Root tokens are restricted in creation. The Vault documentation states:
" Root tokens are tokens that have the root policy attached to them. In fact, there are only three ways to create root tokens:
The initial root token generated at vault operator init -- this token has no expiration
By using another root token; a root token with an expiration cannot create a root token that never expires
By using vault operator generate-root with the permission of a quorum of unseal/recovery key holders " — Vault Concepts: Tokens
A , B , D : Correct per the above.
C : Incorrect; DR tokens are for replication, not root creation:
" DR operation tokens are typically used for disaster recovery operations and may not be directly related to generating a root token in Vault. "
— Vault Replication
[References:, Vault Concepts: Tokens, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit