An organization would like to use a scheduler to track & revoke access granted to a job (by Vault) at completion.
What auth-associated Vault object should be tracked to enable this behavior?
An organization would like to use a scheduler to track & revoke access granted to a job (by Vault) at completion.
What auth-associated Vault object should be tracked to enable this behavior?
In Vault, tracking and revoking access at the completion of a job typically involves the lease associated with the generated credentials or secrets. The Lease ID allows for the management and revocation of these leases, ensuring that access can be effectively revoked once the job is complete.
By the phrasing of the question, I understand that the job is granted access to Vault to read secrets, so the job has a token to access Vault. And the question is "What auth-associated Vault object...?", and Lease ID is not an auth-associated Vault object. So answer is A, you need the Token Accessor to revoke a token
If you want to track and revoke access granted to a job by Vault at the completion of the job, you should track the Lease ID.
Described here https://developer.hashicorp.com/vault/docs/concepts/tokens#token-accessors