mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-23 15:41:07 +02:00
0660ea6fac
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
56 lines
2.0 KiB
Plaintext
56 lines
2.0 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: token revoke - Command
|
|
description: |-
|
|
The "token revoke" revokes authentication tokens and their children. If a
|
|
TOKEN is not provided, the locally authenticated token is used.
|
|
---
|
|
|
|
> [!IMPORTANT]
|
|
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
|
|
|
|
# token revoke
|
|
|
|
The `token revoke` revokes authentication tokens and their children. If a TOKEN
|
|
is not provided, the locally authenticated token is used. The `-mode` flag can
|
|
be used to control the behavior of the revocation.
|
|
|
|
## Examples
|
|
|
|
Revoke a token and all the token's children:
|
|
|
|
```shell-session
|
|
$ vault token revoke 96ddf4bc-d217-f3ba-f9bd-017055595017
|
|
Success! Revoked token (if it existed)
|
|
```
|
|
|
|
Revoke a token leaving the token's children:
|
|
|
|
```shell-session
|
|
$ vault token revoke -mode=orphan 96ddf4bc-d217-f3ba-f9bd-017055595017
|
|
Success! Revoked token (if it existed)
|
|
```
|
|
|
|
Revoke a token by accessor:
|
|
|
|
```shell-session
|
|
$ vault token revoke -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da
|
|
Success! Revoked token (if it existed)
|
|
```
|
|
|
|
## Usage
|
|
|
|
The following flags are available in addition to the [standard set of
|
|
flags](/vault/docs/commands) included on all commands.
|
|
|
|
- `-accessor` `(bool: false)` - Treat the argument as an accessor instead of a
|
|
token.
|
|
|
|
- `-mode` `(string: "")` - Type of revocation to perform. If unspecified, Vault
|
|
will revoke the token and all of the token's children. If "orphan", Vault will
|
|
revoke only the token, leaving the children as orphans. If "path", tokens
|
|
created from the given authentication path prefix are deleted along with their
|
|
children.
|
|
|
|
- `-self` - Perform the revocation on the currently authenticated token.
|