Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jan 31 2019 22:32
    Lexman42 synchronize #6144
  • Jan 31 2019 22:32

    Lexman42 on gh5977_use_ado_properties_from_config

    adds a connection_url parameter… (compare)

  • Jan 31 2019 22:14
    madalynrose synchronize #6129
  • Jan 31 2019 22:14

    madalynrose on openapi-models

    Add npm to apt-get command Update go-ldap to fix #6135 Merge branch 'master' into open… (compare)

  • Jan 31 2019 22:14
    madalynrose synchronize #6129
  • Jan 31 2019 22:14

    madalynrose on openapi-models

    use getNewModel for credentials… (compare)

  • Jan 31 2019 22:07
    jefferai closed #6135
  • Jan 31 2019 22:07

    jefferai on master

    Update go-ldap to fix #6135 (compare)

  • Jan 31 2019 22:03

    jefferai on storagepacker_v2

    Switch locksutil to blake (compare)

  • Jan 31 2019 22:02
    madalynrose synchronize #6129
  • Jan 31 2019 22:02

    madalynrose on openapi-models

    create newModel generator in pa… (compare)

  • Jan 31 2019 21:52

    jefferai on storagepacker_v2

    Fix some bugs and tests (compare)

  • Jan 31 2019 21:42
    Lexman42 opened #6145
  • Jan 31 2019 21:42

    Lexman42 on gh5977_add_port_parameter

    adds port parameter (compare)

  • Jan 31 2019 21:31
    chrishoffman milestoned #6144
  • Jan 31 2019 21:30

    jefferai on storagepacker_v2

    Use ItemMap instead of Items (compare)

  • Jan 31 2019 21:06
    Lexman42 opened #6144
  • Jan 31 2019 21:04

    Lexman42 on gh5977_use_ado_properties_from_config

    connection string uses all para… (compare)

  • Jan 31 2019 21:00

    Lexman42 on gh5977_ado_configuration

    (compare)

  • Jan 31 2019 21:00
    Lexman42 closed #6143
Michael Aldridge
@the-maldridge
in my network I have things like pki/root pki/dom1 pki/dom2 etc
Robert Edström
@Legogris
cool, seems like the good middle-ground
or wait, those would be one backend, separate roles right?
Michael Aldridge
@the-maldridge
multiple backends. you can pass an arbitrary path to mount
Robert Edström
@Legogris
aaah
jchengpaxos
@jchengpaxos_twitter

hey all, I'm attempting to migrate our vault backend from DynamoDB to the Integrated storage. After the migration I am unable to unseal the vault cluster with the error detailed here hashicorp/vault#10716

The docs here (https://www.vaultproject.io/docs/commands/operator/migrate) say "After migration has completed, the data is stored on the local file system. To use the new storage backend with Vault, update Vault's configuration file as described in the raft storage configuration documentation. Then start and unseal the vault server." So I'm assuming I leave the Vault in a sealed state during the migration.

LinuxPingu
@Linux-Pingu
Hi All, I am new here
and new to Vault
Was hoping someone might be able to asssit me please?
LinuxPingu
@Linux-Pingu
Is this chatroom still active at all?
jlj_
@jlj:matrix.org
[m]
Somewhat, yeah. Question? discuss.hashicorp.com is a far better place to get answers, but I'll help if I can.
LinuxPingu
@Linux-Pingu
thank you
I am still quite new to Vault and was hoping you could assist me please
I have got the bulk of the work done but having problems trying to use powershell to use api commands to retrieve a KV secret using approle
vault cli works fine in powershell which i have tested and was able to retrieve the KV secret I wanted
but there doesnt seem to be much out there with how this can be done using API on powershell
I would like to post my code here but not sure how it will turn out
i posted my questions on discuss.hasicorp but had not got any replies for a while now
jlj_
@jlj:matrix.org
[m]
Ah, sorry to hear that. I've had success with that Discourse site in the past. Have you tried using -output-curl-string on the CLI commands that have worked? That should give you the equivalent API calls.
Oh, AFK for a bit. Back later.
dennis
@dennis:glindhart.dk
[m]
Using vault-agent with auto-auth for approle, there is an option called: remove_secret_id_file_after_reading - So first time vault-agent starts up, it authenticates using the secret_id and gets a token that is written to the disk and deletes the secret_id. But when vault-agent restarts, should it not be able to run/authenticate using the token it generated without using the secret_id ?
nvucinic
@nvucinic
hello there, i just noticed that my DR replica does not have any auth in front, anyone in that network can go around and promote it, generate token or try to update it to primary.
is there any solution for this (or just add additional auth in front of it?)
ljansen97
@ljansen97
Hi, I am trying to reconfigure my vault K8s installation to have its own namespace, however, the injector sidecar keeps saying "missing client token", is there any way to troubleshoot this issue?
प्रशांत सावंत
@Prassawant_twitter
Hi
we have created sts endpoint in region eu-west-2 , also configured sts_region and sts_enpoint and AWS_REGION in systemd but still getting error "error making upstream request: received error code 403 from STS , Credential should be scoped to a valid region not 'us-eat-1' <code>SignatureDoesNotMatch</code>, am i missing anything in setup...Vault version is 1.6.2
Daniel Kimsey
@dekimsey
Does anyone have any examples of an agent's configuration in json format? I feel silly, but I converted my hcl example into json and I'm getting errors like: error parsing 'auto_auth': at most one "auto_auth" block is allowed
Lucas Bracher
@lucasbracher
Hello! I'm trying to setup a jwt authentication but I'm not being able to perform it. Could you give a look on my pastebin and help me? I'm almost there! Thank you so much for your kindness! https://pastebin.com/01BSJJcp
1 reply
Lucas Bracher
@lucasbracher
This role with oidc role_type is not allowed message error doesn't make any sense to me.
Lucas Bracher
@lucasbracher
Hi there! I'm here again! I'm trying to configure 2 policies, one, called admin, to access secrets/ and another, called abc to access secrets/abc/ . I only can read and write secrets for admin, but not for abc. Could you help me on this? Thanks in advance! https://pastebin.com/GfE95us3
jlj_
@jlj:matrix.org
[m]

Heylucasbracher (Lucas Bracher) ! I find working with the k/v secrets engine is not intuitive at all. I think your problem might be that you need more in your abc policy.

This post isn't directly related to your problem, but might get you thinking about avenues to explore: https://discuss.hashicorp.com/t/vault-policy-web-gui/14225/2

mouglou
@mouglou
Hi there! I have a question about the Vault Injector in Kubernetes. Does someone have already try to run a kubectl command in the "agent-inject-command-d" annotation? The idea is to run "kubectl rollout restart deployment application" when 2/3 of the max_ttl reach. https://discuss.hashicorp.com/t/rollout-restart-with-vault-injector-in-kubernetes-at-2-3-of-max-ttl/21913/2
Lucas Bracher
@lucasbracher
jlj, thanks! I just logged in today, I'll get a look! :)
1 reply
Lucas Bracher
@lucasbracher
Oh, found it! It just needed to prefix path with /data. Thanks!
Ilham Sulaksono
@ilham9649-gdplabs
Hi. anyone have tried to use HCP vault ?
David Oceans
@DavidOceans_twitter
Do you know why I can't delete a secret engine?¿?
Error disabling secrets engine at myapp/: context deadline exceeded
I'm using
vault secrets disable myapp/
I see doesn't have any secret but I can't remove it
I don't understand why
David Oceans
@DavidOceans_twitter
if I see the logs of the pod I see
2021-03-18T07:23:07.307Z [ERROR] core: failed to clear view for path being unmounted: error="list failed at path "e4d5cf44-25ec-b858-ed9f-8f96be4b5f9e/versions/bee/": failed to read object: context canceled" path=myapp/
2021-03-18T07:23:07.307Z [ERROR] secrets.system.system_4aa3ed71: unmount failed: path=myapp/ error="list failed at path "e4d5cf44-25ec-b858-ed9f-8f96be4b5f9e/versions/bee/": failed to read object: context canceled"
2021-03-18T07:24:20.494Z [ERROR] core: failed to clear view for path being unmounted: error="list failed at path "e4d5cf44-25ec-b858-ed9f-8f96be4b5f9e/versions/be3/": failed to read object: context canceled" path=myapp/
2021-03-18T07:24:20.494Z [ERROR] secrets.system.system_4aa3ed71: unmount failed: path=myapp/ error="list failed at path "e4d5cf44-25ec-b858-ed9f-8f96be4b5f9e/versions/be3/": failed to read object: context canceled"
any idea or how to delete that secret engine?
David Montoya
@davidmontoyago

hi friends, any maintainers of terraform-provider-vault that can approve this new datasource for vault_gcp_auth_backend_role? hashicorp/terraform-provider-vault#1011

our team is currently unable to manage Vault Identities with GCP auth backends. Any help (even just comments) would be much appreciated!

Giorgos Christos Dimitriou
@giorgosdi

Hello all, Im looking for a sample configuration for telemetry core metrics, like vault.cache.hit.
how do i define it in the config.hcl (if i need to)
I havent done such a thing and im not sure how it should look in the vault UI (again if i can actually see it in the UI).
Right now i dont have the telemetry stanza in my configuration but if i visit
https://vault.us.preprod.babylontech.co.uk/ui/vault/metrics
i can see 3 metrics:

  • http requests
  • entities
  • tokens

Am i supposed to see something more if i add the telemetry stanza ?

Screenshot 2021-03-27 at 18.57.00.png
I added the telemetry stanza in my dev cluster and the only difference i can see in the metrics UI is the above screenshot
Yoan Blanc
@greut
@giorgosdi can you see it in the API endpoint instead? https://www.vaultproject.io/api-docs/system/metrics#read-telemetry-metrics