I have issued a token X(The token is permanent but has restricted access) to my application A to access some secrets. I want to know if there is some authorization management inside of Vault itself that can help in identifying that the app that is accessing with Token X is Application ‘A’ itself and not some other entity.
What I mean is that no other person except for App ‘A’ should be able to access Vault with Token X.
There are third-party authorization methods(like github, AWS,Google), but they will increase the time/request for my application. Is there any way around it?
Not really. As far as Vault is concerned it just sees an API call with a token. It has no visibility over who is sending that API call. About the only thing you could do is to restrict the IP address that can use that token, but there is no way of knowing if the call comes from the expected app (from that allowed IP address) or something else running on the same machine.