Does vault agent cache support dynamic credentials?

Does vault agent cache support dynamic credentials?

As in approle? Yes.

what about AWS iam role ?

There is no restriction in the agent auth documentation.

mount_path (string: optional) - The mount path of the method. If not specified, defaults to a value of auth/<method type>.

I have never tried but I don’t see why it wouldn’t work as long as you can get a regular user to aws auth through Vault. I should mention that there is nothing “dynamic” about this though. That’s a IAM user that’s being authenticated through vault and then through the agent.

Now obviously there is the AWS Dynamic Secret Engine that can create IAM users (either via named user or via STS token). To try to use that as your AWS auth user may create a circular reference and would be a tough setup. I’d be a nice excercise but my guess is that it won’t work.

I mean the cache function