Search code examples

HashiCorp Vault No handler for route error despite secrets engine being enabled through the UI

Using the non-dev vault server, I went ahead and used “Enable new engine” in the UI for kv version 1 and created a secret.

As a test, I am using a token with root permissions to attempt the following and receive the no route error:

curl -H "X-Vault-Token: " -X GET

{“errors”:[“no handler for route ‘secret/kvtest/anothertest/test’”]}

My understanding is that there shouldn’t be the no handler issue as I enabled that secrets engine through the UI. Am I missing a step, policy, or is this an API path issue?

One of my references was which lead me to review the enabled amount.


  • My guess is that you've enabled a KV engine and wrote a secret to it, but the path secret/ is wrong.

    For example, if i enable an engine and then try to read an existing value, then it works

    $ vault secrets enable -version=1 -path kv kv
    Success! Enabled the kv secrets engine at: kv/
    $ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/kv/foo

    But if i now try to read from a non existing path, i'd get the same error as you, for example

    $ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/foobar/foo
    {"errors":["no handler for route 'foobar/foo'"]}

    It would help if you list your existing mounts and verify the path

    $ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/mounts
    # or
    $ vault secrets list