cannot load certs from vault

edgexfoundry / security-api-gateway

Owner: Security WG

Apache License 2.0

11 stars 10 forks source link

cannot load certs from vault #65

Closed lesliechung88 closed 5 years ago

lesliechung88 commented 5 years ago

edinburgh release cannot load certs from vault , because no right

tokenpath = "/vault/config/assets/resp-init.json"

should be : tokenpath = "/vault/config/assets/admin-token.json"

[secretservice] server = "edgex-vault" port = "8200" healthcheckpath = "v1/sys/health" certpath = "v1/secret/edgex/pki/tls/edgex-kong" tokenpath = "/vault/config/assets/resp-init.json" cacertpath = "/vault/config/pki/EdgeXFoundryCA/EdgeXFoundryCA.pem"

lesliechung88 commented 5 years ago

should be : tokenpath = "/vault/config/assets/kong-token.json"

tingyuz commented 5 years ago

This is intentional - the reason is that the current implementation of secret service has issue with renewal of kong-token when it is expired, so we are using master token instead. Once the issue is fixed in the secret service we can switch back to kong-token.