Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hashicorp Vault integration error #572

Closed
juranir opened this issue Feb 19, 2024 · 4 comments
Closed

Hashicorp Vault integration error #572

juranir opened this issue Feb 19, 2024 · 4 comments

Comments

@juranir
Copy link

juranir commented Feb 19, 2024

I'm trying to integrate the Keeper Secrets manager with the Hashicorp Vault.
I'm using this documentation: https://docs.keeper.io/secrets-manager/secrets-manager/integrations/hashicorp-vault
Versions used:

  • Hashicorp Vault: 1.15.2
  • Hashicorp Vault Operator: 0.5.0 (Helm Chart version)
  • Keeper Secret plugin: 1.0.2

The basic integration is working fine, through the CLI I can get secrets but it's not working through the API, so I can't get secrets in a VaultDynamicSecret, for example.

When I'm trying to test the API by API Explorer this specific endpoint doesn't have a parameter, but when I call it an error is returned as it's missing a parameter:
image

After some debugging (sorry if it was superficial) I realized it may be a problem in the integration API. Let me try to explain:
Keeper's API is working well through the CLI that uses the pattern http://127.0.0.1:8200/v1/ksm/record?uid=_SecretUID_, but when we try to use the Vault object (instead CLI) the request is made with a different structure: http://Vault-Address:8200/v1/ksm/record/_SecretUID_

CLI:
image

Vault Object:
image

Example of a Vault object:
image

Based on that I would like to understand if it may be a bug or if I'm doing something wrong.

@idimov-keeper
Copy link
Collaborator

Try adding params: in the spec: section

  mount: ksm
  path: record
  params:
    uid: "_SecretUID_"

@juranir
Copy link
Author

juranir commented Apr 3, 2024

Even with your suggestion, the behavior remains the same.

image

@idimov-keeper
Copy link
Collaborator

This feature request will be implemented in the next release - addressing a limitations of API Explorer which can work only with path parameters.
You can use PR#505 to track progress

@idimov-keeper
Copy link
Collaborator

vault-plugin-secrets-ksm v1.0.3 release addresses these issues (by providing path parameters)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants