luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Mark STS secrets as non-renwable

Browse source 
Ping #1800
This commit is contained in:
Jeff Mitchell 2016-08-28 14:27:56 -04:00
parent 74f1b3981c
commit f0537572a8
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
builtin/logical/aws/secret_access_keys.go
View file

@ -99,6 +99,9 @@ func (b *backend) secretTokenCreate(s logical.Storage,
// Set the secret TTL to appropriately match the expiration of the token
resp.Secret.TTL = tokenResp.Credentials.Expiration.Sub(time.Now())
// STS are purposefully short-lived and aren't renewable
resp.Secret.Renewable = false
if usernameWarning != "" {
resp.AddWarning(usernameWarning)
}
@ -141,6 +144,9 @@ func (b *backend) assumeRole(s logical.Storage,
// Set the secret TTL to appropriately match the expiration of the token
resp.Secret.TTL = tokenResp.Credentials.Expiration.Sub(time.Now())
// STS are purposefully short-lived and aren't renewable
resp.Secret.Renewable = false
if usernameWarning != "" {
resp.AddWarning(usernameWarning)
}