Vault v0.10.1 bug thread

Question

Vault v0.10.1 bug thread

Caiyeon opened this issue 6 years ago · comments

The new vault release seems to have a new API that causes a lot of bugs. I'm not sure if the vault official API is backwards compatible, and I do not have time currently to investigate. I'm on a vacation, and will not be able to look at these issues until July at the earliest.

If you find a bug, feel free to attach a report to this thread. In the meanwhile, the v0.10.1 vault release should have a free built-in UI, which should satisfy most (or all) use cases.

Bart Riepe · Answer 1 · Sat Jul 07 2018 16:07:58 GMT+0800 (China Standard Time)

Have fun on your vacation!

I get this error first thing when opening goldfish.

Get https://127.0.0.1:8200/v1/sys/health?sealedcode=299&uninitcode=299: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

My configuration looks like:

disable_mlock = "1"
listener "tcp" {
  address       = ":7600"
  tls_disable   = 1 #covered by nginx
}
vault {
  address       = "https://127.0.0.1:8200"
  tls_skip_verify = 0
}

I'd assume this means it would stop trying to validate, but apparently it's till trying to do it to some extend?

Justin King · Answer 2 · Fri Jul 13 2018 06:33:26 GMT+0800 (China Standard Time)

just as a followup to the above: that error does not look to be anything wrong with the 10.x api. Instead, that simply looks like vault has a cert installed that doesn't include the IP address you're trying to access (using IP=, NOT DNS Name=).

Check the SANs on your vault certificate.

Deleted user · Answer 3 · Wed Aug 22 2018 22:12:46 GMT+0800 (China Standard Time)

Is there any plans to upgrade Goldfish to 0.1x version of Vault?

Tony Cai · Answer 4 · Fri Aug 31 2018 00:33:06 GMT+0800 (China Standard Time)

The only incompatibility I've found so far is the versioned secrets engine. If you use v1 secret engine, everything will work just fine.

I've looked into upgrading compatibility for versioned secrets, but it's much harder than it seems because of the API changes. In fact, last I checked, the official vault UI could only handle versioned secrets by reading the latest version.

In short, it's non trivial work and I don't have any timelines in mind for upgrading this

andrewm659 · Answer 5 · Sat Nov 10 2018 04:47:06 GMT+0800 (China Standard Time)

I have several folder under secrets using kv. I can see them in Vault Web UI but when I got to Goldfish I can't see them.

CentOS 7.x latest.
Vault 0.11.3.
Goldfish 0.9.0.

Add any secrets using kv to the secrets folder using vault ui or cli. Log into Goldfish as root/admin and try to view something other than secrets.