Vault error while writing

Question

I wanted to test Spring Cloud Vault configuration.

I installed a Vault server locally and when i try to write some key-values its failing and asking me to use vault kv put command.

While the example of Spring Cloud Config in this link shows the usage of vault write command

This is the error i get is

$ vault write secret/my-app foo=bar
Error writing data to secret/my-app: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/secret/my-app
Code: 404. Errors:


WARNING! The following warnings were returned from Vault:

  * Invalid path for a versioned K/V secrets engine. See the API docs for the
  appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'
  for this operation.

Answer 1

Try the following ..

./vault kv put secret/my-app password=123

I'll add that this is something new in 0.10.0.

Seems like 0.10.0 has some breaking API changes ... so solution #2 is to use an earlier version of Vault (v0.9.6). This includes defaulting to the v2 of the KV secret engine , which is versioned.

Solution #3 is to re-create the /secret engine with v1 of KV. Running the following:

./vault secrets disable secret 
./vault secrets enable -version=1 -path=secret kv

Answer 2

I was able to write after enabling a separate path with the below command

vault secrets enable -path=my-app kv
vault write my-app/my-app password=123

In Spring Cloud Config, i had to mention the folder name as backend in bootstrap.yml file

spring:
  cloud:
    vault:
      token: bc53d1a4-2551-4869-9574-7a9e60501ec1
      scheme: http
      generic:
        backend: my-app

Answer 3

I got the same error, during using python, hvac, vault and kv as engine. And kv-engine is versioned. I used hvac client

client.write("secret/taras", data=dict(python='is secret'))

So I got

InvalidPath: "request_id":"d5c0f889-2c42-4141-1cc6-31ed1336c768","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put' for this operation."],"auth":null}

The way I have solved this issue was changing path for storing secret

client.write("secret/data/taras", data=dict(python='is secret'))

PS: as you understood the name of my secret is "taras".