Hi
We have setup a nodejs application to access vault secrets through an approle+secretId combination… It works fine sometimes but fails sometimes with - permission denied. And later after a few hours, with no code changes, it is working again…
thanks
I wonder whether it’s something to do with how you’ve configured the AppRole, maybe around TTLs? Could you share (sanitised) statements showing how you configured it?
I am using settings from the default approle definition
So, the settings as listed in this DevDot tutorial, you mean, for example?
vault write auth/approle/role/jenkins \
secret_id_bound_cidrs="0.0.0.0/0","127.0.0.1/32" \
secret_id_ttl=60m \
secret_id_num_uses=5 \
enable_local_secret_ids=false \
token_bound_cidrs="0.0.0.0/0","127.0.0.1/32" \
token_num_uses=10 \
token_ttl=1h \
token_max_ttl=3h \
token_type=default \
period="" \
policies="default","test"
Can you pls reply… We have already been using the vault in this configuration and have saved more than a dozen secrets in the kv store. And then we faced this issue and now unable to access the vault …
Do you have any audit devices enabled?
The audit logs can be reviewed to see which request(s) are failing and may provide some clues as to why it’s failing.