From my understand
Vault Service token will only appear once it generate
I would like to have some advise about
How you guys share the information between your infra teammate ?
For now we either make it down somewhere or create a tab store back in vault itself
as a record and limit the tab only infra able to access
Becox somehow a lot of application secret store once you put it in it will never able to see the actual token again
If we not store the token and share between infra team , then the followup support to that application will always belongs to the one whom create token
There are several ways for both humans, and workloads to generate a token. In Vault we call these auth methods. You can set up as many auth methods as you like to meet your requirements.
For example you can set up OIDC with a provider like Okta to authenticate other people who need to access Vault, then they log in as they would any other app and receive a unique token. You can also set up the AWS, or Azure, or Kubernetes auth method to allow your workloads to authenticate and receive their own tokens.
If you are new to Vault, I would check out this collection of tutorials:
Auth methods give out service tokens upon authentication. You can differentiate between token types by their prefix.
For example, a service token has a prefix of hvs. where as a batch token has a prefix of hvb.
This is one of those things where the tutorials I linked to above are actually super useful - they walk you through setting up an auth method, logging in as a unique user, and getting a token back that is unique to that user so you don’t have to share the tokens.