Maybe some could help me understand where I missed something.
I use such example to set-up cloud-config service, with another spring application which is used vault to get some secrets.
If I using root
token everything is working correctly.
But once I create service
token with policy
path "secret/data/test*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "secret/test*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
I can validate it with
$ vault token capabilities secret/test
create, delete, list, read, update
and with curl
$ curl \
--header "X-Vault-Token: $VAULT_TOKEN" \
http://<dns-name>:8200/v1/secret/data/test | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 302 100 302 0 0 2796 0 --:--:-- --:--:-- --:--:-- 2796
{
"request_id": "44b5fdcf-a13c-8e12-83f3-a5064f25257d",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"data": {
"test-key": "test-value"
},
"metadata": {
"created_time": "2020-04-09T21:11:28.899688798Z",
"deletion_time": "",
"destroyed": false,
"version": 1
}
},
"wrap_info": null,
"warnings": null,
"auth": null
}
but once I start using this token with the application it returns
2020-04-10 13:38:43.186 DEBUG 43843 --- [nio-8888-exec-1] org.apache.http.wire: http-outgoing-0 >> “GET /v1/secret/data/test HTTP/1.1[\r][\n]”
http-outgoing-0 >> “X-Vault-Token: <TOKEN>[\r][\n]”
Response 403 FORBIDDEN
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.