Search code examples
spring-bootmavenhashicorp-vaultspring-cloud-vault-config

I am using hashicorp vault with springboot maven to store my databse credentials. Getting 403 Permission denied while trying to access the vault


Note : Vault is managed by different team in my project. Below is my boorstrap.yml config

spring:
    application:
       name: MongoSecrets

profiles:
   active: dev
cloud:
   vault:
      enabled: true
      uri: https://vaulturl:443
      scheme: https
       token: "LDAP token"
       kv:
          enaled: true
           backend: MySecrets
       ssl:
           trust-store: cacerts

Dependencies used - spring-cloud-starter-vault-config, spring-cloud-dependencies

Received access to MySecrets folder from Vault team. Below is the policies set for the folder

path "MySecrets/*" {capabilities= ["create","read","update","delete","list"]}

Below is the exception i am getting:

org.springframework.vault.authentication.LifecycleAwareSessionManager : Scheduling Token renewal
  org.springframework.vault.core.lease.SecretLeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/MySecrets/dev', mode=ROTATE]] Lease [leaseId='null', leaseDuration=PT0S, renewable=false] Status 403 FORBIDDEN secrets/MySecrets/dev: 1 error occurred:
  | * permission denied
  |  
  |  
  | org.springframework.vault.VaultException: Status 403 FORBIDDEN secret/MySecrets/dev: 1 error occurred:
  | * permission denied

Solution

  • generic:  
      enabled: false    
    kv:  
     enabled: true
    

    Changing bootstrap to above worked for me. Seems there was some issue in the way my Client has set up Vault policies. By Default Generic backends are enabled.