Was trying out token APIs and saw the following. Is this expected?
- vault server started in -dev mode.
- I created two policy files pointing to two different paths - secret/data/app1 and secret/data/app2
- Created two tokens with one policy each tied to different paths.
- Created two new terminal windows (separate bash shells) on the same machine simulating two apps.
- After setting vault_addr env variable, i did ‘vault login token=token_app1’ in one terminal and ‘vault login token=token_app2’ in the second terminal.
- When I print ‘vault token lookup’ in the first terminal, I see that the token information points to the ‘token_app2’ information.
- When I try the other way around - i could see that whichever token logged in last, that token is seen/shown in the token information field. In fact, i was able to write to App2 path location from the terminal meant for App1 and vice versa.
- If I use just environment variable VAULT_TOKEN in these two terminals AND NOT DO vault login from either, everything works as expected.
Am i doing some steps wrong or missing some steps?