I'm trying to run Hashicorp Vault and MinIO KES Server as self-hosted solutions on my server. However, I get Error: failed to create key "my-app-1": bad gateway: failed to create key error from client when I try to create a key. Here are my configs:
vault-config.json
{
"api_addr": "https://vaultnew.mycompany.com:8200",
"backend": {
"file": {
"path": "./data/vault/file"
}
},
"default_lease_ttl": "168h",
"max_lease_ttl": "720h",
"listener": {
"tcp": {
"address": "0.0.0.0:8200",
"tls_cert_file": "/home/ubuntu/vault_certs/fullchain.pem",
"tls_key_file": "/home/ubuntu/vault_certs/privkey.pem",
"tls_min_version": "tls12"
}
}
}
kes-policy.hcl
path "kv/*" {
capabilities = [ "create", "read", "delete" ]
}
config.yml
address: 0.0.0.0:7373 # Listen on all network interfaces on port 7373
admin:
identity: disabled # We disable the admin identity since we don't need it in this guide
tls:
key: /home/ubuntu/kes_certs/privkey.pem # The KES server TLS private key
cert: /home/ubuntu/kes_certs/fullchain.pem # The KES server TLS certificate
policy:
my-app:
allow:
- /v1/key/create/my-app*
- /v1/key/generate/my-app*
- /v1/key/decrypt/my-app*
identities:
- <output from kes identity of minio_client_fullchain.pem>
keystore:
vault:
endpoint: https://vaultnew.mycompany.com:8200
version: v1 # The K/V engine version - either "v1" or "v2".
approle:
id: "b2191d58-a86a-5b77-987d-3fa9fb92152f" # Your AppRole ID
secret: "cd247831-97c7-cf83-b33d-9962c2e2a132" # Your AppRole Secret
retry: 15s
status:
ping: 10s
This is the error log from KES Server:
2024/01/17 11:19:42 vault: failed to create 'kv/my-app-1': Error making API request.
URL: PUT https://vaultnew.mycompany.com:8200/v1/kv/my-app-1
Code: 403. Errors:
* 1 error occurred:
* permission denied