Your co-worker has asked you to perform certain operations in Vault and has provided you with a token accessor (not the token itself). What Vault operations would you be allowed to perform using only the provided accessor? (Select three)
A.
Renew the token to extend the TTL
B.
Revoke the token in Vault to make it invalid
C.
Create child tokens associated with the same policies as the related token
D.
Lookup properties of the token, such as the TTL, policies, and metadata
A token accessor is a reference to a token, not the token itself, and supports limited operations:
A: vault token renew -accessor <accessor> extends the token’s TTL if renewable, per the token docs.
B: vault token revoke -accessor <accessor> revokes the token, making it invalid, a supported accessor action.
D: vault token lookup -accessor <accessor> displays token properties (e.g., TTL, policies), a key accessor use case.
C: Creating child tokens requires the parent token, not just its accessor, as it involves authentication and policy inheritance, which accessors can’t perform.
Accessors can’t authenticate to Vault for secret access; they’re for management tasks like these, per the tokens documentation.
[References:, Token Accessors, Token Commands, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit