Need Help with Agent Config on Ubuntu 18.04

I have deployed vault 1.14.3 on an Ubuntu 18.04 server. Everything seems fine, but when I try to run vault read secret/path/to/secret I get:


URL: GET https://vault.mycompany.com:8200/v1/secret/path/to/secret
Code: 403. Errors:

* permission denied```

If I explicitly use the agent-token file that is output when running Vault Agent (by doing VAULT_TOKEN={agent-file-contents} followed by vault read secret/path/to/secret, I am able to read the secret just fine.

I think the agent is not using the agent-token file to make its requests, and am out of ideas for how to fix it. One thing I noticed is the vault.env file is empty, and not sure if this should be the case. Here is the vault.hcl file that is being used as the agent config:

pid_file = "./pidfile"

log_file = "/var/log/vault/agent.log"
log_level = "trace"
log_rotate_bytes = 10000000
log_rotate_max_files = 10

vault {
   address = "https://vault.mycompany.com:8200"
}

listener "tcp" {
  address     = "127.0.0.1:8100"
  tls_disable = true
}

auto_auth {
  method "approle" {
    mount_accessor = "auth/approle"
    config = {
      role_id_file_path = "/etc/vault.d/role-id"
      secret_id_file_path = "/etc/vault.d/secret-id"
    }
  }

  sink "file" {
    config = {
        path = "/etc/vault.d/agent-token"
    }
  }
}

cache {
  use_auto_auth_token = true
}