew a specific token:
Renew the currently authenticated token:
Renew a token with a specific increment:
Options
Option
Description
-increment
Request a specific renewal increment.
token revoke
token revokeRevokes authentication tokens and their children.
Examples
Revoke a specific token and its children:
Revoke a token but leave its children:
Revoke a token using an accessor:
Options
-accessor
Treat argument as an accessor instead of a token.
-mode
Specify revocation mode (orphan to leave children intact).
Last updated
Was this helpful?