CODEWITHSUNDEEP
hashicorp-vaultquarkus
Martijn Burger
Martijn Burger

Reputation: 7543

Cannot get vault kv-v2 secrets in Quarkus using token auth

I have the following application.properties in quarkus:

quarkus.vault.url=http://vault.example.com
quarkus.vault.authentication.client-token=s.sOm3T0k3nthAt5act1vE
quarkus.vault.kv-secret-engine-version=2
quarkus.vault.secret-config-kv-path=/secret/app

When I do a local vault kv get /secret/app with the same url and token I get a result:

====== Metadata ======
Key              Value
---              -----
created_time     2019-12-05T14:46:08.894030167Z
deletion_time    n/a
destroyed        false
version          2

====== Data ======
Key         Value
---         -----
greeting    123456

However, when I try to compile the quarkus project, I get the following error:

io.quarkus.vault.runtime.client.VaultClientException code=404 body={"errors":[]}

        at io.quarkus.vault.runtime.client.OkHttpVaultClient.throwVaultException(OkHttpVaultClient.java:146)
        at io.quarkus.vault.runtime.client.OkHttpVaultClient.exec(OkHttpVaultClient.java:130)
        at io.quarkus.vault.runtime.client.OkHttpVaultClient.get(OkHttpVaultClient.java:124)
        at io.quarkus.vault.runtime.client.OkHttpVaultClient.getSecretV2(OkHttpVaultClient.java:79)
        at io.quarkus.vault.runtime.VaultKvManager.readSecret(VaultKvManager.java:30)
        at io.quarkus.vault.runtime.config.VaultConfigSource.fetchSecrets(VaultConfigSource.java:123)
        at io.quarkus.vault.runtime.config.VaultConfigSource.getSecretConfig(VaultConfigSource.java:107)
        at io.quarkus.vault.runtime.config.VaultConfigSource.getValue(VaultConfigSource.java:91)
        at io.quarkus.runtime.configuration.ExpandingConfigSource.getValue(ExpandingConfigSource.java:43)
        at io.quarkus.runtime.configuration.DeploymentProfileConfigSource.getValue(DeploymentProfileConfigSource.java:53)
        at io.smallrye.config.SmallRyeConfig.getValues(SmallRyeConfig.java:77)
        at io.smallrye.config.SmallRyeConfig.getValues(SmallRyeConfig.java:72)
        at io.quarkus.runtime.configuration.ConfigUtils.getValues(ConfigUtils.java:113)
        at io.quarkus.runtime.generated.RunTimeConfig.parseKey_log_filter_wildcard_if-starts-with(RunTimeConfig.zig:27680)
        at io.quarkus.runtime.generated.RunTimeConfig.parseKey_log_filter_wildcard(RunTimeConfig.zig:10388)
        at io.quarkus.runtime.generated.RunTimeConfig.parseKey_log_filter(RunTimeConfig.zig:7429)
        at io.quarkus.runtime.generated.RunTimeConfig.parseKey_log(RunTimeConfig.zig:31771)
        at io.quarkus.runtime.generated.RunTimeConfig.parseKey(RunTimeConfig.zig:16255)
        at io.quarkus.runtime.generated.RunTimeConfig.getRunTimeConfiguration(RunTimeConfig.zig:35309)
        at io.quarkus.runner.ApplicationImpl.doStart(ApplicationImpl.zig:130)
        at io.quarkus.runtime.Application.start(Application.java:94)
        at io.quarkus.runner.RuntimeRunner.run(RuntimeRunner.java:143)
        at io.quarkus.test.junit.QuarkusTestExtension.doJavaStart(QuarkusTestExtension.java:248)
        at io.quarkus.test.junit.QuarkusTestExtension.createTestInstance(QuarkusTestExtension.java:393)
        at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.invokeTestInstanceFactory(ClassBasedTestDescriptor.java:285)
        at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.instantiateTestClass(ClassBasedTestDescriptor.java:275)
        at org.junit.jupiter.engine.descriptor.ClassTestDescriptor.instantiateTestClass(ClassTestDescriptor.java:77)
        at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.instantiateAndPostProcessTestInstance(ClassBasedTestDescriptor.java:258)
        at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.lambda$testInstancesProvider$2(ClassBasedTestDescriptor.java:252)
        at java.util.Optional.orElseGet(Optional.java:267)
        at org.junit.jupiter.engine.descriptor.ClassBasedTestDescriptor.lambda$testInstancesProvider$3(ClassBasedTestDescriptor.java:251)
        at org.junit.jupiter.engine.execution.TestInstancesProvider.getTestInstances(TestInstancesProvider.java:29)
        at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.lambda$prepare$0(TestMethodTestDescriptor.java:106)
        at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
        at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.prepare(TestMethodTestDescriptor.java:105)
        at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.prepare(TestMethodTestDescriptor.java:69)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$prepare$1(NodeTestTask.java:107)
        at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.prepare(NodeTestTask.java:107)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:75)
        at java.util.ArrayList.forEach(ArrayList.java:1257)
        at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:38)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:139)
        at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:125)
        at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:135)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:123)
        at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:122)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:80)
        at java.util.ArrayList.forEach(ArrayList.java:1257)
        at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:38)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:139)
        at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:125)
        at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:135)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:123)
        at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:122)
        at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:80)
        at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:32)
        at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57)
        at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:51)
        at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:220)
        at org.junit.platform.launcher.core.DefaultLauncher.lambda$execute$6(DefaultLauncher.java:188)
        at org.junit.platform.launcher.core.DefaultLauncher.withInterceptedStreams(DefaultLauncher.java:202)
        at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:181)
        at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:128)
        at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invokeAllTests(JUnitPlatformProvider.java:142)
        at org.apache.maven.surefire.junitplatform.JUnitPlatformProvider.invoke(JUnitPlatformProvider.java:117)
        at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:384)
        at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:345)
        at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:126)
        at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:418)

What should I change to get the secrets from the vault in quarkus?

Upvotes: 0

Views: 1153

Answers (2)

Vincent Sevel
Vincent Sevel

Reputation: 171

as discussed in the zulip thread, the mount path should not be included in property quarkus.vault.secret-config-kv-path

so it should be quarkus.vault.secret-config-kv-path=app in your case.

Upvotes: 1

Vincent Sevel
Vincent Sevel

Reputation: 171

how does your policy look like?

does it specify <mount>/<secret-path> (kv v1) or <mount>/data/<secret-path> (kv v2) as explained in https://quarkus.io/guides/vault (see the note)?

also there is no need for a trailing '/', but I do not think this is the issue.

Upvotes: 0

Related Questions