小贝子编程

Vault错误,服务器向HTTPS客户端发出HTTP响应



我使用Hashicorp vault作为机密存储,并通过apt存储库在Ubuntu 20.04上安装了它。

之后,我添加了根键来访问UI,并且可以使用UI添加或删除机密。

每当我试图使用命令行添加或获取机密时,我都会收到以下错误:

jarvis@saki:~$ vault kv get secret/vault 
Get "https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/vault": http: server gave HTTP response to HTTPS client

我的保险库配置如下:

# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
ui = true
#mlock = true
#disable_mlock = true
storage "file" {
path = "/opt/vault/data"
}
#storage "consul" {
#  address = "127.0.0.1:8500"
#  path    = "vault"
#}
# HTTP listener
#listener "tcp" {
#  address = "127.0.0.1:8200"
#  tls_disable = 1
#}
# HTTPS listener
listener "tcp" {
address       = "0.0.0.0:8200"
tls_cert_file = "/opt/vault/tls/tls.crt"
tls_key_file  = "/opt/vault/tls/tls.key"
}
# Example AWS KMS auto unseal
#seal "awskms" {
#  region = "us-east-1"
#  kms_key_id = "REPLACE-ME"
#}
# Example HSM auto unseal
#seal "pkcs11" {
#  lib            = "/usr/vault/lib/libCryptoki2_64.so"
#  slot           = "0"
#  pin            = "AAAA-BBBB-CCCC-DDDD"
#  key_label      = "vault-hsm-key"
#  hmac_key_label = "vault-hsm-hmac-key"
#}

我解决了这个问题。尽管这个异常可能对多个类似的问题很常见,但我通过导出运行以下命令后生成的根令牌来解决这个问题:

vault server -dev

输出类似于

...
You may need to set the following environment variable:
$ export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: 1+yv+v5mz+aSCK67X6slL3ECxb4UDL8ujWZU/ONBpn0=
Root Token: s.XmpNPoi9sRhYtdKHaQhkHP6x
Development mode should NOT be used in production installations!
...

然后只需运行以下命令即可导出这些变量:

export VAULT_ADDR='http://127.0.0.1:8200'

export VAULT_TOKEN="s.XmpNPoi9sRhYtdKHaQhkHP6x"

注意:替换";s.XmpNPoi9RhYtdKHaQhkHP6x";将您的令牌作为上述命令的输出接收。

然后运行以下命令检查状态:

vault status

同样,对于许多不同的问题,错误消息可能是相似的。

在Windows 10上的PowerShell中,我可以这样设置:

$Env:VAULT_ADDR='http://127.0.0.1:8200'

然后

vault status

返回正确。这是在Vault 1.7.3上的开发模式

您可以通过在命令行上指定VAULT_ADDR并按enter键来回显它——与上面的设置行相同,但省略=符号及其后面的所有内容

$Env:VAULT_ADDR

输出:

键值--------Seal Type shamir Initialized true Sealed false Total Shares 1 Threshold 1 Version
1.7.3存储类型inmem Cluster Name vault-Cluster-80649ba2 Cluster ID 2a35e304-0836-2896-e927-66722e7ca488 HA Enabled
false

尝试使用一个新的终端窗口。这对我有效

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium