I can't enable the secrets engine

[DZoubire]

TL;DR

Hi, I have downloaded the file vault-secrets-gen_0.1.6, I deleted the "path_passphrase.go" and the related code of the passphrase in the other files, then I compiled the code and sent it to my docker container with Linux x86_64 architecture instance that runs vault:1.8.1 version. I transferred the vault-secret-gen file to the Linux under /vault/plugins directory (have mentioned this path for plugins in vault config file). I successfully registered the plugin, but i can't enable it, i got this error :

Expected behavior

No response

Observed behavior

No response

Vault CLI (or API) output

/vault/plugins # ls -l
total 17592
-rwxrwxr-x    1 root     root      18013605 Aug 10 09:56 vault-secrets-gen

/vault/plugins # vault secrets enable \
>     -path="gen" \
>     -plugin-name="secrets-gen" \
>     plugin
Error enabling: Error making API request.

URL: POST http://127.0.0.1:8200/v1/sys/mounts/gen
Code: 400. Errors:

* fork/exec /vault/plugins/vault-secrets-gen: no such file or directory

Vault server logs

/vault/plugins # ls /sys/mounts/
ls: /sys/mounts/: No such file or directory
/vault/plugins # ls /sys/
block     bus       class     dev       devices   firmware  fs        kernel    module
/vault/plugins #

Additional information

Could you show me where am I going wrong, and how to correct it ? Regards,

[sethvargo]

Please provide an end-to-end reproduction case. Be sure to include:

1. Your vault config file
2. The command you ran to start Vault
3. The complete Vault server logs
4. The steps and commands you used to build the binary and the build output
5. The output of ldd /vault/plugins/vault-secrets-gen

[DZoubire]

my vault config file:

server@TAG-3136:~/docker-vault$ cat docker-compose.yml
services:
  vault:
    image: vault:1.8.1
    cap_add:
      - IPC_LOCK
    environment:
      VAULT_LOCAL_CONFIG: '{"backend": {"file": {"path": "/vault/file"}}, "ui":"true", "listener": [{"tcp": {"address": "0.0.0.0:8400", "tls_disable": "1"}}], "plugin_directory":"/vault/plugins/"}'
server@TAG-3136:~/docker-vault$

commands to start vault:

I run the container "docker-compose up"
then : export VAULT_ADDR='http://127.0.0.1:8200'
and : export VAULT_TOKEN="root-token"

The complete Vault server logs:

server@TAG-3136:~/docker-vault$ docker-compose up
Creating docker-vault_vault_1 ... done
Attaching to docker-vault_vault_1
vault_1  | ==> Vault server configuration:
vault_1  |
vault_1  |              Api Address: http://0.0.0.0:8200
vault_1  |                      Cgo: disabled
vault_1  |          Cluster Address: https://0.0.0.0:8201
vault_1  |               Go Version: go1.16.6
vault_1  |               Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
vault_1  |               Listener 2: tcp (addr: "0.0.0.0:8400", cluster address: "0.0.0.0:8401", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
vault_1  |                Log Level: info
vault_1  |                    Mlock: supported: true, enabled: false
vault_1  |            Recovery Mode: false
vault_1  |                  Storage: file
vault_1  |                  Version: Vault v1.8.1
vault_1  |              Version Sha: 4b0264f28defc05454c31277cfa6ff63695a458d
vault_1  |
vault_1  | ==> Vault server started! Log data will stream in below:
vault_1  |
vault_1  | 2022-08-10T13:28:40.026Z [INFO]  proxy environment: http_proxy="" https_proxy="" no_proxy=""
vault_1  | 2022-08-10T13:28:40.026Z [WARN]  no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
vault_1  | 2022-08-10T13:28:40.028Z [INFO]  core: security barrier not initialized
vault_1  | 2022-08-10T13:28:40.028Z [INFO]  core: security barrier initialized: stored=1 shares=1 threshold=1
vault_1  | 2022-08-10T13:28:40.029Z [INFO]  core: post-unseal setup starting
vault_1  | 2022-08-10T13:28:40.035Z [INFO]  core: loaded wrapping token key
vault_1  | 2022-08-10T13:28:40.035Z [INFO]  core: upgrading plugin information: plugins=[]
vault_1  | 2022-08-10T13:28:40.035Z [INFO]  core: successfully setup plugin catalog: plugin-directory=/vault/plugins
vault_1  | 2022-08-10T13:28:40.035Z [INFO]  core: no mounts; adding default mount table
vault_1  | 2022-08-10T13:28:40.037Z [INFO]  core: successfully mounted backend: type=cubbyhole path=cubbyhole/
vault_1  | 2022-08-10T13:28:40.037Z [INFO]  core: successfully mounted backend: type=system path=sys/
vault_1  | 2022-08-10T13:28:40.037Z [INFO]  core: successfully mounted backend: type=identity path=identity/
vault_1  | 2022-08-10T13:28:40.039Z [INFO]  core: successfully enabled credential backend: type=token path=token/
vault_1  | 2022-08-10T13:28:40.039Z [INFO]  rollback: starting rollback manager
vault_1  | 2022-08-10T13:28:40.039Z [INFO]  core: restoring leases
vault_1  | 2022-08-10T13:28:40.040Z [INFO]  identity: entities restored
vault_1  | 2022-08-10T13:28:40.040Z [INFO]  identity: groups restored
vault_1  | 2022-08-10T13:28:40.040Z [INFO]  expiration: lease restore complete
vault_1  | 2022-08-10T13:28:40.040Z [INFO]  core: post-unseal setup complete
vault_1  | 2022-08-10T13:28:40.041Z [INFO]  core: root token generated
vault_1  | 2022-08-10T13:28:40.041Z [INFO]  core: pre-seal teardown starting
vault_1  | 2022-08-10T13:28:40.041Z [INFO]  rollback: stopping rollback manager
vault_1  | 2022-08-10T13:28:40.041Z [INFO]  core: pre-seal teardown complete
vault_1  | 2022-08-10T13:28:40.041Z [INFO]  core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8201
vault_1  | 2022-08-10T13:28:40.042Z [INFO]  core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8401
vault_1  | 2022-08-10T13:28:40.042Z [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8201
vault_1  | 2022-08-10T13:28:40.042Z [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8401
vault_1  | 2022-08-10T13:28:40.042Z [INFO]  core: post-unseal setup starting
vault_1  | 2022-08-10T13:28:40.042Z [INFO]  core: loaded wrapping token key
vault_1  | 2022-08-10T13:28:40.042Z [INFO]  core: upgrading plugin information: plugins=[]
vault_1  | 2022-08-10T13:28:40.042Z [INFO]  core: successfully setup plugin catalog: plugin-directory=/vault/plugins
vault_1  | 2022-08-10T13:28:40.042Z [INFO]  core: successfully mounted backend: type=system path=sys/
vault_1  | 2022-08-10T13:28:40.043Z [INFO]  core: successfully mounted backend: type=identity path=identity/
vault_1  | 2022-08-10T13:28:40.043Z [INFO]  core: successfully mounted backend: type=cubbyhole path=cubbyhole/
vault_1  | 2022-08-10T13:28:40.043Z [INFO]  core: successfully enabled credential backend: type=token path=token/
vault_1  | 2022-08-10T13:28:40.043Z [INFO]  rollback: starting rollback manager
vault_1  | 2022-08-10T13:28:40.043Z [INFO]  core: restoring leases
vault_1  | 2022-08-10T13:28:40.045Z [INFO]  identity: entities restored
vault_1  | 2022-08-10T13:28:40.045Z [INFO]  identity: groups restored
vault_1  | 2022-08-10T13:28:40.045Z [INFO]  expiration: lease restore complete
vault_1  | 2022-08-10T13:28:40.045Z [INFO]  core: post-unseal setup complete
vault_1  | 2022-08-10T13:28:40.045Z [INFO]  core: vault is unsealed
vault_1  | 2022-08-10T13:28:40.047Z [INFO]  core: successful mount: namespace="" path=secret/ type=kv
vault_1  | 2022-08-10T13:28:40.057Z [INFO]  secrets.kv.kv_f12d96d1: collecting keys to upgrade
vault_1  | 2022-08-10T13:28:40.057Z [INFO]  secrets.kv.kv_f12d96d1: done collecting keys: num_keys=1
vault_1  | 2022-08-10T13:28:40.057Z [INFO]  secrets.kv.kv_f12d96d1: upgrading keys finished
vault_1  | WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
vault_1  | and starts unsealed with a single unseal key. The root token is already
vault_1  | authenticated to the CLI, so you can immediately begin using Vault.
vault_1  |
vault_1  | You may need to set the following environment variable:
vault_1  |
vault_1  |     $ export VAULT_ADDR='http://0.0.0.0:8200'
vault_1  |
vault_1  | The unseal key and root token are displayed below in case you want to
vault_1  | seal/unseal the Vault or re-authenticate.
vault_1  |
vault_1  | Unseal Key: AQsExZvYGbsAo7MGqW4drGyJji2dHvOS3k/LlyQ8Ync=
vault_1  | Root Token: s.dLB8coH1rrP48Xr1JbsBYFGN
vault_1  |
vault_1  | Development mode should NOT be used in production installations!

The steps and commands you used to build the binary and the build output:

• after making my changes to the code, I executed the go bulid command " go build -o vault-secrets-gen main.go"
• then, I archived the "vault-secrets-gen" file and sent it to my vault container through "ftp"
• I extracted the tar file, moved the "vault-secrets-gen" to "/vault/plugins"
• I Enabled mlock : setcap cap_ipc_lock=+ep /vault/plugins/vault-secrets-gen
• registed the plugin : vault plugin register -sha256="${SHA256}" -command="vault-secrets-gen" secret secrets-gen
• and I tied to enable it : vault secrets enable -path="gen" -plugin-name="secrets-gen" plugin

The output of ldd /vault/plugins/vault-secrets-gen:

/vault/plugins # ldd vault-secrets-gen
        /lib64/ld-linux-x86-64.so.2 (0x7fad36e11000)
        libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7fad36e11000)
        libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7fad36e11000)

[sethvargo]

What are the vault server logs after you run vault secrets enable?

[sethvargo]

Is your container alpine? Can you turn on debug logging

[DZoubire]

• after you run "vault secrets enable" vault secret logs are :

vault_1  | 2022-08-11T07:50:44.275Z [DEBUG] secrets.secrets-gen.secrets-gen_e32130e2.secrets-gen: starting plugin: metadata=true path=/vault/plugins/vault-secrets-gen args=["/vault/plugins/vault-secrets-gen"]
vault_1  | 2022-08-11T07:50:44.275Z [ERROR] secrets.system.system_2fdb0b73: error occurred during enable mount: path=gen/ error="fork/exec /vault/plugins/vault-secrets-gen: no such file or directory"

• yes my container is Alpine.

• my debug login :

server@TAG-3136:~/docker-vault$ docker-compose up
Creating docker-vault_vault_1 ... done
Attaching to docker-vault_vault_1
vault_1  | ==> Vault server configuration:
vault_1  |
vault_1  |              Api Address: http://0.0.0.0:8200
vault_1  |                      Cgo: disabled
vault_1  |          Cluster Address: https://0.0.0.0:8201
vault_1  |               Go Version: go1.16.6
vault_1  |               Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
vault_1  |               Listener 2: tcp (addr: "0.0.0.0:8400", cluster address: "0.0.0.0:8401", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
vault_1  |                Log Level: debug
vault_1  |                    Mlock: supported: true, enabled: false
vault_1  |            Recovery Mode: false
vault_1  |                  Storage: file
vault_1  |                  Version: Vault v1.8.1
vault_1  |              Version Sha: 4b0264f28defc05454c31277cfa6ff63695a458d
vault_1  |
vault_1  | ==> Vault server started! Log data will stream in below:
vault_1  |
vault_1  | 2022-08-11T07:41:45.565Z [INFO]  proxy environment: http_proxy="" https_proxy="" no_proxy=""
vault_1  | 2022-08-11T07:41:45.565Z [WARN]  no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
vault_1  | 2022-08-11T07:41:45.566Z [DEBUG] core: set config: sanitized config={"api_addr":"","cache_size":0,"cluster_addr":"","cluster_cipher_suites":"","cluster_name":"","default_lease_ttl":0,"default_max_request_duration":0,"disable_cache":false,"disable_clustering":false,"disable_indexing":false,"disable_mlock":true,"disable_performance_standby":false,"disable_printable_check":false,"disable_sealwrap":false,"disable_sentinel_trace":false,"enable_response_header_hostname":false,"enable_response_header_raft_node_id":false,"enable_ui":true,"listeners":[{"config":{"address":"127.0.0.1:8200","proxy_protocol_authorized_addrs":"127.0.0.1:8200","proxy_protocol_behavior":"allow_authorized","tls_disable":true},"type":"tcp"},{"config":{"address":"0.0.0.0:8400","tls_disable":"1"},"type":"tcp"}],"log_format":"unspecified","log_level":"Debug","max_lease_ttl":0,"pid_file":"","plugin_directory":"/vault/plugins/","raw_storage_endpoint":false,"seals":[{"disabled":false,"type":"shamir"}],"storage":{"cluster_addr":"","disable_clustering":false,"redirect_addr":"","type":"file"},"telemetry":{"add_lease_metrics_namespace_labels":false,"circonus_api_app":"","circonus_api_token":"","circonus_api_url":"","circonus_broker_id":"","circonus_broker_select_tag":"","circonus_check_display_name":"","circonus_check_force_metric_activation":"","circonus_check_id":"","circonus_check_instance_id":"","circonus_check_search_tag":"","circonus_check_tags":"","circonus_submission_interval":"","circonus_submission_url":"","disable_hostname":true,"dogstatsd_addr":"","dogstatsd_tags":null,"lease_metrics_epsilon":3600000000000,"maximum_gauge_cardinality":500,"metrics_prefix":"","num_lease_metrics_buckets":168,"prometheus_retention_time":86400000000000,"stackdriver_debug_logs":false,"stackdriver_location":"","stackdriver_namespace":"","stackdriver_project_id":"","statsd_address":"","statsite_address":"","usage_gauge_period":600000000000}}
vault_1  | 2022-08-11T07:41:45.566Z [DEBUG] storage.cache: creating LRU cache: size=0
vault_1  | 2022-08-11T07:41:45.566Z [DEBUG] cluster listener addresses synthesized: cluster_addresses=[0.0.0.0:8201, 0.0.0.0:8401]
vault_1  | 2022-08-11T07:41:45.566Z [INFO]  core: security barrier not initialized
vault_1  | 2022-08-11T07:41:45.566Z [INFO]  core: security barrier initialized: stored=1 shares=1 threshold=1
vault_1  | 2022-08-11T07:41:45.567Z [DEBUG] core: cluster name not found/set, generating new
vault_1  | 2022-08-11T07:41:45.567Z [DEBUG] core: cluster name set: name=vault-cluster-494a9348
vault_1  | 2022-08-11T07:41:45.567Z [DEBUG] core: cluster ID not found, generating new
vault_1  | 2022-08-11T07:41:45.567Z [DEBUG] core: cluster ID set: id=7eab64e5-59d7-4e65-50e7-26d2d5a8ce78
vault_1  | 2022-08-11T07:41:45.567Z [INFO]  core: post-unseal setup starting
vault_1  | 2022-08-11T07:41:45.567Z [DEBUG] core: clearing forwarding clients
vault_1  | 2022-08-11T07:41:45.567Z [DEBUG] core: done clearing forwarding clients
vault_1  | 2022-08-11T07:41:45.567Z [DEBUG] core: persisting feature flags
vault_1  | 2022-08-11T07:41:45.573Z [INFO]  core: loaded wrapping token key
vault_1  | 2022-08-11T07:41:45.573Z [INFO]  core: upgrading plugin information: plugins=[]
vault_1  | 2022-08-11T07:41:45.573Z [INFO]  core: successfully setup plugin catalog: plugin-directory=/vault/plugins
vault_1  | 2022-08-11T07:41:45.573Z [INFO]  core: no mounts; adding default mount table
vault_1  | 2022-08-11T07:41:45.573Z [INFO]  core: successfully mounted backend: type=cubbyhole path=cubbyhole/
vault_1  | 2022-08-11T07:41:45.574Z [INFO]  core: successfully mounted backend: type=system path=sys/
vault_1  | 2022-08-11T07:41:45.574Z [INFO]  core: successfully mounted backend: type=identity path=identity/
vault_1  | 2022-08-11T07:41:45.577Z [INFO]  core: successfully enabled credential backend: type=token path=token/
vault_1  | 2022-08-11T07:41:45.577Z [INFO]  rollback: starting rollback manager
vault_1  | 2022-08-11T07:41:45.577Z [INFO]  core: restoring leases
vault_1  | 2022-08-11T07:41:45.578Z [DEBUG] identity: loading entities
vault_1  | 2022-08-11T07:41:45.578Z [DEBUG] identity: entities collected: num_existing=0
vault_1  | 2022-08-11T07:41:45.578Z [INFO]  identity: entities restored
vault_1  | 2022-08-11T07:41:45.578Z [DEBUG] identity: identity loading groups
vault_1  | 2022-08-11T07:41:45.578Z [DEBUG] identity: groups collected: num_existing=0
vault_1  | 2022-08-11T07:41:45.578Z [INFO]  identity: groups restored
vault_1  | 2022-08-11T07:41:45.578Z [DEBUG] expiration: collecting leases
vault_1  | 2022-08-11T07:41:45.578Z [DEBUG] expiration: leases collected: num_existing=0
vault_1  | 2022-08-11T07:41:45.578Z [INFO]  core: post-unseal setup complete
vault_1  | 2022-08-11T07:41:45.578Z [INFO]  expiration: lease restore complete
vault_1  | 2022-08-11T07:41:45.578Z [INFO]  core: root token generated
vault_1  | 2022-08-11T07:41:45.578Z [INFO]  core: pre-seal teardown starting
vault_1  | 2022-08-11T07:41:45.578Z [DEBUG] expiration: stop triggered
vault_1  | 2022-08-11T07:41:45.579Z [DEBUG] expiration: finished stopping
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  rollback: stopping rollback manager
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core: pre-seal teardown complete
vault_1  | 2022-08-11T07:41:45.579Z [DEBUG] core: unseal key supplied: migrate=false
vault_1  | 2022-08-11T07:41:45.579Z [DEBUG] core: starting cluster listeners
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8201
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8401
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8201
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8401
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core: post-unseal setup starting
vault_1  | 2022-08-11T07:41:45.579Z [DEBUG] core: clearing forwarding clients
vault_1  | 2022-08-11T07:41:45.579Z [DEBUG] core: done clearing forwarding clients
vault_1  | 2022-08-11T07:41:45.579Z [DEBUG] core: persisting feature flags
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core: loaded wrapping token key
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core: upgrading plugin information: plugins=[]
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core: successfully setup plugin catalog: plugin-directory=/vault/plugins
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core: successfully mounted backend: type=system path=sys/
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core: successfully mounted backend: type=identity path=identity/
vault_1  | 2022-08-11T07:41:45.579Z [INFO]  core: successfully mounted backend: type=cubbyhole path=cubbyhole/
vault_1  | 2022-08-11T07:41:45.580Z [INFO]  core: successfully enabled credential backend: type=token path=token/
vault_1  | 2022-08-11T07:41:45.580Z [INFO]  rollback: starting rollback manager
vault_1  | 2022-08-11T07:41:45.580Z [INFO]  core: restoring leases
vault_1  | 2022-08-11T07:41:45.580Z [DEBUG] identity: loading entities
vault_1  | 2022-08-11T07:41:45.580Z [DEBUG] identity: entities collected: num_existing=0
vault_1  | 2022-08-11T07:41:45.581Z [DEBUG] expiration: collecting leases
vault_1  | 2022-08-11T07:41:45.581Z [DEBUG] expiration: leases collected: num_existing=0
vault_1  | 2022-08-11T07:41:45.581Z [INFO]  identity: entities restored
vault_1  | 2022-08-11T07:41:45.581Z [DEBUG] identity: identity loading groups
vault_1  | 2022-08-11T07:41:45.581Z [DEBUG] identity: groups collected: num_existing=0
vault_1  | 2022-08-11T07:41:45.581Z [INFO]  identity: groups restored
vault_1  | 2022-08-11T07:41:45.581Z [DEBUG] core: request forwarding setup function
vault_1  | 2022-08-11T07:41:45.581Z [DEBUG] core: clearing forwarding clients
vault_1  | 2022-08-11T07:41:45.581Z [DEBUG] core: done clearing forwarding clients
vault_1  | 2022-08-11T07:41:45.581Z [DEBUG] core: request forwarding not setup
vault_1  | 2022-08-11T07:41:45.581Z [DEBUG] core: leaving request forwarding setup function
vault_1  | 2022-08-11T07:41:45.581Z [INFO]  expiration: lease restore complete
vault_1  | 2022-08-11T07:41:45.581Z [INFO]  core: post-unseal setup complete
vault_1  | 2022-08-11T07:41:45.581Z [INFO]  core: vault is unsealed
vault_1  | 2022-08-11T07:41:45.582Z [INFO]  core: successful mount: namespace="" path=secret/ type=kv
vault_1  | 2022-08-11T07:41:45.582Z [DEBUG] would have sent systemd notification (systemd not present): notification=READY=1
vault_1  | 2022-08-11T07:41:45.593Z [INFO]  secrets.kv.kv_c624dd0b: collecting keys to upgrade
vault_1  | 2022-08-11T07:41:45.593Z [INFO]  secrets.kv.kv_c624dd0b: done collecting keys: num_keys=1
vault_1  | 2022-08-11T07:41:45.593Z [DEBUG] secrets.kv.kv_c624dd0b: upgrading keys: progress=0/1
vault_1  | 2022-08-11T07:41:45.593Z [INFO]  secrets.kv.kv_c624dd0b: upgrading keys finished
vault_1  | WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
vault_1  | and starts unsealed with a single unseal key. The root token is already
vault_1  | authenticated to the CLI, so you can immediately begin using Vault.
vault_1  |
vault_1  | You may need to set the following environment variable:
vault_1  |
vault_1  |     $ export VAULT_ADDR='http://0.0.0.0:8200'
vault_1  |
vault_1  | The unseal key and root token are displayed below in case you want to
vault_1  | seal/unseal the Vault or re-authenticate.
vault_1  |
vault_1  | Unseal Key: hiMYKylBC9UWgKx0ppronqDbmrG6IdMiofYKmyOctHw=
vault_1  | Root Token: s.0sXrPIYWQhe0c6g8MfNDE8cj
vault_1  |
vault_1  | Development mode should NOT be used in production installations!
vault_1  |
vault_1  | 2022-08-11T07:50:44.275Z [DEBUG] secrets.secrets-gen.secrets-gen_e32130e2.secrets-gen: starting plugin: metadata=true path=/vault/plugins/vault-secrets-gen args=["/vault/plugins/vault-secrets-gen"]
vault_1  | 2022-08-11T07:50:44.275Z [ERROR] secrets.system.system_2fdb0b73: error occurred during enable mount: path=gen/ error="fork/exec /vault/plugins/vault-secrets-gen: no such file or directory"

[sethvargo]

There are a number of issues with alpine linux and Vault plugins: https://github.com/hashicorp/vault/issues/8009. Do other plugins compiled from source work?

[sethvargo]

Also, does this happen with a pre-compiled version from the releases page?

[DZoubire]

I didn't try the other plugins. the pre-compiled plugin works very well, but after the modification it won't.

[sethvargo]

If the pre-compiled plugin works, please use that. This is likely a problem with your installation or setup, which is outside the scope of this project.

[DZoubire]

Hi @sethvargo now i got this error when try to enable it :

Error enabling: Error making API request.

URL: POST http://0.0.0.0:8200/v1/sys/mounts/gen
Code: 400. Errors:

* Unrecognized remote plugin message:

This usually means that the plugin is either invalid or simply
needs to be recompiled to support the latest protocol.

and after executing this command i got this error :

/ # ldd /vault/plugins/vault-secrets-gen
/lib/ld-musl-x86_64.so.1: /vault/plugins/vault-secrets-gen: Not a valid dynamic program

for vault logs :

vault_1  | 2022-08-16T12:01:33.817Z [DEBUG] secrets.secrets-gen.secrets-gen_c6a64fea.secrets-gen: starting plugin: metadata=true path=/vault/plugins/vault-secrets-gen args=["/vault/plugins/vault-secrets-gen"]
vault_1  | 2022-08-16T12:01:33.817Z [DEBUG] secrets.secrets-gen.secrets-gen_c6a64fea.secrets-gen: plugin started: metadata=true path=/vault/plugins/vault-secrets-gen pid=342
vault_1  | 2022-08-16T12:01:33.817Z [DEBUG] secrets.secrets-gen.secrets-gen_c6a64fea.secrets-gen: waiting for RPC address: metadata=true path=/vault/plugins/vault-secrets-gen
vault_1  | 2022-08-16T12:01:33.817Z [ERROR] secrets.system.system_b8748210: error occurred during enable mount: path=gen/
vault_1  |   error=
vault_1  |   | Unrecognized remote plugin message:
vault_1  |   |
vault_1  |   | This usually means that the plugin is either invalid or simply
vault_1  |   | needs to be recompiled to support the latest protocol.
vault_1  |
vault_1  | 2022-08-16T12:01:33.818Z [DEBUG] secrets.secrets-gen.secrets-gen_c6a64fea.secrets-gen: plugin process exited: metadata=true path=/vault/plugins/vault-secrets-gen pid=342 error="exit status 1"