bolt with approle

[yuqo2450]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 7.17.0
• Ruby: 3.1.2p20
• Distribution: Fedora/Ubuntu
• Module version: latest

How to reproduce (e.g Puppet code you use)

I am trying to use this fuction with puppet bolt and no puppet-ca setup. So I am trying to use the approle auth for vault. If I curl with role_id and secret_id I can get a token so vault side is perfectly working.
I can also access my vault both via http and https (self signed cert).

Bolt plan:

plan project::class (
  TargetSpec $targets
 ) {
  $system_facts = run_plan('facts', 'targets' => $targets)
  $apply_result = apply($targets, '_description' => 'apply class') {
    $d = vault_lookup::lookup(
      'path/to/secret',
      'http(s)://vault.example.com',
      'approle',
    )

    notify { example :
      message => $d,
    }
  }

  $apply_result.each |$result| {
    $result.report['logs'].each |$log| {
      out::message("${log['level']}: ${log['message']}")
      out::message("--${log['source']}")
    }
  }

  return $apply_result
}

What are you seeing

When trying to read a secret from vault via https I get:
certificate verify failed unable to get local issuer certificate.
But the root ca is definatley trusted by linux.

When trying to read a secret from vault via http I get:
Received 404 response code from vault at http://vault.example.com/approle/login for authentication.
I exported environment variables as described in the documentation.

What behaviour did you expect instead

It is expected to read a secret from vault.

Any additional information you'd like to impart

I feel like environment variables are not beeing used, cause I have to set auth_method to approle as a function parameter otherwise I get redirected to http://vault.example.com/cert/login.

Would be nice if anyone could help me!