I deployed a Vault cluster 1 month ago in AWS using an S3 bucket as storage backend.
Vault cluster consists in 3 vault + 3 consul instances with a AWS ALB in front.
Vault: 1.5.4 / Consul: 1.8.4
It has been working fine AFAIK since today. I have noticed something strange.
When connected to Vault webpage if I refresh browser and login again into Vault, stored roles change.
It seems like I have two sets of roles and each time I refresh browser it jumps from one to the other. Other objects remain the same.
All Vault instances have the same configuration so don’t know why this is happening.
Checking S3 bucket I see two ids inside /auth/ folder which contain different roles (the ones I see when session is refreshed)
What could the reason why Vault shows different roles when refreshing browser session?
Edit: Using Vault cli “vault list auth/…/role” I always get the correct list of roles associated to each Kubernetes method.
It’s only happening at web where roles are partially shown and associated to all auth methods.