Skip to content
This repository has been archived by the owner on Oct 6, 2019. It is now read-only.

Vault v0.10.1 bug thread #277

Open
Caiyeon opened this issue May 3, 2018 · 5 comments
Open

Vault v0.10.1 bug thread #277

Caiyeon opened this issue May 3, 2018 · 5 comments

Comments

@Caiyeon
Copy link
Owner

Caiyeon commented May 3, 2018

The new vault release seems to have a new API that causes a lot of bugs. I'm not sure if the vault official API is backwards compatible, and I do not have time currently to investigate. I'm on a vacation, and will not be able to look at these issues until July at the earliest.

If you find a bug, feel free to attach a report to this thread. In the meanwhile, the v0.10.1 vault release should have a free built-in UI, which should satisfy most (or all) use cases.
This was referenced May 3, 2018
Open
Open
@xamox xamox mentioned this issue May 24, 2018
Closed
@Aeolun
Copy link

Aeolun commented Jul 7, 2018

Have fun on your vacation!

I get this error first thing when opening goldfish.

Get https://127.0.0.1:8200/v1/sys/health?sealedcode=299&uninitcode=299: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

My configuration looks like:

disable_mlock = "1"
listener "tcp" {
  address       = ":7600"
  tls_disable   = 1 #covered by nginx
}
vault {
  address       = "https://127.0.0.1:8200"
  tls_skip_verify = 0
}

I'd assume this means it would stop trying to validate, but apparently it's till trying to do it to some extend?

@Justin-DynamicD
Copy link

Justin-DynamicD commented Jul 12, 2018
edited

just as a followup to the above: that error does not look to be anything wrong with the 10.x api. Instead, that simply looks like vault has a cert installed that doesn't include the IP address you're trying to access (using IP=, NOT DNS Name=).

Check the SANs on your vault certificate.

@ghost
Copy link

ghost commented Aug 22, 2018

Is there any plans to upgrade Goldfish to 0.1x version of Vault?

@ghost ghost mentioned this issue Aug 28, 2018
Closed
@Caiyeon
Copy link
Owner Author

Caiyeon commented Aug 30, 2018

The only incompatibility I've found so far is the versioned secrets engine. If you use v1 secret engine, everything will work just fine.

I've looked into upgrading compatibility for versioned secrets, but it's much harder than it seems because of the API changes. In fact, last I checked, the official vault UI could only handle versioned secrets by reading the latest version.

In short, it's non trivial work and I don't have any timelines in mind for upgrading this

@andrewm659
Copy link

I have several folder under secrets using kv. I can see them in Vault Web UI but when I got to Goldfish I can't see them.

CentOS 7.x latest.
Vault 0.11.3.
Goldfish 0.9.0.

Add any secrets using kv to the secrets folder using vault ui or cli. Log into Goldfish as root/admin and try to view something other than secrets.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Aeolun @Caiyeon @andrewm659 @Justin-DynamicD