search

salrashid123 / vault_gcp

Vault auth and secrets on GCP
Apache License 2.0
7 stars 3 forks source link

ERR: google: could not find default credentials #1

Open wayarmy opened 3 years ago

wayarmy commented 3 years ago

Hi there,

When i setup my labs with your tutorial, i've just got an error:

~ ❯❯❯ vault login -method=gcp \
    role="my-iam-role" \
    service_account="$GENERIC_SERVICE_ACCOUNT" \
    project="$PROJECT_ID" \
    jwt_exp="15m" \
    credentials=@generic-svc.json
Error authenticating: Error making API request.

URL: PUT http://localhost:8200/v1/auth/gcp/login
Code: 500. Errors:

* failed to create IAM HTTP client: failed to create oauth2 http client: failed to get default credentials: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.

Do you have any ideas ? @salrashid123

salrashid123 commented 3 years ago

thanks for the PR but i cna'treally repro this error (and subsequently reconcile the changes )

the error above implies the env-var export GOOGLE_APPLICATION_CREDENTIALS=pwd/vault-svc.json

wasn't found when vault server was started.

I also went through the tutorial from start and didn't need to set the viewer permissions to vault (it woudn't need to view stuff on the project)

wayarmy commented 3 years ago

Thanks for reply, i have no idea with it, but when i disable viewer permission to vault, i got the error about permission when i do login to vault from VM on GCE.

And another questions: Can i add vault-svc-account into the VM that i installed vault server ? And how vault server can add the vault-svc-account credentials (JWT or whatever) into vault auth config ?