diff --git a/web/lukegbcom/posts/2022-04-07-vault-and-me.md b/web/lukegbcom/posts/2022-04-07-vault-and-me.md index 6a3178f987..d49db7b3f5 100644 --- a/web/lukegbcom/posts/2022-04-07-vault-and-me.md +++ b/web/lukegbcom/posts/2022-04-07-vault-and-me.md @@ -189,7 +189,7 @@ the local Vault Agent, with a token issued that has a subset of the powers of the original server-wide token. The ACLs on talking to `tokend` are much more permissive than those for talking -directly to the Vault agent. +directly to the Vault agent, because the token you get depends on your identity. ## `secretsmgr`