kong icon indicating copy to clipboard operation
kong copied to clipboard
verified publisher icon Kong

Exceptions while trying to store secrets using environment variables option

Open nboddu009 opened this issue 1 year ago • 8 comments

Discussed in https://github.com/Kong/kong/discussions/12942

Originally posted by nboddu009 April 25, 2024 Hi Team, Can someone help with below issue, Issue : could not get value from external vault (no value found)

Description:

`Installed Kong enterprise version with database mode (kong-enterprise-edition_3.6.1.1_amd64.deb) Trying use to storing secrets in environment variables(https://docs.konghq.com/gateway/3.6.x/kong-enterprise/secrets-management/backends/env/) But It is giving me error like 'could not get value from external vault (no value found)'

Steps Produce the issue: 1. export SECRETS_PASSWORD=abc123 2. export KONG_VAULT_ENV_PREFIX=SECRETS_ 3. Created Prefix using Admin API curl -i -X PUT http://hostname:8001/vaults/my-env-vault
--data name=env
--data description="Store secrets in environment variables"
--data config.prefix="SECRETS_" 4. sudo kong reload 5. sudo kong vault get my-env-vault/secrets-password

Error: User1:~$ export SECRETS_PASSWORD=abc123 User1:~$ export KONG_VAULT_ENV_PREFIX=SECRETS_ User1:~$ sudo kong reload 2024/04/25 16:10:38 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n" 2024/04/25 16:10:39 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n" Kong reloaded User1:~$ sudo kong vault get my-env-vault/secrets-password 2024/04/25 16:11:49 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n" Error: could not get value from external vault (no value found)

  Run with --v (verbose) or --vv (debug) for more details
User1:~$ sudo kong vault get my-env-vault/password
2024/04/25 16:11:59 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n"
Error: could not get value from external vault (no value found)

  Run with --v (verbose) or --vv (debug) for more details`

nboddu009 avatar Apr 25 '24 23:04 nboddu009

It seems to be related to this: https://docs.konghq.com/gateway/changelog/#general

chronolaw avatar Apr 26 '24 01:04 chronolaw

thank you for your reply @chronolaw, do you have some time to connect via zoom

nboddu009 avatar Apr 26 '24 01:04 nboddu009

Sorry, I think that we can not do that (zoom meeting), you could add more details in this issue.

chronolaw avatar Apr 26 '24 01:04 chronolaw

Okay, Could you please point to me correct version of kong installer. This(https://docs.konghq.com/gateway/changelog/#general ) is more generic. Instead of could you please guide me what needs to be change ?

nboddu009 avatar Apr 26 '24 02:04 nboddu009

@chronolaw It is not an issue of ulimit.

@nboddu009 your last step is wrong, it should be kong vault get my-env-vault/password not my-env-vault/secrets-password.

Water-Melon avatar Apr 26 '24 08:04 Water-Melon

@Water-Melon I tried with kong vault get my-env-vault/password as well and getting same error

nboddu009 avatar Apr 26 '24 15:04 nboddu009

Installed Kong enterprise version with database mode (kong-enterprise-edition_3.6.1.1_amd64.deb)

Hi @bungle , I verified the vaults on EE 3.6 and master branch according to the steps given by @nboddu009 (I changed secrets-password to password in the 5th step.), and everything is working fine. The password can be retrieved correctly. However the issue author is still unable to retrieve the value of password correctly. Could you take a look at this issue? Thanks.

Water-Melon avatar Apr 28 '24 07:04 Water-Melon

@Water-Melon thank you for your response and is there any chance to have a zoom call on this?

nboddu009 avatar Apr 30 '24 16:04 nboddu009

@nboddu009, Could it be the sudo is not preserving your ENV?

bungle avatar Jul 05 '24 10:07 bungle

By default, sudo is not passing environment variables to the process that it creates except for those that are explicitly configured. The sudoers manual page has all the details. You can use the -E switch to pass all environment variables. Does that solve the problem by any chance?

hanshuebner avatar Jul 08 '24 12:07 hanshuebner

This issue is marked as stale because it has been open for 14 days with no activity.

github-actions[bot] avatar Jul 23 '24 01:07 github-actions[bot]

Dear contributor,

We are automatically closing this issue because it has not seen any activity for three weeks. We're sorry that your issue could not be resolved. If any new information comes up that could help resolving it, please feel free to reopen it.

Your contribution is greatly appreciated!

Please have a look our pledge to the community for more information.

Sincerely, Your Kong Gateway team

github-actions[bot] avatar Jul 31 '24 01:07 github-actions[bot]