scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 03:27:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1804 from hashicorp/issue-1800

Browse Source 
Mark STS secrets as non-renwable
This commit is contained in:
Vishal Nayak
2016-08-29 11:46:19 -04:00
committed by GitHub
parent f754eec8b9 9cd4243362
commit fb775993f3
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
builtin/logical/aws/secret_access_keys.go
View File

@@ -99,6 +99,9 @@ func (b *backend) secretTokenCreate(s logical.Storage,
// Set the secret TTL to appropriately match the expiration of the token
resp.Secret.TTL = tokenResp.Credentials.Expiration.Sub(time.Now())
// STS are purposefully short-lived and aren't renewable
resp.Secret.Renewable = false
if usernameWarning != "" {
resp.AddWarning(usernameWarning)
}
@@ -141,6 +144,9 @@ func (b *backend) assumeRole(s logical.Storage,
// Set the secret TTL to appropriately match the expiration of the token
resp.Secret.TTL = tokenResp.Credentials.Expiration.Sub(time.Now())
// STS are purposefully short-lived and aren't renewable
resp.Secret.Renewable = false
if usernameWarning != "" {
resp.AddWarning(usernameWarning)
}