I created vault token with the following settings:
vault write sys/auth/token/tune max_lease_ttl=9000h
vault write sys/auth/token/tune default_lease_ttl=9000h
vault token create -policy=spring_cloud
Key Value
--- -----
accessor N4PBquNCvIhTLXLYiVQG235g
creation_time 1683705437
creation_ttl 9000h
display_name token
entity_id n/a
expire_time 2024-05-19T07:57:17.65597752Z
explicit_max_ttl 0s
id xxxx
issue_time 2023-05-10T07:57:17.610332378Z
last_renewal 2023-12-01T15:11:51.655977681Z
last_renewal_time 1701443511
meta <nil>
num_uses 0
orphan false
path auth/token/create
policies [default spring_cloud]
renewable true
ttl 4072h36m49s
type service
I'm trying to renew vault token with the following command
vault token renew -increment=9000h
And got the following warning:
* TTL of "9000h" exceeded the effective max_ttl of "4072h45m26s"; TTL value
is capped accordingly
As i understand, the result must be the following: increment 9000h starts from the last_renewal date(2023-12-01T15:11:51.655977681Z), so expire_time and ttl must increase. Instead of this, we have expire_time which is not increasing = it's always 9000h from the issue_time date. And ttl also doesn't increase. Only decreasing. Vault version: v1.10.3