BUILD-4733: update secrets to use vault instead of github (#4006)

.github/workflows/update_coverage.yml

@@ -5,6 +5,8 @@ on:
 
 jobs:
   update_coverage:
+    permissions:
+      id-token: write
     runs-on: ubuntu-latest
     env:
       TMP_BRANCH: temporary/coverage_update
@@ -93,10 +95,17 @@ jobs:
         steps.wait-for-build.outputs.conclusion != 'success'
       run: exit 1
 
+    - name: get secrets
+        id: secrets
+        uses: SonarSource/vault-action-wrapper@3996073b47b49ac5c58c750d27ab4edf469401c8 # 3.0.1
+        with:
+          secrets: |
+            development/kv/data/slack token | slack_token;
+
     - name: 'Notify on slack about the failure'
       if: ${{ failure() }}
       env:
-        SLACK_API_TOKEN: ${{ secrets.SLACK_API_TOKEN }}
+        SLACK_API_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).slack_token }}
       working-directory: 'rspec/rspec-tools'
       run: |
         pipenv run rspec-tools notify-failure-on-slack \