0

Does VaultSharp manage token life cycle? I am using VaultSharp and see the token lease duration is set at 3,600 seconds. I ran some tests within that time using a singleton instance of the VaultClient object. Everything worked as expected. Only the first API call triggered a call to login and all subsequent calls went through. Once an hour passed, a call to encrypt just threw an exception with a permission denied error. VaultSharp did not make any attempts to renew the lease or authenticate to get a new token behind the scenes. I was previously using VaultAgent and token life cycle was managed via VaultAgent. I was hoping VaultSharp would eliminate the need to use VaultAgent.

MC1234
  • 1

1 Answers1

1

VaultSharp doesn't do token lifecycle management, at this point in time.

Vault agent is a client side daemon that runs on its own. VaultSharp is intended to be integrated into an application programmatically.

You are correct on your initial observation. VaultSharp performs the login operation only once. After that the Vault token is used for ever.

At this point, the expectation is for the consumer of the library to record the lease expiration time, and renew the creds accordingly.

If you strongly wish for the lifecycle feature, please create a GH feature request and I'll triage it.

Raja Nadar
  • 9,409
  • 2
  • 32
  • 41
  • Is there a code sample on how to find out the TTL of a token? – Pete Whitehead Jul 01 '21 at 21:43
  • 1
    hi Pete, the docs were missing on that API. VaultSharp supports 2 ways to find TTL of a token. A LookupToken api where you can explicitly pass in any Vault-Token. Or a LookupSelf API, where the implicit current vault token info will be returned. I have added the docs for it. Please refer to https://github.com/rajanadar/VaultSharp/blob/master/README.md#token-lookup-any-token or https://github.com/rajanadar/VaultSharp/blob/master/README.md#token-lookup-calling-token – Raja Nadar Jul 03 '21 at 04:51