the Vault go SDK support AWS IAM as the auth method, so that the app doesn't necessarily need to hold the auth token which could be a risk, because securing the vault token becomes a challenging task.

i think we can introduce an new field authMethod in Vault config struct https://github.com/knadh/koanf/blob/master/providers/vault/vault.go#L15
we may use token as the default method to keep the back compatibility

ref:

1. https://developer.hashicorp.com/vault/docs/auth/aws
2. https://github.com/hashicorp/vault-examples/blob/main/examples/auth-methods/aws/go/example.go

one thing you might not like, if we start supporting AWS IAM auth, people may ask for supporting other methods listed here https://developer.hashicorp.com/vault/docs/auth

it could ends with a lot dependencies for Vault Provider

so i'd like to propose the AuthMethod field that leave the complicity out of Koanf: #229

closes the issue which is solved in #229