b76a56d40c
* migrates nav data format and updates docs pages * removes sidebar_title from content files
53 lines
1.5 KiB
Plaintext
53 lines
1.5 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: token revoke - Command
|
|
description: |-
|
|
The "token revoke" revokes authentication tokens and their children. If a
|
|
TOKEN is not provided, the locally authenticated token is used.
|
|
---
|
|
|
|
# token revoke
|
|
|
|
The `token revoke` revokes authentication tokens and their children. If a TOKEN
|
|
is not provided, the locally authenticated token is used. The `-mode` flag can
|
|
be used to control the behavior of the revocation.
|
|
|
|
## Examples
|
|
|
|
Revoke a token and all the token's children:
|
|
|
|
```shell-session
|
|
$ vault token revoke 96ddf4bc-d217-f3ba-f9bd-017055595017
|
|
Success! Revoked token (if it existed)
|
|
```
|
|
|
|
Revoke a token leaving the token's children:
|
|
|
|
```shell-session
|
|
$ vault token revoke -mode=orphan 96ddf4bc-d217-f3ba-f9bd-017055595017
|
|
Success! Revoked token (if it existed)
|
|
```
|
|
|
|
Revoke a token by accessor:
|
|
|
|
```shell-session
|
|
$ vault token revoke -accessor 9793c9b3-e04a-46f3-e7b8-748d7da248da
|
|
Success! Revoked token (if it existed)
|
|
```
|
|
|
|
## Usage
|
|
|
|
The following flags are available in addition to the [standard set of
|
|
flags](/docs/commands) included on all commands.
|
|
|
|
- `-accessor` `(bool: false)` - Treat the argument as an accessor instead of a
|
|
token.
|
|
|
|
- `-mode` `(string: "")` - Type of revocation to perform. If unspecified, Vault
|
|
will revoke the token and all of the token's children. If "orphan", Vault will
|
|
revoke only the token, leaving the children as orphans. If "path", tokens
|
|
created from the given authentication path prefix are deleted along with their
|
|
children.
|
|
|
|
- `-self` - Perform the revocation on the currently authenticated token.
|