Hashicorp Vault cli return 403 when trying to use kv

Dillon Courts picture Dillon Courts · Jan 22, 2019 · Viewed 8.7k times · Source

I set up vault backed by a consul cluster. I secured it with https and am trying to use the cli on a separate machine to get and set secrets in the kv engine. I am using version 1.0.2 of both the CLI and Vault server.

I have logged in with the root token so I should have access to everything. I have also set my VAULT_ADDR appropriately.

Here is my request:

vault kv put secret/my-secret my-value=yea

Here is the response:

Error making API request.

URL: GET https://{my-vault-address}/v1/sys/internal/ui/mounts/secret/my-secret
Code: 403. Errors:

* preflight capability check returned 403, please ensure client's policies grant access to path "secret/my-secret/"

I don't understand what is happening here. I am able to set and read secrets in the kv engine no problem from the vault ui. What am I missing?

Answer

Dillon Courts picture Dillon Courts · Jan 22, 2019

This was a result of me not reading documentation.

The request was failing because there was no secret engine mounted at that path.

You can check your secret engine paths by running vault secrets list -detailed

This showed that my kv secret engine was mapped to path kv not secret as I was trying.

Therefore running vault kv put kv/my-secret my-value=yea worked as expected.