drud/vault_token_lister

Name: vault_token_lister

Owner: DRUD

Description: Small tool to traverse vault token accessors looking for root tokens to revoke.

Created: 2016-12-29 21:00:36.0

Updated: 2018-05-21 20:34:49.0

Pushed: 2017-07-18 21:00:36.0

Homepage:

Size: 111

Language: Go

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

Hashicorp Vault Token Lister

This tiny tool is built to walk the token accessors in a Hashicorp Vault and use them to access the details and policies for each case, normally to allow (manual) revocation using the accessor.

It was written as a way to detect all root-level tokens so they could be revoked per best practices suggested in vault manual (see “root tokens”).

Build:

Just run “make” and it will install into $GOPATH/bin

Usage:
vault_token_lister -targetVaultAddr=https://example.com:8200 -rootToken=someroot-7644-a9aa 
vault_token_lister -targetVaultAddr=https://example.com:8200 -rootToken=someroot-7644-a9aa -policy=root
vault_token_lister -targetVaultAddr=https://example.com:8200 -rootToken=someroot-7644-a9aa -policy=somepolicy
This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.