Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Hashicorp Vault cli return 403 when trying to use kv

I set up vault backed by a consul cluster. I secured it with https and am trying to use the cli on a separate machine to get and set secrets in the kv engine. I am using version 1.0.2 of both the CLI and Vault server.

I have logged in with the root token so I should have access to everything. I have also set my VAULT_ADDR appropriately.

Here is my request:

vault kv put secret/my-secret my-value=yea

Here is the response:

Error making API request.

URL: GET https://{my-vault-address}/v1/sys/internal/ui/mounts/secret/my-secret
Code: 403. Errors:

* preflight capability check returned 403, please ensure client's policies grant access to path "secret/my-secret/"

I don't understand what is happening here. I am able to set and read secrets in the kv engine no problem from the vault ui. What am I missing?

like image 318
Dillon Courts Avatar asked Jan 22 '19 16:01

Dillon Courts


2 Answers

This was a result of me not reading documentation.

The request was failing because there was no secret engine mounted at that path.

You can check your secret engine paths by running vault secrets list -detailed

This showed that my kv secret engine was mapped to path kv not secret as I was trying.

Therefore running vault kv put kv/my-secret my-value=yea worked as expected.

like image 114
Dillon Courts Avatar answered Oct 20 '22 17:10

Dillon Courts


You can enable secret engine for specific path

vault secrets enable -path=kv kv

https://www.vaultproject.io/intro/getting-started/secrets-engines

like image 38
yan Avatar answered Oct 20 '22 18:10

yan