Can Vault create a JWT for use in my app

I have an application which allows users to authenticate via JWT access tokens. Sometimes, we need to assign a JWT to an internal script. Is it possible to use Vault to create a JWT for use with my application?


Set Up

  • I configure a hypothetical jwt secret engine with my application’s JWT secret


  • Script authenticates to Vault with approle credentials
  • Script requests JWT from Vault
    • Something like GET /jwt/creds/:name (based on database engine syntax)
  • Vault uses my application’s JWT secret to generate a valid JWT
  • Vault returns JWT to Script
    I don’t see a JWT secret engine. Is this possible to do?


I suggest taking a look at this - Identity Secrets Engine.

It might be what you are looking for.