Metadata such as email, phone number, office etc can be
associated with the new token.
policies
Array of strings <name>
Policies to associate with token. Must be
a subset of the policies the issuing token
has
no-parent
boolean
Default: false
The token will be revoked as soon as the issuing token
expires, unless no-parent is set to true. Ie, the
resulting token will have the orphan field set to true.
root privileges are required to set this to true.
no-default-policy
boolean
Default: false
Add default policy unless this field is set to true.
display-name
string
bound-cidrs
Array of strings <ip-address-and-prefix-length>
ipv4-address-and-prefix-length: The ipv4-address-and-prefix-length type represents a combination of an IPv4 address and a prefix length. The prefix length is given by the number following the slash character and must be less than or equal to 32. For example 192.168.131.0/24.
ipv6-address-and-prefix-length: The ipv6-address-and-prefix-length type represents a combination of an IPv6 address and a prefix length. The prefix length is given by the number following the slash character and must be less than or equal to 128. For example fe80::42:b6ff:feff:2f3/64.
The ip-address-and-prefix-length type represents a combination
of an IP address and a prefix length and is IP version neutral.
The format of the textual representations implies the IP
version.
This field can be used to limit the IP addresses that
are allowed to use the token.
renewable
boolean
Default: true
This field controls if it should be possible to extend
the lifetime of the token using the refresh action.
max-ttl
string <duration>
A duration in years, days, hours, minutes and seconds.
Format is [<digits>y][<digits>d][<digits>m][<digits>s].