search

nymous / pydantic-vault

A simple extension to Pydantic BaseSettings that can retrieve secrets from Hashicorp Vault
MIT License
52 stars 12 forks source link

AppRole authentication method does not work #14

Open yanbin-pan opened 1 year ago

yanbin-pan commented 1 year ago

The pattern shown in the documentation to authenticate using AppRole method does not seem work. When I pass a token instead Pydantic authenticates and retrieves the secrets.

I generate the ROLE_ID and SECRET_ID according to HashiCorp documentation and correct policy attached. This is verified as using the token method does retrieve the secrets.

vault read auth/approle/role/<MY_ROLE>/role-id
vault write -force auth/approle/role/<MY_ROLE>/secret-id
class Settings(BaseSettings):
    username: str = Field(
        ...,
        vault_secret_path=<PATH_TO_SECRET>,
        vault_secret_key="username",
    )
    password: SecretStr = Field(
        ...,
        vault_secret_path=<PATH_TO_SECRET>,
        vault_secret_key="password",
    )

    class Config:
        vault_url: str = <VAULT_URL>
        vault_role_id: str = <ROLE_ID>
        vault_secret_id: str = <SECRET_ID>

        @classmethod
        def customise_sources(
            cls,
            init_settings,
            env_settings,
            file_secret_settings,
        ):
            return (
                init_settings,
                env_settings,
                vault_config_settings_source,
                file_secret_settings,
            )

The error I am getting is the following

ValidationError: 2 validation errors for Settings
username
  field required (type=value_error.missing)
password
  field required (type=value_error.missing)
nymous commented 1 year ago

Hello @yanbin-pan, very sorry for the delay!

Are you still having this issue? Have you followed the "Logging" documentation to increase logging of pydantic-vault to DEBUG level and see what happens?