Tokens with admin policy have expired.
Plan to issue such tokens is:
- a convenience self-service issuing for new tokens through Salt
- when we trust a correct and safe SSO solution, switch to it
Description
Description
Revisions and Commits
Revisions and Commits
| rOPS Nasqueron Operations | |||
| D3355 | rOPS4fdae60b2437 Allow Salt policy to create admin-level tokens | ||
| D3357 | rOPS02c2202539c6 Allow to issue Vault token with admin policy | ||
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | dereckson | T1975 Allow ops to login to Vault | |||
| Duplicate | None | T1976 Update Salt to 3007 on FreeBSD servers |
Event Timeline
Comment Actions
Solution is satisfactory and stable all summer long.
To get on devserver a token to use with Salt in CLI:
WindRiver
ssh complector sudo /opt/salt/nasqueron-operations/utils/vault/issue-admin-token.py > ~/.vault-token
Documented on https://agora.nasqueron.org/Operations_grimoire/Vault#Howto