Hello all,
I would like to ask if it’s possible to use the autounseal transit engine but authenticate with the respective transit vault via Azure Auth.
In a nutshell, we have 1 “transit” vault which is used only for autounsealing our numerous vaults. So far, we’ve been doing the authentication to the transit vault via token in vault.env, but we’ve had some incidents which are making us rethink this approach.
What we wish to do is to lock down the vault machines, but in this case, updating the token becomes very daunting. However we do support Azure Auth.
We’ve created a policy and Azure Auth role for this particular purpose, however, it seems the “seal transit” block in vault.hcl only supports passing a token.
Is it possible to use Azure auth, as we do for the Vault agents via the “auto-auth” block?
Thanks!