diff --git a/atrium/vestibulum/trcdb/opts/prod/prod.go b/atrium/vestibulum/trcdb/opts/prod/prod.go
index 10c034aaa..42c3f0ea4 100644
--- a/atrium/vestibulum/trcdb/opts/prod/prod.go
+++ b/atrium/vestibulum/trcdb/opts/prod/prod.go
@@ -9,3 +9,10 @@ func SetProd(prod bool) {
 func IsProd() bool {
 	return isProd
 }
+
+func IsStagingProd(env string) bool {
+	if env == "staging" || env == "prod" {
+		return true
+	}
+	return false
+}
diff --git a/atrium/vestibulum/trcsh/trcshauth/auth.go b/atrium/vestibulum/trcsh/trcshauth/auth.go
index 25fbda8cf..94a8e8294 100755
--- a/atrium/vestibulum/trcsh/trcshauth/auth.go
+++ b/atrium/vestibulum/trcsh/trcshauth/auth.go
@@ -16,6 +16,7 @@ import (
 	"time"
 
 	"github.com/trimble-oss/tierceron-hat/cap"
+	"github.com/trimble-oss/tierceron/atrium/vestibulum/trcdb/opts/prod"
 	"github.com/trimble-oss/tierceron/buildopts/cursoropts"
 	"github.com/trimble-oss/tierceron/buildopts/memprotectopts"
 	"github.com/trimble-oss/tierceron/pkg/capauth"
@@ -135,7 +136,7 @@ func TrcshAuth(featherCtx *cap.FeatherContext, agentConfigs *capauth.AgentConfig
 	}
 	var err error
 
-	if trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis == "staging" || trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis == "prod" || len(trcshDriverConfig.DriverConfig.TrcShellRaw) > 0 {
+	if prod.IsStagingProd(trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis) || len(trcshDriverConfig.DriverConfig.TrcShellRaw) > 0 {
 		dir, err := os.UserHomeDir()
 		if err != nil {
 			fmt.Println("No homedir for current user")
diff --git a/atrium/vestibulum/trcshbase/trcsh.go b/atrium/vestibulum/trcshbase/trcsh.go
index ce9d63dc2..d4e4bd4b3 100644
--- a/atrium/vestibulum/trcshbase/trcsh.go
+++ b/atrium/vestibulum/trcshbase/trcsh.go
@@ -361,7 +361,7 @@ func CommonMain(envPtr *string, addrPtr *string, envCtxPtr *string,
 		memprotectopts.MemProtect(nil, secretIDPtr)
 		memprotectopts.MemProtect(nil, appRoleIDPtr)
 
-		trcshDriverConfig, err := TrcshInitConfig(driverConfigPtr, *envPtr, *regionPtr, pathParam, !prod.IsProd(), !prod.IsProd())
+		trcshDriverConfig, err := TrcshInitConfig(driverConfigPtr, *envPtr, *regionPtr, pathParam, true, true)
 		if err != nil {
 			fmt.Printf("trcsh config setup failure: %s\n", err.Error())
 			os.Exit(124)
@@ -966,8 +966,8 @@ func roleBasedRunner(
 			err = trcplgtoolbase.CommonMain(&envDefaultPtr, trcshDriverConfig.DriverConfig.CoreConfig.VaultAddressPtr, &gTrcshConfig.EnvContext, &configRoleSlice[1], &configRoleSlice[0], &tokenName, &region, nil, deployArgLines, trcshDriverConfig)
 		}
 	case "trcconfig":
-		if trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis == "itdev" || trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis == "staging" || trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis == "prod" ||
-			trcshDriverConfig.DriverConfig.CoreConfig.Env == "itdev" || trcshDriverConfig.DriverConfig.CoreConfig.Env == "staging" || trcshDriverConfig.DriverConfig.CoreConfig.Env == "prod" {
+		if trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis == "itdev" || prod.IsStagingProd(trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis) ||
+			trcshDriverConfig.DriverConfig.CoreConfig.Env == "itdev" || prod.IsStagingProd(trcshDriverConfig.DriverConfig.CoreConfig.Env) {
 			trcshDriverConfig.DriverConfig.OutputMemCache = false
 			// itdev, staging, and prod always key off TRC_ENV stored in trcshDriverConfig.DriverConfig.CoreConfig.Env.
 			envDefaultPtr = trcshDriverConfig.DriverConfig.CoreConfig.Env
@@ -978,7 +978,6 @@ func roleBasedRunner(
 		trcshDriverConfig.DriverConfig.EndDir = trcshDriverConfig.DriverConfig.EndDir + "/trc_templates"
 		err = trcsubbase.CommonMain(&envDefaultPtr, trcshDriverConfig.DriverConfig.CoreConfig.VaultAddressPtr, &gTrcshConfig.EnvContext, &configRoleSlice[1], &configRoleSlice[0], &tokenName, nil, deployArgLines, trcshDriverConfig.DriverConfig)
 	}
-	ResetModifier(trcshDriverConfig.DriverConfig.CoreConfig, tokenName) //Resetting modifier cache to avoid token conflicts.
 	trcshDriverConfig.DriverConfig.CoreConfig.Log.Printf("Role runner complete: %s\n", control)
 
 	return err
@@ -1004,7 +1003,6 @@ func processPluginCmds(trcKubeDeploymentConfig **kube.TrcKubeConfig,
 			os.Exit(125) // Running functionality not supported in prod.
 		}
 		tokenName := fmt.Sprintf("vault_pub_token_%s", trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis)
-		ResetModifier(trcshDriverConfig.DriverConfig.CoreConfig, tokenName) //Resetting modifier cache to avoid token conflicts.
 		approleconfigPtr := new(string)
 		*approleconfigPtr = "configpub.yml"
 		trcshDriverConfig.DriverConfig.CoreConfig.AppRoleConfigPtr = approleconfigPtr
@@ -1027,10 +1025,8 @@ func processPluginCmds(trcKubeDeploymentConfig **kube.TrcKubeConfig,
 			nil,
 			deployArgLines,
 			trcshDriverConfig.DriverConfig)
-		ResetModifier(trcshDriverConfig.DriverConfig.CoreConfig, tokenName) //Resetting modifier cache to avoid token conflicts.
 	case "trcpub":
 		tokenName := fmt.Sprintf("vault_pub_token_%s", trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis)
-		ResetModifier(trcshDriverConfig.DriverConfig.CoreConfig, tokenName) //Resetting modifier cache to avoid token conflicts.
 		approleconfigPtr := new(string)
 		*approleconfigPtr = "configpub.yml"
 		trcshDriverConfig.DriverConfig.CoreConfig.AppRoleConfigPtr = approleconfigPtr
@@ -1043,7 +1039,6 @@ func processPluginCmds(trcKubeDeploymentConfig **kube.TrcKubeConfig,
 		pubEnv := env
 
 		trcpubbase.CommonMain(&pubEnv, trcshDriverConfig.DriverConfig.CoreConfig.VaultAddressPtr, &gTrcshConfig.EnvContext, &pubRoleSlice[1], &pubRoleSlice[0], &tokenName, nil, deployArgLines, trcshDriverConfig.DriverConfig)
-		ResetModifier(trcshDriverConfig.DriverConfig.CoreConfig, tokenName) //Resetting modifier cache to avoid token conflicts.
 	case "trcconfig":
 		err := roleBasedRunner(region, trcshDriverConfig, control, argsOrig, deployArgLines, configCount)
 		if err != nil {
@@ -1398,7 +1393,6 @@ func ProcessDeploy(featherCtx *cap.FeatherContext,
 			trcshDriverConfig.DriverConfig.CoreConfig.Log.Printf("Preload Error %s\n", configErr.Error())
 			os.Exit(123)
 		}
-		ResetModifier(trcshDriverConfig.DriverConfig.CoreConfig, tokenName) //Resetting modifier cache to avoid token conflicts.
 
 		var memFile trcshio.TrcshReadWriteCloser
 		var memFileErr error
@@ -1436,9 +1430,7 @@ func ProcessDeploy(featherCtx *cap.FeatherContext,
 		}
 
 		if trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis == "itdev" ||
-			trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis == "staging" ||
-			trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis == "prod" {
-
+			prod.IsStagingProd(trcshDriverConfig.DriverConfig.CoreConfig.EnvBasis) {
 			trcshDriverConfig.DriverConfig.OutputMemCache = false
 			trcshDriverConfig.DriverConfig.ReadMemCache = false
 			trcshDriverConfig.DriverConfig.SubOutputMemCache = false
@@ -1627,12 +1619,3 @@ collaboratorReRun:
 	//Make the arguments in the script -> os.args.
 
 }
-
-func ResetModifier(coreConfig *core.CoreConfig, tokenName string) {
-	//Resetting modifier cache to be used again.
-	mod, err := helperkv.NewModifierFromCoreConfig(coreConfig, tokenName, coreConfig.EnvBasis, true)
-	if err != nil {
-		eUtils.CheckError(coreConfig, err, true)
-	}
-	mod.RemoveFromCache()
-}
diff --git a/buildopts/buildoptsfunc.go b/buildopts/buildoptsfunc.go
index 7ca1e79ae..197ac1de2 100644
--- a/buildopts/buildoptsfunc.go
+++ b/buildopts/buildoptsfunc.go
@@ -5,6 +5,8 @@ import (
 	"errors"
 	"fmt"
 	"io"
+
+	"github.com/trimble-oss/tierceron/atrium/vestibulum/trcdb/opts/prod"
 )
 
 // SetLogger is called by TrcDb and other utilities to provide the extensions
@@ -140,7 +142,7 @@ func ProcessPluginEnvConfig(pluginEnvConfig map[string]interface{}) map[string]i
 		"trc_templates/TrcVault/Certify/config.yml.tmpl",
 	}
 
-	if pluginEnvConfig["env"] == "prod" || pluginEnvConfig["env"] == "staging" {
+	if env, ok := pluginEnvConfig["env"].(string); ok && prod.IsStagingProd(env) {
 		pluginEnvConfig["regions"] = GetSupportedSourceRegions()
 	} else {
 		pluginEnvConfig["regions"] = []string{}
diff --git a/pkg/cli/trcconfigbase/utils/configinator.go b/pkg/cli/trcconfigbase/utils/configinator.go
index c661bb85d..26fa58338 100644
--- a/pkg/cli/trcconfigbase/utils/configinator.go
+++ b/pkg/cli/trcconfigbase/utils/configinator.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/trimble-oss/tierceron/atrium/vestibulum/trcdb/opts/prod"
 	"github.com/trimble-oss/tierceron/pkg/utils"
 	eUtils "github.com/trimble-oss/tierceron/pkg/utils"
 	"github.com/trimble-oss/tierceron/pkg/utils/config"
@@ -528,7 +529,7 @@ func writeToFile(driverConfig *config.DriverConfig, data string, path string) {
 		if len(tag) > 0 {
 			var matched bool
 			var err error
-			if driverConfig.CoreConfig.Env == "staging" || driverConfig.CoreConfig.Env == "prod" {
+			if prod.IsStagingProd(driverConfig.CoreConfig.Env) {
 				matched, err = regexp.MatchString("^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$", tag)
 				if !matched || err != nil {
 					matched, err = regexp.MatchString("^v[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}$", tag)
diff --git a/pkg/vaulthelper/kv/Modifier.go b/pkg/vaulthelper/kv/Modifier.go
index ad57a30b3..f486e4e4a 100644
--- a/pkg/vaulthelper/kv/Modifier.go
+++ b/pkg/vaulthelper/kv/Modifier.go
@@ -128,7 +128,9 @@ func NewModifier(insecure bool, tokenPtr *string, addressPtr *string, env string
 			checkoutModifier.SubSectionName = ""        // The name of the actual subsection.
 			checkoutModifier.SubSectionValue = ""       // The actual value for the sub section.
 			checkoutModifier.SectionPath = ""           // The path to the Index (both seed and vault)
-
+			if tokenPtr != nil {
+				checkoutModifier.client.SetToken(*tokenPtr)
+			}
 			return checkoutModifier, nil
 		}
 	}
@@ -196,6 +198,7 @@ func (m *Modifier) Release() {
 		m.httpClient.CloseIdleConnections()
 		return
 	}
+	m.client.SetToken("")
 	if _, ok := modifierCache[m.Env]; ok {
 		m.releaseHelper(m.Env)
 	} else {
diff --git a/trcweb/server/vaultconfigreader.go b/trcweb/server/vaultconfigreader.go
index 94bddb2a1..442998909 100644
--- a/trcweb/server/vaultconfigreader.go
+++ b/trcweb/server/vaultconfigreader.go
@@ -11,5 +11,6 @@ func (s *Server) GetConfig(env string, path string) (map[string]interface{}, err
 		return nil, err
 	}
 	mod.Env = env
+	defer mod.Release()
 	return mod.ReadData(path)
 }
diff --git a/zeroconfiglib/zccommon/zccommon.go b/zeroconfiglib/zccommon/zccommon.go
index eb0977c54..ec0a4f870 100644
--- a/zeroconfiglib/zccommon/zccommon.go
+++ b/zeroconfiglib/zccommon/zccommon.go
@@ -26,7 +26,6 @@ func ConfigCertLibHelper(token string,
 	wantCerts bool) (string, string, error) {
 	logger := log.New(os.Stdout, "[configCertLibHelper]", log.LstdFlags)
 	mod, err := helperkv.NewModifier(false, &token, &address, env, nil, true, logger)
-	mod.Env = env
 	driverConfig := &config.DriverConfig{
 		CoreConfig: &core.CoreConfig{
 			WantCerts:  wantCerts,
@@ -42,14 +41,14 @@ func ConfigCertLibHelper(token string,
 		eUtils.LogErrorMessage(driverConfig.CoreConfig, err.Error(), false)
 		return "", "", err
 	}
+	mod.Env = env
+	defer mod.Release()
 	serviceParts := strings.Split(service, ".")
 	configTemplate, configuredCert, _, err := vcutils.ConfigTemplate(driverConfig, mod, templatePath, true, project, serviceParts[0], wantCerts, true)
 	if err != nil {
 		eUtils.LogErrorObject(driverConfig.CoreConfig, err, false)
 	}
 
-	mod.Close()
-
 	if wantCerts {
 		return "", base64.StdEncoding.EncodeToString([]byte(configuredCert[1])), err
 	} else {