Automatically revoke Vault token when job script completes
Description
The HashiCorp Vault API provides an endpoint for revoking the used token. We could use this in Runner.
Proposal
Runner could automatically revoke the Vault token towards the end of the job (after the script has completed?), so as to improve security/reduce risk in case of leaked tokens, and to lessen the burden of setting an appropriate TTL.
Links to related issues and merge requests / references
Vault API endpoint docs: https://developer.hashicorp.com/vault/api-docs/auth/token#revoke-a-token-self
The potential for this feature was pointed out to me by a customer in a support ticket (internal).