I need to make vault accessible to a web application running on a VM cluster. I’d like to use vault agent. I have a set number of servers.
Is the best practice to run an instance of vault agent on each server?
Also, if I run vault agent via a
vault user, the token written to sink is owned by
vault:vault, and not readable by my application. Is it safe to run vault agent via the same user as my application?