Vault: Error with Intro Guide - "Your First Secret"

Created on 10 Aug 2016  路  6Comments  路  Source: hashicorp/vault

I started the vault server in dev mode, as instructed by the intro. I left that instance running in the foreground and opened a new shell. I attempted to write my first secret:

vagrant@host1:~$ vault status
Sealed: false
Key Shares: 1
Key Threshold: 1
Unseal Progress: 0

High-Availability Enabled: false
vagrant@host1:~$ vault write secret/hello value=world
Error writing data to secret/hello: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/secret/hello
Code: 400. Errors:

* missing client token

I received a _missing client token_ error. I presume I need to set the VAULT_TOKEN environment variable, in addition to the VAULT_ADDR environment variable? The guide makes no mention of this.

See: https://github.com/hashicorp/vault/blob/master/website/source/intro/getting-started/first-secret.html.md

picture tkambler

Most helpful comment

I ran into the same issue. I was running the server under another user. I would suggest adding a note to the document about the .vault-token file.

picture brianchoate on 16 Aug 2016
👍3

All 6 comments

The token should be getting populated into ~/.vault-token by the dev command. Is there a token in there? What version of Vault?

jefferai picture jefferai on 10 Aug 2016

It is. I discovered the source of the problem - it's my fault. Closing this out.

tkambler picture tkambler on 10 Aug 2016

I ran into the same issue. I was running the server under another user. I would suggest adding a note to the document about the .vault-token file.

brianchoate picture brianchoate on 16 Aug 2016
👍3

I may add that I'm learning Vault via its Docker image (https://hub.docker.com/_/vault/). Using this to run a Dev mode instance, then docker exec -it --env VAULT_ADDR=http://127.0.0.1:8200 vault vault write secret/hello value=world to test writing secrets, I encounter the name problem, having this non-obvious solution.

Of course issuing docker exec -it vault sh -c "echo 'myroot' >> ~/.vault-token" does resolve it. My only hope here is to encourage documentation of this fact. (In the tutorial, and on the Docker Hub page.)

excalq picture excalq on 10 Nov 2017

@excalq Why not just use the VAULT_TOKEN env var?

jefferai picture jefferai on 10 Nov 2017

I lost an hour trying to figure out why I'm getting this error. Seriously?! After over two years this hasn't been addressed in the for-noops-tutorial? Why bother using the "learning" platform, then?!

For the record: I've set

export VAULT_TOKEN=$VAULT_DEV_ROOT_TOKEN_ID

to interface my Vault dev server (official Docker image) with a local Vault binary.

My guess is that VAULT_DEV_ROOT_TOKEN_ID isn't even read by the CLI since there's no mention in https://www.vaultproject.io/docs/commands/.

lusitania picture lusitania on 3 May 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lbernail picture lbernail  路  31Comments
TopherGopher picture TopherGopher  路  36Comments
sochoa picture sochoa  路  39Comments
emk picture emk  路  79Comments
mwitkow picture mwitkow  路  142Comments