Code: 500 * "my-role" is not an allowed role

Hi.

I am testing Oracle plugin using vault-plugin-database-oracle , as per documentation https://www.vaultproject.io/docs/secrets/databases/oracle I have followed all the steps till role creation and it is failing when try to generate Dynamic Credentials

vault --version Vault v1.2.3

I am getting below error

vault read database/roles/my-role
Key Value


creation_statements [CREATE USER user_c IDENTIFIED BY user_c; GRANT CONNECT TO user_c; GRANT CREATE SESSION TO user_c;]
db_name my-oracle-database
default_ttl 10h
max_ttl 24h
renew_statements
revocation_statements
rollback_statements

Failing at the below step

vault read database/creds/my-role
Error reading database/creds/my-role: Error making API request.

URL: GET http://127.0.0.1:8200/v1/database/creds/my-role
Code: 500. Errors:

  • 1 error occurred:
    • “my-role” is not an allowed role

Please advise

Any suggestion on documentation/architecture of how vault metadata interacts with database will be helpful.?

Double check the vault write database/config - are you setting:
allowed_roles=“my-role”

1 Like

Thanks much Mike, I was able to get through the issue.