How to firstly configure Hashicorp Vault with local jwt/ca certs

Question

I am trying to config Vaults Helm Chart. What I do is:

1. Deploy with my CI/CD tool and wait for the replicas to be available
2. Enter the UI and init Vault
3. Restore manually with my backup file
4. ssh into the pod with kubectl exec -it pod -- sh
5. vault login
6. vault write auth/kubernetes/config token_reviewer_jwt="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" kubernetes_host="https://$KUBERNETES_PORT_443_TCP_ADDR:443" kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt

Step 6 is what causes all my problems. I can't logout which sounds like an extreme security risk. Isn't there a way to automate this? I've read the docs, there seems to be an agent, but it's very confusing.

Answer 1

rm ~/.vault-token

is the right answer.