I just connected fabio to our vault and got stuck in a permission issue. Fabio always reported:

2022/06/23 07:17:03 [ERROR] cert: Cannot load certificates from secret/fabio/certs. vault: query mount path: Error making API request.

URL: GET https://cluster-vault-staging.fme.lan:8200/v1/sys/internal/ui/mounts/secret/fabio/certs
Code: 403. Errors:

The fun part is that this path is not documented as necessary policy entry in the vault section. I checked the code and fount the function kvPreflightVersionRequest as culprit, which should report the version of the kv secrets store. We use kv2. It works when the following section is added to the fabio policy in vault:

path "sys/internal/ui/mounts/secret/fabio/certs" {
  capabilities = ["read"]
}

This should be part of the documentation.