我在Vault服务器上配置了一个策略,仅用于从my/secret_key_path/here
读取带有注释@VaultPropertySource("my/secret_key_path/here")
的配置类的密钥,并且我在启动时遇到此错误,无法检索密钥的值:< / p>
org.springframework.vault.VaultException: Status 403 secret/my/secret_key_path/here/dev: permission denied
at org.springframework.vault.client.VaultResponses.buildException(VaultResponses.java:83) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate$2.doWithRestOperations(VaultTemplate.java:341) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:318) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:327) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:227) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:467) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:297) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:256) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:147) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:133) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:155) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:89) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.doCreatePropertySources(VaultPropertySourceLocatorSupport.java:170) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.createCompositePropertySource(VaultPropertySourceLocatorSupport.java:145) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.locate(VaultPropertySourceLocatorSupport.java:116) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:93) [spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:567) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:338) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:301) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at test.WriterServiceApplication.main(WriterServiceApplication.java:17) [classes!/:1.0-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_151]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_151]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_151]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_151]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
2018-01-19 12:56:14.872 WARN 28733 --- [ main] LeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/application/dev', mode=ROTATE]] Lease [leaseId='null', leaseDuration=0, renewable=false] Status 403 secret/application/dev: permission denied
org.springframework.vault.VaultException: Status 403 secret/application/dev: permission denied
at org.springframework.vault.client.VaultResponses.buildException(VaultResponses.java:83) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate$2.doWithRestOperations(VaultTemplate.java:341) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:318) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:327) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:227) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:467) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:297) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:256) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:147) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:133) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:155) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:89) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.doCreatePropertySources(VaultPropertySourceLocatorSupport.java:170) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.createCompositePropertySource(VaultPropertySourceLocatorSupport.java:145) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.locate(VaultPropertySourceLocatorSupport.java:116) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:93) [spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:567) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:338) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:301) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at test.WriterServiceApplication.main(WriterServiceApplication.java:17) [classes!/:1.0-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_151]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_151]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_151]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_151]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
2018-01-19 12:56:14.875 WARN 28733 --- [ main] LeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/application', mode=ROTATE]] Lease [leaseId='null', leaseDuration=0, renewable=false] Status 403 secret/application: permission denied
org.springframework.vault.VaultException: Status 403 secret/application: permission denied
at org.springframework.vault.client.VaultResponses.buildException(VaultResponses.java:83) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate$2.doWithRestOperations(VaultTemplate.java:341) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:318) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:327) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:227) ~[spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:467) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:297) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:256) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:147) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.<init>(LeaseAwareVaultPropertySource.java:133) [spring-vault-core-1.1.1.RELEASE.jar!/:1.1.1.RELEASE]
at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:155) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.LeasingVaultPropertySourceLocator.createVaultPropertySource(LeasingVaultPropertySourceLocator.java:89) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.doCreatePropertySources(VaultPropertySourceLocatorSupport.java:170) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.createCompositePropertySource(VaultPropertySourceLocatorSupport.java:145) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.vault.config.VaultPropertySourceLocatorSupport.locate(VaultPropertySourceLocatorSupport.java:116) [spring-cloud-vault-config-1.1.0.RELEASE.jar!/:1.1.0.RELEASE]
at org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration.initialize(PropertySourceBootstrapConfiguration.java:93) [spring-cloud-context-1.3.0.RELEASE.jar!/:1.3.0.RELEASE]
at org.springframework.boot.SpringApplication.applyInitializers(SpringApplication.java:567) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.prepareContext(SpringApplication.java:338) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:301) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1118) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1107) [spring-boot-1.5.8.RELEASE.jar!/:1.5.8.RELEASE]
at test.WriterServiceApplication.main(WriterServiceApplication.java:17) [classes!/:1.0-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_151]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_151]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_151]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_151]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [vault_boot_poc-1.0-SNAPSHOT.jar:1.0-SNAPSHOT]
编辑:仅在使用仅为读取该保险库端点而生成的令牌时才会出现此问题。