New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
0.11.5 vault fails to load and merge storage and listener hcl config files correctly #5860
Comments
I'm also experiencing this issue, and I can't find any posts anywhere to explain how i'm supposed to supply a replacement backend without causing a merge conflict when Vault scans the config directory and doesn't ignore the default storage. My use case is that i'm trying to use S3 as my backend, so I have created a storage-backend.hcl file that just has my S3 configuration, that's it. But I have found through trial and error that before I start vault, I have to manually go to the default.hcl file and delete the default storage stanza section completely, and THEN start Vault, which will grab the remaining default.hcl configs and then move onto my storage-backend.hcl file to load the storage backend successfully. I wish Vault would just ignore the entire stanza that's being reproduced in override files. |
What i've done in the mean time to get the expected behavior is INSTEAD of calling the entire configuration /opt/vautl/config/ and load the default.hcl file and my storage-backend.hcl file, i'm only running this command: This is what my "storage-backend.hcl" file looks like now:
|
Saw the version tag on issue, @catsby I seem to still have this same issue still in |
Hi folks, this issue has been open for quite some time. Is this still a valid issue in newer versions of Vault? As of today, the current version is 1.16. Thanks! |
Firstly, it appears that config override doesn't actually allow you to merge sub keys.
e.g. if I have
default.hcl
with:and I create an
override.hcl
file with:it appears to actually replace the entire value of
foo "bar"
rather than merge into the objecte.g. the expected result from above would be:
instead, the actual result is:
this is relevant given the below issue
Given
(using a setup created mostly from hashicorp's
terraform-aws-vault
project)/opt/vault/config:
default.hcl:
override-dogstatsd.hcl:
override-listener.hcl:
(note how I have to repeat the contents of the listener config from
default.hcl
file rather than just adding what I want to merge in)override-storage.hcl:
(note how I have to repeat the contents of the storage config from
default.hcl
file rather than just adding what I want to merge in)Expected Results
vault runs and connects to backend using specified overridden configuration
Actual Results
vault runs and fails to connect to backend as it uses the values from
default.hcl
and does not override them per the values inoverride-storage.hcl
:Further Problems
If I manually remove the storage configuration section from
default.hcl
, then it will fail to run at all:if I ALSO manually remove the listener config from
default.hcl
, then it finally runs, but it says thatapi_addr
is unset, even though it's explicitly set indefault.hcl
as aboveSorry if this is confusing, but basically configuration files don't seem to load properly at all right now.
The text was updated successfully, but these errors were encountered: