This is the scenario, on Vault's side we have:
1.- Vault 1.1.3
2.- Version of Vault's kV secrets engine=1
3.- No prefix in Vault secrets backend
Configuration on the Rundeck side, special attention on "prefix" property. As there is no prefix in Vault secrets backend, we are setting the next properties as follows:
With the given configuration, we are able to read our old passwords stored under the "rundeck_secrets_v1" folder, but when trying to save a new password, we receive the following error message:
Encountered error while writing data to Vault Expecting HTTP status 204 or 200, but instead receiving 400 Response body: {"errors":["missing client token"]}
Note: Also tried commenting out the prefix property without success
In this scenario, looks like rundeck needs a "prefix" to read/write secrets. If we set "prefix" to any value (_someprefix), then Rundeck will be able to read/write secrets only under rundeck_secrets_v1/some_prefix/ , but all our old passwords are stored under "rundeck_secrets_v1/", not under rundeck_secrets_v1/some_prefix/, as a consequence of this, we cannot even see/read our old passwords stored under "rundeck_secrets_v1/"
Note: Also tried rundeck.storage.provider.1.removePathPrefix=true/false without success
Expected behavior: Ability to read/write passwords when Vault's kV secrets engine=1 and there is no prefix
This is the scenario, on Vault's side we have: 1.- Vault 1.1.3 2.- Version of Vault's kV secrets engine=1 3.- No prefix in Vault secrets backend
Configuration on the Rundeck side, special attention on "prefix" property. As there is no prefix in Vault secrets backend, we are setting the next properties as follows:
rundeck.storage.provider.1.config.prefix= rundeck.storage.provider.1.config.secretBackend=rundeck_secrets_v1 rundeck.storage.provider.1.config.engineVersion=1
With the given configuration, we are able to read our old passwords stored under the "rundeck_secrets_v1" folder, but when trying to save a new password, we receive the following error message:
Encountered error while writing data to Vault Expecting HTTP status 204 or 200, but instead receiving 400 Response body: {"errors":["missing client token"]}
Note: Also tried commenting out the prefix property without success
In this scenario, looks like rundeck needs a "prefix" to read/write secrets. If we set "prefix" to any value (_someprefix), then Rundeck will be able to read/write secrets only under rundeck_secrets_v1/some_prefix/ , but all our old passwords are stored under "rundeck_secrets_v1/", not under rundeck_secrets_v1/some_prefix/, as a consequence of this, we cannot even see/read our old passwords stored under "rundeck_secrets_v1/"
Note: Also tried rundeck.storage.provider.1.removePathPrefix=true/false without success
Expected behavior: Ability to read/write passwords when Vault's kV secrets engine=1 and there is no prefix