Comments (4)
alexhung
commented on July 1, 2024
1
Is this an expected behaviour? If yes, is setting the max-lease-ttl when mounting the secret engine the proper way to definitely limit the max_ttl?
@loicgreffier Without diving into the code, I'd say yes. Using max-least-ttl arg or change your Vault global configuration are the ways to limit the token's max_ttl.
from vault-plugin-secrets-artifactory.
loicgreffier
commented on July 1, 2024
1
@alexhung Thanks for the feedback. I guess the issue can be closed as this is the expected behaviour
from vault-plugin-secrets-artifactory.
alexhung
commented on July 1, 2024
@loicgreffier Thanks for the report. I've added this to our plan.
from vault-plugin-secrets-artifactory.
alexhung
commented on July 1, 2024
@loicgreffier When max-lease-ttl is not explicitly set, the plugin uses max lease TTL configured in your Vault server by default. (https://github.com/jfrog/vault-plugin-secrets-artifactory/blob/master/path_user_token_create.go#L116) IIRC that's 768 hours: https://developer.hashicorp.com/vault/docs/configuration#max_lease_ttl
from vault-plugin-secrets-artifactory.
Related Issues (20)
- Renaming repository HOT 4
- GPG Signed *binary* sha256sums in release HOT 5
- Future Makefile ideas
- Embed current version changes (like from the changelog) in release HOT 1
- DELETE artifactory/config/admin should revoke its own access token HOT 7
- Should DELETE artifactory/config/admin cleanup all leased tokens? HOT 3
- BATs acceptance tests? HOT 2
- Add User-Agent string to Artifactory API HTTP request header
- useExpiringTokens should be TypeBool
- test: config/rotate with a bad current token returns the wrong error
- Verification Steps: Signature on GPG Key? HOT 9
- Scoped down tokens from artifactory role HOT 8
- include_reference_token and refreshable not working when configured by default HOT 3
- non-admin token HOT 2
- TTL is not being respected in V1.3 HOT 3
- Circle of Trust Instances cannot be Supported with expiring tokens. HOT 1
- [Question] Using bearer token for login
- Access token caching in Vault HOT 4
- Admin-level setting to enable/disable refreshable tokens HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vault-plugin-secrets-artifactory.