0

I was using vault to login via curl to get a new token so far. This works as expected: 

curl -k     --request POST     --data '{"role_id":"myrole","secret_id":"mysecret"}'     https://<host>:<port>/vault/v1/auth/approle/login

Now I'd like to do the same in spring cloud with the following bootstrap.yml:

spring.cloud.vault:
uri: https://<host>:<port>
authentication: APPROLE
app-role:
    role-id: myrole
    secret-id: mysecret

But this isn't working and the application throws the following exception on startup:

2018-09-06 07:28:57.054  INFO 8804 --- [           main] o.s.v.a.LifecycleAwareSessionManager     : Scheduling Token renewal
2018-09-06 07:28:57.144  WARN 8804 --- [           main] LeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/application', mode=ROTATE]] Lease [leaseId='null', leaseDuration=PT0S, renewable=false] Status 403 secret/application: permission denied

    org.springframework.vault.VaultException: Status 403 secret/application: permission denied
Daniel Mann
  • 57,011
  • 13
  • 100
  • 120
Twin322
  • 170
  • 1
  • 8
  • According to the error message, it's the access to `https://:/vault/v1/secret/application` that fails. The login seemed to work. – mp911de Sep 09 '18 at 19:30

1 Answers1

0

Please try adding app-role-path: approle

Sanjay
  • 11
  • This does not provide an answer to the question. Once you have sufficient [reputation](https://stackoverflow.com/help/whats-reputation) you will be able to [comment on any post](https://stackoverflow.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/low-quality-posts/22240671) – Jean-François Fabre Feb 18 '19 at 20:08