-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to fetch secrets from Vault #4
Comments
That message is coming directly from vault. The library is just bubbling it up. You most likely don't have a secret at that path or have a permissions issue. You need to verify that using the token you've configured you can read that secret. Make sure that this command works with the token in your config. On your side make sure that you can run and that returns a secret containing
For example I have
Then I can use this in my config.
|
I have tried using CURL command, its working fine
PFB snap
[image: image.png]
Thanks
…On Wed, 21 Jul 2021 at 22:14, Jeremy Custenborder ***@***.***> wrote:
That message is coming directly from vault. The library is just bubbling
it up. You most likely don't have a secret at that path or have a
permissions issue. You need to verify that using the token you've
configured you can read that secret.
Make sure that this command works *with the token in your config.*
On your side make sure that you can run and that returns a secret
containing mysqluser and mysqlpass
vault kv get secret/confluent/secrets
For example I have secret/application/example/development in my instance.
When I run the following command with the proper token I get the following
output.
vault kv get secret/application/example/development
====== Metadata ======
Key Value
--- -----
created_time 2021-01-30T01:43:13.088708822Z
deletion_time n/a
destroyed false
version 3
========== Data ==========
Key Value
--- -----
bootstrap.server worker-01:30000,worker-02:30000,worker-03:30000
kafka.properties ssl.endpoint.identification.algorithm=https
security.protocol=SASL_PLAINTEXT
sasl.mechanism=PLAIN
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="test" password="test123";
test asdfasdf
Then I can use this in my config.
${vault:secret/application/example/development:bootstrap.server}
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF3TD3CDSOKQWKFTH7ZNMZLTY32PVANCNFSM5AYKATXQ>
.
|
None of your images are coming though. Please give the above example a try with vault cli with the token you specified in the config |
*command used : *curl -H "X-Vault-Token: **********************" -X GET
http://***********.com:8200/v1/confluent/secrets
*Response received:*
{"request_id":"e4ed35cd-2098-7859-09f7-befe5857820a","lease_id":"","renewable":false,"lease_duration":36000,"data":{"mysqlpass":"dbz","mysqluser":"debezium"},"wrap_info":null,"warnings":null,"auth":null}
…On Wed, 21 Jul 2021 at 22:28, Jeremy Custenborder ***@***.***> wrote:
None of your images are coming though. Please give the above example a try
with vault cli with the token you specified in the config
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AF3TD3EC4RX4VSQZL2AZPPLTY34BZANCNFSM5AYKATXQ>
.
|
From the command line, we are able to fetch secrets
$* vault kv get confluent/secrets*
====== Data ======
Key Value
--- -----
mysqlpass dbz
mysqluser debezium
Thanks & Regards
…On Wed, 21 Jul 2021 at 22:44, Kalyan D ***@***.***> wrote:
When i tried from vault cli
using * vault read confluent*
We are able to fetch secrets
e
I
crets
On Wed, 21 Jul 2021 at 22:36, Kalyan D ***@***.***> wrote:
> *command used : *curl -H "X-Vault-Token: **********************" -X GET
> http://***********.com:8200/v1/confluent/secrets
>
> *Response received:*
>
> {"request_id":"e4ed35cd-2098-7859-09f7-befe5857820a","lease_id":"","renewable":false,"lease_duration":36000,"data":{"mysqlpass":"dbz","mysqluser":"debezium"},"wrap_info":null,"warnings":null,"auth":null}
>
> On Wed, 21 Jul 2021 at 22:28, Jeremy Custenborder <
> ***@***.***> wrote:
>
>> None of your images are coming though. Please give the above example a
>> try with vault cli with the token you specified in the config
>>
>> —
>> You are receiving this because you authored the thread.
>> Reply to this email directly, view it on GitHub
>> <#4 (comment)>,
>> or unsubscribe
>> <https://github.com/notifications/unsubscribe-auth/AF3TD3EC4RX4VSQZL2AZPPLTY34BZANCNFSM5AYKATXQ>
>> .
>>
>
|
Any update on this issue ? |
@jcustenborder Could you please look into this issue asap |
Hi @jcustenborder |
I am now encountering this issue myself. I hope to test more tomorrow but to me it looks like a vault engine 1 vs 2 issue. The newest release of https://github.com/BetterCloud/vault-java-driver that this project uses defaults to vault engine 2, while the vault path you provided looks like an engine v1 path. I have to do some more testing but it looks like either a config for a secret path map can be included, or a global engine version flag can be included(This repo needs to update to provide those config options, but BettterCloud does have them). |
im having the exact same situation. getting vault path not found, for secrets i can get manually by same path. |
Hello jcustenborder ,
I have configured my confluent worker with following properties:
config.providers.vault.param.vault.token=************************
config.providers.vault.class=com.github.jcustenborder.kafka.config.vault.VaultConfigProvider
config.providers.vault.param.vault.address=http://********:8200
config.providers=vault
config.providers.vault.param.vault.login.by=Token
and started the worker in distributed mode
I have configured my source connection with the following configs
{
"name": "inventory-connector",
"config": {
"connector.class": "io.debezium.connector.mysql.MySqlConnector",
"tasks.max": "1",
"database.hostname": "*******",
"database.port": "3306",
"database.user": "${vault:confluent/secrets:mysqluser}",
"database.password": "${vault:confluent/secrets:mysqlpass}",
"database.server.id": "184055",
"database.server.name": "dbserver2",
"database.include.list": "inventory",
"database.history.kafka.bootstrap.servers": "localhost:9092",
"database.history.kafka.topic": "schema_changes.inventory"
}
}
In the Hashicorp vault, I have stored the secrets in the following path
confluent/secret
But while running source connector with rest call I'm getting the following error
{"error_code":500,"message":"Vault path 'confluent/secrets' was not found"}
We have tired other way also still we are getting error
{"error_code":500,"message":"Vault path 'secret/confluent/secrets' was not found"}
The text was updated successfully, but these errors were encountered: