Secrets fetched from Vault appear empty - what am I missing?

HI all,

I’m trying to fetch secrets from my Hashicorp Vault (as described in this walkthrough). However, secrets appear empty (i.e., contain <nil>).

Policy, role & the secret itself are all in place:

vault kv get secret/foo
=== Data ===
Key    Value
---    -----
bar    baz

When running the CI:

secret-via-keyword:
  stage: dummy
  tags:
    - some-tag  
  variables:
    VAULT_AUTH_PATH: jwt
    VAULT_AUTH_ROLE: readonly
    VAULT_SERVER_URL: https://some.host:8200
  secrets:
    BAR:
      vault: foo/bar@secret
  script:
    - echo 'Hello, world!'
    - echo $BAR
    - cat $BAR
Executing "step_script" stage of the job script
00:00
$ echo 'Hello, world!'
Hello, world!
$ echo $BAR
/home/gitlab-runner/builds/twdnURp8/0/some-host/some-repo.tmp/BAR
$ cat $BAR
<nil>
Cleaning up file based variables
00:00
Job succeeded

It seems /home/gitlab-runner/builds/twdnURp8/0/some-host/some-repo.tmp/BAR is empty - but how come?

Any help would be greatly appreciated.

Best,
Claude