The auth method used for the vault in my company's organization is via guthub token. This authentication method has already been used by some of the scala projects in the company. They are successfully able to use the authentication method to read the secrets.
This is the scala piece of code
val vaultConfig = new VaultConfig().address(VaultAddress).build()
val apiToken = new Auth(vaultConfig).loginByGithub(githubToken).getAuthClientToken
val configWithToken: VaultConfig = new VaultConfig().address(VaultAddress).token(apiToken).build()
new Vault(configWithToken)
Now we are integrating vault in one of the new NodeJS projects. So far I have written this piece of code by using the library node-vault
const vault = require("node-vault")({
apiVersion: "v1",
endpoint: "vaultURL",
});
const GITHUB_TOKEN = '';
const run = async () => {
try {
const result = await vault.githubLogin({ token: GITHUB_TOKEN });
vault.token = result.auth.client_token;
console.log('Client Token', vault.token);
const { data : returnValue } = await vault.read("some path");
const { data } = returnValue;
const { keys } = data;
console.log("myKeys", keys);
} catch (error) {
console.log(error.message);
}
};
run();
The authentication works perfectly, I'm getting the client token. But Im not able to read the secrets in the path that I give.
Note Im able to see the secrets of the same path through UI. but the code gives permission denied
error.
What is it that I'm missing?
Please note that Im a beginner to both node js and hashicorp vault. The documentation of node-vault
is not helping.
Any help would be appreciated. Any helpful reading material or tutorial.
On searching over the internet I found that It might have something to do with the vault policy settings. So, I was finally able to get this thing to work, I had to append
data
in the path for a successful read from the vault. Because data was in-fact appended with the path when I looked into the organisation's policy document.My original path was
secret/apiKey
Had to use
secret/data/apiKey
For reference take a look at this answer on github.