Conjur API token keeps expiring too quickly even after setting TTL

Rovmenpaul · July 10, 2025, 1:02pm

Hi everyone,

I’m integrating Conjur into a CI/CD pipeline and using the API to fetch secrets. Even though I’ve set the CONJUR_AUTHN_TOKEN_TIMEOUT to extend the token TTL, it still seems to expire after just a few minutes.

I’m authenticating via the host factory and storing the token temporarily, but it’s forcing re-authentication more frequently than expected, which is interrupting longer-running builds.

Is there a known limitation or override I might be missing? Or does the TTL setting need to be configured somewhere else in the policy or environment?

Thanks in advance!

szh · July 10, 2025, 1:45pm

Where are you setting CONJUR_AUTHN_TOKEN_TIMEOUT? The TTL for Conjur authn tokens is not configurable, except when using OIDC authentication. See OIDC Authenticator for Conjur UI and Conjur CLI authentication

Topic		Replies	Views
OIDC Authenticator - Doesn't seem to honor expiry Secrets Management - Conjur, Secrets Hub & CP conjur_feedback	11	1131	November 26, 2019
Obvious authn-k8s token question Secrets Management - Conjur, Secrets Hub & CP kubernetes	3	523	August 20, 2020
Conjur Timed Out Conjur Enterprise dap	0	650	November 2, 2020
AWS IAM authenticator throwing error "CONJ00018E Invalid or expired AWS headers" Conjur Enterprise	4	1003	December 10, 2020
SSL Error while initializing Conjur CLI - Make sure Conjur's root certificate is trusted in this machine Secrets Management - Conjur, Secrets Hub & CP	5	516	March 15, 2023

Conjur API token keeps expiring too quickly even after setting TTL

Related topics