missing SHA-256 value

Question

missing SHA-256 value

aksharbarot opened this issue 5 years ago · 7 comments

Hi,

I am trying to setup this tool but, giving error at step 4. My machine doesn't have shasum and that i installed additionally.

Step 4:

export SHA256=$(shasum -a 256 "/etc/vault/plugins/vault-secrets-gen" | cut -d' ' -f1)
shasum: /etc/vault/plugins/vault-secrets-gen:

printenv | grep -i sha
SHA256=

vault write sys/plugins/catalog/secrets-gen sha_256="${SHA256}" command="vault-secrets-gen"

Error writing data to sys/plugins/catalog/secrets-gen: Error making API request.

URL: PUT http://10.10.10.10:8200/v1/sys/plugins/catalog/secrets-gen
Code: 400. Errors:

missing SHA-256 value

Answer 1 · 2019-03-24T20:24:19.000Z

What kind of machine are you on? What's the output of echo $SHA156?

Answer 2 · 2019-03-25T01:20:17.000Z

No. it is not adding anything.

[root@localhost ~]# export SHA256=$(shasum -a 256 "/etc/vault/plugins/vault-secrets-gen" | cut -d' ' -f1)>
shasum: /etc/vault/plugins/vault-secrets-gen:

[root@localhost  ~]# echo $SHA256

OS: CentOS Linux release 7.4.1708 (Core)

[root@localhost~]# which shasum
/usr/bin/shasum

Answer 3 · 2019-03-25T02:10:09.000Z

What's the output of shasum -a 256 "/etc/vault/plugins/vault-secrets-gen"?

Answer 4 · 2019-03-25T02:47:07.000Z

It is empty in CentOS 7!

So, Same way I tried in Ubuntu Release: 16.04

root@localhost:~/painless-password-rotation# echo $SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae

Error on below: : need to be configure directory?

root@localhost# vault write sys/plugins/catalog/secrets-gen sha_256="${SHA256}" command="vault-secrets-gen"
Error writing data to sys/plugins/catalog/secrets-gen: Error making API request.

URL: PUT http://10.10.10.10:8200/v1/sys/plugins/catalog/secrets-gen
**Code: 500. Errors:**

* 1 error occurred:
        * could not set plugin, plugin directory is not configured

Answer 5 · 2019-03-25T03:08:14.000Z

Hi @aksharbarot

That seems like a bug on Centos that should be reported upstream. You need to configure your Vault plugin directory. More info on Vault plugin: https://www.vaultproject.io/docs/internals/plugins.html

Answer 6 · 2019-03-25T04:23:54.000Z

Yes! added plugin_directory = "/etc/vault/plugins" in config.hcl

restart vault

Thank you @sethvargo

Answer 7 · 2019-03-25T04:43:19.000Z

root@localhost:/etc/vault/plugins# vault secrets enable -path="gen" -plugin-name="secrets-gen" plugin
**Error enabling: Error making API request.

URL: POST http://10.10.10.10:8200/v1/sys/mounts/gen
Code: 400. Errors:

* error verifying checksum: read /etc/vault/plugins/vault-secrets-gen: is a directory**

Logs:

},
"error": "1 error occurred:\n\t* invalid request\n\n"
}

any clue?