Protect hashicorp vault API token

This is the scenario:

The client does not want the system administrator can access private data, so we are thinking to use hashicorp vault to save the master key used to encrypt data that will be saved in the database. But the application (NodeJS) needs to access the master key in order to decrypt and use the data, the application uses the hashicorp vault API access token to do this.

The question is: What can we do in order only the application can read the API access token and not the administrator (root user)?.


Hi @DanielTorres1!

If the admin has full access to the host machine where the application is running on, I don’t see a way to achieve this.