vaultArchived
2 messages
Discussions related to Hashicorp Vault
michael sewover 4 years ago
Q on Approles: When I create an approle, it gets a role-id and a secret-id.
I understand that role-id is supposed to be static and can be generated once.
Is the secret-id supposed to be generated multiple times ie. every time the service (ie. jenkins or terraform) needs it?
Or is a human admin supposed to generate the secret every once in awhile?
I understand that role-id is supposed to be static and can be generated once.
Is the secret-id supposed to be generated multiple times ie. every time the service (ie. jenkins or terraform) needs it?
Or is a human admin supposed to generate the secret every once in awhile?
michael sewover 4 years ago(edited)
Jenkins Q: I can login from my desktop to an approle using role-id & secret-id, but when I plug those same things into a jenkins credential and try it inside a pipeline, I'm getting an Access denied:
... the withVault block fails with an access denied:
anybody seen this before? Google comes up blank.
def secrets = [
[path: 'app-myapp-kv/dev/db/app_account', secretValues: [
[envVar: 'db_app_password', vaultKey: 'password']
]]
]
def configuration = [vaultUrl: '<https://vault.intranet.com>',
vaultCredentialId: 'app-myapp-npd-jenkins-readonly',
engineVersion: 2]
pipeline {
stages {
stage('Hello') {
steps {
withVault([configuration: configuration, vaultSecrets: secrets]) {
// anything
}... the withVault block fails with an access denied:
[Pipeline] withVault
Retrieving secret: app-myapp-kv/dev/db/app_account
Access denied to Vault Secrets at 'app-myapp-kv/dev/db/app_account'anybody seen this before? Google comes up blank.