Add support for unwrapping of wrapped tokens

[david-streamlio]

It would be great if you could add support for wrapping and unwrapping of tokens as described in:

https://learn.hashicorp.com/vault/secrets-management/sm-cubbyhole

This would help support the distribution of credentials for bootstrapping clients by storing their credentials in a single and safe location. These are the current steps required in order to access the AppRole credentials I am looking to have implemented.

` curl -H "X-Vault-Token:XXX" --request POST \ --data '{"policy":"path \"secret/data/dev\" {capabilities = [\"read\"]} "}' \ http://vault:8200/v1/sys/policy/producer-policy

ROLE_ID=curl -H "X-Vault-Token:XXX" --request GET \ http://vault:8200/v1/auth/approle/role/foo/role-id | jq .data.role_id

SECRET_ID=curl -H "X-Vault-Token:XXX" --request POST \ http://vault:8200/v1/auth/approle/role/foo/secret-id | jq .data.secret_id

echo "Store the role id and secret id" curl -H "X-Vault-Token:XXX" --request POST \ --data '{"data": {"role_id": '"${ROLE_ID}"', "secret_id": '"${SECRET_ID}"'} }' \ http://vault:8200/v1/secret/data/dev

Wrap it

WRAP_TOKEN=curl --header "X-Vault-Wrap-TTL: 28800" \ -H "X-Vault-Token:XXX" --request POST \ --data '{"policies":["message-producer"]}' \ http://vault:8200/v1/auth/token/create | jq .wrap_info.token | tr -d '"'

Get a new token

curl -H "X-Vault-Token:XXX" --request POST \ --data '{"policies": "default"}' \ http://vault:8200/v1/auth/token/create

use wrap token to unwrap the request

CLIENT_TOKEN=curl --header 'X-Vault-Token:'"$WRAP_TOKEN"'' --request POST \ http://vault:8200/v1/sys/wrapping/unwrap | jq .auth.client_token

Use the new client token to access the secrets that were wrapped

curl --header 'X-Vault-Token:'"$CLIENT_TOKEN"'' \ http://vault:8200/v1/secret/data/dev `