Set a token-specific lifetime

If you want a token to have a different lifetime than the default lifetime, you can set a different lifetime when you generate the token. This allows you to keep one token for multiple sessions.

If you Generate a token using puppet-access, use the --lifetime option. For example: puppet-access login --lifetime 2h generates a token with a two-hour lifetime.

If you're using the POST /auth/token endpoint, use the lifetime key. For example, this JSON body specifies a token lifetime of two hours:

{"login": "<YOUR PE USER NAME>", "password": "<YOUR PE PASSWORD>", "lifetime": "2h"}

Format the lifetime as a numeric value followed by one of the following:

• y (years)
• d (days)
• h (hours)
• m (minutes)
• s (seconds)

For example, 12h sets the lifetime to 12 hours.

Do not add a space between the numeric value and the unit of measurement.

If you do not specify a unit, it is assumed to be seconds (s).

To set the maximum possible lifetime, set the lifetime to 0. This sets the lifetime to the value of rbac_token_maximum_lifetime. The default value for this setting is 10 years.

If omitted, tokens get the default lifetime, which is one hour, unless you Change the default token lifetime.