I was watching this video https://youtu.be/PNtRk3wRtWM?t=1151, and I must disagree with the presenter. Expiring secrets created with auto_auth token, is not surprising, is alarming! It sounds like secrets are tied to the agent, why would we need Vault for?
I’m hopeful it’s just I that don’t understand this king of tokens. So here’s the question:
Using Vault Agent Auto Auth, do secrets created with the kv engine become inaccessible under these circumstances:
- The solution is re-deployed, causing the agent to restart and retrieve a new token?
- The client restarts, assuming the token had a wrap_ttl attached?
How to keep data permanently available and accessible under these circumstances? That is, avoiding a long term token stored on disk.