Currently it seems that Vault agent does not support the “userpass” method for authentication (if it does, please stop reading…).
The scenario where I think this would be useful is during development, specially for database and other dynamic secrets. The developer would start the agent and it would ask the password interactively. After that, it would just be business as usual.
This approach has the benefit that discourages people from putting Vault credentials in source files that end up in shared repositories.
WDYT ? Is this a bad idea ?