From 8a8bfa2a6431a906ef132fea8ec211ab186fb1ce Mon Sep 17 00:00:00 2001 From: akshya96 Date: Wed, 6 Aug 2025 13:16:53 -0700 Subject: [PATCH 1/7] docs for client first used time --- .../api-docs/system/internal-counters.mdx | 34 ++++++++++++------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx index bca1d503af..23162a6839 100644 --- a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx +++ b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx @@ -1292,6 +1292,10 @@ it may be up to 20 minutes delayed. - This endpoint can be called from all namespaces. The requested namespace will act as a filter. The exported data will include activity for the requested namespace and all of its children. +- `token_creation_time` in the response is a timestamp that represents the earliest token creation time ever recorded for the client, not just within the queried time period. This reflects when the first token for the client was created. + +- `client_first_usage_time` in the response is a timestamp that represents the earliest usage of the client during the queried time period. + - **`sudo` required** – This endpoint requires `sudo` capability in addition to any path-specific capabilities. @@ -1354,7 +1358,8 @@ single line. "mount_accessor": "auth_userpass_a005db73", "mount_type": "userpass", "mount_path": "auth/userpass/", - "timestamp": "2024-07-10T09:33:51Z", + "token_creation_time": "2024-07-10T09:33:51Z", + "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read", "secret-list", @@ -1386,7 +1391,8 @@ single line. "mount_accessor": "auth_ns_token_e3119312", "mount_type": "ns_token", "mount_path": "auth/token/", - "timestamp": "2024-07-08T11:35:23Z", + "token_creation_time": "2024-07-08T11:35:23Z", + "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [], "entity_metadata": {}, "entity_alias_metadata": {}, @@ -1405,7 +1411,8 @@ single line. "mount_accessor": "auth_ldap_a005db73", "mount_type": "ldap", "mount_path": "auth/ldap/", - "timestamp": "2024-07-08T11:47:57Z", + "token_creation_time": "2024-07-08T11:47:57Z", + "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read" ], @@ -1432,7 +1439,8 @@ single line. "mount_accessor": "auth_userpass_01a6ea85", "mount_type": "userpass", "mount_path": "auth/userpass/", - "timestamp": "2024-07-21T14:51:36Z", + "token_creation_time": "2024-07-21T14:51:36Z", + "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read" ], @@ -1458,7 +1466,8 @@ single line. "mount_accessor": "auth_kubernetes_b596406f", "mount_type": "kubernetes", "mount_path": "auth/kubernetes/", - "timestamp": "2024-07-10T09:33:51Z", + "token_creation_time": "2024-07-10T09:33:51Z", + "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read" ], @@ -1484,7 +1493,8 @@ single line. "mount_accessor": "auth_aws_c223ff01", "mount_type": "aws", "mount_path": "auth/aws/", - "timestamp": "2024-07-10T09:33:51Z", + "token_creation_time": "2024-07-10T09:33:51Z", + "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read" ], @@ -1505,16 +1515,16 @@ will be named using the field name and underlying index (e.g. `policies.0`, `pol (e.g. `entity_metadata.email_address`, `entity_alias_metadata.region`). A flattened field will only be added if at least one record contains it. If a top-level field (e.g. `entity_metadata`) is not populated in any of the records then there will not be any flattened fields of prefix -`enttiy_metadata.`. +`entity_metadata.`. ```text -entity_name,entity_alias_name,client_id,client_type,local_entity_alias,namespace_id,namespace_path,mount_accessor,mount_path,mount_type,timestamp,entity_alias_custom_metadata.contact_email,entity_alias_custom_metadata.group,entity_alias_custom_metadata.region,entity_metadata.email_address,entity_group_ids.0,policies.0,policies.1,policies.2,policies.4 -admin,admin,3f210722-7210-98e8-1f0d-e6a39ffb29c6,entity,false,root,,auth_userpass_a005db73,auth/userpass/,userpass,2024-07-10T09:33:51Z,admin@example.com,san_francisco,west,admin@example.com,746fbaf9-ffeb-62b9-7f0b-42d79ca0883f,secret-read,secret-list,secret-write,secret-delete -,,590198f7-9178-57d6-c345-48746bb438d8,non-entity-token,false,YWZzu,ns1/a/,auth_ns_token_e3119312,auth/token/,ns_token,2024-07-08T11:35:23Z,,,,,,,,, -jdoe,jdoe,665a54bf-8652-c0c5-8121-40adf0d9786a,entity,false,wOsmr,ns1/a,auth_ldap_a005db73,auth/ldap/,ldap,2024-07-08T11:47:57Z,jdoe@example.com,new_york,east,,9f18cd4a-4e64-a2b2-b001-7b6b0dfb1270,secret-read,,, -jdoe,jdoe,0640a8f0-b315-cc8a-c0c2-713f663774df,entity,false,oIiGy,ns1/b,auth_userpass_01a6ea85,auth/userpass/,userpass,2024-07-21T14:51:36Z,,new_york,east,,76a374a1-72fd-30ca-2455-f51dfeaa805e,secret-read,,, +entity_name,entity_alias_name,client_id,client_type,local_entity_alias,namespace_id,namespace_path,mount_accessor,mount_path,mount_type,token_creation_time,client_first_used_time,entity_alias_custom_metadata.contact_email,entity_alias_custom_metadata.group,entity_alias_custom_metadata.region,entity_metadata.email_address,entity_group_ids.0,policies.0,policies.1,policies.2,policies.4 +admin,admin,3f210722-7210-98e8-1f0d-e6a39ffb29c6,entity,false,root,,auth_userpass_a005db73,auth/userpass/,userpass,2024-07-10T09:33:51Z,2024-08-03T12:00:00Z,admin@example.com,san_francisco,west,admin@example.com,746fbaf9-ffeb-62b9-7f0b-42d79ca0883f,secret-read,secret-list,secret-write,secret-delete +,,590198f7-9178-57d6-c345-48746bb438d8,non-entity-token,false,YWZzu,ns1/a/,auth_ns_token_e3119312,auth/token/,ns_token,2024-07-08T11:35:23Z,2024-08-03T12:00:00Z,,,,,,,, +jdoe,jdoe,665a54bf-8652-c0c5-8121-40adf0d9786a,entity,false,wOsmr,ns1/a,auth_ldap_a005db73,auth/ldap/,ldap,2024-07-08T11:47:57Z,2024-08-03T12:00:00Z,jdoe@example.com,new_york,east,,9f18cd4a-4e64-a2b2-b001-7b6b0dfb1270,secret-read,,, +jdoe,jdoe,0640a8f0-b315-cc8a-c0c2-713f663774df,entity,false,oIiGy,ns1/b,auth_userpass_01a6ea85,auth/userpass/,userpass,2024-07-21T14:51:36Z,2024-08-03T12:00:00Z,,new_york,east,,76a374a1-72fd-30ca-2455-f51dfeaa805e,secret-read,,, ``` From 55492103c255bb90e93c894565c901e2bb0adfe8 Mon Sep 17 00:00:00 2001 From: akshya96 Date: Wed, 6 Aug 2025 16:19:49 -0700 Subject: [PATCH 2/7] add note about timestamp --- .../api-docs/system/internal-counters.mdx | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx index 23162a6839..965a45e844 100644 --- a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx +++ b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx @@ -1293,6 +1293,9 @@ it may be up to 20 minutes delayed. namespace and all of its children. - `token_creation_time` in the response is a timestamp that represents the earliest token creation time ever recorded for the client, not just within the queried time period. This reflects when the first token for the client was created. + + This field was renamed to `token_creation_time` in Vault 1.21. In previous versions, it was called `timestamp`. + - `client_first_usage_time` in the response is a timestamp that represents the earliest usage of the client during the queried time period. @@ -1358,7 +1361,7 @@ single line. "mount_accessor": "auth_userpass_a005db73", "mount_type": "userpass", "mount_path": "auth/userpass/", - "token_creation_time": "2024-07-10T09:33:51Z", + "token_creation_time": "2022-07-10T09:33:51Z", "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read", @@ -1391,7 +1394,7 @@ single line. "mount_accessor": "auth_ns_token_e3119312", "mount_type": "ns_token", "mount_path": "auth/token/", - "token_creation_time": "2024-07-08T11:35:23Z", + "token_creation_time": "2022-07-08T11:35:23Z", "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [], "entity_metadata": {}, @@ -1411,7 +1414,7 @@ single line. "mount_accessor": "auth_ldap_a005db73", "mount_type": "ldap", "mount_path": "auth/ldap/", - "token_creation_time": "2024-07-08T11:47:57Z", + "token_creation_time": "2022-07-08T11:47:57Z", "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read" @@ -1439,7 +1442,7 @@ single line. "mount_accessor": "auth_userpass_01a6ea85", "mount_type": "userpass", "mount_path": "auth/userpass/", - "token_creation_time": "2024-07-21T14:51:36Z", + "token_creation_time": "2022-07-21T14:51:36Z", "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read" @@ -1466,7 +1469,7 @@ single line. "mount_accessor": "auth_kubernetes_b596406f", "mount_type": "kubernetes", "mount_path": "auth/kubernetes/", - "token_creation_time": "2024-07-10T09:33:51Z", + "token_creation_time": "2022-07-10T09:33:51Z", "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read" @@ -1493,7 +1496,7 @@ single line. "mount_accessor": "auth_aws_c223ff01", "mount_type": "aws", "mount_path": "auth/aws/", - "token_creation_time": "2024-07-10T09:33:51Z", + "token_creation_time": "2022-07-10T09:33:51Z", "client_first_used_time":"2024-08-03T12:00:00Z", "policies": [ "secret-read" @@ -1521,10 +1524,10 @@ records then there will not be any flattened fields of prefix ```text entity_name,entity_alias_name,client_id,client_type,local_entity_alias,namespace_id,namespace_path,mount_accessor,mount_path,mount_type,token_creation_time,client_first_used_time,entity_alias_custom_metadata.contact_email,entity_alias_custom_metadata.group,entity_alias_custom_metadata.region,entity_metadata.email_address,entity_group_ids.0,policies.0,policies.1,policies.2,policies.4 -admin,admin,3f210722-7210-98e8-1f0d-e6a39ffb29c6,entity,false,root,,auth_userpass_a005db73,auth/userpass/,userpass,2024-07-10T09:33:51Z,2024-08-03T12:00:00Z,admin@example.com,san_francisco,west,admin@example.com,746fbaf9-ffeb-62b9-7f0b-42d79ca0883f,secret-read,secret-list,secret-write,secret-delete -,,590198f7-9178-57d6-c345-48746bb438d8,non-entity-token,false,YWZzu,ns1/a/,auth_ns_token_e3119312,auth/token/,ns_token,2024-07-08T11:35:23Z,2024-08-03T12:00:00Z,,,,,,,, -jdoe,jdoe,665a54bf-8652-c0c5-8121-40adf0d9786a,entity,false,wOsmr,ns1/a,auth_ldap_a005db73,auth/ldap/,ldap,2024-07-08T11:47:57Z,2024-08-03T12:00:00Z,jdoe@example.com,new_york,east,,9f18cd4a-4e64-a2b2-b001-7b6b0dfb1270,secret-read,,, -jdoe,jdoe,0640a8f0-b315-cc8a-c0c2-713f663774df,entity,false,oIiGy,ns1/b,auth_userpass_01a6ea85,auth/userpass/,userpass,2024-07-21T14:51:36Z,2024-08-03T12:00:00Z,,new_york,east,,76a374a1-72fd-30ca-2455-f51dfeaa805e,secret-read,,, +admin,admin,3f210722-7210-98e8-1f0d-e6a39ffb29c6,entity,false,root,,auth_userpass_a005db73,auth/userpass/,userpass,2022-07-10T09:33:51Z,2024-08-03T12:00:00Z,admin@example.com,san_francisco,west,admin@example.com,746fbaf9-ffeb-62b9-7f0b-42d79ca0883f,secret-read,secret-list,secret-write,secret-delete +,,590198f7-9178-57d6-c345-48746bb438d8,non-entity-token,false,YWZzu,ns1/a/,auth_ns_token_e3119312,auth/token/,ns_token,2022-07-08T11:35:23Z,2024-08-03T12:00:00Z,,,,,,,, +jdoe,jdoe,665a54bf-8652-c0c5-8121-40adf0d9786a,entity,false,wOsmr,ns1/a,auth_ldap_a005db73,auth/ldap/,ldap,2022-07-08T11:47:57Z,2024-08-03T12:00:00Z,jdoe@example.com,new_york,east,,9f18cd4a-4e64-a2b2-b001-7b6b0dfb1270,secret-read,,, +jdoe,jdoe,0640a8f0-b315-cc8a-c0c2-713f663774df,entity,false,oIiGy,ns1/b,auth_userpass_01a6ea85,auth/userpass/,userpass,2022-07-21T14:51:36Z,2024-08-03T12:00:00Z,,new_york,east,,76a374a1-72fd-30ca-2455-f51dfeaa805e,secret-read,,, ``` From 6db7f08e58facaa5b73cfd8732c2b918b5266338 Mon Sep 17 00:00:00 2001 From: akshya96 Date: Wed, 6 Aug 2025 16:46:46 -0700 Subject: [PATCH 3/7] remove quote --- .../v1.21.x (rc)/content/api-docs/system/internal-counters.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx index 965a45e844..ef28e627bb 100644 --- a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx +++ b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx @@ -1294,7 +1294,7 @@ it may be up to 20 minutes delayed. - `token_creation_time` in the response is a timestamp that represents the earliest token creation time ever recorded for the client, not just within the queried time period. This reflects when the first token for the client was created. - This field was renamed to `token_creation_time` in Vault 1.21. In previous versions, it was called `timestamp`. + This field was renamed to token_creation_time in Vault 1.21. In previous versions, it was called timestamp. - `client_first_usage_time` in the response is a timestamp that represents the earliest usage of the client during the queried time period. From 704966f0ede37b4a5a14959527d86fe68e3dc877 Mon Sep 17 00:00:00 2001 From: akshya96 Date: Thu, 7 Aug 2025 10:51:15 -0700 Subject: [PATCH 4/7] change description for token creation time --- .../v1.21.x (rc)/content/api-docs/system/internal-counters.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx index ef28e627bb..abdef1450c 100644 --- a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx +++ b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx @@ -1292,7 +1292,7 @@ it may be up to 20 minutes delayed. - This endpoint can be called from all namespaces. The requested namespace will act as a filter. The exported data will include activity for the requested namespace and all of its children. -- `token_creation_time` in the response is a timestamp that represents the earliest token creation time ever recorded for the client, not just within the queried time period. This reflects when the first token for the client was created. +- `token_creation_time` in the response is the creation time of the token that was used by the client to perform the request. This time is distinct from the time the client was created and may lie outside of the queried time period. This field was renamed to token_creation_time in Vault 1.21. In previous versions, it was called timestamp. From 37df3e521c5917375bc2d4f3ea84aa597ec9eac6 Mon Sep 17 00:00:00 2001 From: akshya96 <87045294+akshya96@users.noreply.github.com> Date: Thu, 7 Aug 2025 13:31:49 -0700 Subject: [PATCH 5/7] Update content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../v1.21.x (rc)/content/api-docs/system/internal-counters.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx index abdef1450c..a50fbd0d2f 100644 --- a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx +++ b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx @@ -1297,7 +1297,8 @@ it may be up to 20 minutes delayed. This field was renamed to token_creation_time in Vault 1.21. In previous versions, it was called timestamp. -- `client_first_usage_time` in the response is a timestamp that represents the earliest usage of the client during the queried time period. +- `client_first_usage_time` - timestamp representing the earliest usage of the + client during the queried time period. - **`sudo` required** – This endpoint requires `sudo` capability in addition to any path-specific capabilities. From 9762e8d623e95abfe008d2175d64f94883288539 Mon Sep 17 00:00:00 2001 From: akshya96 <87045294+akshya96@users.noreply.github.com> Date: Thu, 7 Aug 2025 13:33:55 -0700 Subject: [PATCH 6/7] Update content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../content/api-docs/system/internal-counters.mdx | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx index a50fbd0d2f..b185e5b225 100644 --- a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx +++ b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx @@ -1292,10 +1292,13 @@ it may be up to 20 minutes delayed. - This endpoint can be called from all namespaces. The requested namespace will act as a filter. The exported data will include activity for the requested namespace and all of its children. -- `token_creation_time` in the response is the creation time of the token that was used by the client to perform the request. This time is distinct from the time the client was created and may lie outside of the queried time period. - - This field was renamed to token_creation_time in Vault 1.21. In previous versions, it was called timestamp. - + +### Response fields + +- `token_creation_time` - the creation time of the token used by the client to + perform the request (previously `timestamp`). Token creation name is distinct + from the time the client was created and may lie outside of the queried time + period. - `client_first_usage_time` - timestamp representing the earliest usage of the client during the queried time period. From 57a0ef0710d60c95f921924fe231a52c2ec6cc60 Mon Sep 17 00:00:00 2001 From: akshya96 Date: Thu, 7 Aug 2025 13:56:02 -0700 Subject: [PATCH 7/7] addressing comments --- .../api-docs/system/internal-counters.mdx | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx index b185e5b225..bfb207c543 100644 --- a/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx +++ b/content/vault/v1.21.x (rc)/content/api-docs/system/internal-counters.mdx @@ -1292,17 +1292,6 @@ it may be up to 20 minutes delayed. - This endpoint can be called from all namespaces. The requested namespace will act as a filter. The exported data will include activity for the requested namespace and all of its children. - -### Response fields - -- `token_creation_time` - the creation time of the token used by the client to - perform the request (previously `timestamp`). Token creation name is distinct - from the time the client was created and may lie outside of the queried time - period. - -- `client_first_usage_time` - timestamp representing the earliest usage of the - client during the queried time period. - - **`sudo` required** – This endpoint requires `sudo` capability in addition to any path-specific capabilities. @@ -1333,6 +1322,16 @@ $ curl \ http://127.0.0.1:8200/v1/sys/internal/counters/activity/export ``` +### Response fields + +- `token_creation_time` - the creation time of the token used by the client to + perform the request (previously `timestamp`). Token creation time is distinct + from the time the client was created and may lie outside of the queried time + period. + +- `client_first_usage_time` - timestamp representing the earliest usage of the + client during the queried time period. + ### Sample JSON response The entity alias names for userpass in the sample response records below are user-provided. They are