Enable vault.client.api-util/api-request to support Agent-based authentication

[emilywoods]

Vault Agent can be used to handle all of the Vault authentication for an application. This means that the application doesn’t manage its own Vault tokens i.e. it can make API calls to Vault through the agent without having to retrieve a token beforehand, and the app doesn’t need to include the X-Vault-Token header in the request.

As far as I understand, since api-request checks that there is a token associated with the client and includes the X-Vault-Token header in the request, it does not support agent-based authentication.

It would be great if this was supported in api-request, and I believe it would be possible by making the following changes:

• The client authentication check could be made optional
• The X-Vault-Token header would be set only if there is a token associated with the client

[greglook]

Neat, I hadn't looked into the Vault agent before - sounds like it handles many of the things that the client code is doing right now. In that case you'd just want this as a pass-through library, assuming that the agent presents an HTTP API that is otherwise similar to the one that you'd get on the Vault server. 🤔

[emilywoods]

sounds like it handles many of the things that the client code is doing right now

The Agent can be used to handle authentication at least, so applications interacting with the Vault server via the client don't need to worry about this or managing a token. :)

assuming that the agent presents an HTTP API that is otherwise similar to the one that you'd get on the Vault server

The Agent can be used as a proxy, which handles all authentication on behalf of the application. The client can interact with the Vault HTTP API as it is doing now, just without including the X-Vault-Token header.

Would you be open to receiving a PR which could allow vault.client.api-util/api-request to support this?