goldfish icon indicating copy to clipboard operation
goldfish copied to clipboard

Published 20 hours ago verified publisher icon Caiyeon

Vault v0.10.1 bug thread

Open Caiyeon opened this issue 6 years ago • 5 comments

The new vault release seems to have a new API that causes a lot of bugs. I'm not sure if the vault official API is backwards compatible, and I do not have time currently to investigate. I'm on a vacation, and will not be able to look at these issues until July at the earliest.

If you find a bug, feel free to attach a report to this thread. In the meanwhile, the v0.10.1 vault release should have a free built-in UI, which should satisfy most (or all) use cases.

Caiyeon avatar May 03 '18 11:05 Caiyeon

Have fun on your vacation!

I get this error first thing when opening goldfish.

Get https://127.0.0.1:8200/v1/sys/health?sealedcode=299&uninitcode=299: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

My configuration looks like:

disable_mlock = "1"
listener "tcp" {
  address       = ":7600"
  tls_disable   = 1 #covered by nginx
}
vault {
  address       = "https://127.0.0.1:8200"
  tls_skip_verify = 0
}

I'd assume this means it would stop trying to validate, but apparently it's till trying to do it to some extend?

Aeolun avatar Jul 07 '18 08:07 Aeolun

just as a followup to the above: that error does not look to be anything wrong with the 10.x api. Instead, that simply looks like vault has a cert installed that doesn't include the IP address you're trying to access (using IP=, NOT DNS Name=).

Check the SANs on your vault certificate.

Justin-DynamicD avatar Jul 12 '18 22:07 Justin-DynamicD

Is there any plans to upgrade Goldfish to 0.1x version of Vault?

ghost avatar Aug 22 '18 14:08 ghost

The only incompatibility I've found so far is the versioned secrets engine. If you use v1 secret engine, everything will work just fine.

I've looked into upgrading compatibility for versioned secrets, but it's much harder than it seems because of the API changes. In fact, last I checked, the official vault UI could only handle versioned secrets by reading the latest version.

In short, it's non trivial work and I don't have any timelines in mind for upgrading this

Caiyeon avatar Aug 30 '18 16:08 Caiyeon

I have several folder under secrets using kv. I can see them in Vault Web UI but when I got to Goldfish I can't see them.

CentOS 7.x latest. Vault 0.11.3. Goldfish 0.9.0.

Add any secrets using kv to the secrets folder using vault ui or cli. Log into Goldfish as root/admin and try to view something other than secrets.

andrewm659 avatar Nov 09 '18 20:11 andrewm659