Search code examples
command-line-interfacehashicorp-vaultvault

Reading secrets from Vault CLI

I'm trying to read secrets from Vault using CLI using the following commands:

JWT=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
vault write auth/kubernetes/login role="${K8S_ROLE_IDENTIFIER}" jwt="${JWT}"

When calling vault write, I am getting the following:

'Error writing data to auth/kubernetes/login: Error making API request.\n'
'URL: PUT https://...:8200/v1/auth/kubernetes/login\n'
'Code: 400. Errors:\n'
'* missing client token\n'

The token is actually there. I was able to echo JWT but I am still getting missing client token error.

Any ideas?

Thank you!

Solution

  • Here's the solution:

    VAULT_TOKEN=$(vault write -format="json" \
  auth/"${VAULT_PATH}"/login \
  role="${K8S_ROLE_IDENTIFIER}" \
  jwt="${JWT}" \
  | jq -r '.auth["client_token"]')