pythonhashicorp-vaulthvac

Why does HVAC does not see secrets in HashiCorp Vault?


I'm trying to use HashiCorp Vault with the HVAC Python client.

I've run vault docker container (development mode config) on localhost, created a KV secret engine kv1 (with version 1 API), added a secret mega_secret, added a key/value ("hell" --> "yeah") it it and tried to read it with HVAC.

At first, let's go to docker container terminal and check that the secret is alive:

# vault kv get kv1/mega_secret
==== Data ====
Key     Value
---     -----
hell    yeah

And now I'm trying to read it with HVAC.

import hvac

client = hvac.Client(url="http://localhost:8200", token="hvs.4MzADdB9pIHAggqaQWQZASx0", namespace="")
assert client.is_authenticated()
assert not client.sys.is_sealed()

print(client.kv.v1.read_secret(path="kv1/mega_secret"))  # Here will be crash

Error message:

hvac.exceptions.InvalidPath: no handler for route "secret/kv1/mega_secret".
route entry not found., on get http://localhost:8200/v1/secret/kv1/mega_secret

How can it be fixed?


Solution

  • Vault can mount the same secret engine multiple times, each on its own mount point. You have chosen to use kv1, no problem with that.

    HVAC assumes that secret is the name of the mount point by default.

    You will be able to read your secret by specifying the mount point like this:

    client.kv.v1.read_secret(mount_point="kv1", path="mega_secret")