op cli + 1password connect 141 vault limit on create token #74
Comments
|
Hey @hortonew, What you're encountering here is that your request would generate a Connect token that is over the allowed maximum size. In general a Connect token can have permissions up to 100 vaults. This limit is in place to ensure that the size of the token isn't too large, specifically 8KB. This is based on the recommended size of JWT tokens:
With 141 vaults or more, your Connect token would be over 8KB, which you would no longer be able to use when interacting with Connect due to it being too large. An alternative solution to this is to create separate tokens that access subsets of the vaults the Connect server can access. |
Works:
op connect token create "token_with_141_vaults" --server "your_server_id" --expires-in 1h --vault vault1 --vault vault2 ... --vault vault141Doesn't work:
op connect token create "token_with_142_vaults" --server "your_server_id" --expires-in 1h --vault vault1 --vault vault2 ... --vault vault142Error
[ERROR] 2023/10/03 10:58:37 failed to RegisterToken: "Validation: (400) (Bad Request), The structure of request was invalid.Tested on versions of op cli from v2.6.0 through the latest v2.21.0 and it's been a problem consistently for the past year.
The text was updated successfully, but these errors were encountered: