问题
Using the non-dev vault server, I went ahead and used “Enable new engine” in the UI for kv version 1 and created a secret.
As a test, I am using a token with root permissions to attempt the following and receive the no route error:
curl -H "X-Vault-Token: " -X GET https://vaultwebsite.com/v1/secret/kvtest1/test12/test123
{“errors”:[“no handler for route ‘secret/kvtest/anothertest/test’”]}
My understanding is that there shouldn’t be the no handler issue as I enabled that secrets engine through the UI. Am I missing a step, policy, or is this an API path issue?
One of my references was https://www.reddit.com/r/hashicorp/comments/c429fo/simple_vault_workflow_help/ which lead me to review the enabled amount.
回答1:
My guess is that you've enabled a KV engine and wrote a secret to it, but the path secret/ is wrong.
For example, if i enable an engine and then try to read an existing value, then it works
$ vault secrets enable -version=1 -path kv kv
Success! Enabled the kv secrets engine at: kv/
$ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/kv/foo
{"request_id":"2db249af-10de-01c5-4603-8f89a46897b5","lease_id":"","renewable":false,"lease_duration":2764800,"data":{"v6":"1"},"wrap_info":null,"warnings":null,"auth":null}
But if i now try to read from a non existing path, i'd get the same error as you, for example
$ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/foobar/foo
{"errors":["no handler for route 'foobar/foo'"]}
It would help if you list your existing mounts and verify the path
$ curl --header "X-Vault-Token: $VAULT_TOKEN" $VAULT_ADDR/v1/sys/mounts
# or
$ vault secrets list
来源:https://stackoverflow.com/questions/63068001/hashicorp-vault-no-handler-for-route-error-despite-secrets-engine-being-enabled