I have logged into the vault successfully but not able to perform any operations. Not sure whats going wrong
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token xxx
token_accessor xxx
token_duration ∞
token_renewable false
token_policies ["root"]
identity_policies []
policies ["root"]
➜ ~ vault list policy
Error listing policy/: Error making API request.
URL: GET https://vault.xx..xx/v1/policy?list=true
Code: 403. Errors:
* permission denied
Is vault policy list working?
vault list policy is another use case:
Usage: vault list [options] PATH
Lists data from Vault at the given path. This can be used to list keys in a,
given secret engine.
List values under the “my-app” folder of the generic secret engine:
$ vault list secret/my-app/
No vault policy list is not working
none of the operations are working. example: below one.
➜ ~ vault list secret/my-app/
Error listing secret/my-app/: Error making API request.
URL: GET https://xxx.xx/v1/secret/my-app?list=true
Code: 403. Errors:
* permission denied
Not sure what I am missing @Wolfsrudel
Can you show us the steps you have taken before logging in? Maybe the configuration too.
@Wolfsrudel Exactly mentioned in the below document as a helm deployment (git checkout v0.3.3)
I installed it via helm template:
helm template vault-helm -f vault-helm/values.yaml --name-template vault | k apply -f -
git clone https://github.com/hashicorp/vault-helm.git
git checkout v0.3.3
helm template vault-helm -f vault-helm/values.yaml --name-template vault | kubectl apply -f -
kubectl exec -it vault-0 -- vault status
Key Value
--- -----
Seal Type shamir
Initialized false
Sealed true
Total Shares 0
Threshold 0
Unseal Progress 0/0
Unseal Nonce n/a
Version n/a
HA Enabled false
command terminated with exit code 2
kubectl exec -it vault-0 -- vault operator init -n 1 -t 1 2 ↵
Unseal Key 1: /LXjlNW47aFXJX7HMU1bIjE6lRnoiNDHy9gr/VELEQ4=
Initial Root Token: s.54ZpXv3ygvsjffLIbbGtgQOY
Vault initialized with 1 key shares and a key threshold of 1. Please securely
distribute the key shares printed above. When the Vault is re-sealed,
restarted, or stopped, you must supply at least 1 of these keys to unseal it
before it can start servicing requests.
Vault does not store the generated master key. Without at least 1 key to
reconstruct the master key, Vault will remain permanently sealed!
It is possible to generate new unseal keys, provided you have a quorum of
existing unseal keys shares. See "vault operator rekey" for more information.
kubectl exec -it vault-0 -- vault operator unseal /LXjlNW47aFXJX7HMU1bIjE6lRnoiNDHy9gr/VELEQ4=
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.3.1
Cluster Name vault-cluster-58b61df9
Cluster ID ff082bed-d595-ae0d-e09a-50d2c8a9bc74
HA Enabled false
kubectl exec -it vault-0 -- vault login
Token (will be hidden):
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token s.54ZpXv3ygvsjffLIbbGtgQOY
token_accessor 6rBQ7zsi2RE4nVYHXaFoC6GQ
token_duration ∞
token_renewable false
token_policies ["root"]
identity_policies []
policies ["root"]
kubectl exec -it vault-0 -- vault policy list
default
root
1 Like
For a local connection you could try the following:
kubectl port-forward vault-0 8200:8200
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=<your token>
vault policy list
1 Like
@Wolfsrudel localhost works fine. Also with dns url.
Not sure what happened in meanwhile but everything works well now
1 Like