Vault JWT entity confusion

Vault
,
1

So I am trying to get some auto_config into my consul configuration, and have started running the tutorial at Automate Consul Agent Security with Auto Config | Consul | HashiCorp Developer although on my consul dev cluster rather than the docker environment setup in the tutorial.

However, when I get to the JWT part, of which I so far admittedly understand very little, the copy paste and hoping for the best-approach has left me wanting.

At the time when I log in using the example user, and try to run the prescribed

% vault read identity/oidc/token/oidc-role-1

I get the following error message:

Error reading identity/oidc/token/oidc-role-1: Error making API request.

URL: GET http://10.0.0.2:8200/v1/identity/oidc/token/oidc-role-1
Code: 400. Errors:

* no entity associated with the request's token

I can’t really say what’s going on here yet, from my understanding of the tutorial text the entity should be the user example in this case, but the error message seems to say differently. Does anyone have a good idea of what I am missing?

1 Like
2

You appear to not be logged in to Vault using the example user, but rather with a non-entity token such as the root token.

1 Like
3

Thanks for your reply. Indeed, even though I logged in using vault login I had set VAULT_TOKEN in the environment, so I didn’t use the credentials I assumed. Not the first time, unfortunately, and I would venture a guess not the last, but your kind nudge did solve the problem for me. :smiley: