A DevOps team is deploying Vault in a Kubernetes cluster. They want to ensure that when a pod starts, it can obtain a short-lived Vault token without human intervention. Which Vault architecture component should they use?
Trap 1: Audit Device
Logs requests but does not provide tokens.
Trap 2: Storage Backend (Consul)
Only stores encrypted data, not used for token injection.
Trap 3: Vault CLI with token helper
Requires manual login and token management.
- A
Audit Device
Why wrong: Logs requests but does not provide tokens.
- B
Storage Backend (Consul)
Why wrong: Only stores encrypted data, not used for token injection.
- C
Vault Agent sidecar
Automatically authenticates and injects tokens into pods.
- D
Vault CLI with token helper
Why wrong: Requires manual login and token management.