Error with CERTJKS file
Closed this issue · 1 comments
xytian315 commented
Hey, I am new to vault. I met some problems while uploading my Jks file to vault and then load it to K8s secret. Here is what I did:
- upload jks to vault:
vault kv put secret/XXX value=@file.jks
- create vault resources in k8s.
apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
name: test-certjks
spec:
path: "secret/XXX"
type: "CERTJKS"
the secret is not created in vault. and vault pod is throwing this error:
2020-02-21 21:59:21.240 WARN 1 --- [/172.20.0.1/...] i.f.k.c.d.i.WatchConnectionManager : Exec Failure
java.lang.NullPointerException: null
at de.koudingspawn.vault.vault.impl.SharedVaultResponseMapper.getPublicKey(SharedVaultResponseMapper.java:164) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.vault.impl.SharedVaultResponseMapper.mapJks(SharedVaultResponseMapper.java:95) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.vault.impl.CertJksGenerator.generateSecret(CertJksGenerator.java:26) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.vault.VaultService.generateSecret(VaultService.java:18) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.kubernetes.EventHandler.addHandler(EventHandler.java:27) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.kubernetes.Watcher$1.eventReceived(Watcher.java:38) ~[classes!/:0.0.1-SNAPSHOT]
at de.koudingspawn.vault.kubernetes.Watcher$1.eventReceived(Watcher.java:31) ~[classes!/:0.0.1-SNAPSHOT]
at io.fabric8.kubernetes.client.utils.WatcherToggle.eventReceived(WatcherToggle.java:49) ~[kubernetes-client-4.1.0.jar!/:na]
at io.fabric8.kubernetes.client.dsl.internal.WatchConnectionManager$2.onMessage(WatchConnectionManager.java:232) ~[kubernetes-client-4.1.0.jar!/:na]
at okhttp3.internal.ws.RealWebSocket.onReadMessage(RealWebSocket.java:310) ~[okhttp-3.9.1.jar!/:na]
at okhttp3.internal.ws.WebSocketReader.readMessageFrame(WebSocketReader.java:222) ~[okhttp-3.9.1.jar!/:na]
at okhttp3.internal.ws.WebSocketReader.processNextFrame(WebSocketReader.java:101) ~[okhttp-3.9.1.jar!/:na]
at okhttp3.internal.ws.RealWebSocket.loopReader(RealWebSocket.java:265) ~[okhttp-3.9.1.jar!/:na]
at okhttp3.internal.ws.RealWebSocket$2.onResponse(RealWebSocket.java:204) ~[okhttp-3.9.1.jar!/:na]
at okhttp3.RealCall$AsyncCall.execute(RealCall.java:153) [okhttp-3.9.1.jar!/:na]
at okhttp3.internal.NamedRunnable.run(NamedRunnable.java:32) [okhttp-3.9.1.jar!/:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_212]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_212]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_212]
I am not sure if I used the right command to upload jks file into vault. I also tried:
vault write secret/*** value=@file.jks
I got the error:
Error writing data to secret/XX: Error making API request.
Code: 404. Errors:
WARNING! The following warnings were returned from Vault:
* Invalid path for a versioned K/V secrets engine. See the API docs for the
appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'
for this operation.
Could you please help me with this?
DaspawnW commented
Hey @xytian315 ,
I think here is a missunderstanding. You can't generate out of a key value pair a certjks.
Please have a look at the examples in vault.koudingspawn.de