[英]403 Permission Denied when trying to read Secrets from Vault using GCP IAM auth
I am using GCP IAM auth method to authenticate against vault.我正在使用 GCP IAM 身份验证方法对保管库进行身份验证。 I followed the steps as suggested in vault gcp auth to authenticate using a Service Account
我按照vault gcp auth 中建议的步骤使用服务帐户进行身份验证
I was able to successfully authenticate and login.我能够成功进行身份验证和登录。 But when I try to read the secrets from the specified path, it says permission denied.
但是当我尝试从指定路径读取机密时,它说权限被拒绝。
$vi test-policy.hcl
path "secret/test/*" {
capabilities = ["read"]
}
I have the below roles assigned to my Service Account.我为我的服务帐户分配了以下角色。
vault kv get secret/test/awskeys
Error reading secret/data/test/awskeys: Error making API request.
URL: GET http://127.0.0.1:8200/v1/secret/data/test/awskeys
Code: 403. Errors:
* 1 error occurred:
* permission denied
I have the same issue using the spring-cloud-vault application as well.我在使用 spring-cloud-vault 应用程序时也遇到了同样的问题。 Is there any role that I missed to assign to this Service Account or am I setting the policy wrong?
我是否错过了分配给此服务帐户的任何角色,或者我是否设置了错误的策略?
Note: Vault Server is setup on AWS.注意:Vault 服务器是在 AWS 上设置的。
It was the policy setting.这是政策设置。 I updated it to below and it worked!
我将它更新到下面并且它起作用了! Specific path instead of *.
特定路径而不是 *.
path "secret/data/test/awskeys" {
capabilities = ["read"]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.