Support periodic tokens with TLS authentication

[phaer]

The authentication tokens created by /v1/auth/cert/login seem to be subject to the maximum TTL of the system or their mount, would it be feasible to add a configuration parameter to make them periodic?

We are currently circumventing the issue with a script like:

export VAULT_TMP_TOKEN=$(/usr/bin/curl -s \
    --cacert ${TLS_CA_CERT} \
    --cert ${TLS_CERT} \
     --key ${TLS_KEY} \
     -d "{\"name\": \"${HOSTNAME}\"}" \
     ${VAULT_URI}/v1/auth/cert/login -XPOST \
   | /usr/bin/jq -r .auth.client_token)
export VAULT_TOKEN=$(curl -s -X POST \
    -H "X-Vault-Token: ${VAULT_TMP_TOKEN}" \
     "${VAULT_URI}/v1/auth/token/create/$HOSTNAME" \
  | /usr/bin/jq -r .auth.client_token)
curl -s -X POST \
  -H "X-Vault-Token: ${VAULT_TMP_TOKEN}" \
  "${VAULT_URI}/v1/auth/token/revoke-self"

Which is a bit of a workaround but works, the problem is that it requires extra auth/token/roles and policies just to acquire a periodic token. The use case for the whole thing is to start long running processes by using TLS authentication, consul-template in our case.

What do you think?

[jefferai]

Adding to 0.8.4, but may slip to the release after next.