Unable to retrieve kv(v2) secret
tomki99 opened this issue · 4 comments
Whenever I'm enabling kv(v1) in particular path all secrets retrieves properly
[10:47:27]HashiCorp Vault
[10:47:28]HashiCorp Vault token successfully fetched
[10:47:28]5 Vault references to resolve: [vault:secret/data/keys!/roottoken, vault:secret/data/mysql/webapp!/db_name, vault:secret/data/mysql/webapp!/password, vault:secret/data/mysql/webapp!/url, vault:secret/data/mysql/webapp!/username]
but if I change the kv version to v2 (disable kv1 and enable kv2 in the same path, or simply enable kv2 in another path) it doesn't work and the only messages are as follow:
[2020-09-08 12:15:42,102] WARN - .agent.VaultParametersResolver - Cannot resolve '/secret/data/keys!/roottoken': data wasn't received from HashiCorp Vault
[2020-09-08 12:15:42,102] INFO - nt.impl.BuildRunAgentStateImpl - Stopping build on agent. Reason: fail and stop build command from the agent (Error while fetching data from HashiCorp Vault )
The policy is:
# Read-only permission on 'secret/data/*' path
path "secret/data/*" {
capabilities = [ "create", "read", "update", "delete", "list" ]
}
Have you changed parameters after switching to kv(v2)? #11 (comment)
Which parameter needs to be changed? I've remove kv v1 and define kv v2 in the same path. Another scenario tried also - kv1 in secret/data, kv2 in secret/values + additional rule in policy (adding the new path) and still no change. kv1 can be retrieved while kv2 now
As VladRassokhin said ( many thanks ), vault secret path for v2 type must be typed as /data/ suffix ie - engine_name/oursecret -> engine_name/data/oursecret in TC. Looks like in Vault API.
I ran into this issue, but didn't have a policy. Once I attached a policy to the role, this issue was resolved for me.