Home

vhsm token

Learn about managing authentication tokens in vHSM server.

The vhsm token command manages authentication tokens in vHSM. Users can create, lookup, renew, and revoke tokens.

Usage

vhsm token <subcommand> [options] [arguments]

Subcommands

Command
Description

capabilities

Print the capabilities of a token for a given path.

create

Create a new authentication token.

lookup

Retrieve information about a token.

renew

Extend the lease of a token.

revoke

Revoke a token and its children.

token capabilities

Fetches the capabilities of a token for a specified path.

Example

List capabilities for the current token on the secret/foo path:

vhsm token capabilities secret/foo

Output

read

List capabilities for a specific token on the database/creds/readonly path:

vhsm token capabilities 96ddf4bc-d217-f3ba-f9bd-017055595017 database/creds/readonly

Output

deny

token create

Creates a new authentication token. This token will inherit policies from the currently authenticated token unless explicitly specified.

Examples

Create a token with specific policies:

vhsm token create -policy=my-policy -policy=other-policy

Create a periodic token:

vhsm token create -period=30m

Options

Option
Description

-policy

Attach a policy to the token. Multiple policies can be added.

-ttl

Set an initial TTL for the token.

-renewable

Allow token renewal (default: true).

-explicit-max-ttl

Set a hard maximum lifetime for the token.

token lookup

Retrieves information about a token. If no token is provided, the currently authenticated token is used.

Examples

Get information about the current token:

vhsm token lookup

Get information about a specific token:

vhsm token lookup 96ddf4bc-d217-f3ba-f9bd-017055595017

Get information via a token's accessor:

vhsm token lookup -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da

token renew

Extends the lease of a token. If no token is provided, the currently authenticated token is used.

Examples

Renew a specific token:

vhsm token renew 96ddf4bc-d217-f3ba-f9bd-017055595017

Renew the currently authenticated token:

vhsm token renew

Renew a token with a specific increment:

vhsm token renew -increment=30m 96ddf4bc-d217-f3ba-f9bd-017055595017

Options

Option

Description

-increment

Request a specific renewal increment.

token revoke

Revokes authentication tokens and their children.

Examples

Revoke a specific token and its children:

vhsm token revoke 96ddf4bc-d217-f3ba-f9bd-017055595017

Revoke a token but leave its children:

vhsm token revoke -mode=orphan 96ddf4bc-d217-f3ba-f9bd-017055595017

Revoke a token using an accessor:

vhsm token revoke -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da

Options

Option
Description

-accessor

Treat argument as an accessor instead of a token.

-mode

Specify revocation mode (orphan to leave children intact).

Previousvhsm authNextvhsm policy

Last updated

Was this helpful?