New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] salt-minion 3006.0 fails to get secret from HashiCorp Vault #64128
Comments
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. |
Creating vault:
config_location: master Seems it went for the The error is somewhat vague and could use some improvement, maybe appending The more interesting question is - why did it default to the
|
This is just a bug, it accesses |
@thrashwerk There is a major re-write of Salt's support for vault by this PR #62684 which is being moved to a salt extension for the Salt 3007 release. Once the salt extension is ready I shall review the code that was in salt/utils/vault.py has been fixed, given @lkubb wrote the original PR |
Additional note: In case the vault config on master uses the
|
This is still a problem on 3006.1. Every new guest automatically provisioned cannot do any vault.read_secret calls until:
Gets set at a minimum. I've worked around this problem by adding a Doing this via the salt-master is annoying as sending a |
Description
salt-minion 3006.0 can no longer retrieve secrets from HashiCorp Vault.
Old minions upgraded from 3005.1 and new servers without prior Salt installations experience the same problem on 3006.0.
Setup
Salt master Vault config
/etc/salt/master.d/vault.conf
Steps to Reproduce the behavior
Running
vault.read_secret
module from the Salt master on a minion fails with an errorERROR: Failed to read secret! KeyError: 'vault'
Expected behavior
vault.read_secret
returns the key-value pairs from VaultVersions Report
salt --versions-report
Salt master is Debian 11.
Minions are either Debian 11 or Ubuntu 22.04, both OS' experience the same problem.
The text was updated successfully, but these errors were encountered: