add vault token auto-renewal script and LaunchAgent

dot_local/bin/executable_vault-token-renew.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+# Auto-renew Vault token if it exists and is renewable
+VAULT_TOKEN_FILE="$HOME/.vault-token"
+
+if [ ! -f "$VAULT_TOKEN_FILE" ]; then
+    exit 0
+fi
+
+export VAULT_ADDR="https://vault.viktorbarzin.me"
+export VAULT_TOKEN="$(cat "$VAULT_TOKEN_FILE")"
+
+# Check if token is still valid and renewable, then renew
+if vault token lookup -format=json 2>/dev/null | /usr/bin/python3 -c "import sys,json; d=json.load(sys.stdin)['data']; sys.exit(0 if d.get('renewable') else 1)" 2>/dev/null; then
+    vault token renew > /dev/null 2>&1
+fi

private_Library/LaunchAgents/me.viktorbarzin.vault-token-renew.plist

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>Label</key>
+    <string>me.viktorbarzin.vault-token-renew</string>
+    <key>ProgramArguments</key>
+    <array>
+        <string>/bin/bash</string>
+        <string>/Users/viktorbarzin/.local/bin/vault-token-renew.sh</string>
+    </array>
+    <key>EnvironmentVariables</key>
+    <dict>
+        <key>PATH</key>
+        <string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin</string>
+    </dict>
+    <key>StartInterval</key>
+    <integer>28800</integer>
+    <key>RunAtLoad</key>
+    <true/>
+    <key>StandardOutPath</key>
+    <string>/tmp/vault-token-renew.log</string>
+    <key>StandardErrorPath</key>
+    <string>/tmp/vault-token-renew.log</string>
+</dict>
+</plist>