HCP Vault - can't run operator init

nravic · January 10, 2024, 1:32am

I’m trying to do the bare minimum here. I’ve initialized a developer cluster in HCP Vault. I used the simple template, with nothing initialized. During the setup process, I wasn’t given keys or anything.

I’m trying to run vault operator init to get my unseal keys so I can generate a root key, but I get:


Namespace: admin/
URL: PUT https://vault-test-public-vault-.....z1.hashicorp.cloud:8200/v1/sys/init
Code: 404. Errors:

* unsupported path

It seems like all operator calls fail, and none have access to v1/sys/init. I can’t figure out what’s going on.

jonathanfrappier · January 10, 2024, 2:15pm

Hi @nravic

The unseal process with HCP Vault is managed and auto-unsealed. The root namespace for HCP is reserved for platform operations and you start in a namespace called admin. You can generate your admin token from the HCP Portal.

This quick start series should be a good jumping off point:

If you haven’t worked with namespaces before, this may also be a useful read:

nravic · January 10, 2024, 2:26pm

Ah I didn’t realize an admin token was the same as the root token! Thank you, this was helpful.

jonathanfrappier · January 10, 2024, 3:50pm

It’s not 100% 1-to-1, but that admin token gives you access to start. There are a few endpoints you can’t access (Constraints and limitations | HashiCorp Cloud Platform | HashiCorp Developer) even with the admin token. Let us know if you have any other questions.

Topic		Replies	Views
Permission denied using admin token Vault	6	1654	June 18, 2021
Unseal Vault running in Docker container Vault	4	6106	February 13, 2020
Error while running vault operator init Vault	4	3762	December 8, 2020
Kubernetes integration with HCP vault HCP Vault	7	1136	June 21, 2021
Clustered Vault servers with postgres backend Vault	4	1981	September 23, 2019

HCP Vault - can't run operator init

Related topics