Error accessing Vault - permission denied

We have setup a nodejs application to access vault secrets through an approle+secretId combination… It works fine sometimes but fails sometimes with - permission denied. And later after a few hours, with no code changes, it is working again…

I wonder whether it’s something to do with how you’ve configured the AppRole, maybe around TTLs? Could you share (sanitised) statements showing how you configured it?

I am using settings from the default approle definition

So, the settings as listed in this DevDot tutorial, you mean, for example?

vault write auth/approle/role/jenkins \
      secret_id_bound_cidrs="","" \
      secret_id_ttl=60m \
      secret_id_num_uses=5 \
      enable_local_secret_ids=false \
      token_bound_cidrs="","" \
      token_num_uses=10 \
      token_ttl=1h \
      token_max_ttl=3h \
      token_type=default \
      period="" \

Screenshot from 2022-11-02 16-45-33

Can you pls reply… We have already been using the vault in this configuration and have saved more than a dozen secrets in the kv store. And then we faced this issue and now unable to access the vault …

Do you have any audit devices enabled?

The audit logs can be reviewed to see which request(s) are failing and may provide some clues as to why it’s failing.