AppRole authentication is the recommended method of authenticating with Vault.
When using this authentication method, Jerakia is configured with a role ID (role_id) and a secret ID (secret_id), and Jerakia uses these values to acquire a limited-lifetime token from Vault to interact with the API of the transit backend.
Upon token expiry, Jerakia will request a new token using role_id and secret_id again.
First, we'll create an AppRole for Jerakia, giving it a TTL of 15 minutes. This has to be associated with the access policy we created earlier using the policies argument:
$ ./vault write auth/approle/role/jerakia token_ttl=15m policies=jerakia
Now, we can check the Jerakia AppRole and ascertain the role_id:
$ ./vault read auth/approle/role/jerakia/role-id
Key Value
--- -----
role_id bfce3860-0805-43dc-ab6d-fe789559fe32
We also need to create a secret_id:
$ ./vault write -f auth/approle/role/jerakia/secret-id
Key Value
--- -----
secret_id 94f23dba-7355-426c-ae1e-5768dbb70280
secret_id_accessor f7b0f10a-99f4-4c7e-b69d-7bbd27a3c016
Now that we have role_id and secret_id, we can proceed to integrate Jerakia with Vault.