luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Clarify max TTL and system max TTL behavior (#12391)

This commit is contained in:
Mike Green 2021-10-12 06:24:07 -06:00 committed by GitHub
parent 2edac287ae
commit c99865d970
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
website/content/docs/commands/auth/tune.mdx
View File

@ -72,8 +72,9 @@ flags](/docs/commands) included on all commands.
- `-max-lease-ttl` `(duration: "")` - The maximum lease TTL for this auth
method. If unspecified, this defaults to the Vault server's globally
configured maximum lease TTL, or a previously configured value for the auth
method.
configured [maximum lease TTL](/docs/configuration#max_lease_ttl), or a
previously configured value for the auth method. This value is allowed to
override the server's global max TTL; it can be longer or shorter.
- `-passthrough-request-headers` `(string: "")` - request header values that will
be sent to the auth method. Note that multiple keys may be

5
website/content/docs/commands/secrets/tune.mdx
View File

@ -79,8 +79,9 @@ flags](/docs/commands) included on all commands.
- `-max-lease-ttl` `(duration: "")` - The maximum lease TTL for this secrets
engine. If unspecified, this defaults to the Vault server's globally
configured maximum lease TTL, or a previously configured value for the secrets
engine.
configured [maximum lease TTL](/docs/configuration#max_lease_ttl), or a
previously configured value for the secrets engine. This value is allowed to
override the server's global max TTL; it can be longer or shorter.
- `-passthrough-request-headers` `(string: "")` - request header values that will
be sent to the secrets engine. Note that multiple keys may be

5
website/content/docs/configuration/index.mdx
View File

@ -136,7 +136,10 @@ to specify where the configuration is.
- `max_lease_ttl` `(string: "768h")`  Specifies the maximum possible lease
duration for tokens and secrets. This is specified using a label
suffix like `"30s"` or `"1h"`.
suffix like `"30s"` or `"1h"`. Individual mounts can override this value
by tuning the mount with the `max-lease-ttl` flag of the
[auth](/docs/commands/auth/tune#max-lease-ttl) or
[secret](/docs/commands/secrets/tune#max-lease-ttl) commands.
- `default_max_request_duration` `(string: "90s")`  Specifies the default
maximum request duration allowed before Vault cancels the request. This can