update vault token

2024-09-20 21:55:43 +02:00 · 2024-09-20 21:55:43 +02:00 · 99c058f9ec
parent a51635cebe
commit 99c058f9ec
2 changed files with 20 additions and 4 deletions
--- a/infra/clusters/management/bootstrap/stage2-harden/main.tf
+++ b/infra/clusters/management/bootstrap/stage2-harden/main.tf
@ -177,6 +177,14 @@ path "auth/token/renew-self" {
  capabilities = ["update"]
 }

+path "auth/token/lookup-accessor" {
+    capabilities = ["update"]
+}
+
+path "auth/token/renew-accessor" {
+    capabilities = ["update"]
+}
+
 # Add other necessary permissions as needed
 EOT
 }
@ -184,6 +192,7 @@ EOT
 resource "vault_token" "management" {
  policies = [vault_policy.management.name]
  renewable = true
-  ttl       = "1h"
-  period    = "15m"
+  ttl       = "24h"
+  renew_min_lease = "12h"
+  renew_increment = "24h"
 }
--- a/infra/modules/cluster/main.tf
+++ b/infra/modules/cluster/main.tf
@ -105,6 +105,12 @@ path "auth/token/lookup-self" {
 path "auth/token/renew-self" {
    capabilities = ["update"]
 }
+path "auth/token/lookup-accessor" {
+    capabilities = ["update"]
+}
+path "auth/token/renew-accessor" {
+    capabilities = ["update"]
+}
 # Add other necessary permissions
 EOT
 }
@ -112,6 +118,7 @@ EOT
 resource "vault_token" "cluster" {
  policies = [vault_policy.cluster.name]
  renewable = true
-  ttl       = "1h"
-  period    = "15m"
+  ttl       = "24h"
+  renew_min_lease = "12h"
+  renew_increment = "24h"
 }