Exceptions while trying to store secrets using environment variables option

[nboddu009]

Discussed in #12942

^{Originally posted by nboddu009 April 25, 2024}
Hi Team,
Can someone help with below issue,
Issue : could not get value from external vault (no value found)

Description:

`Installed Kong enterprise version with database mode (kong-enterprise-edition_3.6.1.1_amd64.deb)
Trying use to storing secrets in environment variables(https://docs.konghq.com/gateway/3.6.x/kong-enterprise/secrets-management/backends/env/)
But It is giving me error like 'could not get value from external vault (no value found)'

Steps Produce the issue:
1. export SECRETS_PASSWORD=abc123
2. export KONG_VAULT_ENV_PREFIX=SECRETS_
3. Created Prefix using Admin API
curl -i -X PUT http://hostname:8001/vaults/my-env-vault
--data name=env
--data description="Store secrets in environment variables"
--data config.prefix="SECRETS_"
4. sudo kong reload
5. sudo kong vault get my-env-vault/secrets-password

Error:
User1:$ export SECRETS_PASSWORD=abc123
User1:$ export KONG_VAULT_ENV_PREFIX=SECRETS_
User1:$ sudo kong reload
2024/04/25 16:10:38 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n"
2024/04/25 16:10:39 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n"
Kong reloaded
User1:$ sudo kong vault get my-env-vault/secrets-password
2024/04/25 16:11:49 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n"
Error: could not get value from external vault (no value found)

  Run with --v (verbose) or --vv (debug) for more details
User1:~$ sudo kong vault get my-env-vault/password
2024/04/25 16:11:59 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n"
Error: could not get value from external vault (no value found)

  Run with --v (verbose) or --vv (debug) for more details`

[chronolaw]

It seems to be related to this: https://docs.konghq.com/gateway/changelog/#general

[nboddu009]

thank you for your reply @chronolaw, do you have some time to connect via zoom

[chronolaw]

Sorry, I think that we can not do that (zoom meeting), you could add more details in this issue.

[nboddu009]

Okay, Could you please point to me correct version of kong installer.
This(https://docs.konghq.com/gateway/changelog/#general ) is more generic. Instead of could you please guide me what needs to be change ?

[Water-Melon]

@chronolaw It is not an issue of ulimit.

@nboddu009 your last step is wrong, it should be kong vault get my-env-vault/password not my-env-vault/secrets-password.

[nboddu009]

@Water-Melon I tried with kong vault get my-env-vault/password as well and getting same error

[Water-Melon]

Installed Kong enterprise version with database mode (kong-enterprise-edition_3.6.1.1_amd64.deb)

Hi @bungle , I verified the vaults on EE 3.6 and master branch according to the steps given by @nboddu009 (I changed secrets-password to password in the 5th step.), and everything is working fine. The password can be retrieved correctly. However the issue author is still unable to retrieve the value of password correctly. Could you take a look at this issue? Thanks.

[nboddu009]

@Water-Melon thank you for your response and is there any chance to have a zoom call on this?

[bungle]

@nboddu009, Could it be the sudo is not preserving your ENV?

[hanshuebner]

By default, sudo is not passing environment variables to the process that it creates except for those that are explicitly configured. The sudoers manual page has all the details. You can use the -E switch to pass all environment variables. Does that solve the problem by any chance?

[github-actions]

This issue is marked as stale because it has been open for 14 days with no activity.

[github-actions]

Dear contributor,

We are automatically closing this issue because it has not seen any activity for three weeks.
We're sorry that your issue could not be resolved. If any new information comes up that could
help resolving it, please feel free to reopen it.

Your contribution is greatly appreciated!

Please have a look
our pledge to the community
for more information.

Sincerely,
Your Kong Gateway team