Search code examples
javaspring-vault

Writing object with Spring Vault returns Status 400 : no data provided


I am investigating how I can use Vault 0.11.1 and Spring Vault 2.0.2.RELEASE. I have set up a dev Vault:

vault server -dev

and added some data

vault kv put secret/certs/jan cert=ABCD

which I can read with Spring Vault

      @Autowired
      private VaultOperations operations;

            String path = "secret/data/certs/jan";
            System.out.println(operations.read(path).getData());

note that, curiously, I have to insert "data/" in the path to find it again.

deleting the data works fine too:

            operations.delete(path);

but writing data with

            Secret secret = new Secret("ABCD");
            operations.write(path, secret);

fails with

org.springframework.vault.VaultException: Status 400 secret/data/certs/jan: no data provided

Secret is a simple bean:

@AllArgsConstructor
@NoArgsConstructor
@Data
public class Secret {
    String cert;
}

and the jason conversion seems to go fine:

DEBUG org.springframework.web.client.RestTemplate - Writing [Secret(cert=ABCD)] using [org.springframework.http.converter.json.MappingJackson2HttpMessageConverter@add0edd]

Simply trying to write a String

            operations.write(path, "foo=bar");

also fails:

Status 400 secret/data/certs/jan: failed to parse JSON input: invalid character 'o' in literal false (expecting 'a')

Solution

  • It looks like you're using Vault's versioned Key-Value backend. New instances of Vault 0.10 and newer mount the versioned backend by default at secret/ which requires you to use a specific API.

    There are subtle API differences between the unversioned (v1) and versioned (v2) Key Value backend, that add additional elements to the context path and the actual JSON payload.

    Example for Key-Value backend v1:

    POST /v1/secret/certs/jan
    
    {"key":"value"}
    

    Example for Key-Value backend v2:

    POST /v1/secret/data/certs/jan
    
    {"data":{"key":"value"}}
    

    For using Spring Vault, this means that you need to upgrade to version 2.1.0 and use the VaultKeyValueOperations API:

    VaultKeyValueOperations keyValue = vaultOperations.opsForKeyValue("secret", KeyValueBackend.versioned());
    keyValue.put("certs/jan", secret);