Access HashiCorp Vault KV secret using node-vault

Question

I'm trying to access HashiCorp Vault KV with "node-vault" but keep getting "statusCode: 404"

I'm following the example of node-vault https://github.com/kr1sp1n/node-vault

1) I'm running vault_1.1.3_windows_amd64 on windows 10 with "vault server -dev" on a PowerShell.

2) Then on another PowerShell runs following;

$env:VAULT_ADDR="http://127.0.0.1:8200"
vault secrets enable -version=1 kv
vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.1.3
Cluster Name    vault-cluster-28a041c6
Cluster ID      0ec85d70-8e87-dff6-347f-b1959fad8b44
HA Enabled      false

3) Then runs the following code with the

const rootKey = //whatever;
const unsealKey = //whatever;

var options = {
    apiVersion: 'v1',
    endpoint: 'http://127.0.0.1:8200',
    token: rootKey
};

var vault = require("node-vault")(options);
vault.unseal({ key: unsealKey })
    .then(() => {
        vault.write('secret/hello', { value: 'world' })
            .then((res) => console.log(res))
            .catch((err) => console.error(err));
    });

vault.write('secret/hello', { value: 'world', lease: '1s' })
    .then( () => vault.read('secret/hello'))
    .then( () => vault.delete('secret/hello'))
    .catch(console.error);

This return a status 404, what needs to be done additionally to avoid 404?

{ Error: Status 404
    at handleVaultResponse (XX\TestCodes\Node-VaultTest\node_modules\node-vault\src\index.js:49:21)
    at process._tickCallback (internal/process/next_tick.js:68:7)
  response:
   { statusCode: 404,
     body:
      { request_id: '2992e6c2-5146-6569-1f48-55f75da88993',
        lease_id: '',
        renewable: false,
        lease_duration: 0,
        data: null,
        wrap_info: null,
        warnings: [Array],
        auth: null } } }
{ Error: Status 404
    at handleVaultResponse (XX\TestCodes\Node-VaultTest\node_modules\node-vault\src\index.js:49:21)
    at process._tickCallback (internal/process/next_tick.js:68:7)
  response:
   { statusCode: 404,
     body:
      { request_id: '2f280fa4-6596-c06f-2168-091246e0a2a1',
        lease_id: '',
        renewable: false,
        lease_duration: 0,
        data: null,
        wrap_info: null,
        warnings: [Array],
        auth: null } } }

Answer 1

You mounted the kv store as a version 1. The actual path used by node-vault to read a secret from a version 2 kv store is different and not compatible with Vault's v1 kv store.

Mount your kv store with -version 2. If unspecified, it defaults to v1.