Vault: Missing Client Token

Created on 1 Oct 2015 · 11Comments · Source: hashicorp/vault

I have setup Vault with Consul on an AWS EC2 instance and am trying to connect to it remotely by running the vault binary I've installed on my local machine. I'm getting a missing client token error when running read or write commands.

I've set local environment variables VAULT_TOKEN and VAULT_ADDR to the appropriate values and can even run commands directly with curl.

Running the following:

curl -X GET -H "X-Vault-Token:$VAULT_TOKEN" http://mydomain.com/v1/secret/test

succeeds with the response

{"lease_id":"","renewable":false,"lease_duration":2592000,"data":{"value":"blah"},"auth":null}

However when I run

vault read secret/token

it fails with

Error reading secret/test: Error making API request.

URL: GET http://mydomain.com/v1/secret/test
Code: 400. Errors:

* missing client token

I've even tried passing in the VAULT_TOKEN to the vault command itself as VAULT_TOKEN=my-token vault read secret/token and I get the same error.

The Vault binary clearly pulls in the VAULT_ADDR as it hits the right domain but for some reason the VAULT_TOKEN isn't being pulled in.

I am using the generic backend and just testing out reading and writing some basic secrets. I'm using the basic token authentication and authorization that's built in.

What could be causing this?

Source

ascot21

👍13

Most helpful comment

for recent versions use vault login

madven on 21 May 2019

👍22 ❤3

All 11 comments

The most likely culprit would be a 0.3 server and a 0.2 client.

jefferai on 1 Oct 2015

🚀4 👍2

@jefferai that was it. Closing this.

ascot21 on 1 Oct 2015

@ascot21 @jefferai I am getting the error as below. Thoughts?

# vault write secret/elements/2.0/QA/marathon value=123456 
Error writing data to secret/elements/2.0/QA/marathon: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/secret/elements/2.0/QA/marathon
Code: 400. Errors:

* permission denied

gvenka008c on 3 Aug 2016

@gvenka008c It looks like the Vault token (likely in ~/.vault-token) is not updated properly.
Try doing a vault auth <valid_token> and see if it solves your problem.

Also, please post questions on the mailing list (https://groups.google.com/forum/m/#!forum/vault-tool) rather than creating new GitHub issues or posting on closed issues. This gets a lot more eyes on any particular question or idea.

It also prevents problematic issue workflows for questions where either the issue is closed immediately but then discussion continues on a closed issue; or, the issue is not closed, discussion dies down, and the issue remains open indefinitely waiting for further potential replies.

Thanks!

vishalnayak on 3 Aug 2016

👍10 🎉1

After vault init we get a token like export VAULT_TOKEN=xxxxxx
Then enter command vault auth <token>
That will solve the problem

kishorevbhosale on 3 Jan 2018

👍24 👎2

The most likely culprit would be a 0.3 server and a 0.2 client.

I am also getting the same error.
"Error: missing client token
at handleVaultResponse (/Users/jrao9/Documents/TestProject/node_modules/node-vault/src/index.js:49:21)
at process._tickCallback (internal/process/next_tick.js:68:7) response: { statusCode: 400, body: { errors: [Array] } } }"

I didnt understand, what is the solution you said here.
Could you please give me some steps to resolve this issue.

Thanks in advance.