Type '/' to Search

»auth tune

The auth tune command tunes the configuration options for the auth method at the given PATH. The argument corresponds to the PATH where the auth method is enabled, not the TYPE!

»Examples

Before tuning the auth method configuration, view the current configuration of the auth method enabled at "github/".

$ vault read sys/auth/github/tune
Key                  Value
---                  -----
default_lease_ttl    768h
description          n/a
force_no_cache       false
max_lease_ttl        768h
token_type           default-service

$ vault read sys/auth/github/tuneKey                  Value---                  -----default_lease_ttl    768hdescription          n/aforce_no_cache       falsemax_lease_ttl        768htoken_type           default-service

The default lease for the auth method enabled at "github/" is currently set to 768 hours. Tune this value to 72 hours.

$ vault auth tune -default-lease-ttl=72h github/
Success! Tuned the auth method at: github/

$ vault auth tune -default-lease-ttl=72h github/Success! Tuned the auth method at: github/

You can specify multiple audit non-hmac request keys.

$ vault auth tune -audit-non-hmac-request-keys=value1 -audit-non-hmac-request-keys=value2 github/
Success! Tuned the auth method at: github/

$ vault auth tune -audit-non-hmac-request-keys=value1 -audit-non-hmac-request-keys=value2 github/Success! Tuned the auth method at: github/

»Usage

The following flags are available in addition to the standard set of flags included on all commands.

  • -audit-non-hmac-request-keys (string: "") - Key that will not be HMAC'd by audit devices in the request data object. Note that multiple keys may be specified by providing this option multiple times, each time with 1 key.

  • -audit-non-hmac-response-keys (string: "") - Key that will not be HMAC'd by audit devices in the response data object. Note that multiple keys may be specified by providing this option multiple times, each time with 1 key.

  • -default-lease-ttl (duration: "") - The default lease TTL for this auth method. If unspecified, this defaults to the Vault server's globally configured default lease TTL, or a previously configured value for the auth method.

  • -max-lease-ttl (duration: "") - The maximum lease TTL for this auth method. If unspecified, this defaults to the Vault server's globally configured maximum lease TTL, or a previously configured value for the auth method.