I have an idea to paste dynamic database credentials in my nestJS application. For credentials storage i using Vault. Separately i installed vault client in nodejs container. This command
vault write auth/approle/login role_id=$ROLE_ID secret_id=$SECRET_ID
work's fine
Key Value
--- -----
token s.FPuXg2It7Q6YeYW9QzWlQvnz
...
after this, i configured nestVault module
ConfigModule.forRoot(),
NestVaultModule.registerAsync({
imports: [ConfigModule],
inject: [ConfigService],
useFactory: (configService: ConfigService) => {
return {
https: true,
baseUrl: configService.get('VAULT_ADDR'),
rootPath: 'secrets',
timeout: 1000,
proxy: false,
cacert: '/var/run/secrets/kubernetes.io/serviceaccount/ca.crt',
};
},
}),
for simple test i setup controller with code
return this.vault.healthCheck();
output
{"initialized":true,"sealed":false,"standby":false,"performance_standby":false,"replication_performance_mode":"disabled","replication_dr_mode":"disabled","server_time_utc":1649599674,"version":"1.9.2","cluster_name":"vault-cluster-3cc285da","cluster_id":"195b89dc-76bb-8b5d-3e22-ccd462812a86"}
but when i trying to login with code
const role_id = this.configService.get('ROLE_ID');
const secret_id = this.configService.get('SECRET_ID');
console.log(role_id, secret_id);
const token = await this.vault.loginWithAppRole({
role_id: role_id,
secret_id: secret_id,
}).client_token;
i getting error from nest js:
/backend/node_modules/hashi-vault-js/Vault.js:1590
throw parseAxiosError(err);
^
Error: Request failed with status code 400
at Vault.loginWithAppRole (/backend/node_modules/hashi-vault-js/Vault.js:1590:13)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
and 502 from web server. what could be wrong?
the same with
const ret = await this.vault.loginWithK8s(
'internal-app',
'token..',
);
console.log(ret);
