From 2d1fd9ef0c3f6132c9375cd0540c6954316b4442 Mon Sep 17 00:00:00 2001
From: Jack Jackson <scubbojj@gmail.com>
Date: Tue, 4 Jun 2024 15:42:19 -0700
Subject: [PATCH] Specify MaxTTL for Tokens from BaseAppInfra

I encoutered an issue where tokens were being created without TTLs and
thus clogging up the storage of the system. I haven't found a smoking
gun pointing to this being the cause, but I do suspect that it's
_something_ to do with the Vault/Crossplane integration, since a) that's
really my only use-case for Vault, and b) there's the string
`vault-provider` in the display_name below:

```
$ vault token lookup -accessor zcRF0YAUQtP7vrbZHTW5y322
Key                 Value
---                 -----
accessor            zcRF0YAUQtP7vrbZHTW5y322
creation_time       1715766311
creation_ttl        0s
display_name        token-vault-provider-token
entity_id           n/a
expire_time         <nil>
explicit_max_ttl    0s
id                  n/a
issue_time          2024-05-15T09:45:11.720412011Z
meta                <nil>
num_uses            0
orphan              false
path                auth/token/create
policies            [root]
renewable           false
ttl                 0s
type                service
```
---
 charts/vault-crossplane-integration/base-app-infra.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/charts/vault-crossplane-integration/base-app-infra.yaml b/charts/vault-crossplane-integration/base-app-infra.yaml
index 775e72f..d1c23fe 100644
--- a/charts/vault-crossplane-integration/base-app-infra.yaml
+++ b/charts/vault-crossplane-integration/base-app-infra.yaml
@@ -46,6 +46,7 @@ spec:
             audience: vault
             boundServiceAccountNames:
               - default
+            tokenMaxTtl: 86400
             tokenTtl: 86400
       patches:
         - type: FromCompositeFieldPath