diff --git a/vault/main.tf b/vault/main.tf
index 74c6d2a..f064749 100644
--- a/vault/main.tf
+++ b/vault/main.tf
@@ -20,7 +20,7 @@ variable "vault_addr" {
   description = "The address of the Vault server."
 }
 
-variable "vault_auth_id" {
+variable "auth_provider_id" {
   type        = string
   description = "The ID of the Vault auth method to use."
   default     = "vault"
@@ -42,12 +42,8 @@ resource "coder_script" "vault" {
   icon         = "/icon/vault.svg"
   script = templatefile("${path.module}/run.sh", {
     VAULT_ADDR : var.vault_addr,
-    VAULT_TOKEN : data.coder_external_auth.vault.access_token,
+    PROVIDER_ID : var.auth_provider_id,
     VERSION : var.vault_cli_version,
   })
   run_on_start = true
 }
-
-data "coder_external_auth" "vault" {
-  id = var.vault_auth_id
-}
diff --git a/vault/run.sh b/vault/run.sh
index a8426a2..1aafe23 100644
--- a/vault/run.sh
+++ b/vault/run.sh
@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
 
 BOLD='\033[0;1m'
+PROVIDER_ID=${PROVIDER_ID}
+VAULT_ADDR=${VAULT_ADDR}
+VERSION=${VERSION}
 
 # Check if vault is installed
 if ! command -v vault &>/dev/null; then
@@ -19,7 +22,7 @@ if ! command -v vault &>/dev/null; then
     if [ "${VERSION}" = "latest" ]; then
         INSTALL_VERSION=$(curl -s https://releases.hashicorp.com/vault/ | grep -oP '[0-9]+\.[0-9]+\.[0-9]' | tr -d '<>' | head -1)
     else
-        INSTALL_VERSION=${VERSION}
+        INSTALL_VERSION=$VERSION
     fi
 
     # download vault
@@ -31,9 +34,14 @@ fi
 
 printf "🥳 Installation comlete!\n\n"
 
-# Set up Vault address and token
-export VAULT_ADDR=${VAULT_ADDR}
-export VAULT_TOKEN=${VAULT_TOKEN}
+# Set up Vault token
+VAULT_TOKEN=$(coder external-auth access-token $PROVIDER_ID)
+if [ $? -ne 0]; then
+    printf "Authenticate with Vault:\n$VAULT_TOKEN\n"
+    exit 1
+fi
+
+export VAULT_ADDR=$VAULT_ADDR
 
 # Verify Vault address and token
 printf "🔎 Verifying Vault address and token ...\n\n"
@@ -41,24 +49,24 @@ vault status
 
 # Store token in .vault-token
 printf "\nStoring token in .vault-token ...\n"
-echo "${VAULT_TOKEN}" >~/.vault-token
+echo "$VAULT_TOKEN" >~/.vault-token
 
 # Add VAULT_ADDR to shell login scripts if not already present e.g. .bashrc, .zshrc
 # This is a temporary fix and will be replaced with https://github.com/coder/coder/issues/10166
 # bash
 if [[ -f ~/.bashrc ]] && ! grep -q "VAULT_ADDR" ~/.bashrc; then
     printf "\nAdding VAULT_ADDR to ~/.bashrc ...\n"
-    echo "export VAULT_ADDR=${VAULT_ADDR}" >>~/.bashrc
+    echo "export VAULT_ADDR=$VAULT_ADDR" >>~/.bashrc
 fi
 
 # zsh
 if [[ -f ~/.zshrc ]] && ! grep -q "VAULT_ADDR" ~/.zshrc; then
     printf "\nAdding VAULT_ADDR to ~/.zshrc ...\n"
-    echo "export VAULT_ADDR=${VAULT_ADDR}" >>~/.zshrc
+    echo "export VAULT_ADDR=$VAULT_ADDR" >>~/.zshrc
 fi
 
 # fish
 if [[ -f ~/.config/fish/config.fish ]] && ! grep -q "VAULT_ADDR" ~/.config/fish/config.fish; then
     printf "\nAdding VAULT_ADDR to ~/.config/fish/config.fish ...\n"
-    echo "set -x VAULT_ADDR ${VAULT_ADDR}" >>~/.config/fish/config.fish
+    echo "set -x VAULT_ADDR $VAULT_ADDR" >>~/.config/fish/config.fish
 fi