I'm testing out HashiCorp Vault using their developer tier managed offering while I'm figuring things out. The public URL looks kind of like this: https://vault-cluster-public-vault-00000000.00000000.yy.hashicorp.cloud:8200
This might be a XY-problem: Ultimately I'm trying to fetch secrets via Puppet using the TLS Certificates auth method. When running puppet agent --test
I get "client certificate must be supplied"
, I am able to reproduce it using curl
:
sudo curl \
--request POST \
--cert /etc/puppetlabs/puppet/ssl/certs/vault-cluster-public-vault-00000000.00000000.yy.hashicorp.cloud.pem \
--key /etc/puppetlabs/puppet/ssl/private_keys/vault-cluster-public-vault-00000000.00000000.yy.hashicorp.cloud.pem \
--data '{"name": "puppet-server"}' \
--header "X-Vault-Namespace: admin" \
https://vault-cluster-public-vault-00000000.00000000.yy.hashicorp.cloud:8200/v1/auth/cert/login
This returns:
{"errors":["client certificate must be supplied"]}
Based on many answers, others say it might come down to setting tls_disable_client_certs
, or tls_require_and_verify_client_cert
, or tls_client_ca_file
in the "config stanza": https://stackoverflow.com/a/52405154/604048
As I'm paying for a managed server, I don't know where to do this. How do I change this configuration? I can't find any configuration options in their portal.