[英]Get secret from hashicorp vault using java application with service token
也许有些可以帮助我了解我错过了什么。
我使用这样的示例来设置 cloud-config 服务,以及另一个 spring 应用程序,该应用程序用于获取一些秘密。
如果我使用root
令牌,一切正常。
但是一旦我使用策略创建service
令牌
path "secret/data/test*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "secret/test*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
我可以验证它
$ vault token capabilities secret/test
create, delete, list, read, update
并与 curl
$ curl \
--header "X-Vault-Token: $VAULT_TOKEN" \
http://<dns-name>:8200/v1/secret/data/test | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 302 100 302 0 0 2796 0 --:--:-- --:--:-- --:--:-- 2796
{
"request_id": "44b5fdcf-a13c-8e12-83f3-a5064f25257d",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"data": {
"test-key": "test-value"
},
"metadata": {
"created_time": "2020-04-09T21:11:28.899688798Z",
"deletion_time": "",
"destroyed": false,
"version": 1
}
},
"wrap_info": null,
"warnings": null,
"auth": null
}
但是一旦我开始在应用程序中使用这个令牌,它就会返回
2020-04-10 13:38:43.186 DEBUG 43843 --- [nio-8888-exec-1] org.apache.http.wire: http-outgoing-0 >> “GET /v1/secret/data/test HTTP/1.1[\r][\n]”
http-outgoing-0 >> “X-Vault-Token: <TOKEN>[\r][\n]”
Response 403 FORBIDDEN
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.