The approle authentication method allows machines or applications to authenticate with Vault-defined roles. In order for an approle to receive a token, a set of policies and login constraints must be met.
This KB article is an extension of the existing approle token ttl suffix for:
Current existing documentation mentioned support suffix is s for seconds, m for minutes. Vault token ttl suffix does also support h for hour, ms for millisecond and µs for microsecond.
To sum up:
sfor secondsmfor minuteshfor hoursmsfor millisecondsnsfor nanoseconds (not commonly used in Vault)µsfor microsecond (not commonly used in Vault)
In the meantime, token_ttl cannot be greater than token_max_ttl. If no suffix is provided, vault will assume a value of seconds for that specific ttl.
Example:
vault write auth/approle/role/my-role \
secret_id_ttl=10h \
token_ttl=20ms \
token_max_ttl=30h
Success! Data written to: auth/approle/role/my-role