open-vault

Commit Graph

Author	SHA1	Message	Date
Christopher Swenson	0af0543bbe	VAULT-5935 agent: redact renew-self if using auto auth (#15380 ) Vault agent redacts the token and accessor for `/auth/token/lookup-self` (and `lookup`) if the token is the auto auth token to prevent it from leaking. Similarly, we need to redact the token and accessor from `renew-self` and `renew`, which also leak the token and accessor. I tested this locally by starting up a Vault agent and querying the agent endpoints, and ensuring that the accessor and token were set to the empty string in the response.	2022-05-12 09:25:55 -07:00

Author

SHA1

Message

Date

Christopher Swenson

0af0543bbe

VAULT-5935 agent: redact renew-self if using auto auth (#15380 )

Vault agent redacts the token and accessor for `/auth/token/lookup-self` (and `lookup`)
if the token is the auto auth token to prevent it from leaking.

Similarly, we need to redact the token and accessor from `renew-self`
and `renew`, which also leak the token and accessor.

I tested this locally by starting up a Vault agent and querying the
agent endpoints, and ensuring that the accessor and token were set to
the empty string in the response.

2022-05-12 09:25:55 -07:00

1 Commits