I am using approle auth method.

I initialized auth method

Then build vault settings

I am using secret path as combination of namespace + secret path

When fetching secrets it is giving permission denied error.

When I check auth method info it is showing null.
So is this causing error as : permission denied?

Please suggest.

@kirankg15

The first parameter for ReadSecretAsync is not the namespace. It is the path of the secret.
You're using namespace. Change and let me know

@rajanadar
I updated my comment and code aswell
please recheck

Here is a sample snippet that can read a secret.
You don't need to provide namespace here

var secret = vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(path: "test2-key", mountPoint: "xyz-kv-secret").Result;

@rajanadar
Added that snippet but still same error

Then the role policies need to be checked. Can you try using CLI?
If you see the same error, then the role has been setup with some missing permissions

Yes I set them through cli and when I test them with postman methods i can see secrets.

But as you said let me recheck the role policies again.

@rajanadar
I recreated the policy.

Also recreated the role with attached policy

Still getting the same error.
But when tested through api,i can get the secret

Can you show me the API call that is working? The URL, Header etc.

Here it is a working api call.

How did you get the token in that header? The hvs.C*** one?
Did you get it by doing a CLI login on the AppRole role id, secret id etc.?

Yes i retrieved it with role id and secret id by hitting another api method call.
Call: V1/auth/approle/login
Then I am using that token in above mentioned api to fetch secrets.

Can you let me know the exact URL you used to fetch the login token?

v1/auth/approle/login doesn't sound right because, your mountpoint in other snippet says test_approle as the mount point.

So the login url should be v1/auth/test_approle/login

@rajanadar
That's correct url:v1/auth/test_approle/login

I just given you that by modifying for security reasons.

OK thanks.

Instead of app role Auth info, can you please use the TokenAuthMethod and use the above working token, and then try the same read secret call? Only for debugging purposes.

Vault Sharp will throw a nice exception, if it is not able to fetch a vault token using the app role parameters. Because you didn't get that error, I don't think the problem is in the app role token creation.

The problem seems to be more on the policies. Some path or namespace is creating the issue

OK thanks.

Instead of app role Auth info, can you please use the TokenAuthMethod and use the above working token, and then try the same read secret call? Only for debugging purposes.

@rajanadar
With token authentication also, I am getting the same error.

@rajanadar
Hey finally issue got resolved.
The url was the culprit.
I was appending /V1 to the base url.
I rechecked all your methods where you are already appending V1 /auth wherever necessary so I removed and tried.
It's worked like a charm.

Good to hear.