Building on the context #2162 I'd Like to propose the addition of an environment variable for HashiCorp Vault Token files.
Why
because relying on the default ~/.vault-token location limits flexibility in automated or strictly secure environments. This would allow SOPS to read Vault tokens from file descriptors and different paths, which would improve support for ephemeral secret injection and read-once tokens overall.
I am currently working on a PR to implement this and will link it here shortly
Building on the context #2162 I'd Like to propose the addition of an environment variable for HashiCorp Vault Token files.
Why
because relying on the default ~/.vault-token location limits flexibility in automated or strictly secure environments. This would allow SOPS to read Vault tokens from file descriptors and different paths, which would improve support for ephemeral secret injection and read-once tokens overall.
I am currently working on a PR to implement this and will link it here shortly