From c748ff322f33e3364d2382f1cec33a035bf270c1 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 28 Sep 2016 18:32:49 -0400 Subject: [PATCH] Change default TTL from 30 to 32 to accommodate monthly operations (#1942) --- api/sys_mounts_test.go | 4 ++-- builtin/credential/app-id/backend_test.go | 4 ++-- .../credential/cert/test-fixtures/generate.txt | 2 +- builtin/credential/github/backend_test.go | 2 +- builtin/credential/ldap/backend_test.go | 2 +- builtin/logical/pki/backend_test.go | 16 ++++++++-------- command/rekey_test.go | 2 +- command/server/config.go | 4 ++-- http/logical_test.go | 2 +- vault/core_test.go | 4 ++-- vault/expiration.go | 2 +- vault/logical_cubbyhole_test.go | 2 +- vault/logical_passthrough_test.go | 4 ++-- vault/logical_system_test.go | 6 +++--- vault/router_test.go | 2 +- vault/testing.go | 2 +- vault/token_store_test.go | 2 +- website/source/docs/auth/cert.html.md | 2 +- website/source/docs/auth/token.html.md | 2 +- website/source/docs/commands/read-write.html.md | 2 +- website/source/docs/concepts/tokens.html.md | 2 +- website/source/docs/config/index.html.md | 6 +++--- .../source/docs/secrets/cubbyhole/index.html.md | 2 +- .../source/docs/secrets/generic/index.html.md | 4 ++-- website/source/docs/secrets/mssql/index.html.md | 2 +- website/source/docs/secrets/mysql/index.html.md | 2 +- website/source/docs/secrets/pki/index.html.md | 2 +- .../source/docs/secrets/postgresql/index.html.md | 2 +- website/source/docs/secrets/ssh/index.html.md | 4 ++-- website/source/intro/getting-started/acl.html.md | 2 +- .../source/intro/getting-started/apis.html.md | 2 +- .../intro/getting-started/first-secret.html.md | 2 +- 32 files changed, 50 insertions(+), 50 deletions(-) diff --git a/api/sys_mounts_test.go b/api/sys_mounts_test.go index 4ad3f90b97..d47e326c16 100644 --- a/api/sys_mounts_test.go +++ b/api/sys_mounts_test.go @@ -37,13 +37,13 @@ func TestSysMountConfig(t *testing.T) { t.Fatal(err) } - expectedDefaultTTL := 2592000 + expectedDefaultTTL := 2764800 if mountConfig.DefaultLeaseTTL != expectedDefaultTTL { t.Fatalf("Expected default lease TTL: %d, got %d", expectedDefaultTTL, mountConfig.DefaultLeaseTTL) } - expectedMaxTTL := 2592000 + expectedMaxTTL := 2764800 if mountConfig.MaxLeaseTTL != expectedMaxTTL { t.Fatalf("Expected default lease TTL: %d, got %d", expectedMaxTTL, mountConfig.MaxLeaseTTL) diff --git a/builtin/credential/app-id/backend_test.go b/builtin/credential/app-id/backend_test.go index b643b08db0..55bb3e9d85 100644 --- a/builtin/credential/app-id/backend_test.go +++ b/builtin/credential/app-id/backend_test.go @@ -162,7 +162,7 @@ func testAccStepMapUserIdCidr(t *testing.T, cidr string) logicaltest.TestStep { func testAccLogin(t *testing.T, display string) logicaltest.TestStep { checkTTL := func(resp *logical.Response) error { - if resp.Auth.LeaseOptions.TTL.String() != "720h0m0s" { + if resp.Auth.LeaseOptions.TTL.String() != "768h0m0s" { return fmt.Errorf("invalid TTL") } return nil @@ -186,7 +186,7 @@ func testAccLogin(t *testing.T, display string) logicaltest.TestStep { func testAccLoginAppIDInPath(t *testing.T, display string) logicaltest.TestStep { checkTTL := func(resp *logical.Response) error { - if resp.Auth.LeaseOptions.TTL.String() != "720h0m0s" { + if resp.Auth.LeaseOptions.TTL.String() != "768h0m0s" { return fmt.Errorf("invalid TTL") } return nil diff --git a/builtin/credential/cert/test-fixtures/generate.txt b/builtin/credential/cert/test-fixtures/generate.txt index 7e1e23cbdd..5b888ee778 100644 --- a/builtin/credential/cert/test-fixtures/generate.txt +++ b/builtin/credential/cert/test-fixtures/generate.txt @@ -9,7 +9,7 @@ backend "inmem" { } disable_mlock = true default_lease_ttl = "700h" -max_lease_ttl = "720h" +max_lease_ttl = "768h" listener "tcp" { address = "127.0.0.1:8200" tls_cert_file = "./cacert.pem" diff --git a/builtin/credential/github/backend_test.go b/builtin/credential/github/backend_test.go index f68f89873c..6603be481f 100644 --- a/builtin/credential/github/backend_test.go +++ b/builtin/credential/github/backend_test.go @@ -92,7 +92,7 @@ func testConfigWrite(t *testing.T, d map[string]interface{}) logicaltest.TestSte func TestBackend_basic(t *testing.T) { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ diff --git a/builtin/credential/ldap/backend_test.go b/builtin/credential/ldap/backend_test.go index bd9a2ee76b..a5602bba00 100644 --- a/builtin/credential/ldap/backend_test.go +++ b/builtin/credential/ldap/backend_test.go @@ -29,7 +29,7 @@ import ( */ func factory(t *testing.T) logical.Backend { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index bac621b50b..ba38f5441b 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -38,7 +38,7 @@ var ( // Uses the RSA CA key func TestBackend_RSAKey(t *testing.T) { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ @@ -68,7 +68,7 @@ func TestBackend_RSAKey(t *testing.T) { // Uses the EC CA key func TestBackend_ECKey(t *testing.T) { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ @@ -96,7 +96,7 @@ func TestBackend_ECKey(t *testing.T) { func TestBackend_CSRValues(t *testing.T) { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ @@ -124,7 +124,7 @@ func TestBackend_CSRValues(t *testing.T) { func TestBackend_URLsCRUD(t *testing.T) { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ @@ -155,7 +155,7 @@ func TestBackend_URLsCRUD(t *testing.T) { // Uses the RSA CA key func TestBackend_RSARoles(t *testing.T) { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ @@ -197,7 +197,7 @@ func TestBackend_RSARoles(t *testing.T) { // Uses the RSA CA key func TestBackend_RSARoles_CSR(t *testing.T) { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ @@ -239,7 +239,7 @@ func TestBackend_RSARoles_CSR(t *testing.T) { // Uses the EC CA key func TestBackend_ECRoles(t *testing.T) { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ @@ -281,7 +281,7 @@ func TestBackend_ECRoles(t *testing.T) { // Uses the EC CA key func TestBackend_ECRoles_CSR(t *testing.T) { defaultLeaseTTLVal := time.Hour * 24 - maxLeaseTTLVal := time.Hour * 24 * 30 + maxLeaseTTLVal := time.Hour * 24 * 32 b, err := Factory(&logical.BackendConfig{ Logger: nil, System: &logical.StaticSystemView{ diff --git a/command/rekey_test.go b/command/rekey_test.go index a3402f7820..e3335cb581 100644 --- a/command/rekey_test.go +++ b/command/rekey_test.go @@ -174,7 +174,7 @@ func TestRekey_init_pgp(t *testing.T) { Logger: nil, System: logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, }, } sysBackend := vault.NewSystemBackend(core, bc) diff --git a/command/server/config.go b/command/server/config.go index 1bfecd352d..9830128542 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -62,8 +62,8 @@ func DevConfig(ha bool) *Config { Telemetry: &Telemetry{}, - MaxLeaseTTL: 30 * 24 * time.Hour, - DefaultLeaseTTL: 30 * 24 * time.Hour, + MaxLeaseTTL: 32 * 24 * time.Hour, + DefaultLeaseTTL: 32 * 24 * time.Hour, } if ha { diff --git a/http/logical_test.go b/http/logical_test.go index 3c9f5fac24..161261686d 100644 --- a/http/logical_test.go +++ b/http/logical_test.go @@ -38,7 +38,7 @@ func TestLogical(t *testing.T) { var nilWarnings interface{} expected := map[string]interface{}{ "renewable": false, - "lease_duration": json.Number(strconv.Itoa(int((30 * 24 * time.Hour) / time.Second))), + "lease_duration": json.Number(strconv.Itoa(int((32 * 24 * time.Hour) / time.Second))), "data": map[string]interface{}{ "data": "bar", }, diff --git a/vault/core_test.go b/vault/core_test.go index 5e0648953d..f73e2d2476 100644 --- a/vault/core_test.go +++ b/vault/core_test.go @@ -878,7 +878,7 @@ func TestCore_HandleRequest_CreateToken_Lease(t *testing.T) { Path: "auth/token/create", DisplayName: "token", CreationTime: te.CreationTime, - TTL: time.Hour * 24 * 30, + TTL: time.Hour * 24 * 32, } if !reflect.DeepEqual(te, expect) { t.Fatalf("Bad: %#v expect: %#v", te, expect) @@ -923,7 +923,7 @@ func TestCore_HandleRequest_CreateToken_NoDefaultPolicy(t *testing.T) { Path: "auth/token/create", DisplayName: "token", CreationTime: te.CreationTime, - TTL: time.Hour * 24 * 30, + TTL: time.Hour * 24 * 32, } if !reflect.DeepEqual(te, expect) { t.Fatalf("Bad: %#v expect: %#v", te, expect) diff --git a/vault/expiration.go b/vault/expiration.go index 5fb311bef2..d925c556ad 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -37,7 +37,7 @@ const ( minRevokeDelay = 5 * time.Second // maxLeaseDuration is the default maximum lease duration - maxLeaseTTL = 30 * 24 * time.Hour + maxLeaseTTL = 32 * 24 * time.Hour // defaultLeaseDuration is the default lease duration used when no lease is specified defaultLeaseTTL = maxLeaseTTL diff --git a/vault/logical_cubbyhole_test.go b/vault/logical_cubbyhole_test.go index 80ad918db6..fcf3ec3a0c 100644 --- a/vault/logical_cubbyhole_test.go +++ b/vault/logical_cubbyhole_test.go @@ -267,7 +267,7 @@ func testCubbyholeBackend() logical.Backend { Logger: nil, System: logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, }, }) return b diff --git a/vault/logical_passthrough_test.go b/vault/logical_passthrough_test.go index 73dec26271..bd33d657b3 100644 --- a/vault/logical_passthrough_test.go +++ b/vault/logical_passthrough_test.go @@ -190,7 +190,7 @@ func testPassthroughBackend() logical.Backend { Logger: nil, System: logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, }, }) return b @@ -201,7 +201,7 @@ func testPassthroughLeasedBackend() logical.Backend { Logger: nil, System: logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, }, }) return b diff --git a/vault/logical_system_test.go b/vault/logical_system_test.go index 66ed9af50c..14f2986428 100644 --- a/vault/logical_system_test.go +++ b/vault/logical_system_test.go @@ -506,7 +506,7 @@ func TestSystemBackend_revokePrefixAuth(t *testing.T) { Logger: core.logger, System: logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, }, } b := NewSystemBackend(core, bc) @@ -1035,7 +1035,7 @@ func testSystemBackend(t *testing.T) logical.Backend { Logger: c.logger, System: logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, }, } return NewSystemBackend(c, bc) @@ -1047,7 +1047,7 @@ func testCoreSystemBackend(t *testing.T) (*Core, logical.Backend, string) { Logger: c.logger, System: logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, }, } return c, NewSystemBackend(c, bc), root diff --git a/vault/router_test.go b/vault/router_test.go index fe02a3a2fe..328fe36064 100644 --- a/vault/router_test.go +++ b/vault/router_test.go @@ -49,7 +49,7 @@ func (n *NoopBackend) SpecialPaths() *logical.Paths { func (n *NoopBackend) System() logical.SystemView { return logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, } } diff --git a/vault/testing.go b/vault/testing.go index ed810cb0be..24235051eb 100644 --- a/vault/testing.go +++ b/vault/testing.go @@ -369,7 +369,7 @@ func (n *rawHTTP) SpecialPaths() *logical.Paths { func (n *rawHTTP) System() logical.SystemView { return logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, } } diff --git a/vault/token_store_test.go b/vault/token_store_test.go index 3863904f64..52b9282559 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -183,7 +183,7 @@ func getBackendConfig(c *Core) *logical.BackendConfig { Logger: c.logger, System: logical.StaticSystemView{ DefaultLeaseTTLVal: time.Hour * 24, - MaxLeaseTTLVal: time.Hour * 24 * 30, + MaxLeaseTTLVal: time.Hour * 24 * 32, }, } } diff --git a/website/source/docs/auth/cert.html.md b/website/source/docs/auth/cert.html.md index 6f719bce89..a9e50c6c03 100644 --- a/website/source/docs/auth/cert.html.md +++ b/website/source/docs/auth/cert.html.md @@ -175,7 +175,7 @@ of the header should be "X-Vault-Token" and the value should be the token. "certificate": "-----BEGIN CERTIFICATE-----\nMIIEtzCCA5+.......ZRtAfQ6r\nwlW975rYa1ZqEdA=\n-----END CERTIFICATE-----", "display_name": "test", "policies": "", - "ttl": 2592000 + "ttl": 2764800 }, "warnings": null, "auth": null diff --git a/website/source/docs/auth/token.html.md b/website/source/docs/auth/token.html.md index a9e9d9cb36..7061ebe139 100644 --- a/website/source/docs/auth/token.html.md +++ b/website/source/docs/auth/token.html.md @@ -318,7 +318,7 @@ of the header should be "X-Vault-Token" and the value should be the token. "lease_duration": 0, "data": { "creation_time": 1457533232, - "creation_ttl": 2592000, + "creation_ttl": 2764800, "display_name": "token", "id": "", "meta": null, diff --git a/website/source/docs/commands/read-write.html.md b/website/source/docs/commands/read-write.html.md index d4db1849bd..0b0ff07bb2 100644 --- a/website/source/docs/commands/read-write.html.md +++ b/website/source/docs/commands/read-write.html.md @@ -103,7 +103,7 @@ Data can be read using `vault read`. This command is very simple: $ vault read secret/password Key Value lease_id secret/password/76c844fb-aeba-a766-0a50-2b907072233a -lease_duration 2592000 +lease_duration 2764800 value itsasecret ``` diff --git a/website/source/docs/concepts/tokens.html.md b/website/source/docs/concepts/tokens.html.md index c00b3dd69b..5535a37f8b 100644 --- a/website/source/docs/concepts/tokens.html.md +++ b/website/source/docs/concepts/tokens.html.md @@ -146,7 +146,7 @@ compared to the maximum TTL. This maximum TTL value is dynamically generated and can change from renewal to renewal, so the value cannot be displayed when a token's information is looked up. It is based on a combination of factors: -1. The system max TTL, which is 30 days but can be changed in Vault's +1. The system max TTL, which is 32 days but can be changed in Vault's configuration file 2. The max TTL set on a mount using [mount tuning](https://www.vaultproject.io/docs/http/sys-mounts.html). This value diff --git a/website/source/docs/config/index.html.md b/website/source/docs/config/index.html.md index 1e0f1549cc..59254f6e96 100644 --- a/website/source/docs/config/index.html.md +++ b/website/source/docs/config/index.html.md @@ -66,12 +66,12 @@ sending a SIGHUP to the server process. These are denoted below. (see below). * `default_lease_ttl` (optional) - Configures the default lease duration - for tokens and secrets. This is a string value using a suffix, e.g. "720h". - Default value is 30 days. This value cannot be larger than `max_lease_ttl`. + for tokens and secrets. This is a string value using a suffix, e.g. "768h". + Default value is 32 days. This value cannot be larger than `max_lease_ttl`. * `max_lease_ttl` (optional) - Configures the maximum possible lease duration for tokens and secrets. This is a string value using a suffix, - e.g. "720h". Default value is 30 days. + e.g. "768h". Default value is 32 days. In production it is a risk to run Vault on systems where `mlock` is unavailable or the setting has been disabled via the `disable_mlock`. diff --git a/website/source/docs/secrets/cubbyhole/index.html.md b/website/source/docs/secrets/cubbyhole/index.html.md index f50c3a9157..a11810e27c 100644 --- a/website/source/docs/secrets/cubbyhole/index.html.md +++ b/website/source/docs/secrets/cubbyhole/index.html.md @@ -159,7 +159,7 @@ As expected, the value previously set is returned to us. "data": { "keys": ["foo", "foo/"] }, - "lease_duration": 2592000, + "lease_duration": 2764800, "lease_id": "", "renewable": false } diff --git a/website/source/docs/secrets/generic/index.html.md b/website/source/docs/secrets/generic/index.html.md index 3f00870604..5ccbb87333 100644 --- a/website/source/docs/secrets/generic/index.html.md +++ b/website/source/docs/secrets/generic/index.html.md @@ -98,7 +98,7 @@ seconds (one hour) as specified. "data": { "foo": "bar" }, - "lease_duration": 2592000, + "lease_duration": 2764800, "lease_id": "", "renewable": false } @@ -142,7 +142,7 @@ seconds (one hour) as specified. "data": { "keys": ["foo", "foo/"] }, - "lease_duration": 2592000, + "lease_duration": 2764800, "lease_id": "", "renewable": false } diff --git a/website/source/docs/secrets/mssql/index.html.md b/website/source/docs/secrets/mssql/index.html.md index 1425566573..655aea458c 100644 --- a/website/source/docs/secrets/mssql/index.html.md +++ b/website/source/docs/secrets/mssql/index.html.md @@ -299,7 +299,7 @@ allowed to read. "data": { "keys": ["dev", "prod"] }, - "lease_duration": 2592000, + "lease_duration": 2764800, "lease_id": "", "renewable": false } diff --git a/website/source/docs/secrets/mysql/index.html.md b/website/source/docs/secrets/mysql/index.html.md index 158897229c..19b19f008c 100644 --- a/website/source/docs/secrets/mysql/index.html.md +++ b/website/source/docs/secrets/mysql/index.html.md @@ -346,7 +346,7 @@ the default on versions prior to that. "data": { "keys": ["dev", "prod"] }, - "lease_duration": 2592000, + "lease_duration": 2764800, "lease_id": "", "renewable": false } diff --git a/website/source/docs/secrets/pki/index.html.md b/website/source/docs/secrets/pki/index.html.md index 5e616e6501..1216d969b3 100644 --- a/website/source/docs/secrets/pki/index.html.md +++ b/website/source/docs/secrets/pki/index.html.md @@ -1304,7 +1304,7 @@ subpath for interactive help output. "data": { "keys": ["dev", "prod"] }, - "lease_duration": 2592000, + "lease_duration": 2764800, "lease_id": "", "renewable": false } diff --git a/website/source/docs/secrets/postgresql/index.html.md b/website/source/docs/secrets/postgresql/index.html.md index dda7501822..5282f4b894 100644 --- a/website/source/docs/secrets/postgresql/index.html.md +++ b/website/source/docs/secrets/postgresql/index.html.md @@ -317,7 +317,7 @@ subpath for interactive help output. "data": { "keys": ["dev", "prod"] }, - "lease_duration": 2592000, + "lease_duration": 2764800, "lease_id": "", "renewable": false } diff --git a/website/source/docs/secrets/ssh/index.html.md b/website/source/docs/secrets/ssh/index.html.md index 6486dcc32f..e53ef6cf3f 100644 --- a/website/source/docs/secrets/ssh/index.html.md +++ b/website/source/docs/secrets/ssh/index.html.md @@ -536,7 +536,7 @@ username@:~$ "data": { "keys": ["dev", "prod"] }, - "lease_duration": 2592000, + "lease_duration": 2764800, "lease_id": "", "renewable": false } @@ -728,7 +728,7 @@ username@:~$ { "lease_id": "sshs/creds/c3c2e60c-5a48-415a-9d5a-a41e0e6cdec5/3ee6ad28-383f-d482-2427-70498eba4d96", "renewable": false, - "lease_duration": 2592000, + "lease_duration": 2764800, "data": { "ip": "127.0.0.1", "key": "6d6411fd-f622-ea0a-7e2c-989a745cbbb2", diff --git a/website/source/intro/getting-started/acl.html.md b/website/source/intro/getting-started/acl.html.md index 98589524b7..caa0487a1e 100644 --- a/website/source/intro/getting-started/acl.html.md +++ b/website/source/intro/getting-started/acl.html.md @@ -80,7 +80,7 @@ $ vault token-create -policy="secret" Key Value token d97ef000-48cf-45d9-1907-3ea6ce298a29 token_accessor 71770cc5-14da-f0af-c6ce-17a0ae398d67 -token_duration 2592000 +token_duration 2764800 token_renewable true token_policies [default secret] diff --git a/website/source/intro/getting-started/apis.html.md b/website/source/intro/getting-started/apis.html.md index f5d9eb3de7..bf8ba22791 100644 --- a/website/source/intro/getting-started/apis.html.md +++ b/website/source/intro/getting-started/apis.html.md @@ -189,7 +189,7 @@ This should return a response like this: { "lease_id": "secret/foo/cc529d06-36c8-be27-31f5-2390e1f6e2ae", "renewable": false, - "lease_duration": 2592000, + "lease_duration": 2764800, "data": { "bar": "baz" }, diff --git a/website/source/intro/getting-started/first-secret.html.md b/website/source/intro/getting-started/first-secret.html.md index 6f0b52d3c3..c3206f2850 100644 --- a/website/source/intro/getting-started/first-secret.html.md +++ b/website/source/intro/getting-started/first-secret.html.md @@ -63,7 +63,7 @@ As you might expect, secrets can be read with `vault read`: ``` $ vault read secret/hello Key Value -lease_duration 2592000 +lease_duration 2764800 excited yes value world ```