Vault:如何减少 ssh otp 的租约期限?
我使用以下命令生成一次性密码:
$ vault write ssh/creds/otp_key_role ip=172.31.47.83
Key Value
--- -----
lease_id ssh/creds/otp_key_role/TqKAoY2kWLN058cRIzJab5qY
lease_duration 768h
lease_renewable false
ip 172.31.47.83
key ec90e030-f126-ae76-c989-177f33401536
key_type otp
port 22
username test-user
otp的lease_duration是768h,我想将lease_duration减少到1h,我该怎么做?
I am use the following comand to generate one time password:
$ vault write ssh/creds/otp_key_role ip=172.31.47.83
Key Value
--- -----
lease_id ssh/creds/otp_key_role/TqKAoY2kWLN058cRIzJab5qY
lease_duration 768h
lease_renewable false
ip 172.31.47.83
key ec90e030-f126-ae76-c989-177f33401536
key_type otp
port 22
username test-user
the lease_duration of otp is 768h, I want to reduce the lease_duration to 1h, how can I do it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以使用以下命令来减少动态密钥的最大租约持续时间。它需要在运行Vault并安装Vault CLI的服务器内部运行
“pathtosecret”应该是您在启用秘密引擎时定义的路径(我认为在您的情况下是ssh)
You can use the following command to reduce the max lease duration for dynamic secrets. It needs to be run inside the server where vault is running and vault CLI is installed
The "pathtosecret" should be the path that you defined while enabling the secret engine (ssh i think in your case)