Issue
After upgrading the HashiCorp Vault plugin to a version between 2.3.0 and 3.6.0, trying to use vault credentials will fail with the error:
com.bettercloud.vault.VaultException: Vault responded with HTTP status code: 400
Response body: {"errors":["missing client token"]}
at com.bettercloud.vault.api.Auth.loginByAppRole(Auth.java:524)
at com.datapipe.jenkins.vault.credentials.VaultAppRoleCredential.getToken(VaultAppRoleCredential.java:54)
Caused: com.datapipe.jenkins.vault.exception.VaultPluginException: could not log in into vault
...
Environment
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
-
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
-
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
Resolution
Upgrade the HashiCorp Vault plugin to version 3.6.1 or newer.
The fix to the issue was https://github.com/jenkinsci/hashicorp-vault-plugin/pull/123 which is included in the 3.6.1 release.
This article is part of our Knowledge Base and is provided for guidance-based purposes only. The solutions or workarounds described here are not officially supported by CloudBees and may not be applicable in all environments. Use at your own discretion, and test changes in a safe environment before applying them to production systems.