Hi Team,
I am new to Vault agent.
I want to store the vault token in a secure manner.
I am trying use Vault Agent.
But,
I got to know, vault agent in keeping the vault token in plain text format.
Can anyone please help to understand more on how to securely store the vault token.
Thanks,
Biito
Ensure you are setting file permissions correctly so that only the allowed application & Vault Agent can read the token/secret files.
Hi,
I have question
I’m working on integrating HashiCorp Vault into our application using Vault Agent for authentication. The initial setup works well, where the application reads the Vault token from a file generated by Vault Agent and uses it to authenticate with the Vault server.
However, I’m concerned about handling scenarios where the token’s max TTL is reached, and a new token is generated by Vault Agent.
Currently, our application reads the token once during initialization and uses it for subsequent operations. If the token expires and a new one is generated, the application wouldn’t automatically know about the new token, which could lead to failed operations.
To address this, I am thinking to implement a file watcher that monitors the token file for changes. When a new token is generated, the watcher reloads the token and updates the Vault client. While this seems to work in theory, I want to ensure that we’re following best practices and not missing any important considerations.
Here are the specific questions I have:
I’d appreciate any feedback or suggestions on improving this implementation.