Hi, I have a vault server which has a few secrets
ubuntu@juju-48d934-0-lxd-6:~$ vault secrets list
Path Type Accessor Description
charm-pki-local/ pki pki_424d8583 Charm created PKI backend
cubbyhole/ cubbyhole cubbyhole_4eebd0b8 per-token private secret storage
identity/ identity identity_e175e164 identity store
sys/ system system_3d81439b system endpoints used for control, policy and debugging
I want to get root-ca from charm-pki-local/ but it seems I have missed something.
Any idea?
Moin,
please try, with modifications for your setup, this:
$ curl --header “X-Vault-Token: s.*****” --cacert /opt/vault/tls/vault_ca.pem https://vault.fritz.box:8200/v1/pki/ca/pem
Or, more fancy to check the certificate, this:
$ curl --header “X-Vault-Token: s.*****” --cacert /opt/vault/tls/vault_ca.pem https://vault.fritz.box:8200/v1/pki/ca/pem | openssl x509 -text
I cannot find vault_ca.pem file in my server, I have installed vault via snap as part of juju charm.
I don’t know how much you are familiar with juju + maas + openstack charm bundles, I have the following problem .
juju run --unit vault/leader ‘leader-get root-ca’
it does not show anything.
Moin,
to be serious, I never heard of juju. But maybe you should try a more basic command
$ curl --insecure https://vault.fritz.box:8200/v1/pki/ca/pem
or, if your vault installation does not use SSL just this:
$ curl http://vault.fritz.box:8200/v1/pki/ca/pem
Maybe you have to use 127.0.0.1 instead of vault.fritz.box.
I hope this will hep you.
it says “{“errors”:[“missing client token”]}”
Moin,
well, the good thing is: The error message comes from the vault server process. So just give your root token (to keep things simple for the moment) as a header field. So the complete command will lock similar to this:
$ curl --insecure --header “X-Vault-Token: s.*****” https://vault.fritz.box:8200/v1/pki/ca/pem
You got this root token as a result of the “vault init” command.
I recommand this tutorial: Tutorials | Vault | HashiCorp Developer