unable to authenticate with Hashicorp Vault using approle

[DonBower]

Describe the bug

I have my manifest as such:

      vault:
        auth:
          backend: approle
        params: {role_id: <redacted>, secret_id: <redacted>}
        insecure_skip_verify: true
        path_prefix: /concourse
        url: http://vault.xxxx.net:8200

However, the log shows:

web.stdout.log:{"timestamp":"2024-02-20T21:59:11.292528068Z","level":"error","source":"atc","message":"atc.credential-manager.login.failed","data":{"error":"Error making API request.\n\nURL: PUT http://vault.xxx.net:8200/v1/auth/approle/login\nCode: 500. Errors:\n\n* failed to determine alias name from login request","name":"vault","session":"7.1"}}

If I manually run this from the web instance,

curl --url http://vault.ag6hq.net:8200/v1/auth/approle/login \
  --data '{"role_id": "<redacted>", "secret_id": "<redacted>"}' \
  --request PUT

I get a token, and I can read my secrets. If my config is wrong, great, just let me know.

The error message is quite vague.

Reproduction steps

1. Create a Vault instance
2. Create a policy for concourse
3. Create an approle for concourse and retrieve the role_id and secret_id
4. Attach the policy to the approle
5. Create a kv engine for concorse
6. Create a concourse manifest, which includes the vault keys described above
7. Create a simple pipeline that reads a secret from the concourse kv engine ...

Expected behavior

• Successfully retrieve a token from Vault
• Successfully retrieve a secret value from the vault kv engine for concourse

Additional context

This is a lab with no firewalls, and all the services are on one subnet.

[DonBower]

params was at the wrong level. correct deployment:

      vault:
        auth:
          backend: approle
          params: {role_id: <redacted>, secret_id: <redacted>}
        insecure_skip_verify: true
        path_prefix: /concourse
        url: http://vault.xxxx.net:8200