Vault Error, Server gave HTTP response to HTTPS client

Question

I'm using Hashicorp vault as a secrets store and installed it via apt repository on Ubuntu 20.04.

After that, I added the root key to access the UI and I'm able to add or delete secrets using UI.

Whenever I'm trying to add or get a secret using the command line, I get the following error :

jarvis@saki:~$ vault kv get secret/vault 
Get "https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/vault": http: server gave HTTP response to HTTPS client

My vault config looks like this :

# Full configuration options can be found at https://www.vaultproject.io/docs/configuration

ui = true

#mlock = true
#disable_mlock = true

storage "file" {
  path = "/opt/vault/data"
}

#storage "consul" {
#  address = "127.0.0.1:8500"
#  path    = "vault"
#}

# HTTP listener
#listener "tcp" {
#  address = "127.0.0.1:8200"
#  tls_disable = 1
#}

# HTTPS listener
listener "tcp" {
  address       = "0.0.0.0:8200"
  tls_cert_file = "/opt/vault/tls/tls.crt"
  tls_key_file  = "/opt/vault/tls/tls.key"
}

# Example AWS KMS auto unseal
#seal "awskms" {
#  region = "us-east-1"
#  kms_key_id = "REPLACE-ME"
#}

# Example HSM auto unseal
#seal "pkcs11" {
#  lib            = "/usr/vault/lib/libCryptoki2_64.so"
#  slot           = "0"
#  pin            = "AAAA-BBBB-CCCC-DDDD"
#  key_label      = "vault-hsm-key"
#  hmac_key_label = "vault-hsm-hmac-key"
#}

Answer 1

I fixed the problem. Though the exception can be common to more than one similar problem, I fixed the problem by exporting the root token generated after running this command :

vault server -dev

The output is like this

...

You may need to set the following environment variable:

    $ export VAULT_ADDR='http://127.0.0.1:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: 1+yv+v5mz+aSCK67X6slL3ECxb4UDL8ujWZU/ONBpn0=
Root Token: s.XmpNPoi9sRhYtdKHaQhkHP6x

Development mode should NOT be used in production installations!
...

Then just export these variables by running the following commands :

export VAULT_ADDR='http://127.0.0.1:8200'

export VAULT_TOKEN="s.XmpNPoi9sRhYtdKHaQhkHP6x"

Note: Replace "s.XmpNPoi9sRhYtdKHaQhkHP6x" with your token received as output from the above command.

Then run the following command to check the status :

vault status

Again, the error message can be similar for many different problems.

Answer 2

In PowerShell on Windows 10, I was able to set it this way:

$Env:VAULT_ADDR='http://127.0.0.1:8200'

Then

vault status

returned correctly. This was on Vault 1.7.3 in dev mode

You can echo VAULT_ADDR by specifying it on the command line and pressing enter - same as the set line above but omitting the = sign and everything after it

$Env:VAULT_ADDR

Output:

Key Value --- ----- Seal Type shamir Initialized true Sealed false Total Shares 1 Threshold 1 Version
1.7.3 Storage Type inmem Cluster Name vault-cluster-80649ba2 Cluster ID 2a35e304-0836-2896-e927-66722e7ca488 HA Enabled
false