Security & supply chainVault learns to speak SPIFFE, and your pipeline's static token is on notice
HashiCorp wired SPIFFE into Vault as both an auth method and a secrets engine, positioning Vault as a workload-identity broker that sits next to SPIRE rather than replacing it. For CI/CD that means one more reason the long-lived bearer token in your job secrets is harder to defend by the day.