vault-acme
vault-acme copied to clipboard
Published
20 hours ago •
remilapeyre
remilapeyre
[docs] provider_configuration took me a while to do correctly
Not a bug, but request for updated docs
It took me a while to get the provider_configuration setup correctly since I wasn't aware how to correctly provide a map of strings in the command line, and vault would accept a few other formats as well:
wrong:
-
provider_configuration="{\"HETZNER_API_KEY\"=\"$HETZNER_API_KEY\"}" -
-
provider_configuration="[\"HETZNER_API_KEY\"=\"$HETZNER_API_KEY\"]"
-
-
-
-
provider_configuration="\"HETZNER_API_KEY\"=\"$HETZNER_API_KEY\""
-
-
correct:
provider_configuration="HETZNER_API_KEY=$HETZNER_API_KEY"
Complete example:
vault write acme/accounts/example.com \
[email protected] \
server_url=https://acme-staging-v02.api.letsencrypt.org/directory \
terms_of_service_agreed=true \
provider=hetzner \
provider_configuration="HETZNER_API_KEY=$HETZNER_API_KEY" \
dns_resolver='["ns1.first-ns.de", "robotns2.second-ns.de", "robotns3.second-ns.com"]' \
thanks but how would you do more than one K/v pair?
provider_configuration="\"FOO\"=\"value1\", \"BAR\"=\"value2\""
does this :
Key Value
--- -----
...
provider_configuration map["FOO":"value1", "BAR"="value2"]
...
okay, i found out :+1:
correct would be using the provider_configuration multiple times ...
❯ vault write acme/accounts/someaccount \
> [email protected] \
> server_url=https://acme-staging-v02.api.letsencrypt.org/directory \
> terms_of_service_agreed=true \
> provider=rfc2136 \
> provider_configuration="RFC2136_NAMESERVER=1.2.3.4" \
> provider_configuration="RFC2136_TSIG_KEY=lego" \
> provider_configuration="RFC2136_TSIG_ALGORITHM=hmac-sha256." \
> provider_configuration="RFC2136_TSIG_SECRET=YWJjZGVm...MTIzNDU=" \
> -format=json
Now we have it correctly:
{
"request_id": "5............972f4e18e",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"contact": "[email protected]",
"dns_resolvers": [],
"enable_http_01": false,
"enable_tls_alpn_01": false,
"ignore_dns_propagation": false,
"key_type": "EC256",
"provider": "rfc2136",
"provider_configuration": {
"RFC2136_NAMESERVER": "1.2.3.4",
"RFC2136_TSIG_ALGORITHM": "hmac-sha256.",
"RFC2136_TSIG_KEY": "lego",
"RFC2136_TSIG_SECRET": "YWJjZGVm...MTIzNDU="
},
"registration_uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/74057744",
"server_url": "https://acme-staging-v02.api.letsencrypt.org/directory",
"terms_of_service_agreed": true
},
"warnings": null
}
strange for me the provider seams to be ignored :(
❯ vault write acme/certs/some-account common_name=some.domain.tld
Error writing data to acme/certs/some-account: Error making API request.
URL: PUT https://my-vault.somedomain.trld/v1/acme/certs/some-account
Code: 400. Errors:
* Failed to validate certificate signing request: error: one or more domains had a problem:
[some.domain.tld] [some.domain.tld] acme: error presenting token: rfc2136: failed to insert: DNS update failed: dns: no secrets defined