I’m running a PoC with HCP Vault. I created an admin token. I logged in from my computer. Developed a policy with reading permission to a simple KV secret. I generated a token from the policy.
With the same token in the CLI I manage to get the secret. I try to fetch the data from the REST API but I receive 403.
Note: When I run Vault in dev mode locally both methods work
I’m assuming it is related to TLS. If this is the case, can someone direct me to a guide, please?
❯ vault token create -policy=my-spring-boot-app-policy
Key Value
--- -----
token hvs.XXX
token_accessor AAA
token_duration 1h
token_renewable true
token_policies ["default" "my-spring-boot-app-policy"]
identity_policies []
policies ["default" "my-spring-boot-app-policy"]
❯ vault login hvs.XXX
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token hvs.XXX
token_accessor AAA
token_duration 59m44s
token_renewable true
token_policies ["default" "my-spring-boot-app-policy"]
identity_policies []
policies ["default" "my-spring-boot-app-policy"]
❯ curl --header "X-Vault-Token: hvs.XXX" --request GET https://vault-cluster-public-vault-XXX.YYY.z1.hashicorp.cloud:8200/v1/secret/data/my-spring-boot-app | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 60 100 60 0 0 125 0 --:--:-- --:--:-- --:--:-- 127
{
"errors": [
"1 error occurred:\n\t* permission denied\n\n"
]
}
in CLI
❯ vault kv get secret/my-spring-boot-app
========= Secret Path =========
secret/data/my-spring-boot-app
======= Metadata =======
Key Value
--- -----
created_time 2022-09-15T14:03:22.327127967Z
custom_metadata <nil>
deletion_time n/a
destroyed false
version 5
======= Data =======
Key Value
--- -----
hello.world Bye from Vault
mykey Vault Key