demo custom plugin issues

Question

demo custom plugin issues

jonathanalexander229 opened this issue 3 years ago · 1 comments

jonathanalexander229 commented 3 years ago

I'm following this tutorial

https://learn.hashicorp.com/tutorials/vault/plugin-backends?in=vault/app-integration

but when I attempt to write 'Hello World' to the demo mock plugin I get the following error. I'm running vault as a dev instance with the command provide and have set the env vars

[root@vault vault-plugin-secrets-mock]# env | grep VAULT VAULT_TOKEN=root VAULT_ADDR=http://127.0.0.1:8200

`[root@vault vault-plugin-secrets-mock]# vault write mock-secrets/test message="Hello World"
2021-06-10T18:46:19.094-0400 [ERROR] secrets.vault-plugin-secrets-mock.vault-plugin-secrets-mock_772870d9.vault-plugin-secrets-mock.vault-plugin-secrets-mock: plugin tls init:
error=
| error during token unwrap request: Error making API request.
|
| URL: PUT http://127.0.0.1:8200/v1/sys/wrapping/unwrap
| Code: 403. Errors:
|
| * permission denied
timestamp=2021-06-10T18:46:19.094-0400
2021-06-10T18:46:19.095-0400 [ERROR] core: failed to run existence check:
error=
| Unrecognized remote plugin message:
|
| This usually means that the plugin is either invalid or simply
| needs to be recompiled to support the latest protocol.

Error writing data to mock-secrets/test: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/mock-secrets/test
Code: 500. Errors:

1 error occurred:
- internal error

`

Answer 1 · 2021-06-11T19:35:42.000Z

fixed my problem by running with Make as the read me suggested, the tutorial gave me issues

Vault Mock Secrets Plugin

Mock is an example secrets engine plugin for HashiCorp Vault. It is meant for demonstration purposes only and should never be used in production.

Usage

All commands can be run using the provided Makefile. However, it may be instructive to look at the commands to gain a greater understanding of how Vault registers plugins. Using the Makefile will result in running the Vault server in dev mode. Do not run Vault in dev mode in production. The dev server allows you to configure the plugin directory as a flag, and automatically registers plugin binaries in that directory. In production, plugin binaries must be manually registered.

This will build the plugin binary and start the Vault dev server:

# Build Mock plugin and start Vault dev server with plugin automatically registered
$ make

Now open a new terminal window and run the following commands:

# Open a new terminal window and export Vault dev server http address
$ export VAULT_ADDR='http://127.0.0.1:8200'

# Enable the Mock plugin
$ make enable

# Write a secret to the Mock secrets engine
$ vault write mock-secrets/test hello="world"
Success! Data written to: mock/test

# Retrieve secret from Mock secrets engine
$ vault read mock-secrets/test
Key      Value
---      -----
hello    world