vault icon indicating copy to clipboard operation
vault copied to clipboard
verified publisher icon hashicorp

Document token format

Open nobe4 opened this issue 1 year ago • 0 comments

Is your feature request related to a problem? Please describe.

I worked on https://github.com/github/redacting-logger/pull/48 and didn't find an easy answer to "what is the format used for tokens?"

Describe the solution you'd like

I would like this to be written in the doc. Something as simple as:

Vault tokens are comprised of a prefix and a body.

  • The prefix indicates the token's type:

    Token Type Vault 1.9.x or earlier Vault 1.10 and later
    Service tokens s. hvs.
    Batch tokens b. hvb.
    Recovery tokens r. hvr.

  • The body is a randomly-generated 24 characters Base62 string.

Token are expected to match the following regexp: (hv)?[sbr]\.[a-zA-Z0-9]{24}

Obviously, not all the info is required, but would ease the understanding.

Explain any additional use-cases

When writing a regex or a tool to detect vault tokens, an official source would be appreciated.

Additional context

cc https://github.com/github/redacting-logger/pull/48

nobe4 avatar May 20 '24 23:05 nobe4