So I used the 'Setting up a Barbican Development Environment' guide (cannot link jet) to setup a local Barbican instance. I want to use it to test compatibility with a HSM via PKCS#11. I followed the guide without a problem until I reached chapter 'Running Barbican'. Here it tells me to verify my installation by using curl. So I ran the following command to store a plain-text secret:

curl -X POST -H 'content-type:application/json' -H 'X-Project-Id:12345' -d '{"payload": "my-secret-here", "payload_content_type": "text/plain"}' http://localhost:9311/v1/secrets

If I read the guide correctly, Barbican should not require a login for this. Quote:

Note that the default configuration uses the unauthenticated context. This means that requests should include the X-Project-Id header instead of including a keystone token in the X-Auth-Token header.

However, if I use the command, it fails with a HTTP 401 error giving me the following body:

{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

Is there anything else I need to configure to make it work?