Hi,
I am learning about vault and approles, I have been reading this tutorial AppRole Pull Authentication | Vault - HashiCorp Learn and I don’t understand the reason the trusted entity wraps the token
vault write -wrap-ttl=60s -force auth/approle/role/jenkins/secret-id
The reason I ask is that the documentation also says we can restrict the token_ttl in the role so aren’t -wrappt-ttl and token_ttl trying to solve the same problem? why do we need to use both?
thank you very much