Hi I have vault setup correctly with the auth backends: oci, ldap and kubernetes
When I try to do any operation on vault, reading a secret for exemple it do a exception with permission denied:
vault secrets list
Error listing secrets engines: Error making API request.
Namespace: admin/
URL: GET https://vault.priv.kugelbit.oraclevcn.com:8200/v1/sys/mounts
Code: 403. Errors:
* permission denied
No mater the user, including the root token
When I authenticate with the same user or token with ssh direct on the vault machine it works. Also ui login and navigation works.
This is my config:
api_addr = "https://0.0.0.0.:8200"
ui = true
cluster_name = "vault"
max_lease_ttl = "30m"
default_lease_ttl = "5m"
log_level = "DEBUG"
#mlock = true
#disable_mlock = true
#storage "file" {
# path = "/opt/vault/data"
#}
#storage "consul" {
# address = "127.0.0.1:8500"
# path = "vault"
#}
# HTTP listener
#listener "tcp" {
# address = "0.0.0.0:8200"
# tls_disable = 1
#}
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "/etc/vault-certificates/vault.kugelbit.com.pem"
tls_key_file = "/etc/vault-certificates/vault.kugelbit.com.key"
}
# Enterprise license_path
# This will be required for enterprise as of v1.8
#license_path = "/etc/vault.d/vault.hclic"
# Example AWS KMS auto unseal
seal "ocikms" {
auth_type_api_key = "false"
crypto_endpoint = "endpoint"
key_id = "keyid"
management_endpoint = "endpoint"
}
storage "oci" {
auth_type_api_key = "false"
bucket_name = "bucket"
ha_enabled = "true"
lock_bucket_name = "buckect_lock"
namespace_name = "namespace"
}
Sensitive information omited.
The debug log don’t help me in discovering the cause of the acess denied