Describe the bug
In contrast to example tutorials reading a secret (from Consul at least) doesn't seem to trigger caching. It only works if vault login -method=... is first issued.
Request a Consul ACL token: vault read -field=lease_id consul/creds/my-service
Request a Consul ACL token (again): vault read -field=lease_id consul/creds/my-service
Note the lease IDs have changed
Run vault login -method=aws
Request a Consul ACL token: vault read -field=lease_id consul/creds/my-service
Request a Consul ACL token (again): vault read -field=lease_id consul/creds/my-service
Note the lease IDs are stable and the agent will auto-renew.
As far as I can tell, this runs contrary to how the tutorial demonstrates caching should operate. It's not clear to me why this is. I'm guessing requesting a token somehow ties it to my shell's login session token (~/.vault-token).
Expected behavior
Agent should auto-login and cache secrets issued through it. I'm not sure if that makes sense, but the tutorial and docs don't seem to mention this gap.
Environment:
Vault Server Version (retrieve with vault status): Vault v1.6.0
Vault CLI Version (retrieve with vault version): Vault v1.6.3 (b540be4b7ec48d0dd7512c8d8df9399d6bf84d76)
Server Operating System/Architecture: HCP
Vault server configuration file(s):
n/a
Additional context
Add any other context about the problem here.
Describe the bug In contrast to example tutorials reading a secret (from Consul at least) doesn't seem to trigger caching. It only works if
vault login -method=...
is first issued.To Reproduce
vault agent -config=agent.hcl
vault read -field=lease_id consul/creds/my-service
vault read -field=lease_id consul/creds/my-service
vault login -method=aws
vault read -field=lease_id consul/creds/my-service
vault read -field=lease_id consul/creds/my-service
As far as I can tell, this runs contrary to how the tutorial demonstrates caching should operate. It's not clear to me why this is. I'm guessing requesting a token somehow ties it to my shell's login session token (
~/.vault-token
).vs
Expected behavior Agent should auto-login and cache secrets issued through it. I'm not sure if that makes sense, but the tutorial and docs don't seem to mention this gap.
Environment:
vault status
):Vault v1.6.0
vault version
):Vault v1.6.3 (b540be4b7ec48d0dd7512c8d8df9399d6bf84d76)
Vault server configuration file(s):
n/a
Additional context Add any other context about the problem here.