Hi there,
I’m currently working on a personal lab environment as part of a learning project involving GitLab CI/CD and HashiCorp Vault to securely inject secrets into pipelines.
Environment:
- GitLab self-managed 17.10.4 (http://172.16.5.24)
- Vault 1.19.1 (http://172.16.5.35:8200)
- Docker executor for GitLab Runner
I followed the official GitLab & Vault documentation and configured the JWT OIDC method with the correct HTTP URLs:
vault write auth/jwt/config \
oidc_discovery_url="http://172.16.5.24" \
bound_issuer="http://172.16.5.24"
vault write auth/jwt/role/dev-role \
role_type="jwt" \
user_claim="user_email" \
bound_audiences="http://172.16.5.35" \
token_explicit_max_ttl=60 \
policies="my-policy"
Despite this, Vault still tries to fetch the OIDC keys using HTTPS:
error validating token: error verifying token signature:
fetching keys oidc: get keys failed
Get "https://172.16.5.24/oauth/discovery/keys": dial tcp 172.16.5.24:443: connect: connection refused
I have:
Disabled and re-enabled the jwt auth method
Rewritten the config
Restarted Vault
But the issue persists.
Is this a known behavior or bug? How can I force Vault to actually use HTTP for the discovery keys?
Thanks in advance!