Vault error while writing

2020-06-03 04:33发布

问题:

I wanted to test Spring Cloud Vault configuration.

I installed a Vault server locally and when i try to write some key-values its failing and asking me to use vault kv put command.

While the example of Spring Cloud Config in this link shows the usage of vault write command

This is the error i get is

$ vault write secret/my-app foo=bar
Error writing data to secret/my-app: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/secret/my-app
Code: 404. Errors:


WARNING! The following warnings were returned from Vault:

  * Invalid path for a versioned K/V secrets engine. See the API docs for the
  appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'
  for this operation.

回答1:

Try the following ..

./vault kv put secret/my-app password=123

I'll add that this is something new in 0.10.0.

Seems like 0.10.0 has some breaking API changes ... so solution #2 is to use an earlier version of Vault (v0.9.6). This includes defaulting to the v2 of the KV secret engine , which is versioned.

Solution #3 is to re-create the /secret engine with v1 of KV. Running the following:

./vault secrets disable secret 
./vault secrets enable -version=1 -path=secret kv


回答2:

I was able to write after enabling a separate path with the below command

vault secrets enable -path=my-app kv
vault write my-app/my-app password=123

In Spring Cloud Config, i had to mention the folder name as backend in bootstrap.yml file

spring:
  cloud:
    vault:
      token: bc53d1a4-2551-4869-9574-7a9e60501ec1
      scheme: http
      generic:
        backend: my-app


回答3:

I got the same error, during using python, hvac, vault and kv as engine. And kv-engine is versioned. I used hvac client

client.write("secret/taras", data=dict(python='is secret'))

So I got

InvalidPath: "request_id":"d5c0f889-2c42-4141-1cc6-31ed1336c768","lease_id":"","renewable":false,"lease_duration":0,"data":null,"wrap_info":null,"warnings":["Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put' for this operation."],"auth":null}

The way I have solved this issue was changing path for storing secret

client.write("secret/data/taras", data=dict(python='is secret'))

PS: as you understood the name of my secret is "taras".



回答4:

Try the following in windows , (in command prompt) ,

SET VAULT_TOKEN=00000000-0000-0000-0000-000000000000

SET VAULT_ADDR=http://127.0.0.1:8200

vault kv put secret/gs-vault-config example.username=demouser example.password=demopassword

(There is change in creating key-value in Hashicorp Vault now. Use kv put instead of write.)