HashiCorp Vault plugin fails to loginByAppRole with HTTP status code 400

Article ID:4404261195803
1 minute readKnowledge base

Issue

After upgrading the HashiCorp Vault plugin to a version between 2.3.0 and 3.6.0, trying to use vault credentials will fail with the error:

com.bettercloud.vault.VaultException: Vault responded with HTTP status code: 400
Response body: {"errors":["missing client token"]}

	at com.bettercloud.vault.api.Auth.loginByAppRole(Auth.java:524)
	at com.datapipe.jenkins.vault.credentials.VaultAppRoleCredential.getToken(VaultAppRoleCredential.java:54)
Caused: com.datapipe.jenkins.vault.exception.VaultPluginException: could not log in into vault
...

Resolution

Upgrade the HashiCorp Vault plugin to version 3.6.1 or newer.

The fix to the issue was https://github.com/jenkinsci/hashicorp-vault-plugin/pull/123 which is included in the 3.6.1 release.

Tested product/plugin versions

CloudBees Jenkins Platform 2.263.4.2

This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.