I’m integrating Conjur into a CI/CD pipeline and using the API to fetch secrets. Even though I’ve set the CONJUR_AUTHN_TOKEN_TIMEOUT to extend the token TTL, it still seems to expire after just a few minutes.
I’m authenticating via the host factory and storing the token temporarily, but it’s forcing re-authentication more frequently than expected, which is interrupting longer-running builds.
Is there a known limitation or override I might be missing? Or does the TTL setting need to be configured somewhere else in the policy or environment?
Similar to this parameter is available in conjur k8s client. But this parameter will not prevent token from expiring. The default TTL is conjur token is 8 minutes which cannot me modified.
The parameter in conjur-k8s-client can be configured to fetch a new token every time the timer is elapsed. For example the value of the parameter 6 minutes, the client will fetch a new token on every 6 minutes. That means k8s client will always have a valid token