Vault CSI Volume Configuration Issue

Hi Team,

I’m trying to use CSI Driver for vault to use vault secrets in GKE. I have followed the documentation here with an external vault. But Im getting the below error.

* claim "iss" is invalid

When disable the issuer validation it works perfectly. So I tried following values for the jwt issuer while configuring the kubernetes authentication, nothing worked.

Anyone advice would be really appreciated.

Hi @muralidkt, thanks for raising the question. We’ve recently added some more detailed documentation around this: Vault CSI Provider | Vault by HashiCorp

That gives you some instructions to help figure out exactly what issuer you need to set. One thing worth pointing out (also covered in the link), is the “kubernetes/serviceaccount” issuer suggests the token you’re looking at is probably the default long-lived token associated with the service account, but the Vault CSI Provider generates new short-lived tokens which usually have issuers in the form of a URL.

Please do let me know if the updated documentation helps, and I can help debug further if not.

1 Like

@tomhjp great! shared document helped to make it work. Thanks so much.

1 Like