Can't use TLS auth due to tls_disable = 1

[ksandrmatveyev]

Hi,

As this module use doesn't use tls it is not possible to use TLS authentication. There is an error:
tls connection is required

Step to reproduce:

• Provision Vault from the module
• Enable TLS auth
• Make some tests (add secret, policy and cert), e.g.:

# With Powershell on Windows
$vaulturl = "https://example.com"
$certpath = "Subject of a client cert in Windows Store"
$secret = "secret/test/test"
 
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::My, [System.Security.Cryptography.X509Certificates.StoreLocation]::LocalMachine)
$cert.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)
$result = $cert.Certificates.Find([System.Security.Cryptography.X509Certificates.X509FindType]::FindBySubjectDistinguishedName, $certpath, $false)
$cert.Close()

json = (Invoke-WebRequest -Uri "$vaulturl/v1/auth/cert/login" -Method 'POST' -Certificate $result[0] -UseBasicParsing).Content | ConvertFrom-Json
(Invoke-WebRequest -Headers @{"X-Vault-Token" = $json.auth.client_token} -ContentType "application/json" -Method 'GET' -Uri "$vaulturl/v1/$secret" -UseBasicParsing).Content

• And the error is:
  tls connection is required

[pdomineaux]

Hi, I'm facing the same issue.
I guess that the SSL termination is on load balancer so Vault is in fact not in full TLS as the communication between the LoadBalancer and the Vault Cluster is unencrypted.

Does anyone get a solution or workaround ?

This deployment is mostly up to date and fill all requirements to get a production ready vault cluster.
I hope I will not have to switch to another solution to deploy my cluster.