AppRole authentication is the recommended method of authenticating with Vault.

When using this authentication method, Jerakia is configured with a role ID (role_id) and a secret ID (secret_id), and Jerakia uses these values to acquire a limited-lifetime token from Vault to interact with the API of the transit backend. 

Upon token expiry, Jerakia will request a new token using role_id and secret_id again.

First, we'll create an AppRole for Jerakia, giving it a TTL of 15 minutes. This has to be associated with the access policy we created earlier using the policies argument:

$ ./vault write auth/approle/role/jerakia token_ttl=15m policies=jerakia

Now, we can check the Jerakia AppRole and ascertain the role_id:

$ ./vault read auth/approle/role/jerakia/role-id
Key     Value
 ---     -----
 role_id bfce3860-0805-43dc-ab6d-fe789559fe32

We also need to create a secret_id:

$ ./vault write -f auth/approle/role/jerakia/secret-id
Key                 Value
 ---                 -----
 secret_id           94f23dba-7355-426c-ae1e-5768dbb70280
 secret_id_accessor  f7b0f10a-99f4-4c7e-b69d-7bbd27a3c016

Now that we have role_id and secret_id, we can proceed to integrate Jerakia with Vault.