Expose address to Vault Token Helper script when using HTTP Option -address in CLI

[cwchristerw]

Is your feature request related to a problem? Please describe.
I have discovered need to use bash script as Vault Token Helper and I have never needed VAULT_ADDR environment variable before this because I have been able to use -address with single Vault instance and single .vault-token file.

It would be better to export -address value to VAULT_ADDR environment variable automatically when using customized vault token helper script because then I could keep my workflow as it is.

I have to issue multiple Signed SSH Certificates from multiple Vault instances and before that I have used only one Vault instance but I want to separate these projects to separate entities with their own Vault instance.

Describe the solution you'd like
Expose address argument similar to method (get, store, erase) when calling token helper script or add VAULT_ADDR environment variable when calling Vault Token Helper script, if user has specified -address value.

Describe alternatives you've considered

1. I will edit my bash script for Signed SSH Certificates to use export VAULT_ADDR for different organizations Vault instances. [ x ]
2. Implement support for multiple vault instances natively without needing customized Vault Token Helper script. Support multiple Vault commandline client tokens #2092 Vault does not support interacting with multiple vault servers nor storing separate tokens for each. #18359

Explain any additional use-cases

Additional context

Related File:
https://github.com/hashicorp/vault/blob/main/command/token/helper_external.go

Commands
vault login -address=https://vault.example.com
vault login -address=https://vault.example.org
VS
export VAULT_ADDR=https://vault.example.com
vault login
export VAULT_ADDR=https://vault.example.org
vault login

Vault Token Helper

#!/bin/bash

stderr() { echo -n "$@" 1>&2; }

if [ ! "$BASH_VERSION" ]; then
    exit 1
fi

if [[ -z "$VAULT_ADDR" || ! -n "$VAULT_ADDR" ]]; then
    exit 1
fi

FILE="$HOME/.vault-token"
ACTION=$1

case $ACTION in
    get)
        if [[ -f "$FILE" ]]; then
            VAULT_TOKEN=$(cat .vault-token | jq -r ".[\"$VAULT_ADDR\"]")
            if [[ -n "$VAULT_TOKEN" ]]; then
                echo -n "$VAULT_TOKEN"
            fi
        fi
        exit 0
        ;;
    store)
        if [[ ! -f "$FILE" ]]; then
            echo "{}" > $FILE
        fi

        VAULT_TOKEN=$(cat)
        jq ".[\"$VAULT_ADDR\"] = \"$VAULT_TOKEN\"" "$FILE" > "$FILE.tmp"
        mv "$FILE.tmp" "$FILE"
        ;;
    erase)
        jq "del(.[\"$VAULT_ADDR\"])" "$FILE" > "$FILE.tmp"
        mv "$FILE.tmp" "$FILE"
        ;;
    *)
        exit
esac

[ruuda]

I implemented a fix for this in #23218.

[cwchristerw]

I have decided to create custom CLI tool instead of using Vault CLI due to this issue. In my CLI tool (bash script) I'm using curl command to communicate with Vault API.

[ruuda]

(This bug is fixed in OpenBao v2.0.1.)