Hashicorp Vault: Python hvac does not see secrets
Question:
I’m trying to use HashiCorp Vault with hvac Python client.
I’ve run vault docker container (development mode config) on localhost, created a KV secret engine kv1 (with version 1 API), added a secret mega_secret, added a key/value ("hell" --> "yeah") it it and tried to read it with hvac.
At first, let’s go to docker container terminal and check that the secret is alive:
# vault kv get kv1/mega_secret
==== Data ====
Key Value
--- -----
hell yeah
And now I’m trying to read it with hvac.
import hvac
client = hvac.Client(url="http://localhost:8200", token="hvs.4MzADdB9pIHAggqaQWQZASx0", namespace="")
assert client.is_authenticated()
assert not client.sys.is_sealed()
print(client.kv.v1.read_secret(path="kv1/mega_secret")) # Here will be crash
Error message:
hvac.exceptions.InvalidPath: no handler for route "secret/kv1/mega_secret".
route entry not found., on get http://localhost:8200/v1/secret/kv1/mega_secret
How can it be fixed?
Answers:
Vault can mount the same secret engine multiple times, each on its own mount point. You have chosen to use kv1, no problem with that.
HVAC assumes that secret is the name of the mount point by default.
You will be able to read your secret by specifying the mount point like this:
client.kv.v1.read_secret(mount_point="kv1", path="mega_secret")
I’m trying to use HashiCorp Vault with hvac Python client.
I’ve run vault docker container (development mode config) on localhost, created a KV secret engine kv1 (with version 1 API), added a secret mega_secret, added a key/value ("hell" --> "yeah") it it and tried to read it with hvac.
At first, let’s go to docker container terminal and check that the secret is alive:
# vault kv get kv1/mega_secret
==== Data ====
Key Value
--- -----
hell yeah
And now I’m trying to read it with hvac.
import hvac
client = hvac.Client(url="http://localhost:8200", token="hvs.4MzADdB9pIHAggqaQWQZASx0", namespace="")
assert client.is_authenticated()
assert not client.sys.is_sealed()
print(client.kv.v1.read_secret(path="kv1/mega_secret")) # Here will be crash
Error message:
hvac.exceptions.InvalidPath: no handler for route "secret/kv1/mega_secret".
route entry not found., on get http://localhost:8200/v1/secret/kv1/mega_secret
How can it be fixed?
Vault can mount the same secret engine multiple times, each on its own mount point. You have chosen to use kv1, no problem with that.
HVAC assumes that secret is the name of the mount point by default.
You will be able to read your secret by specifying the mount point like this:
client.kv.v1.read_secret(mount_point="kv1", path="mega_secret")