VAULT QUESTIONS MUST BE DEVELOPER-RELATED. Vault is an open-source platform designed to store secrets securely, Questions about configuring vault should be asked on https://serverfault.com. Not to be confused with [ansible-vault].
Questions tagged [vault]
300 questions
0
votes
1 answer
can we use wildcard in consul policy for node or service
I am trying to setup a consul backed vault cluster.
My consul cluster is working fine however when I am setting up my vault consul agent, I need to give an agent token with policy to have write access on node.
Basically, I want that my vault consul…
Vinay Taneja
- 89
- 2
- 8
0
votes
1 answer
I want to access my environment variable before starting server in Next.js. How to do that?
I am using vault services to keep my secrets secure. For that, I need to run the vault script (node fetch-vault-secrets.js) before the next build and next dev command.
enter image description here
That vault command runs a file that contains a…
Usama Tahir
- 39
- 8
0
votes
1 answer
Allow user to update/delete certain policies(Hashicorp Vault)
Description
I am using Hashicorp's Vault ,version 1.7.0, free version.
I would like to allow a certain range of policies that a user can assign/delete to a group. In that way he can add or delete entities user to the group from the UI.
What I have…
Vdoo
- 71
- 2
- 9
0
votes
1 answer
Should the Vault Service Account Be Using the Default Service Account API Token to Authenticate to Kubernetes?
I've been following this tutorial to set up vault and kubernetes on minikube with helm.
It seems to me the vault service account is using the default service account JWT token to access the API to authenticate. Should the vault service account…
Aaron
- 3,249
- 4
- 35
- 51
0
votes
1 answer
Creating a dynamic vault policy using templating based on username using userpass
I want to create an ACL policy that allows user's to create, read, update etc data to a secrets engine based on their userpass username.
For example, if the username is foo I want it so that they have access to secrets/foo/* I obviously want this to…
39fredy
- 1,923
- 2
- 21
- 40
0
votes
0 answers
Spring Cloud Vault with GCP-IAM Auth Method for multiple projects
I have some issue, wasn't able to find any docs, maybe I'm missing something.
We are going to use this method. I've deployed some service and Vault in GKE in one project and it works fine. I used this article for configuration.
So, I created…
Rafik Alimardanov
- 11
- 2
0
votes
0 answers
Spring Cloud Vault
I have a Spring Boot application with spring-cloud-starter-vault-config dependency, so all my secrets are externalized.
My application uses AWS IAM authentication with preconfigured role:
cloud:
vault:
enabled: true
fail-fast: true
…
kolyaiks
- 157
- 1
- 12
0
votes
1 answer
Hashicorp's Vault CLI does not store authentication token in token helper
After I login to my Vault with TLS authentication
vault login -method=cert \
-ca-cert=/path/to/ca/cert \
-client-cert=/path/to/client/cert \
-client-key=/path/to/client/key
I would expect the returned token to be…
ricardoptcosta
- 11
- 2
0
votes
0 answers
Vault internal group but okta authentication
Problem statement:
I want to authenticate vault user with okta (oidc), but want to have one more level of authentication at vault level.
I have successfully integrated okta_group with vault group (external) and settings up policies for that group.
I…
pythonhmmm
- 833
- 1
- 18
- 38
0
votes
1 answer
How do I figure out what policy I need to add from a 403 response?
I send a HTTP request to my Hashicorp Vault instance and receive a 403 HTTP response.
How do I reverse engineer the policy I need to add from my request path?
curl \
-v \
-H "X-Vault-Token: $VAULT_TOKEN" \
https://myvault/v1/sys/plugins/catalog
<…
James
- 199
- 6
- 17
0
votes
1 answer
Policy that only allows to list a subset of roles
I am using Vault's SSH PKI secrets engine and have multiple roles defined
pki/
role1
role2
role3
...
I want to give access to the roles via web GUI. So for my understanding I have to specify a list policy:
path "/ssh/*" {
…
Teosch
- 49
- 4
0
votes
1 answer
How to generate role_id and secret_id for HarshiCorp Vault
I am working on a application which uses Vault.
Now, the vault needs Role_Id and Secret_Id to be delivered in order to fetch value for a key.
Both these role_id and secret_id are kept in environment variable.
I can't figure out how to get/retrieve…
Ashutosh Tiwari
- 13
- 5
0
votes
3 answers
How to pass a Secret in Vault to imagePullSecrets to access an image in private registry in Kubernetes
I created a Secret in Vault in Kubernetes instead of using K8s API. And would like to use the Secret in Vault to pull images from a private registry. I am unable to find a way to do so. The following is the example code, assuming I used all the…
Padmaja
- 19
- 6
0
votes
0 answers
Hashicorp Vault logs output lease resore complete and revoked lease id
We have vault running 1.5.4 in k8s and the logs output as below:
2021-03-08T21:28:04.326Z [INFO] expiration: revoked lease: lease_id=auth/approle/login/sdvsvsvesx086bacsdcscse798ea050eba3xscscsczxacsc0af```
Please let me know do we have to do…
Siva
- 1
0
votes
1 answer
In the VaultSharp library, what's the equivalent of setting the VAULT_CACERT environment variable?
I'm getting the error An error occurred while sending the request when using the VaultSharp library in C# to request secrets from a Vault service. I can get the access token I need from the command line, so I know the Vault address and my personal…
Kevin J
- 23
- 1
- 5