我使用Hashicorp vault作为机密存储,并通过apt存储库在Ubuntu 20.04上安装了它。
之后,我添加了根键来访问UI,并且可以使用UI添加或删除机密。
每当我试图使用命令行添加或获取机密时,我都会收到以下错误:
jarvis@saki:~$ vault kv get secret/vault
Get "https://127.0.0.1:8200/v1/sys/internal/ui/mounts/secret/vault": http: server gave HTTP response to HTTPS client
我的保险库配置如下:
# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
ui = true
#mlock = true
#disable_mlock = true
storage "file" {
path = "/opt/vault/data"
}
#storage "consul" {
# address = "127.0.0.1:8500"
# path = "vault"
#}
# HTTP listener
#listener "tcp" {
# address = "127.0.0.1:8200"
# tls_disable = 1
#}
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "/opt/vault/tls/tls.crt"
tls_key_file = "/opt/vault/tls/tls.key"
}
# Example AWS KMS auto unseal
#seal "awskms" {
# region = "us-east-1"
# kms_key_id = "REPLACE-ME"
#}
# Example HSM auto unseal
#seal "pkcs11" {
# lib = "/usr/vault/lib/libCryptoki2_64.so"
# slot = "0"
# pin = "AAAA-BBBB-CCCC-DDDD"
# key_label = "vault-hsm-key"
# hmac_key_label = "vault-hsm-hmac-key"
#}
我解决了这个问题。尽管这个异常可能对多个类似的问题很常见,但我通过导出运行以下命令后生成的根令牌来解决这个问题:
vault server -dev
输出类似于
...
You may need to set the following environment variable:
$ export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: 1+yv+v5mz+aSCK67X6slL3ECxb4UDL8ujWZU/ONBpn0=
Root Token: s.XmpNPoi9sRhYtdKHaQhkHP6x
Development mode should NOT be used in production installations!
...
然后只需运行以下命令即可导出这些变量:
export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN="s.XmpNPoi9sRhYtdKHaQhkHP6x"
注意:替换";s.XmpNPoi9RhYtdKHaQhkHP6x";将您的令牌作为上述命令的输出接收。
然后运行以下命令检查状态:
vault status
同样,对于许多不同的问题,错误消息可能是相似的。
在Windows 10上的PowerShell中,我可以这样设置:
$Env:VAULT_ADDR='http://127.0.0.1:8200'
然后
vault status
返回正确。这是在Vault 1.7.3上的开发模式
您可以通过在命令行上指定VAULT_ADDR并按enter键来回显它——与上面的设置行相同,但省略=符号及其后面的所有内容
$Env:VAULT_ADDR
输出:
键值--------Seal Type shamir Initialized true Sealed false Total Shares 1 Threshold 1 Version
1.7.3存储类型inmem Cluster Name vault-Cluster-80649ba2 Cluster ID 2a35e304-0836-2896-e927-66722e7ca488 HA Enabled
false
尝试使用一个新的终端窗口。这对我有效