From e8cdd05b797e39989ecbdeea5c861283175b22f6 Mon Sep 17 00:00:00 2001
From: Joshua Nett <joshua@moz.com>
Date: Mon, 23 Apr 2018 18:49:17 -0700
Subject: [PATCH 1/2] fix nested policies after configurable renew

---
 policy_nested.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy_nested.go b/policy_nested.go
index 78e56c9..a58fc5a 100644
--- a/policy_nested.go
+++ b/policy_nested.go
@@ -56,6 +56,9 @@ func (p policies) loadNestedPolicies(authToken string) error {
 
 	/* Copy tempPolicies to policies */
 	for k,v := range tempPolicies{
+		if v.Renewable == nil {
+			v.Renewable = &config.DefaultRenewable
+		}
 		p[k] = v
 	}
 

From 920121b136d861dffad3a965eac7f3b700e4e2b7 Mon Sep 17 00:00:00 2001
From: Joshua Nett <joshua@moz.com>
Date: Mon, 23 Apr 2018 18:51:56 -0700
Subject: [PATCH 2/2] add configurable argument to README

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 3770318..cd30118 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,8 @@ VGM also supports the client environment variables used by vault such as, `VAULT
 
 `SEAL_HTTP_STATUS` | `-seal-http-status` - *Default: `200`* - Configures HTTP Status Code to be returned when querying /status.json.  By default uses 200 in both cases, but can be configured to return 429, for example, if the status is sealed.
 
+`DEFAULT_RENEWABLE` | `-default-renewable-tokens` - *Default: `true`* - The default value for renewable on tokens created.
+
 ### Vault Startup Authorization Methods
 
 `VAULT_TOKEN` - Vault authorization token to make requests with.