Rotate-root for aws auth backend not working


i couldn’t get root credentail rotation working. My initial step is to activate aws auth

vault auth enable aws

now i configure root credentials

vault write /auth/aws/config/client access_key=XXXXXXXXXXXXX secret_k

and after that i want to perform the root-rotation

vault write -force /auth/aws/config/rotate-root

the operation is successfully but the access_key in

vault read auth/aws/config/client

still remains the same from initial setup step.
So this distroys my aws access due to the access_key shown by this call has been deleted by the rotation call.
Does anyone have an idea what I’m doing wrong?

My Setup:
Environment: VM on barematel machine
Vault Version: 1.7.2 (also tested with 1.8.0)
OS: CentOS 7.9.2009
Storage Backend: Consul Version 1.9.6

The AWS policy should be right, because the credentials were rotating.

Thanks, regards Daniel

Does nobody have an idea whats wrong with the rotate-root for aws auth method in combination with static credentials in client config?

Hi @danieldethloff1993 - I just bumped into this one: Fix auth/aws so that config/rotate-root saves new key pair to vault by ludewigh · Pull Request #12715 · hashicorp/vault · GitHub - so a fix is rolling out - if I’ve understood correctly.