尽管通过 UI 启用了机密引擎，但 HashiCorp Vault 没有路由错误处理程序 [英] HashiCorp Vault No handler for route error despite secrets engine being enabled through the UI

问题描述

使用非 dev Vault 服务器，我继续在 kv 版本 1 的 UI 中使用启用新引擎"并创建了一个秘密.

Using the non-dev vault server, I went ahead and used "Enable new engine" in the UI for kv version 1 and created a secret.

作为测试，我使用具有 root 权限的令牌尝试以下操作并收到无路由错误:

As a test, I am using a token with root permissions to attempt the following and receive the no route error:

curl -H "X-Vault-Token: "-X GET https://vaultwebsite.com/v1/secret/kvtest1/test12/test123

curl -H "X-Vault-Token: " -X GET https://vaultwebsite.com/v1/secret/kvtest1/test12/test123

{errors":[路由‘secret/kvtest/anothertest/test’没有处理程序"]}

{"errors":["no handler for route ‘secret/kvtest/anothertest/test’"]}

我的理解是不应该存在无处理程序问题，因为我通过 UI 启用了该机密引擎.我是否遗漏了某个步骤、政策，或者这是 API 路径问题?

My understanding is that there shouldn’t be the no handler issue as I enabled that secrets engine through the UI. Am I missing a step, policy, or is this an API path issue?

我的参考资料之一是 https://www.reddit.com/r/hashicorp/comments/c429fo/simple_vault_workflow_help/ 引导我查看启用的金额.

One of my references was https://www.reddit.com/r/hashicorp/comments/c429fo/simple_vault_workflow_help/ which lead me to review the enabled amount.

推荐答案

我的猜测是您已经启用了 KV 引擎并向其写入了机密，但是路径 secret/ 是错误的.

My guess is that you've enabled a KV engine and wrote a secret to it, but the path secret/ is wrong.

例如，如果我启用引擎然后尝试读取现有值，则它可以工作

For example, if i enable an engine and then try to read an existing value, then it works

$ vault secrets enable -version=1 -path kv kv
Success! Enabled the kv secrets engine at: kv/
$ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/kv/foo
{"request_id":"2db249af-10de-01c5-4603-8f89a46897b5","lease_id":"","renewable":false,"lease_duration":2764800,"data":{"v6":"1"},"wrap_info":null,"warnings":null,"auth":null}

但是如果我现在尝试从一个不存在的路径读取，我会得到和你一样的错误，例如

But if i now try to read from a non existing path, i'd get the same error as you, for example

$ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/foobar/foo
{"errors":["no handler for route 'foobar/foo'"]}

如果您列出现有的挂载并验证路径会有所帮助

It would help if you list your existing mounts and verify the path

$ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/mounts
# or
$ vault secrets list

这篇关于尽管通过 UI 启用了机密引擎，但 HashiCorp Vault 没有路由错误处理程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！