All vault variants are currently failing by default. TLDR: We should probably do this change for every vault variant: https://gitlab.com/to-be-continuous/cloud-foundry/-/commit/f761914818176b017b04157e9694a1d6de3500b4#e6ec8ba1263470ae22ff536a9524306d7e96d090_14_14 --- Users have to add `VAULT_AUTH_METHOD: "jwt"` to make them work. Furthermore it is hard to guess as the variable is only in https://gitlab.com/to-be-continuous/tools/vault-secrets-provider The reason is than the the default `VAULT_AUTH_METHOD` check if `VAULT_ROLE_ID` and `VAULT_SECRET_ID` are not empty. If so it uses approle otherwise it will try `VAULT_JWT_TOKEN` But with the current setup those variables are no defaulting to an empty string `""` but to `$VAULT_ROLE_ID` and `$VAULT_SECRET_ID` respectively