Skip to content
This repository has been archived by the owner on Nov 7, 2023. It is now read-only.

Error writting secrets plugin #10

Closed
sosoriov opened this issue Jul 31, 2019 · 7 comments
Closed

Error writting secrets plugin #10

sosoriov opened this issue Jul 31, 2019 · 7 comments

Comments

@sosoriov
Copy link

sosoriov commented Jul 31, 2019
edited by sethvargo
Loading

I'm trying to use your plugin but I'm getting an error when I try to write the secrets. The plugin is installed and I can enable it in any path.

Error writing data to newgen/password: Error making API request.

URL: PUT https://xxxxx:8200/v1/newgen/password
Code: 500. Errors:

* 1 error occurred:
        * internal error

this is the log message:

[ERROR] core: failed to run existence check: error="plugin exited before we could connect"
[DEBUG] secrets.secrets-gen.secrets-gen_7528b0ff.secrets-gen: plugin process exited: path=/etc/vault/plugins/vault-secrets-gen pid=25955
[ERROR] secrets.secrets-gen.secrets-gen_7528b0ff.secrets-gen.vault-secrets-gen: plugin tls init: error="error during token unwrap request: secret is nil" timestamp=2

my config:

listener "tcp" {
    address = "10.18.16.12:8200"
    cluster_address = "10.18.16.12:8201"
    tls_cert_file = "/etc/vault/certs/xxx.crt"
    tls_key_file = "/etc/vault/certs/xxx.key"
}

storage "consul" {
    address = "127.0.0.1:8501"
    path = "vault/"
    scheme = "https"
    tls_ca_file = "/etc/vault/certs/consul-agent-ca.pem"
    tls_cert_file = "/etc/vault/certs/dc1-client-consul-0.pem"
    tls_key_file = "/etc/vault/certs/dc1-client-consul-0-key.pem"
}

plugin_directory = "/etc/vault/plugins"
api_addr = "https://xxx:8200"
cluster_addr = "https://xxx:8201"
disable_mlock = true
ui = true
@sethvargo
Copy link
Owner

Looks similar to this issue. Can you make sure you're running the latest Vault and latest version of this plugin and try the steps in that issue?

@sosoriov
Copy link
Author

sosoriov commented Aug 1, 2019

Hi @sethvargo thanks for your answer

I tried the solution available in the post that you mentioned but still does not work.

I'm using Vault v1.1.3 and vault-secrets-gen_0.0.2_linux_amd64.zip on Centos7

@sethvargo
Copy link
Owner

Can you try 0.0.3?

@biastogit
Copy link

Hi @sethvargo,

my 2 cents here:

I tried the version 0.0.3 with Vault 1.2.3 for a POC and faced exactly the same issue. There was a message in the logs following the internal error message, that this might be an protocol communication error. So then, I downgraded to Vault 1.1.3 and then it worked without issues.

I'm very interested to use that plugin. Reproducing that error shouldn't be complicated, but I can provide more logs if needed.

Cheers

@sethvargo
Copy link
Owner

Try 0.0.4. Each time Vault changes their API, we have to update our dependencies and re-publish.

@biastogit
Copy link

Thanks for your quick answer! I will try now and let you know.

@biastogit
Copy link

works perfectly now with vault 1.2.2 and release 0.0.4. Thanks!

@lock lock bot locked as resolved and limited conversation to collaborators Dec 17, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sethvargo @sosoriov @biastogit