sethvargo/vault-secrets-gen

Error when plugin is active

jvanbruegge opened this issue · 4 comments

Hi,
when I have the plugin active (with TLS enabled and a custom CA), I constantly get this error:

2019-02-05T17:47:31.342Z [INFO]  expiration: revoked lease: lease_id=sys/wrapping/wrap/hf15f70dba699a59b4ef1802794f39ef7ead56e1661b6802d72d22808d05a926b
2019-02-05T17:47:31.476Z [ERROR] secrets.secrets-gen.secrets-gen_0d8f6fba.secrets-gen.vault-secrets-gen: plugin tls init: error="error during token unwrap request: secret is nil" timestamp=2019-02-05T17:47:31.476Z
2019-02-05T17:47:31.479Z [INFO]  http: TLS handshake error from 172.17.0.4:60378: remote error: tls: bad certificate
2019-02-05T17:47:31.482Z [ERROR] rollback: error rolling back: path=gen/ error="plugin exited before we could connect"

and I also cannot generate passwords.

Do I have to add my CA cert to the containers system trust?

Hi @jvanbruegge

Can you share the steps you took to install the plugin?

@jefferai do plugins need to be recompiled to work with Vault 1.0+?

@sethvargo I am using a custom dockerfile and a bash script to enable the plugin.

I also recall seeing a grpc error on vault startup, but I am on mobile and can't give you the exact error now

This seems related to hashicorp/go-plugin#94, but you should be getting a timeout error, not a TLS error. Let's wait for that to be fixed and then see if it's still happening?

Just verified fixed