How to unseal via the HTTP API?
1,704 views
Skip to first unread message
Andy Lee
Jul 16, 2015, 5:03:20 PM7/16/15
to vault...@googlegroups.com
Having some trouble figuring out how to unseal the vault through the API.
How am I supposed to pass the keys?
# curl -k -XGET https://localhost:8200/v1/sys/seal-status
{"sealed":true,"t":3,"n":5,"progress":0}
# curl -k -H "key: 5b0c2ba43cb6a203535b4ae9e18fbffa98865f90b3ec7537f4cd0629940f595103" -XPUT https://localhost:8200/v1/sys/unseal
{"errors":["EOF"]}
Armon Dadgar
Jul 16, 2015, 7:31:38 PM7/16/15
to vault...@googlegroups.com, Andy Lee
Hey Andy,
You are providing the key as a header, but Vault expects arguments to be part of a JSON body.
Instead use:
curl -H “Content-Type: application/json” -XPUT https://localhost:8200/v1/sys/unseal -d ‘{“key”: “abcd…”}’
Hope that helps!
Best Regards,
Armon Dadgar
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/72324393-4dd6-4a3f-a1ba-07dfbbda2554%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Andy Lee
Jul 17, 2015, 12:58:22 PM7/17/15
to vault...@googlegroups.com, andy....@gmail.com
Tried that too and I got this
# curl -k -H "Content-Type: application/json" -XPUT https://localhost:8200/v1/sys/unseal -d '{'key':'5b0c2ba43cb6a203535b4ae9e18fbffa98865f90b3ec7537f4cd0629940f595103'}'
{"errors":["invalid character 'k' looking for beginning of object key string"]}
On Thursday, July 16, 2015 at 4:31:38 PM UTC-7, Armon Dadgar wrote:
Hey Andy,You are providing the key as a header, but Vault expects arguments to be part of a JSON body.Instead use:curl -H “Content-Type: application/json” -XPUT https://localhost:8200/v1/sys/unseal -d ‘{“key”: “abcd…”}’Hope that helps!Best Regards,Armon Dadgar
Jeff Mitchell
Jul 17, 2015, 5:02:46 PM7/17/15
to vault...@googlegroups.com, andy....@gmail.com
Andy,
JSON requires double quotes for strings as shown in Armon's example,
not single quotes. So rather than
-d '{'key':'5b0c2ba43cb6a203535b4ae9e18fbffa98865f90b3ec7537f4cd0629940f595103'}'
you need
-d '{"key":"5b0c2ba43cb6a203535b4ae9e18fbffa98865f90b3ec7537f4cd0629940f595103"}'
You need to keep the single quotes around the entire string so that
your shell will pass it in to curl verbatim.
--Jeff
> https://groups.google.com/d/msgid/vault-tool/98c6c5bb-99cf-448e-8085-817f543bb4c5%40googlegroups.com.
JSON requires double quotes for strings as shown in Armon's example,
not single quotes. So rather than
-d '{'key':'5b0c2ba43cb6a203535b4ae9e18fbffa98865f90b3ec7537f4cd0629940f595103'}'
you need
-d '{"key":"5b0c2ba43cb6a203535b4ae9e18fbffa98865f90b3ec7537f4cd0629940f595103"}'
You need to keep the single quotes around the entire string so that
your shell will pass it in to curl verbatim.
--Jeff
Andy Lee
Jul 17, 2015, 5:40:32 PM7/17/15
to vault...@googlegroups.com, andy....@gmail.com
Ohhhh got it. Thanks!
Reply all
Reply to author
Forward
0 new messages