Feature Overview

May I ask if there is any potential for Hashicorp Vault response wrapping to be officially added to the product? e.g. is it on their roadmap, or could it be added to the roadmap?
So an end user could add the wrapped secret into the approle lookup and AAP itself will contact Vault to unwrap the real secret and save it. (no eyes on the real secret)

Background, and strategic fit

https://developer.hashicorp.com/vault/docs/concepts/response-wrapping#overview
https://developer.hashicorp.com/vault/api-docs/system/wrapping-unwrap#wrapping-unwrap
Basically allows a human to share and see a token.
The token is used on the endpoint /sys/wrapping/unwrap which Vault then provides a secret id. The unwrap can only occur once.
Since AAP/Tower already has Hashicorp Vault approle credential type, then AAP itself could have the wrapped token as a field entry, then AAP can go off in the background, get the secret id, save the secret id into the credential.
No human sees the secret id at any point.

FYI...Below is dicussion on the Slack.
Phil Griffiths  1 day ago
@Kevin can you raise an RFE for this (if there isn't one already). We are starting to talk to some of our key partners and vendors about these types of asks and how they could be delivered. Thanks