-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to write .jks (Java Key Store) to Vault #1286
Comments
@tyrostone I don't understand the distinction between being able to write to Vault and not being able to write to the disk. If you are using a storage backend with Vault, anything you store in Vault will land in the storage backend. In order to avoid encoding issues, you can try base64 encoding the input and then storing it as a value for a JSON key. You can then read the value corresponding to the key, base64 decode it and then use it. Hope this helps! |
@tyrostone Just to add to what @vishalnayak said, using the
Hope that helps! |
@jefferai and @vishalnayak thanks for the responses! This works in Vault 0.4.1 (it does not in Vault 0.2.0). |
Hi @tyrostone , Generally speaking the advice we give corresponds to the latest released version, unless we are told that you are running a previous version (this also is the case for our website documentation, which always corresponds to the latest released version). Because Vault is moving rapidly, it is very hard for us to support old versions, and because there are security updates (both within Vault and within our dependencies, such as Go) we recommend keeping relatively up-to-date with our releases. If you've just migrated to 0.4.1 from 0.2, I do strongly recommend upgrading to 0.5.2 as well. |
I would like to store several jks files to Vault, then retrieve them and write them to disk. However, I am encountering issues in my attempts. I've tried two ways of doing this: writing to Vault using @file and writing to Vault using value=@file. Details below:
I attempted to write to Vault with the following command:
vault write secret/testsecret @faketruststore.jks
When I use this command, I get the following error:
Error loading data: Invalid key/value pair '@truststore-qa.jks': invalid character 'þ' looking for beginning of value
1.
I can successfully write this to Vault using the following command:
vault write secret/testsecret value=@faketruststore.jks
However, when I attempt to write this to disk (using the Python hvac/Vault client), I encounter one of two problems:
A. A Python error when writing to disk:
UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-3: ordinal not in range(128)
B. A Java error when attempting to use the content written to disk:
javax.crypto.BadPaddingException: Given final block not properly padded
I would like to be able to write and retrieve this data using the @ alone (scenario 1). I would also love more insight into how this data is stored/interpreted in Vault, for my own troubleshooting purposes.
The text was updated successfully, but these errors were encountered: