"permission denied" in audit log

I see a lot of “permission denied” errors in my audit log during CI deployments. It’s unclear if these are being logged when running levant, consul-template or when nomad is templating the job itself. There errors look like this

{"time":"2022-12-01T22:31:02.470621052Z","type":"request","auth":{"token_type":"default"},"request":{"id":"1196612c-2cc1-8be0-78f4-9b7b07cb064b","operation":"read","mount_type":"kv","client_token":"hmac-sha256:xyz","namespace":{"id":"root"},"path":"secret/data/web/site/prod","remote_address":"10.0.4.63","remote_port":63340},"error":"permission denied"}

The CI jobs pass and the site is deployed in Nomad with error. Any thoughts on what could be causing this?

Something is making requests to your Vault with invalid or expired tokens.