vault login is intended for human use, when manually logging in via the CLI, the token is included in the command output by default. Typically this is followed by a series of commands which may or may not be run on the same machine or terminal session. As such, providing the token in the output is done to facilitate the user in their subsequent Vault usage without having to continuously rerun the same login command.
To address security concerns, the
-no-print flag was introduced. Usage of this flag is as follows:
vault login -no-print=true -method=userpass username=test-user
This suppresses all output from being printed to screen.
It is worth noting that
vault login doesn't record the output anywhere aside from STDOUT to the terminal - so by default nothing is printed to file or stored on disk.