Having some issues configuring the Consul Secrets Engine with Vault.
Consul Backend is not configured (using Raft). Consul is, however, configured for service registration, which works fine.
Policies and roles are configured according to docs.
$ vault read consul_nomad/roles/test
Key Value
--- -----
lease 0
local false
max_ttl 0s
policies [test]
token_type client
ttl 0s
$ consul acl policy read -name=test
ID: abc-abc-abc-abc
Name: test
Description: test
Datacenters:
Rules:
key_prefix "test/" {
policy = "write"
}
However,
$ curl -H "X-Vault-Token: $VAULT_BOOTSTRAP_TOKEN" https://vault:8200/v1/consul_nomad/creds/test
{"errors":["Unexpected response code: 401 (ACL support disabled)"]}
All Consul clients and servers have datacenter and primary_datacenter set.
Nothing showing up in either consul or vault logs.
Vault version 1.4.1
Consul version 1.7.3