Skip to main content

token renew

The token renew renews a token's lease, extending the amount of time it can be used. If a TOKEN is not provided, the locally authenticated token is used. Lease renewal will fail if the token is not renewable, the token has already been revoked, or if the token has already reached its maximum TTL.

Examples

Renew a token (this uses the /auth/token/renew endpoint and permission):

$ bao token renew 96ddf4bc-d217-f3ba-f9bd-017055595017

Renew the currently authenticated token (this uses the /auth/token/renew-self endpoint and permission):

$ bao token renew

Renew a token requesting a specific increment value:

$ bao token renew -increment=30m 96ddf4bc-d217-f3ba-f9bd-017055595017

Usage

The following flags are available in addition to the standard set of flags included on all commands.

Output options

  • -format (default: "table") - Print the output in the given format. Valid formats are "table", "json", or "yaml". This can also be specified via the BAO_FORMAT environment variable.

Command options

  • -increment (duration: "") - Request a specific increment for renewal. OpenBao will not honor this request for periodic tokens. If not supplied, OpenBao will use the default TTL. This is specified as a numeric string with suffix like "30s" or "5m". This is aliased as "-i".