I am trying to configure auto-tidy on my pki mounts, but failing:
$ vault write pki_root/config/auto-tidy enabled=true
Error writing data to pki_root/config/auto-tidy: Error making API request.
URL: PUT https://redacted:8200/v1/pki_root/config/auto-tidy
Code: 404. Errors:
* 1 error occurred:
* unsupported path
I can’t read config either:
$ vault read pki_root/config/auto-tidy
No value found at pki_root/config/auto-tidy
I can read other config just fine, though:
$ vault read pki_root/config/urls
Key Value
--- -----
crl_distribution_points [http://redacted:8200/v1/pki_root/crl]
issuing_certificates [http://redacted:8200/v1/pki_root/ca]
ocsp_servers []
I thought it might be a permissions issue, so I gave myself explicit create, delete, list, read, update and sudo (just for good measure), but that didn’t help:
vault token capabilities pki_root/config/auto-tidy
create, delete, list, read, sudo, update
Using the rest API made no difference:
$ cat payload.json
{
"enabled": true,
"safety_buffer": "24h"
}
$ curl --header "X-Vault-Token: $(cat ~/.vault-token)" --request POST --data @payload.json $VAULT_ADDR/v1/pki_root/config/auto-tidy
{"errors":["1 error occurred:\n\t* unsupported path\n\n"]}
It is not just my PKI root that is affected, all my intermediate CAs are affected too.
Any advice will be appreciated.