CLI Quick Start Tutorial Help

Hello all, when trying to follow the “CLI Quick Start Tutorial”, i set up the vault server by issuing the command “vault server -dev”.

Then I switch to TTY2 and set the two ENV variables, using the Root Token issued with the server was started in TTY1.

I issue the command “vault status” and see the expected results.

When I try to issue the command “vault kv put secret/hello foo=world”, I get the error:

Error making API request.

URL: GET http://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/hello
Code: 403. Errors:

  • permission denied

I’m not sure where to get started troubleshooting this. Can someone help me get this resolved?

Thanks!

Hi there! vault status is an unauthenticated endpoint, so it could be that you’ve set the Vault token environment variable incorrectly, because your kv put command looks correct to me.

Try:

# In TTY1
VAULT_DEV_ROOT_TOKEN_ID=root vault server -dev

# In TTY2
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=root
vault kv put secret/hello foo=world

I’ve just run it and it works for me. Note that you don’t need to set the root token via VAULT_DEV_ROOT_TOKEN_ID, but it just helps me provide a complete example script.

Brilliant, that seems to have done it, thanks!

Is there any chance that being operating as root and being in /boot when starting vault server -dev caused permissions issues?

Thanks again!

Carl

Glad to hear it! I’m not sure to be honest, but the permission error you saw was at the Vault API application level, so shouldn’t be related to any file system/UNIX permissions.

Thanks for the help!

Now that I understand Vault a bit better… When using the -dev option, everything is stored in memory, and not mounted to the file-system, so any permissions errors that come up are most likely a result of a type=o in the access key.