creation_time for tokens not in RFC3339 format - Githubissues

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management

https://www.vaultproject.io/

Other

30.79k stars 4.17k forks source link

creation_time for tokens not in RFC3339 format #27780

Open Flamefire opened 1 month ago

Flamefire commented 1 month ago

Describe the bug Looking up a token I get:

creation_time       1710317709
expire_time         2025-03-13T09:15:09.00361369+01:00
issue_time          2024-03-13T09:15:09.003616446+01:00

The documentation states it is in RFC3339 format: https://github.com/hashicorp/vault/blob/v1.17.2/website/content/docs/enterprise/sentinel/properties.mdx#token-properties

However it clearly is not. It looks like a UNIX timestamp. But what is the timezone? UTC? Server time zone?

To Reproduce

vault token lookup | grep time

Expected behavior Consistent and specified format.

Maybe just the documentation needs to be updated to reflect the actual behavior.

Environment:

Vault Server Version (retrieve with vault status): 1.17.0

Additional context

What is the difference/meaning of creation_time and issue_time for tokens? They seem to be the same time.

heatherezell commented 1 month ago

creation_time       1710317709
expire_time         2025-03-13T09:15:09.00361369+01:00
issue_time          2024-03-13T09:15:09.003616446+01:00
The documentation states it is in RFC3339 format: v1.17.2/website/content/docs/enterprise/sentinel/properties.mdx#token-properties

However it clearly is not. It looks like a UNIX timestamp. But what is the timezone? UTC? Server time zone?

This appears to be in GMT+1, or CET as described by ISO-8601. I'll ask our engineers to check the documentation for Sentinel as that's an enterprise feature. Thanks!