We’re using Terraform to onboard new Vault customers. For app_role, the default behavior is to make a GUID as the role_id for a given role. However, vault_approle_auth_backend_role does have an optional attribute to set the role_id to be something human-readable and meaningful, and then since that has to match the name of a vault_identity_entity_alias, it’s immediately obvious to know what app_role an application is using.
Are there any reasons NOT to set the role_id to be the same as the role_name?