Vault Version: 1.18.0
Facing invalid “role-id” or “secret-id” issue when trying to login via “approle” using a role-id and secret-id.
Login code for “appmanager” role.
vault_client = hvac.Client(url=vault_url)
vault_client.auth.approle.login(role_id=role_id, secret_id=secret_id)[“auth”][“client_token”]
This failed with error “invalid role or secret ID, on post https://[<VAULT_ADDR>]:8200/v1/auth/approle/login”
Strangely, after performing the following “read” only command
vault read auth/approle/role/appmanger
This returned a warning.
Blockquote
WARNING! The following warnings were returned from Vault:
- Role identifier was missing an index back to role name. A new index has
been added. Please report this observation.
Key Value
bind_secret_id true
local_secret_ids false
policies [appmanager-secret-access-policy]
secret_id_bound_cidrs
secret_id_num_uses 0
secret_id_ttl 0s
token_bound_cidrs
token_explicit_max_ttl 0s
token_max_ttl 0s
token_no_default_policy false
token_num_uses 0
token_period 0s
token_policies [appmanager-secret-access-policy]
token_ttl 2m
token_type default
Blockquote
After this command was run, login worked automatically for the “appmanager” role.
Similarly other approles also worked only after executing the “vault read” command.
Currently the issue is not reproduceable - Have been running vault for over 5 years in production environment and havent seen this issue before.