hashicorp
List identity/entity returned a 500 Payload
Describe the bug
After enabling the audit/syslog, we get the error Ember Data Request GET /v1/identity/entity/id?list=true returned a 500 Payload (application/json) { "errors": [ "internal error" ] } internal error
resource "vault_audit" "syslog" {
type = "syslog"
options = {
facility = "AUTH"
tag = var.vault_cluster_config.cluster_name
log_raw = false
hmac_accessor = true
}
}
To Reproduce Steps to reproduce the behavior:
- Enable logging
- Browse
https://<server>/ui/vault/access/identity/entities
Expected behavior List with entities should be displayed. It should not affect the vault functionality if the logging doesn't work somehow.
Environment:
- Vault Server Version (retrieve with
vault status): 1.20.0 - Vault CLI Version (retrieve with
vault version): -/- (via Browser) - Server Operating System/Architecture: Ubuntu 24.04
Vault server configuration file(s):
# Paste your Vault config here.
# Be sure to scrub any sensitive values
Additional context
2025-07-03T17:33:55.004692+02:00 <hostname> vault[1165]: 2025-07-03T17:33:55.004+0200 [ERROR] core: failed to audit response: request_path=identity/entity/id/
2025-07-03T17:33:55.004769+02:00 <hostname> vault[1165]: error=
2025-07-03T17:33:55.004782+02:00 <hostname> vault[1165]: | event not processed by enough 'sink' nodes
2025-07-03T17:33:55.004795+02:00 <hostname> vault[1165]: | error writing to syslog: write unixgram @->/run/systemd/journal/dev-log: write: message too long
2025-07-03T17:33:55.004806+02:00 ip-10-3-20-143 vault[1165]:
Confirming issue with PKI engines.
{
"@level": "error",
"@message": "failed to audit response",
"@module": "core",
"@timestamp": "2025-07-08T18:52:02.177883Z",
"error": "event not processed by enough 'sink' nodes\nerror writing to syslog: write unixgram @->/run/systemd/journal/dev-log: write: message too long",
"request_path": "pki_[REDACTED]/roles/example"
}
This continues to be an issue in 1.20.3 even.
Do you guys test at all?
This continues to be an issue in 1.20.3 even.
Do you guys test at all?
Hello! Please review our Community Guidelines. I understand this is frustrating, but please try to remember that we are all human. We welcome constructive feedback. I appreciate the knowledge that this is still an issue, and I will report that back to the team. Thanks!
Hello guys, Same issue in 1.20.2 with pki secret engine , though i don't receive indication regarding the log messages are too long
Distro : NAME="Red Hat Enterprise Linux" VERSION="9.6 (Plow)
Error :
[ERROR] core: failed to audit response: request_path=pki-xxx-SubCA/roles/example
I have the same error when calling the entities endpoint but the error is "context deadline exceeded"
[ERROR] core: failed to audit response: request_path=identity/entity/id/
vault error=
vault | event not processed by enough 'sink' nodes
vault | context deadline exceeded
In my case , I have a large number of entities (around 126000) due to some jwt auth miss configuration for user_claim, and my query is basically the get the list of entities to do to some cleaning.
Please note that the same request was working OK with version 1.12 of Vault before upgrading to 1.19
Hello, No update on this one ? @heatherezell
Kr,
Apologies for the late response; I do not have an update at this time, but I'll check with our engineering teams to see if we can get it a higher priority in the backlog for an upcoming release. I appreciate your patience.
Additionally, if anyone who is hitting this issue has a Vault Enterprise license, I'd highly recommend opening a support ticket. The second escalation path will help provide extra focus. Thanks!