i think I have understood how i can use a config management tool (in our case puppet) to role out role_id and secret_id files to the app servers and how these files are then used by a vault agent to auth against the vault and eventually provide authentification for my spring boot app using spring cloud vault.
I understood that the vault agent is loading the role-id/secret-id files into its cache and then deletes the secret-id source-files, so everything is only available in memory.
What i didn’t understand is how to handle a restart of a machine. We use puppet for configuration management and it will not directly run when the machine restarts, so the initial role-id/secret-id files and the application won’t be created anymore.
Is there a best practice how to handle this problem or is redeploying the only way?
Thx in advance!