我已使用this保险柜指南中确切描述的自动解封机制安装保险库。我已启用Vault的kv2引擎。我有一个初始根令牌,说A。
当我执行保管库登录时,这是输出:
$ vault login A
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token s.1I9rh0Zrza4iirIVICDGs5qb
token_accessor Gwb0BHIcLhgxfHEOCYSmIDo9
token_duration ∞
token_renewable false
token_policies ["root"]
identity_policies []
policies ["root"]
当尝试在kv2引擎下列出机密时,我得到以下输出:
$ vault kv list kv/
Error making API request.
URL: GET http://127.0.0.1:8100/v1/sys/internal/ui/mounts/kv
Code: 403. Errors:
* preflight capability check returned 403, please ensure client's policies grant access to path "kv/"
当我做Vault秘密列表时,我可以得到以下输出:
$ vault secrets list
Path Type Accessor Description
---- ---- -------- -----------
cubbyhole/ cubbyhole cubbyhole_9c077ecb per-token private secret storage
identity/ identity identity_b5f8b75e identity store
kv-v2/ kv kv_378c691e n/a
sys/ system system_4654c548 system endpoints used for control, policy and debugging
我似乎无法理解为什么根令牌无法通过kv-2引擎进行访问。据我了解,我相信根令牌可以访问所有路径,而与任何策略无关。补充一点,我还没有创建任何自定义策略,也没有任何其他令牌设置。