Often, when administering Vault Enterprise, after its deployment, you'll need to configure it.
Much of the work after designing and planning is configuring Vault Enterprise via its API, or a wrapper of the API.
However, there come times, especially when troubleshooting or automating something, when an admin of Vault Enterprise has to manage the state within Vault, itself, rather than just the configuration.
This is especially true if there is a problem, like potential undesired access or application misbehavior.
What if you want to, as part of an investigation, see all of the currently valid access tokens, Azure Creds, or Database credentials that were created on a specific day?
I'll show you a script that will do this for you. Before we do that, though, we'll download a binary file to set up a "dummy" Vault to test on. You don't have to install anything, or write any configuration files.
For some background, I recommend reading about Vault Leases & the leasing "hierarchy" that Vault uses before we go further:
The documentation might be a bit confusing, but hopefully using it over the course of this guide will make things more clear.
We'll download the binary for HashiCorp Vault, because we can use it to run an easy Vault server:
After you have downloaded and extracted the binary file, open a Terminal window.
Open your Applications folder, then Utilities and double-click on Terminal, or press Command + spacebar to launch Spotlight, then type "Terminal", and double-click on the search result. You'll see a small window with a white background open o your desktop.
Open the Run dialog by holding the
Windows key, and pressing R once. Then, enter
cmd. When you press the
Enter key, after entering
cmd, you will see a black window with white text.
In your shell terminal that you just opened, use the
cd command, along with the
ls commands, to navigate to where you downloaded Vault.
Enter the following in the terminal when you have navigated your terminal to the folder in which you have downloaded and extracted Vault:
./vault server -dev -dev-root-token-id=root
You should see some output, from Vault, but you will not be able to enter more commands in this terminal.
To keep entering more commands, open another terminal, and navigate to the same folder in which you had downloaded and extracted Vault.
The last command, the one with
status, should show the status of your Vault. That shows that you can connect to it.
git clone https://github.com/v6/delete_old_tokens
(This part might not work on Windows, but please don't let me stop you from converting the code to PowerShell or the like.)
./list_accessor_issue_time.sh | grep 2019-09-13
If you wanted to search for a different day, say, September 20, 2019, you would run the following, instead:
./list_accessor_issue_time.sh | grep 2019-09-20