Valut KV2 Support

Hi I seem to. be having a small issue getting packer to communicate with Vault. for a. v2 KV secret. I keep getting the following error “Invalid path for a versioned K/V secrets engine”. I created a v1 engine and that worked fine. Is there a particular construct to the URL we must specify for V2 (im always interested in the latest version of the secret)?

Example:
“vsphere-password”: “{{ vault secret/kv/systems/packer esxi_password}}”

Without knowing the architecture of your kv engine, I suspect you don’t need the “secret/kv” in front since that looks like a generic example name – try just “systems/packer” ?

Thanks for the update but I created the spesific path with secret/kv infact it must be specified in the CLI read operation (plus works fine for v1).

Ah, sorry, I think I see what’s going on. Packer isn’t using the CLI, it’s using the Vault API – docs are here: https://www.vaultproject.io/api/secret/kv/kv-v2#read-secret-version. In a v2 kv engine, that means you need to include a “data” in your path.

Here’s a detailed explanation of how to generate the v2 path in an example repo I a while back when I implemented the feature:

2 Likes

Thanks that solved it!