Enable approle auth on test Vault Server


I am trying to use the TestCoreUnsealed API to unit test my application’s integration with Vault. My application is using the approle auth method and needs to be configured with a role-id and secret-id

I am trying to unit test it with a test in-memory vault server setup with approle enabled, policy, role, secret so that it will spit out the role-id and secret-id after which I can UT my application.

Test Snippet

I am stuck at the part where I enable the approle in the UT.

func startVaultServer(t *testing.T) (net.Listener, *api.Client) {
    core, _, rootToken := vault.TestCoreUnsealed(t)
  	ln, addr := http.TestServer(t, core)
	t.Logf("addr = %v", addr)

    conf := api.DefaultConfig()
    conf.Address = addr
    client, err := api.NewClient(conf)
    if err != nil {

    err = client.Sys().EnableAuthWithOptions("approle/", &api.EnableAuthOptions{
		Type : "approle",
    if err != nil {
	t.Logf("approle enabled")

    // TODO: Setup policy, create role, write secret-id, get role-id / secret-id
	return ln, client

I get this error when running this:

Error making API request.
    Code: 400. Errors:
    * plugin not found in the catalog: approle

Am I missing something?

1 Like

Can anyone help on this?

I have the same question. I’m stuck trying to enable approle on the testCoreUnseal server with the same error.

Ran into the same issue, ended up using this to get to where I needed to go (I had to add a TestServer instance to get HTTP to work, but I assume that because I don’t know how to test against a “cluster” properly):

The easiest way to enable the approle credential backend in for the test server is to configure the test credential backend before creating the core:

vault.AddTestCredentialBackend("approle", approle.Factory)
core, _, rootToken := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)