I’m running into errors when trying to create Vault keys and I’m running out of ideas on why this is happening. Does anyone have advice on ways to extract more detailed logs to debug this issue?
My Vault policy configuration looks like this:
path "myapp-tde/data/*" {
capabilities = ["read", "create", "update", "list"]
}
path "myapp-tde/metadata/*" {
capabilities = ["read", "list"]
}
path "sys/mounts/*" {
capabilities = ["read"]
}
And the PGSQL call I’m using to add the Vault key provider:
SELECT pg_tde_add_global_key_provider_vault_v2(
'vault-provider',
'https://vault.example.internal',
'myapp-tde/data/global-key',
'/etc/postgresql/secrets/vault_token.txt',
'/etc/pki/ca-trust/source/anchors/ca.crt',
'app-npd/'
);
Error:
ERROR: failed to parse mount info for "https://vault.example.internal" at mountpoint "myapp-tde/data/global-key": missing type field
I’ve verified my policy and paths, but I’m still hitting this error. Any tips on how to get more detailed Vault or PostgreSQL logs to understand what’s failing would be greatly appreciated.