diff --git a/internal/libvault/vault.go b/internal/libvault/vault.go
index 1bfb5ab..070c8cc 100644
--- a/internal/libvault/vault.go
+++ b/internal/libvault/vault.go
@@ -68,3 +68,12 @@ func CreateClientWithAppRole(roleID, secretID string) (*vault.Client, error) {
 	client.SetToken(resp.Auth.ClientToken)
 	return client, nil
 }
+
+func GetTokenTTLLeft(client *vault.Client) (int, error) {
+	secret, err := client.Auth().Token().LookupSelf()
+	if err != nil {
+		return 0, errors.Wrap(err, "failed to lookup token")
+	}
+
+	return int(secret.Data["ttl"].(float64)), nil
+}
diff --git a/vaultv1/v1.go b/vaultv1/v1.go
index 7b1b272..c33aeed 100644
--- a/vaultv1/v1.go
+++ b/vaultv1/v1.go
@@ -34,6 +34,15 @@ func CreateClientWithAppRole(roleID, secretID string) (*Client, error) {
 	}, nil
 }
 
+func GetTokenTTLLeft(client *Client) (int, error) {
+	timeLeft, err := libvault.GetTokenTTLLeft(client.Client)
+	if err != nil {
+		return 0, errors.Wrapf(err, "")
+	}
+
+	return timeLeft, nil
+}
+
 func (vc *Client) ListSecretPath(path string) ([]string, error) {
 	s, err := vc.Client.Logical().List(path)
 	if err != nil {
diff --git a/vaultv2/v2.go b/vaultv2/v2.go
index 12fd3c7..7b53efd 100644
--- a/vaultv2/v2.go
+++ b/vaultv2/v2.go
@@ -35,6 +35,15 @@ func CreateClientWithAppRole(roleID, secretID string) (*Client, error) {
 	}, nil
 }
 
+func GetTokenTTLLeft(client *Client) (int, error) {
+	timeLeft, err := libvault.GetTokenTTLLeft(client.Client)
+	if err != nil {
+		return 0, errors.Wrapf(err, "")
+	}
+
+	return timeLeft, nil
+}
+
 func (vc *Client) ReadSecret(path string, field string) (string, error) {
 	secret, err := vc.GetSecret(path)
 	if err != nil {