PowerShell script to connect to Vault's Api failing

[anand1...@gmail.com]

Hi,
I have a vault set-up on my Ubuntu machine and I'm trying to connect to it using PowerShell on a windows machine. Both the machines are on the same network. I have tried the curl commands on the Ubuntu machine and they work fine. When I tried running the Invoke-Rest command it throws this error:

Invoke-RestMethod : Unable to connect to the remote server

At C:\Users\Administrator\Documents\test_connection.ps1:12 char:1

+ Invoke-RestMethod -Headers @{"X-Vault-Token" = ${env:VAULT_TOKEN}} -Method Post  ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Invoke-RestMethod], WebException

    + FullyQualifiedErrorId : System.Net.WebException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Here is the code I'm trying to run-

$env:VAULT_ADDR="http://10.0.0.9:8200"

$env:VAULT_TOKEN="s.PppriCFG0FysCxyNxWNqhC5Z"

$USERNAME="test"

$pass=ConvertTo-SecureString -String "test@123" -AsPlainText –Force

$JSON="{ `"options`": { `"max_versions`": 12 }, `"data`": { `"$USERNAME`": `"$pass`" } }"

Invoke-RestMethod -Headers @{"X-Vault-Token" = ${env:VAULT_TOKEN}} -Method Post -Body $JSON -Uri http://10.0.0.9:8200/v1/secret/credentials/$USERNAME

Please suggest.

[Becca Petrin]

Hi,

To me, it seems like if Vault is reachable, that means Vault's REST API is up and running and it's likely a networking issue. If the Ubuntu machine you can reach it from is where Vault is running, it may be that the Vault port of 8200 needs to be opened as available to other machines on the network. AWS and Azure for instance have security rules that grant such access. If the Ubuntu machine isn't where Vault is running, that indicates the port on the Vault server is open for business, and the machine you're running Powershell on isn't part of the network. 

I'd check through your networking setup some more to see if the issue lies there somewhere. Hope that helps.

-Becca