HashiConf More sessions have been added to the conference agenda. Buy your pass and plan your schedule. Register
Vault
Vault Home

/sys/wrapping/rewrap

[!IMPORTANT]
Documentation Update: Product documentation, which were located in this repository under /website, are now located in hashicorp/web-unified-docs, colocated with all other product documentation. Contributions to this content should be done in the web-unified-docs repo, and not this one. Changes made to /website content in this repo will not be reflected on the developer.hashicorp.com website.

The /sys/wrapping/rewrap endpoint can be used to rotate a wrapping token and refresh its TTL.

Wrapping rewrap

This endpoint rewraps a response-wrapped token. The new token will use the same creation TTL as the original token and contain the same response. The old token will be invalidated. This can be used for long-term storage of a secret in a response-wrapped token when rotation is a requirement.

MethodPath
POST/sys/wrapping/rewrap

Parameters

  • token (string: <required>) – Specifies the wrapping token ID.

Sample payload

{
  "token": "abcd1234..."
}

Sample request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/sys/wrapping/rewrap

Sample response

{
  "request_id": "",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": null,
  "warnings": null,
  "wrap_info": {
    "token": "3b6f1193-0707-ac17-284d-e41032e74d1f",
    "ttl": 300,
    "creation_time": "2016-09-28T14:22:26.486186607-04:00",
    "creation_path": "sys/wrapping/wrap"
  }
}
Edit this page on GitHub