HashiCorp Discuss

Vault tokens issue

rahul.sonawale June 18, 2025, 9:29am 1

Hello Team,

I have deployed vault 1.19 on Kubernetes version 1.32.4. We are not able to access secrete using tokens created.

So what we did:-

1:- vault secrets enable -path=airflow kv-v2
2:- vault kv put airflow/db-creds username=XXXX password=XXXX
3:- Created policy as below
vault policy write airflow-policy.hcl - << EOF

path “airflow/db-creds/*” {
capabilities = [“read”]
}
EOF

4:- vault token create -policy=airflow-policy.hcl

So now… We have got the token staring with hvs.XXXX. But when developer us using same url and token in airflow application its says “permission denied”

And when we login to vault url with that created token and when we go in secret tab to see the secret it says “permission denied”..

Can anyone help me in this…

jonathanfrappier June 19, 2025, 12:37am 2

I think your path is missing /data/ - since you are using v2 of the K/V secrets engine, there is additional metadata with the secret such as version info.

Check out

Topic		Replies	Views	Activity
Hashicorp Vault - Permission denied in API While Succcess In CLI Vault	1	629	September 16, 2022
Getting permission denied when using a token generated in Hashicorp vault Vault	7	10301	March 21, 2022
ACL Policy - permission denied Vault	3	1310	November 9, 2021
[Failed to Retrieve Secrets Following Vault Server Failover in Kubernetes High-Availability Cluster][Permission Denied] Vault k8s , raft , vault	1	268	February 1, 2024
Cannot log in to HashiCorp Vault using APPROLE method: permission denied Vault	6	219	January 30, 2025