I have created a secret in the default cubbyhole secret engine named secret1.
Now I'd like to read this secret, which works fine from vault online CLI :
vault read cubbyhole/secret1
But with the following code :
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
ReadSecret().Wait();
}
public static async Task ReadSecret()
{
IAuthMethodInfo authMethod = new TokenAuthMethodInfo("My Token");
var vaultClientSettings = new VaultClientSettings("My Url", authMethod);
IVaultClient vaultClient = new VaultClient(vaultClientSettings);
Secret<SecretData> kv2Secret = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path: "secret1");
Console.WriteLine($"Secret data : {kv2Secret.Data}");
}
I get a Permission Exception.
I tried to change the code to :
Secret<SecretData> kv2Secret = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path: "secret1", mountPoint: "cubbyhole");
And I get the error :
System.AggregateException : 'One or more errors occurred. ({"errors":[]})'
How can I read my secret ?
KV2 != Cubbyhole
When struggling with the correct API path to use, remember that the vault binary has "-output-curl-string" which tells you the right way of asking for the path you're looking for.
# vault kv put cubbyhole/foo a=1
Success! Data written to: cubbyhole/foo
# vault kv get -output-curl-string cubbyhole/foo
curl -H "X-Vault-Token: $(vault print token)" -H "X-Vault-Request: true" http://127.0.0.1:8200/v1/cubbyhole/foo
So the path you're looking for is not the KV nor KV2 path.