i couldn’t get root credentail rotation working. My initial step is to activate aws auth
vault auth enable aws
now i configure root credentials
vault write /auth/aws/config/client access_key=XXXXXXXXXXXXX secret_k ey=xxxxxxxxxxxxxxxxxxx
and after that i want to perform the root-rotation
vault write -force /auth/aws/config/rotate-root
the operation is successfully but the access_key in
vault read auth/aws/config/client
still remains the same from initial setup step.
So this distroys my aws access due to the access_key shown by this call has been deleted by the rotation call.
Does anyone have an idea what I’m doing wrong?
Environment: VM on barematel machine
Vault Version: 1.7.2 (also tested with 1.8.0)
OS: CentOS 7.9.2009
Storage Backend: Consul Version 1.9.6
The AWS policy should be right, because the credentials were rotating.
Thanks, regards Daniel