Vault (HashiCorp) - curl equivalent of "vault read"

Question

Small question regarding Hashicorp Vault please.

I have a secret in Vault, under cubbyhole/mytestkey

If I log in to the web UI, I can see the key mytestkey and its value under cubbyhole

If I use the Vault CLI, running vault read /cubbyhole/mytestkey, I do get the result.

vault read /cubbyhole/mytestkey
Key     Value
---     -----
mytestkey    mytestvalue

However, when I use via curl (The token should be correct, since I used it to connect to Vault web UI), I get:

curl -vik -H "X-Vault-Token: token" https://remote-vault/cubbyhole/mytestkey
HTTP 404

May I ask what is the issue with my curl command? A path issue? And the correct one would be?

Thank you

Answer 1

Spend hours trying to figure out how to get the correct URL.

My key/values are stored in kv / myapp / database

Key         value 
server      10.10.10.1

To get the CURL url use -output-curl-string flag.

vault kv get -output-curl-string -mount=kv -field=server myapp/database

Result

curl -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" http://vaultserver.dev:8200/v1/kv/data/myapp/database

source: https://discuss.hashicorp.com/t/kv-secrets-engine-via-curl/30629

Answer 2

Your REST API endpoint is missing the port and the version of the API. You can update it to:

curl -vik -H "X-Vault-Token: token" https://remote-vault:8200/v1/cubbyhole/mytestkey

and modify the port if running on the non-default 8200.

You can find more information in the relevant documentation.