New in version 3.3.0.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| authtype |
Default: token
|
authentication type to use: token, userpass, github, ldap, approle
|
| ca_cert |
Default: to environment variable VAULT_CACERT
|
path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
|
| ca_path |
Default: to environment variable VAULT_CAPATH
|
path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate : if ca_cert is specified, its value will take precedence
|
| client_cert |
Default: to environment variable VAULT_CLIENT_CERT
|
path to a PEM-encoded client certificate for TLS authentication to the Vault server
|
| client_key |
Default: to environment variable VAULT_CLIENT_KEY
|
path to an unencrypted PEM-encoded private key matching the client certificate
|
| display_name |
A display name to associate with this token
|
|
| explicit_max_ttl |
An explicit maximum lifetime for the token
|
|
| id |
The token value that clients will use to authenticate with vault
|
|
| lease |
If specified, the lease time will be this value. (e.g. 1h)
|
|
| metadata |
Metadata to associate with the token
|
|
| no_default_policy |
Default: no
|
If specified, the token will not have the "default" policy included in its policy set
|
| no_parent |
If specified, the token will have no parent
|
|
| num_uses |
The number of times this token can be used until it is automatically revoked
|
|
| orphan |
If specified, the token will have no parent. Only This prevents the new token from being revoked with your token.
|
|
| password |
Default: to environment variable VAULT_PASSWORD
|
password to login to vault.
|
| period |
If specified, every renewal will use the given period. Periodic tokens do not expire (unless explicit_max_ttl is also provided).
|
|
| policies |
List of Policy to associate with this token.
|
|
| renewable |
Whether or not the token is renewable to extend its TTL up to Vault's configured maximum TTL for tokens
|
|
| role |
If set, the token will be created against the named role
|
|
| token |
Default: to environment variable VAULT_TOKEN
|
token for vault
|
| ttl |
Initial TTL to associate with the token; renewals can extend this value.
|
|
| url |
Default: to environment variable VAULT_ADDR
|
url for vault
|
| username |
Default: to environment variable VAULT_USER
|
username to login to vault.
|
| verify |
Default: to environment variable VAULT_SKIP_VERIFY
|
if set, do not verify presented TLS certificate before communicating with Vault server : setting this variable is not recommended except during testing
|
| wrap_ttl |
Indicates that the response should be wrapped in a cubbyhole token with the requested TTL.
|
---
- hosts: localhost
tasks:
- name: "Create a {{admin_name}} token, and stop using root token"
hashivault_token_create:
display_name: "{{admin_name}}"
policies: ["{{admin_name}}"]
renewable: True
token: "{{vault_root_token}}"
register: "vault_token_admin"
Hint
If you notice any issues in this documentation you can edit this document to improve it.