Create Token

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

The token will be valid for the duration specified in ttl. Infinite tokens are not allowed.

Metadata such as email, phone number, office etc can be associated with the new token.

Policies to associate with token. Must be a subset of the policies the issuing token has

The token will be revoked as soon as the issuing token expires, unless no-parent is set to true. Ie, the resulting token will have the orphan field set to true. root privileges are required to set this to true.

Add default policy unless this field is set to true.

• ipv4-address-and-prefix-length: The ipv4-address-and-prefix-length type represents a combination of an IPv4 address and a prefix length. The prefix length is given by the number following the slash character and must be less than or equal to 32. For example 192.168.131.0/24.
• ipv6-address-and-prefix-length: The ipv6-address-and-prefix-length type represents a combination of an IPv6 address and a prefix length. The prefix length is given by the number following the slash character and must be less than or equal to 128. For example fe80::42:b6ff:feff:2f3/64. The ip-address-and-prefix-length type represents a combination of an IP address and a prefix length and is IP version neutral. The format of the textual representations implies the IP version.

This field can be used to limit the IP addresses that are allowed to use the token.

This field controls if it should be possible to extend the lifetime of the token using the refresh action.

A duration in years, days, hours, minutes and seconds.

Format is [<digits>y][<digits>d][<digits>m][<digits>s].

Examples: 1y2d5h, 5h or 10m30s

The maximum time a token is allowed to live, even after refresh. This is ignored for periodic tokens.

It is possible to place a limit on how many times a token may be used.