Logical client cannot read secrets when v2 secret engine is mounted at a path

[pvsmelkov]

When v2 KV secrets engine is mounted at a path, for instance: "my/test", Logical.read("my/test/secret") will try to adjust the path and insert "data" after the first element like this "my/data/test/secret". As a result the read call will fail with 403. See below. While the vault CLI command to read the same secret "vault kv get my/test/secret" or curl command to http://localhost:8200/v1/my/test/data/secret both work fine.

caused by: com.bettercloud.vault.VaultException: Vault responded with HTTP status code: 403 Response body: {"errors":["1 error occurred:\n\t* permission denied\n\n"]}

at com.bettercloud.vault.api.Logical.read(Logical.java:98)
at com.bettercloud.vault.api.Logical.read(Logical.java:74)
at deltix.ember.util.SecretsStore.getSecrets(SecretsStore.java:44)
at deltix.ember.util.SecretsStore.getSecret(SecretsStore.java:64)

[marcoreni]

Duplicate of https://github.com/BetterCloud/vault-java-driver/issues/155

[steve-perkins]

Closing as a duplicate of issue #155. This should be resolved by PR #189.