Hashicorp's Vault CLI does not store authentication token in token helper

Question

After I login to my Vault with TLS authentication

vault login -method=cert \
            -ca-cert=/path/to/ca/cert \
            -client-cert=/path/to/client/cert \
            -client-key=/path/to/client/key

I would expect the returned token to be updated at ~/.vault-token. However it is not. For instance, running $ vault status returns

x509: certificate signed by unknown authority

I can work around this by adding -ca-cert=path/to/ca/cert to every subsequent requests but it is not ideal. Any idea what is causing this?

score 1 · Answer 1 · answered Jul 09 '21 at 08:07

1

I had installed Vault CLI with snap package manager. The problem seems to be created by it.

Removing that installation (don't forget to remove ~/snap/vault folder) and then installing it via apt-get fixed the issue.

answered Jul 09 '21 at 08:07

ricardoptcosta

11
2

Hashicorp's Vault CLI does not store authentication token in token helper

1 Answers1