search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
30.61k stars 4.14k forks source link

vault: unable to view secret engine v1 in UI #18555

Closed noahehall closed 1 year ago

noahehall commented 1 year ago

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

  1. use HTTP api to enable secret kv-v2 at path secret
  2. use HTTP api to enable secret kv-v1 at path env
  3. verify no errors are returned in logs
  4. open UI: only kv-v2 is shown

Expected behavior A clear and concise description of what you expected to happen.

Environment:

05:15 AM (vault $%|u=) 
$ vault status
Key                     Value
---                     -----
Seal Type               shamir
Initialized             true
Sealed                  false
Total Shares            2
Threshold               2
Version                 1.12.2
Build Date              2022-11-23T12:53:46Z
Storage Type            raft
Cluster Name            vault-cluster-95bccc84
Cluster ID              ded60b12-22ec-29f4-1ca7-08e75625b7cd
HA Enabled              true
HA Cluster              https://127.0.0.1:8301
HA Mode                 active
Active Since            2022-12-26T11:11:08.039723077Z
Raft Committed Index    164
Raft Applied Index      164
Vault v1.12.2 (415e1fe3118eebd5df6cb60d13defdc01aa17b03), built 2022-11-23T12:53:46Z

05:16 AM (vault $%|u=) 
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:    22.04
Codename:   jammy

Vault server configuration file(s):

# Paste your Vault config here.
# Be sure to scrub any sensitive values

# @see https://developer.hashicorp.com/vault/docs/configuration

default_lease_ttl = "7d"
default_max_request_duration = "30s"
disable_cahe = false
disable_mlock = true # we use integrated raft storage
enable_response_header_hostname = true
enable_response_header_raft_node_id = true
log_format= "json"
max_lease_ttl = "30d"
raw_storage_endpoint = false
ui = true # requires at least 1 listener stanza

storage "raft" {
  path    = "/vault/data"
  node_id = "node1"
}

# advertise the non-loopback interface
api_addr = "https://127.0.0.1:8300"
cluster_addr = "https://127.0.0.1:8301"

listener "tcp" {
  address = "0.0.0.0:8300" # provides access to vault UI
  tls_cert_file = "/etc/ssl/certs/live/dev.nirv.ai/fullchain.pem"
  tls_key_file = "/etc/ssl/certs/live/dev.nirv.ai/privkey.pem"
  tls_disable = false
}

############################# todo
# plugin_directory
# plugin_file_uid
# plugin_file_permissions
// telemetry {
//   statsite_address = "127.0.0.1:8125"
//   disable_hostname = true
// }
// seal "transit" { @see https://developer.hashicorp.com/vault/docs/configuration/seal/transit
// }

Additional context Add any other context about the problem here.


# ignore any sensitive data, its a dev env
enabling vault feature: {"type":"kv-v1"} at path env

[DEBUG] SCRIPT.VAULT.SH
------------
[url]: https://dev.nirv.ai:8300/v1/sys/mounts/env
[args]: -H X-Vault-Token: hvs.CYWmlLY1R5U2FxcTdoTWo --data {"type":"kv-v1"}
------------

vault

==> Vault server configuration:

             Api Address: https://127.0.0.1:8300
                     Cgo: disabled
         Cluster Address: https://127.0.0.1:8301
              Go Version: go1.19.3
              Listener 1: tcp (addr: "0.0.0.0:8300", cluster address: "0.0.0.0:8301", max_request_duration: "30s", max_request_size: "33554432", tls: "enabled")
               Log Level: warn
                   Mlock: supported: true, enabled: false
           Recovery Mode: false
                 Storage: raft (HA available)
                 Version: Vault v1.12.2, built 2022-11-23T12:53:46Z
             Version Sha: 415e1fe3118eebd5df6cb60d13defdc01aa17b03

==> Vault server started! Log data will stream in below:

UI : only kv-v2 shows up

image

image

image

noahehall commented 1 year ago

user error: thought I was logged in with a token that didnt have access to the path