In my scenario, a big shared Jenkins Master wouldn't have too much access on its own. I am using Kubernetes plugin and Jenkins Shared Library to generate build pods dynamically. It will be scheduled in different K8s clusters and have different access depending on whom this pipeline belong to.

In this scenario Vault plugin would need to use build node (in this case - build pod) for accessing Vault, in case of Kubernetes Auth - use build pod Service Account JWT token instead of trying to find it on Master.

This doesn't seem to be currently possible, which prevents me from using this plugin - I had to come up with my own implementation of a build step in my Shared Library.