In the following Powershell code, I’m trying to seet a cusom-secret-id on an approle.
Function GetNewSecretId {
Param(
[Parameter()] [String[]]$approle
)
try
{
$uri = "$($env:VAULT_ADDR)" + "/v1/auth/approle/role/$($approle)/custom-secret-id"
$header = @{
"X-Vault-Token"="$($env:VAULT_TOKEN)"
"X-Vault-Namespace"="$($env:VAULT_NAMESPACE)"
}
$GUID = [guid]::NewGuid()
$payload =
@{
"secret_id"="$($GUID)"
"ttl"="8760h"
} | ConvertTo-Json
if($debug)
{
Write-Host "Sending Custom Secret-ID"
Write-Host($($uri))
Write-Host($($header|ConvertTo-Json))
Write-Host($($payload))
}
#***************************************************************
# Call the method to get the passed secrets
#***************************************************************
$response = Invoke-RestMethod -Headers $header -ContentType 'application/json' -Method POST -Uri $uri -Body $payload
#***************************************************************
# this would be the result to send back from the function:
$response.data.secret_id
$env:SECRET_ID=$response.data.secret_id
Write-Host($env:SECRET_ID)
}
catch [System.Net.WebException]
{
$msg = $_.Exception.Message + ": in GetNewSecretId: $($response)"
$status = $_.Exception.Status
$hr = "{0:x8}" -f ($_.Exception.HResult)
$innerException = $_.Exception.InnerException
$h = $header | ConvertTo-Json
#Just issue a warning about being unable to send the notification...
Write-Warning("`n`t[$status] `n`t[0x$hr] `n`t[$msg] `n`t[$innerException]`n`n[URI] $uri`n`t[Header] $h")
return $False
}
}
However, I’m getting a permission denied error with this defined policy on the approle that I’m logged into; it’s not the same approle that is being passed into the command
# Grant 'create' & 'update' permission on the 'auth/approle/role/*/custom-secret-id' path
path "auth/approle/role/*/custom-secret-id" {
capabilities = ["create", "delete", "update"]
}```