I wanted to test Spring Cloud Vault configuration.
I installed a Vault server locally and when i try to write
some key-values its failing and asking me to use vault kv put
command.
While the example of Spring Cloud Config in this link shows the usage of vault write command
This is the error i get is
$ vault write secret/my-app foo=bar
Error writing data to secret/my-app: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/secret/my-app
Code: 404. Errors:
WARNING! The following warnings were returned from Vault:
* Invalid path for a versioned K/V secrets engine. See the API docs for the
appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'
for this operation.
Try the following ..
./vault kv put secret/my-app password=123
I'll add that this is something new in 0.10.0.
Seems like 0.10.0 has some breaking API changes ... so solution #2 is to use an earlier version of Vault (v0.9.6). This includes defaulting to the v2 of the KV secret engine , which is versioned.
Solution #3 is to re-create the /secret engine with v1 of KV. Running the following:
./vault secrets disable secret
./vault secrets enable -version=1 -path=secret kv
I was able to write after enabling a separate path with the below command
vault secrets enable -path=my-app kv
vault write my-app/my-app password=123
In Spring Cloud Config, i had to mention the folder name as backend in bootstrap.yml
file
spring:
cloud:
vault:
token: bc53d1a4-2551-4869-9574-7a9e60501ec1
scheme: http
generic:
backend: my-app
I got the same error, during using python, hvac, vault and kv as engine. And kv-engine is versioned. I used hvac client
client.write("secret/taras", data=dict(python='is secret'))
So I got
InvalidPath: "request_id":"d5c0f889-2c42-4141-1cc6-31ed1336c768","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put' for this operation."],"auth":null}
The way I have solved this issue was changing path for storing secret
client.write("secret/data/taras", data=dict(python='is secret'))
PS: as you understood the name of my secret is "taras".
Try the following in windows , (in command prompt) ,
SET VAULT_TOKEN=00000000-0000-0000-0000-000000000000
SET VAULT_ADDR=http://127.0.0.1:8200
vault kv put secret/gs-vault-config example.username=demouser example.password=demopassword
(There is change in creating key-value in Hashicorp Vault now. Use kv put instead of write.)