kubernetes-secret-manager icon indicating copy to clipboard operation
kubernetes-secret-manager copied to clipboard
verified publisher icon upmc-enterprises

Errors fetching secrets

Open thecodeassassin opened this issue 8 years ago • 6 comments

Hi all,

I'm getting the following error in the pod logs:

2017-02-23T08:17:14.977806402Z 2017/02/23 08:17:14 json: cannot unmarshal object into Go value of type string

I'm saving my secrets as secret/staging/ENV_NAME. The value being the secret.

thecodeassassin avatar Feb 23 '17 08:02 thecodeassassin

Are you getting this on startup? Or when trying to get a secret from vault? Could you provide a bit more context? Thanks!

stevesloka avatar Feb 24 '17 04:02 stevesloka

Hi @stevesloka ,

My secrets are stored as following:

secret/environment/SECRET_VALUE

the value is the actual secret value. I don't know if this format is unsupported for this tool.

Some logs:


2017-03-07T08:53:05.915456449Z 2017/03/07 08:53:05 Starting Kubernetes Vault Controller...
2017-03-07T08:53:05.936216335Z 2017/03/07 08:53:05 ThirdPartyResource customsecrets.enterprises.upmc.com exists.
2017-03-07T08:53:05.936250042Z 2017/03/07 08:53:05 Kubernetes Vault Controller started successfully.
2017-03-07T08:53:05.939911363Z 2017/03/07 08:53:05 json: cannot unmarshal object into Go value of type string
2017-03-07T08:53:05.939929943Z 2017/03/07 08:53:05 Watching for custom secret events.
2017-03-07T08:53:05.939988359Z 2017/03/07 08:53:05 Starting reconciliation loop.
2017-03-07T08:53:06.042663262Z 2017/03/07 08:53:06 json: cannot unmarshal object into Go value of type string

thecodeassassin avatar Mar 07 '17 08:03 thecodeassassin

Hey sorry for the delay getting back to you, been busy with a new baby, so time has been short recently. Let me try and simulate the same, seems like a parsing problem of sorts.

What type of data is stored in the secret?

stevesloka avatar Mar 23 '17 02:03 stevesloka

We store strings but also certificates as base64. Maybe that could be causing problems?

We store them as secret value=something. Every secret only has one value. We name them after our env variables. Everything is either a normal passphrase string or a base64 encoded certificate​.

thecodeassassin avatar Mar 23 '17 02:03 thecodeassassin

@stevesloka any update on this?

thecodeassassin avatar May 10 '17 07:05 thecodeassassin

Hey @thecodeassassin I just ran through an example and it all seemed to work for me. I put the sample here: https://github.com/upmc-enterprises/kubernetes-secret-manager/blob/master/docs/deployment-guide.md#static-secrets

Can you see maybe if your workflow is different? (Maybe I'm missing a step that you're doing).

stevesloka avatar May 11 '17 17:05 stevesloka