AppRole authentication method does not work

Question

AppRole authentication method does not work

yanbin-pan opened this issue 2 years ago · 1 comments

The pattern shown in the documentation to authenticate using AppRole method does not seem work. When I pass a token instead Pydantic authenticates and retrieves the secrets.

I generate the ROLE_ID and SECRET_ID according to HashiCorp documentation and correct policy attached. This is verified as using the token method does retrieve the secrets.

vault read auth/approle/role/<MY_ROLE>/role-id
vault write -force auth/approle/role/<MY_ROLE>/secret-id

class Settings(BaseSettings):
    username: str = Field(
        ...,
        vault_secret_path=<PATH_TO_SECRET>,
        vault_secret_key="username",
    )
    password: SecretStr = Field(
        ...,
        vault_secret_path=<PATH_TO_SECRET>,
        vault_secret_key="password",
    )

    class Config:
        vault_url: str = <VAULT_URL>
        vault_role_id: str = <ROLE_ID>
        vault_secret_id: str = <SECRET_ID>

        @classmethod
        def customise_sources(
            cls,
            init_settings,
            env_settings,
            file_secret_settings,
        ):
            return (
                init_settings,
                env_settings,
                vault_config_settings_source,
                file_secret_settings,
            )

The error I am getting is the following

ValidationError: 2 validation errors for Settings
username
  field required (type=value_error.missing)
password
  field required (type=value_error.missing)

Answer 1 · 2023-08-25T13:00:34.000Z

Hello @yanbin-pan, very sorry for the delay!

Are you still having this issue? Have you followed the "Logging" documentation to increase logging of pydantic-vault to DEBUG level and see what happens?