Permission Denied to access HCP Vault via cURL

ricardoptcosta · June 15, 2021, 11:20am

Hello,

I created a vault cluster with public domain. I can access using the cli and the vault command. However, when I try to reach it using cURL, I always get permission denied. As an example, I was following the tutorial [ Build Your Own Certificate Authority (CA)] { Build Your Own Certificate Authority (CA) | Vault - HashiCorp Learn} but as soon as in the first step I get permission denied, ie, when running curl --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data '{"type":"pki"}' $VAULT_ADDR/v1/sys/mounts/pki I get as response {"errors":["1 error occurred:\n\t* permission denied\n\n"]}

Any idea what can be causing this problem?

jeffsanicola · June 15, 2021, 12:39pm

In my experience this usually means you have an expired or invalid token set in your VAULT_ADDR environment variable or the token has insufficient permissions.

This is what I would start asking myself if I ran into this:

Have I substituted the token specified in the doc for a token generated from my own Vault environment and is it still valid?
If so, am I using a root token or something with less privilege?
If the latter do I have all the necessary capabilities applied?
If so, are you sure you have all the necessary capabilities applied (e.g. missing sudo)

Hopefully this helps!