Name: vault_token_lister
Owner: DRUD
Description: Small tool to traverse vault token accessors looking for root tokens to revoke.
Created: 2016-12-29 21:00:36.0
Updated: 2018-05-21 20:34:49.0
Pushed: 2017-07-18 21:00:36.0
Size: 111
Language: Go
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This tiny tool is built to walk the token accessors in a Hashicorp Vault and use them to access the details and policies for each case, normally to allow (manual) revocation using the accessor.
It was written as a way to detect all root-level tokens so they could be revoked per best practices suggested in vault manual (see “root tokens”).
Just run “make” and it will install into $GOPATH/bin
vault_token_lister -targetVaultAddr=https://example.com:8200 -rootToken=someroot-7644-a9aa
vault_token_lister -targetVaultAddr=https://example.com:8200 -rootToken=someroot-7644-a9aa -policy=root
vault_token_lister -targetVaultAddr=https://example.com:8200 -rootToken=someroot-7644-a9aa -policy=somepolicy