A secret must been inside secret "path/tree"??

[Gustavo Goulart]

Hi,

I'm really new using Vault and I working in POC using the getting started in vault project site, doing so I came across with the following question: Every secret must inside the secret "folder/tree" ??

In the getting started (https://www.vaultproject.io/intro/getting-started/acl.html) there is a example of policy that I changed for this:

path"abc/*" {
    policy = "write"
}

then I save this in a file named acl.hcl, and executed this line:

$ vault policy-write abc acl.hcl

and when I try to execute a write command:

$ vault write abc/def values=yes

 

I receive a 404 no handler for route 'abc/def//'

Someone know what I'm doing wrong??

Thank you for your help

[David Adams]

I'm guessing you don't have anything set up at the path `abc/`. What is the output of `vault mounts` ?

If you want to store generic secrets under `abc/` you would first run `vault mount -path=abc generic` to mount a generic secret store at `abc/`.

At that point your `vault write abc/def values=yes` command should work. There should be no need for the policy so long as you are using the root token, which I'm guessing you are at this stage. When you get around to setting up authentication or creating tokens, that's when the policies will come into play.

-dave

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/b7cb5e21-6619-44c0-9144-3ea161495795%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Gustavo Goulart]

Thanks David 

I didn't know about the mount and of course it didn't have a 'abc/'. Now thing worked just fine.

Em quarta-feira, 18 de janeiro de 2017 14:35:05 UTC-2, David Adams escreveu:

I'm guessing you don't have anything set up at the path `abc/`. What is the output of `vault mounts` ?

If you want to store generic secrets under `abc/` you would first run `vault mount -path=abc generic` to mount a generic secret store at `abc/`.

At that point your `vault write abc/def values=yes` command should work. There should be no need for the policy so long as you are using the root token, which I'm guessing you are at this stage. When you get around to setting up authentication or creating tokens, that's when the policies will come into play.

-dave

On Wed, Jan 18, 2017 at 10:14 AM, Gustavo Goulart <goul...@gmail.com> wrote:

Hi,

I'm really new using Vault and I working in POC using the getting started in vault project site, doing so I came across with the following question: Every secret must inside the secret "folder/tree" ??

In the getting started (https://www.vaultproject.io/intro/getting-started/acl.html) there is a example of policy that I changed for this:

path"abc/*" {
    policy = "write"
}

then I save this in a file named acl.hcl, and executed this line:

$ vault policy-write abc acl.hcl

and when I try to execute a write command:

$ vault write abc/def values=yes

 

I receive a 404 no handler for route 'abc/def//'

Someone know what I'm doing wrong??

Thank you for your help

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.