Vault Dynamic Secrets Tutorial Issues

I am a Vault newcomer and a Windows user gasp. I am going through the tutorial and get stuck on the Dynamic Secrets page as the policy command doesn’t work in my Windows Powershell.


vault write aws/roles/my-role \
        credential_type=iam_user \
        policy_document=-<<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1426528957000",
      "Effect": "Allow",
      "Action": [
        "ec2:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
EOF

I attempted to instead use an hcl policy file but apparently wasn’t formatting it correctly(I guess the supplied policy is not in hcl format either?)

Can anyone suggest a solution for this? I would also recommend this section of the tutorial be updated to use an hcl policy as that would be a more system-agnostic approach.

PowerShell doesn’t support the <<EOF notation, but rather uses its own syntax for multiline variables like this:

$test=@'
Test
Test
'@

You should be able to modify your command to the following to get it to work (note that I haven’t tested this):

vault write aws/roles/my-role \
        credential_type=iam_user \
        policy_document=@”
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1426528957000",
      "Effect": "Allow",
      "Action": [
        "ec2:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
“@

I also encountered this error and the above solution did not work in my case where I was using PowerShell. To solve this problem, I wrote the contents of the Json in a file and I used the path of the Json file as an argument adding an @ in front of it.

Json file :

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1426528957000",
      "Effect": "Allow",
      "Action": [
        "ec2:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

Powershell command :

vault write aws/roles/my-role credential_type=iam_user policy_document=@"C:\path\to\the\file.json"