I am trying to inspect the outbound traffic from HashiCorp Vault running locally (via vault.exe). I’ve configured Fiddler and have set up a local trusted certificate that works really well for inspecting outbound HTTP(S) traffic from any of the running applications on the system. However, I cannot seem to be able to intercept the traffic that goes from vault.exe to Azure (I am connecting to AAD from Vault).
If I set up the proxy (through HTTP_PROXY and HTTPS_PROXY environment variables) to point to Fiddler (127.0.0.1:8888), I get TLS handshake timeouts:
Error writing data to azure/roles/my-role-new: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/azure/roles/my-role-new
Code: 500. Errors:
* 1 error occurred:
* error loading Application: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://graph.microsoft.com/v1.0/applications/1a833120-46e4-42bc-9853-a27cd361c674d: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Post "https://login.microsoftonline.com/b811a652-39e6-4a0c-b563-4279a1dd5012/oauth2/token?api-version=1.0": proxyconnect tcp: net/http: TLS handshake timeout'
Is there a way for me to pass the Fiddler certificate to vault.exe so that I can decrypt the outbound traffic for diagnostics/debugging?