This means you cannot create an IT token to pull both staging secrets and production secrets. You instead have to generate two separate IT tokens - one for production and one for staging. This is by design to further protect your secrets and practice the principle of least privilege.
How can I get an IT token? They are auto-generated for you when you add an integration to an environment.
Here's an example of what an IT Token looks like:
Here's an example of it put to use:
$ npx dotenv-vault pull --dotenvMe it_e3811a4…
You can generate an IT token by adding an integration to an environment.