Why isn’t there a secret engine that is able to generate tokens for an external Vault? We run a central “operations” Vault instance and sub Vault instances for client environments and it would be very nice to enable ops/dev staff to generate short-lived tokens for the client Vaults from the central Vault.
Is there another way to do this?