Vault wrapping token - number of usage

Question

We are facing issue with fetching secrets from Hashicorp Vaullt. Client is actually using role_id and secret_id to auth in Vault. We also use wrapping function for secret_id, so once secret_id is fetched from Vault, it's wrapped and has to be unwrapped to get real secret_id. Now problem is that wrapping token obtained from Vault has number of usage 1. Meaning that secret_id can be unwrapped only once. When we try 2nd time to unwrap, it is failing. And reason is number of usace for such generated token which is 1 by default.

Key                 Value
---                 -----
accessor            LctZYfQyzJVleDb41l7mACu5
creation_time       1603924396
creation_ttl        240h
display_name        n/a
entity_id           n/a
expire_time         2020-11-07T22:33:16.378745728Z
explicit_max_ttl    240h
id                  s.ajjvwjfjtTedj7xaeGW1B1WL
issue_time          2020-10-28T22:33:16.378758503Z
meta                <nil>
num_uses            1
orphan              true
path                auth/approle/role/img/secret-id
policies            [response-wrapping]
renewable           false
ttl                 239h58m30s
type                service

This is making a lot of issues for us. Is there a way to increase, or set as unlimited number od wrap token usage?

Thank you!

Answer 1

The point of wrapping is that it is only unwrappable once. If you want a token that allows access to a secret for an extended period, then you want a 'regular' token. So create a policy that allows access only to the secret_id, create a new token with only that policy attached, and store that token. Now you have a token that you can use to request the secret_id secret from Vault.