Replies: 1 comment
-
Hi @ziedb , the reason is that when you use the I don't know if it has been implemented yet, but someone familiar with Vault mentioned that they may be recommending a new way to do this that makes it more clear: ansible-collections/community.hashi_vault#229 (comment) For list_folders = myClient.secrets.kv.v2.list_secrets(path='secret/dev/appli/') it would be list_folders = myClient.secrets.kv.v2.list_secrets(path='dev/appli/', mount_point='secret') The clue is at the very end of your error message, where you can see that the URL it was trying to access is |
Beta Was this translation helpful? Give feedback.
-
Hello
With vault command I can get lit keys from https server:
##--------------------Vault command---------------------------------------------------
vault.exe kv list -address='https://myServer' -ca-path='CA-EDF.crt' 'secret/dev/appli/'
Keys
generic
test
But with hvac lib in Pytho, n I have "hvac.exceptions.Forbidden" exception
##-------------------------------Python-------------------------------------------------------------------
import hvac
import sys
import os
from hvac import Client
VAULT_URL = 'https://Myserver'
TOKEN = 's.TmDZ3ncS3iXaGOWdPkaNqrUr'
CA_CERTIF = r'CA-EDF.crt'
def vault_connection(url, token, verify) -> hvac.Client :
client = hvac.Client(
url=url,
token=token,
verify=verify,
)
print (client.is_authenticated())
return client
myClient: Client = vault_connection(VAULT_UR, TOKEN, CA_CERTIF)
list_folders = myClient.secrets.kv.v2.list_secrets(path='secret/dev/appli/')
##-------------------------------------------out put with error--------------------------------------------------------
True
Traceback (most recent call last):
File "*******************\main.py", line 57, in
list_folders = myClient.secrets.kv.v2.list_secrets(path='secret/dev/appli/')
File "\vaultAccess\venv\lib\site-packages\hvac\api\secrets_engines\kv_v2.py", line 330, in list_secrets
return self._adapter.list(
File "\vaultAccess\venv\lib\site-packages\hvac\adapters.py", line 164, in list
return self.request("list", url, kwargs)
File **********************\vaultAccess\venv\lib\site-packages\hvac\adapters.py", line 356, in request
response = super().request(*args, kwargs)
File "\vaultAccess\venv\lib\site-packages\hvac\adapters.py", line 322, in request
utils.raise_for_error(
File "\vaultAccess\venv\lib\site-packages\hvac\utils.py", line 40, in raise_for_error
raise exceptions.Forbidden(message, errors=errors, method=method, url=url)
hvac.exceptions.Forbidden: 1 error occurred:
* permission denied
, on list https://server/v1/secret/metadata/secret/dy5
Beta Was this translation helpful? Give feedback.
All reactions