带有AWS方法的Terraform Vault提供商未看到AWS_PROFILE
我已经设置了我的Terraform Vault提供商,如下所示,并配置了适当的主体中的合适的Dev-Role-iam角色,如图所示,这正在通过我们的构建系统中使用,没有任何问题来检索秘密。
provider "vault" {
auth_login {
path = "auth/aws/login"
method = "aws"
parameters = {
role = "dev-role-iam"
}
}
}
当我在命令行上运行相同的命令以进行测试时,我无法使其工作,它会返回以下错误。
错误身份验证:无法从凭据链中检索凭据:Nocredential -Providers:链中没有有效的提供商。弃用。 对于详细消息,请参阅aws.config.credentialschainverboseerrors
最初,我认为我没有在保险库中正确设置SSO登录主体到达金库。实际上,网络跟踪表明,Vault正在尝试从169.254的元数据端点获得凭据。*地址当我显然在本地运行时。 如果设置设置,人们会期望提供商可以拾取AWS_Profile环境变量,但是似乎没有文档可以指示如何为此配置提供商,尽管似乎自1.9.0以来,Vault中的支持配置文件已经出现了,但是更改只是简单在SDK中显示颠簸。有人知道这是否可能吗?
I've setup my Terraform vault provider as follows and configured the appropriate dev-role-iam role in vault with a suitable principal as shown and this is working through our build system with no issues retrieving secrets.
provider "vault" {
auth_login {
path = "auth/aws/login"
method = "aws"
parameters = {
role = "dev-role-iam"
}
}
}
When I came to run the same command on the command line for testing I am unable to get this to work, it returns the following error.
Error authenticating: failed to retrieve credentials from credential chain: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Initially I thought that I hadn't set the SSO login principal correctly in vault, but I've subsequently found out that this is an SDK error and the request isn't even reaching vault. In fact a network trace shows that vault is attempting to get credentials from the metadata endpoint on the 169.254.* address when I am obviously running this locally.
One would expect the provider to pick up the AWS_PROFILE environment variable if set but there seems to be no documentation to indicate how to configure the provider for this though it seems that supporting profiles in vault has been around since 1.9.0, but the change simply shows a bump in the SDK. Does anybody know if this is possible and how?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论