By leveraging the Cubbyhole secret engine, we can store a secret that only one token can retrieve. Once that token is expired or revoked, the secret is gone. When creating the token, you can limit number of uses.
# Creates token that will be shared. It will be used once to write a secret, second time to read then it is revoked
vault token create -use-limit=2 -policy=default -metadata="name=stenio"
# Output -<TOKEN>