Vault Agent Question

Is the vault agent per server or per application? Example: I am serving many web applications on a windows or linux machine (IIS or Tomcat). When I use the vault agent approach can I tie an app to the agent…which is authenticating to the vault…or is this for the server?

Usually, you’d run vault in agent mode once per server, then the apps on the server would connect to it on :8200, or auth-auth, etc.
You can have the agent running authenticate to the server. The docs outline all the auths… approle, certificate, JWT, etc.

You can run it multiple times, but you’d need a specific use case for that…