Sorry you have had a bad experience, I can assure you we do care about our users and being able to provide support. One of the main reasons we created this forum is to standardise that interaction and to be able to create better community interaction around the Open Source products. That said it was only launched about 10 days ago and it will take time to build momentum.
Onto your original question, Vault provides a number of different authentication methods. The one which you use depends on the application and platform it is running on. For example, if you are using Kubernetes then the Kubernetes Auth Method which uses K8s service tokens might be the best choice. If you are running your application on a Virtual Machine in the cloud then you can leverage something like the AWS auth method which uses cloud meta data.
The process is pretty much the same regardless of which auth methods you use:
- Application authenticates to Vault using local secrets like cloud metadata, k8s service token
- Vault validates this information and returns a token which has policy attached to it
- The token is used to access secrets and other functions
My preferred approach for how this works in practice is that I use Vault Agent as a sidecar application which manages authentication:
And Consul Template as a second sidecar to manage the retrieval and life cycle of my secrets:
I feel this approach gives me the best flexibility and security and works with many different workloads.
Regarding docker-volume-libsecret, this is a community project not created by HashiCorp, we only have a finite number of engineers, most of which are working on the core Open Source products.
If you could describe your current architecture in a little more detail (k8s, Nomad, ECS, etc) I can try an give further pointers.