Giter Site home page Giter Site logo

immutability-io / vault-ethereum Goto Github PK

View Code? Open in Web Editor NEW
240.0 14.0 65.0 30.09 MB

A plugin that turns Vault into an Ethereum wallet.

Go 83.10% Shell 9.20% Dockerfile 0.61% HCL 0.30% Makefile 0.18% Solidity 6.61%
ethereum ethereum-wallet vault vault-ethereum vault-plugins hashicorp-vault go-ethereum keystore

vault-ethereum's Introduction

Vault Ethereum Plugin v0.3.0

The first incarnation of the vault-ethereum plugin was an exercise in experimenting with an idea and proving a point. 2 years later, I feel both ends were acheived.

Having had several occasions to take this PoC to production with companies in the financial and blockchain communities (plug for Immutability, LLC's custom development!) I've decided to release an upgrade that tries to make the development experience better. I've also restricted the surface area of the plugin to a minimum.

Excepting the convert API, which I keep for entertainment value.

Testing - in one terminal...

$ cd $GOPATH/src/github.com/immutability-io/vault-ethereum
$ make docker-build
$ make run

Then, open a different terminal...

$ cd $GOPATH/src/github.com/immutability-io/vault-ethereum/docker

# Authenticate
$ source ./local-test.sh auth
$ ./demo.sh > README.md

View the demo

If everything worked... And you have run the command above, your demo is had by viewing the results:

$ cat ./README.md

If everything didn't work, tell me why.

What is the API?

The best way to understand the API is to use the path-help command. For example:

$ vault path-help vault-ethereum/accounts/bob/deploy                                                                [±new-version ●]
Request:        accounts/bob/deploy
Matching Route: ^accounts/(?P<name>\w(([\w-.]+)?\w)?)/deploy$

Deploy a smart contract from an account.

## PARAMETERS

    abi (string)

        The contract ABI.

    address (string)

        <no description>

    bin (string)

        The compiled smart contract.

    gas_limit (string)

        The gas limit for the transaction - defaults to 0 meaning estimate.

    name (string)

        <no description>

    version (string)

        The smart contract version.

## DESCRIPTION

Deploy a smart contract to the network.

I still need help

Please reach out to me.

Tip

Supporting OSS is very hard.

This is my ETH address. The private keys are managed by this plugin:

0x68350c4c58eE921B30A4B1230BF6B14441B46981

vault-ethereum's People

Contributors

cypherhat avatar elranu avatar liuweilinux avatar mortimr avatar shayangz avatar travis-g avatar wistefan avatar zambien avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

vault-ethereum's Issues

Unable to build plugin

I am trying to build plugin on windows machine. But facing certain errors. Can anyone share the compiled exe of this plugin.

Can I use vault plugin for quorum?

I created the private network by quorum.
So , I’d like to use it in my private network.
Can I use it?

Detailed Description

Context

Possible Implementation

Your Environment

  • Version used:
  • Environment name and version (e.g. Chrome 39, node.js 5.4):
  • Operating System and version (desktop or mobile):
  • Link to your project:

Error writing data to ethereum-plugin/config: Error making API request.

Detailed Description

Adding configuration to vault-ethereum causes the plugin to die with:

Error writing data to ethereum-plugin/config: Error making API request.

URL: PUT https://127.0.0.1:8200/v1/ethereum-plugin/config
Code: 500. Errors:

* 1 error occurred:
	* internal error

Nothing in the vault's logs to help troubleshoot what the issue is.

Command attempted:

vault write ethereum-plugin/config rpc_url="https://rinkeby.infura.io/foo" chain_id="4" api_key="bar"

Error when setting config

Detailed Description

After running install_vault.sh on my mac, I tried to set the plugin's config by command:
$vault write -f ethereum/config
but get response:

Error writing data to ethereum/config: Error making API request.

URL: PUT https://localhost:8200/v1/ethereum/config
Code: 404. Errors:

* 1 error occurred:

* unsupported path

The result of checking the path by command: vault read ethereum/config:

No value found at ethereum/config

I've read the issue #67 but it seems different from this one.

Environment

Installed Vault and plugin successfully by install_vault.sh

Unable to modify gas_limit parameter on sign-tx request

Hello,

Brief Description

When trying to sign a transaction with any accounts, I'm unable to modify the gas_limit parameter of the transaction.
It always takes the default value which is 21000.

Detailed Description

I've tried to send sign-tx request by using the cli with :

vault write vault-ethereum/accounts/bob/sign-tx to="0xd569541AD6ED57539af62a91B405b68dB5958BA0" encoding="hex" data="6057361d0000000000000000000000000000000000000000000000000000000000000145" gas_limit="10000000"

(Before trying to make this request I sent ether to the corresponding account).
The response I get :

Key                   Value
---                   -----
amount                0
from                  0x27dF8d028f7DF8B58D70A70F575FfFdCc05Fa733
gas_limit             21000
gas_price             1000000000
nonce                 0
signed_transaction    0xf88780843b9aca0082520894d569541ad6ed57539af62a91b405b68db5958ba080a46057361d00000000000000000000000000000000000000000000000000000000000001451ba0abb4298ac728b8c8a5f81c4326a8776eb4759d29a865ad0f7f4bb0fa70d09df7a0707fe28950e64b98032ffba28fcc4863bd58ef4ab531bc2aefd826aac1c0b83b
to                    0xd569541AD6ED57539af62a91B405b68dB5958BA0
transaction_hash      0x3055d5a9341f3e02e2b53f25fd9e993c1a2f87a9ef8c543e188e6e65c2492d13

I've tried several gas_limit values including hexadecimal ones. It's value always stays at 21000.
I'm able to change all of the other parameters' value.

I decoded the signed transaction and and indeed the transaction is crafted with the wrong gas_limit parameter (21000).
I've also tried to make request with curl but the result is the same.

This makes it impossible to send transactions containing data that trigger smart contract functions : the gas_limit is too low.
When sending the transaction to any RPC endpoint we get the following error :

Intrinsic gas too low

Your Environment

OS : Debian 10.
Vault and Vault-ethereum are running inside a docker container.
Version of Vault utilisée : 1.5.3
Version of Vault-Ethereum plugin : 0.3.0
Vault ethereum config :

Key                Value
---                -----
bound_cidr_list    <nil>
chain_id           4
exclusions         <nil>
inclusions         <nil>
rpc_url            https://rinkeby.infura.io/v3/MY_INFURA_ENDPOINT

Error during building the vault-ethereum plugin

Detailed Description:
I pulled the latest vault-ethereum plugin and tried to build it without success.
We are using and building it in a docker environment but Im also not able to build it on my host machine. Around October 2018 it just worked fine.
In the docker environment it's uses image FROM golang:1.9

Error:
Step 3/14 : COPY ./vault/ethereum /go/src/github.com/immutability-io/vault-ethereum
---> 2b45f96ebb53
Step 4/14 : WORKDIR /go/src/github.com/immutability-io/vault-ethereum
Removing intermediate container b038a1e526ed
---> 3ad2a13dd564
Step 5/14 : RUN go get ./
---> Running in 229f06c45279
package github.com/ethereum/go-ethereum/crypto/sha3: cannot find package "github.com/ethereum/go-ethereum/crypto/sha3" in any of:
/usr/local/go/src/github.com/ethereum/go-ethereum/crypto/sha3 (from $GOROOT)
/go/src/github.com/ethereum/go-ethereum/crypto/sha3 (from $GOPATH)
ERROR: Service 'vault' failed to build: The command '/bin/sh -c go get ./' returned a non-zero code: 1

Environment:
OS: Mac OS Mojave 10.14.2 (18C54)
Docker version: Version 18.03.1-ce-mac65 (24312)
GO version: go version go1.11.1 darwin/amd64
vault-ethereum: latest

Sign message & verify signed message are not working properly

Detailed Description

I was trying to sign message using api:

http://localhost:8200/v1/ethereum/accounts/myacc1/sign

got sign data:

"data": {
        "address": "0x6766f3cfd606e1e428747d3364bae65b6f914d56",
        "signature": "0x0c45d788a91cfee5b46c4bfaa00c89b32fe249380b8858807e1c02256486ac9c518c5f4feb2b0a504e37354f3912b00f5a73aa581d757fb225130165d030a0b400"
}

But when I signed same message using web3 getting different signature:

0x34b6d5a2b99234b1e5cc36e0bf0aeb0fa5d667773458c2ac293f74a213a399ed12be94bfc07a1eadc4008ce6e788ab625423c9d13ca3c5a785e7c8874b6080fc1b

also when I try to verify:

http://localhost:8200/v1/ethereum/accounts/myacc1/verify

Its giving me error:

image

Context

Generated signature should be same as web3 & verify methods should work.

Your Environment

OS=Ubuntu 18.04
PLUGIN_VERSION="0.2.11"
VAULT_VERSION="1.0.3"

sign-tx function sign transaction incorrectly.

My version:
PLUGIN_VERSION="0.2.7"
VAULT_VERSION="1.4.0"

I use api https://localhost:8200/v1/ethereum/accounts/operator/sign-tx to sign my transaction.

Response:
{
"request_id": "44363911-657f-de63-b84b-2134dacd1d63",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address_from": "0x429eb0be5f2e874cedefcce53b5b20d411b8e89a",
"address_to": "0x36d1f896E55A6577C62fdd6B84fbf74582266711",
"amount": "0",
"amount_in_usd": "0",
"gas_limit": "21000",
"gas_price": "20000000000",
"signed_transaction": "0xf864808504a817c8008252089436d1f896e55a6577c62fdd6b84fbf7458226671180801ca036ebd7874b62feb46480a2bb2ea52ad2f6a7a2bd376038d2d283644918053f3ea03de93f716c367a8f4ac478da0e88c9cfdbd2d37175857aa8a24bfb4b27d17c92",
"starting_balance": 10000000000000000000,
"starting_balance_in_usd": "0",
"total_spend": "0",
"transaction_hash": "0xe71c3b8075228e49a4a7bf90a3571e04efad72daedb80662a431033cc55098af"
},
"wrap_info": null,
"warnings": null,
"auth": null
}

But this result is incorrect. My testing:
const EthTx = require('ethereumjs-tx')
cont sender = new EthTx(signed_transaction).getSenderAddress().toString('hex')
// sender is 0x1b82c7572e2efb8291e4d2b2d3a279fc384555c2 not match address_from.

Can't check signature: No public key (to verify binary from releases)

GPG public key is missing to verify pre-compiled binary

Detailed Description

I wanted to make a shortcut and use pre-compiled binary from https://github.com/immutability-io/vault-ethereum/releases instead of compiling it on my own. Also, I wanted to use the same way of binary verification as Vault has. And in the end, I realized that I have no idea where to find the public part of RSA key with id 3732F74976B99AEC to execute something like:

gpg --batch --verify SHA256SUMS.sig SHA256SUMS

I guess that's because you're using Keybase and they have their own proprietary mechanism to fetch that key. Any chances you could publish it to one of the mainstream GPG key servers? (eg. hkp://p80.pool.sks-keyservers.net:80, hkp://keyserver.ubuntu.com:80, hkp://pgp.mit.edu:80)

Related discussion keybase/keybase-issues#327

plugin fails if disable_mlock is enabled

Detailed Description

In production, it's recommended to run Vault with disable_mlock set to false. However, in our testing it appears that the plugin fails to work with this setting in the recommended production state.

Here is the error code:

Mar 15 16:14:08 vagrant-vbox-1 vault[20896]: 2018/03/15 16:14:08.989697 [DEBUG] plugin.metadata: starting plugin: path=/etc/vault/plugins/vault-ethereum args=[/etc/vault/plugins/vault-ethereum]
Mar 15 16:14:08 vagrant-vbox-1 vault[20896]: 2018/03/15 16:14:08.990385 [DEBUG] plugin.metadata: waiting for RPC address: path=/etc/vault/plugins/vault-ethereum
Mar 15 16:14:09 vagrant-vbox-1 vault[20896]: 2018/03/15 16:14:09.013390 [DEBUG] plugin.metadata.vault-ethereum: 2018/03/15 16:14:09 cannot allocate memory
Mar 15 16:14:09 vagrant-vbox-1 vault[20896]: 2018/03/15 16:14:09.014564 [DEBUG] plugin.metadata: plugin process exited: path=/etc/vault/plugins/vault-ethereum
Mar 15 16:14:09 vagrant-vbox-1 vault[20896]: 2018/03/15 16:14:09.014791 [ERROR] sys: mount failed: path=ethereum/ error=plugin exited before we could connect

This is with vault 0.9.5 and the latest vault-ethereum off of master.

Here is vault config file

{
  "plugin_directory": "/etc/vault/plugins",
  "api_addr": "http://127.0.0.1:8200",
  "disable_mlock": false,
  "listener": {
    "tcp": {
      "address": "127.0.0.1:8200",
      "tls_disable": "true"
    }
  },
  "storage": {
    "consul": {
      "token": "some-token-xxx",
      "address": "127.0.0.1:8500"
    }
  }
}

Exactly the same configuration with just disable_mlock set to true works fine.

Please note that vault in dev mode starts with disable_mlock set to true which is why we didn't see this problem in our dev environment testing.

Any thoughts?

Breaking change for github.com/miguelmota/go-coinmarketcap ?

Detailed Description

I've got an issu with my docker installation.
This is my DockerFile

FROM vault:latest
RUN apk add --update alpine-sdk \
    && mkdir /vault/plugins \
    && apk update \
    && apk add go git \ 
    && go get github.com/immutability-io/vault-ethereum \
    && go build github.com/immutability-io/vault-ethereum \
    && mv /root/go/bin/vault-ethereum /vault/plugins/vault-ethereum \
    && export SHASUM256_eth=$(sha256sum "/vault/plugins/vault-ethereum" | cut -d' ' -f1) \
    && echo  \"plugin_directory\" = \"/vault/plugins\" > /vault/config/plugin.json

Then, i've got an error with go-coinmarketcap

package github.com/miguelmota/go-coinmarketcap: no Go files in /root/go/src/github.com/miguelmota/go-coinmarketcap

There is some breaking change since the last update ? There is any way to avoid this error during the build of vault-ethereum-plugin on Docker ?

Thanks a lot

Your Environment

  • Version used: Latest
  • Environment name and version: Docker Alpine
  • Operating System and version (desktop or mobile): Mac OS X 10.13.6

Add path for deploying contracts

Detailed Description

Add the ability to deploy a smart contract.

The path would be:

ethereum/[mount]/accounts/[name_of_account]/contracts/[name_of_contract]

Context

Probably need to refactor the current sign contract capability to fit into the path scheme above.

Possible Implementation

  • Investigate versioning. I've seen some chatter about Hashicorp adding versioning for secrets. There may be some oppy for design convergence here.

Your Environment

  • Version used: Vault fork with Github MFA
  • Environment name and version:
  • Operating System and version (desktop or mobile):
  • Link to your project:

Unable to use Self Signed Certificate

Detailed Description

I am trying to host this at home. In organization. I don't have unix/Linux environment. I have hosted the vault (using VAULT_SKIP_VERIFY=1) and geth as well.

However, facing issue while enabling the vault-ethereum plugin secret. It throws an error that due to bad certificate exiting the plugin. Is there anyway I can use self signed certificate because CA templates are very costly.

Unable to mount secret, no such file or directory.

When attempting to use the vault-ethereum plugin in a docker environment using the official vault docker image I am unable to mount the new plugin and receive a no such file or directory error.

Detailed Description

Here is the vault service in my docker compose file:

vault:
    build:
      context: ./
      dockerfile: vault.dockerfile
    ports:
      - "9200:8200"
    volumes:
      - ../vault/config:/vault/config
      - ../vault/server/data:/vault/data
      - ../vault/logs:/vault/logs
    environment:
      - VAULT_ADDR=http://192.168.1.60:9200
      - VAULT_LOCAL_CONFIG={"api_addr":"http://127.0.0.1:8200","plugin_directory":"/vault/plugins","backend":{"consul":{"scheme":"http", "address":"192.168.1.60:9500","advertise_addr":"http://192.168.1.60", "path":"vault/"}},"listener":{"tcp":{"address":"0.0.0.0:8200","tls_disable":"true"}}}
    command: server

I extend the official docker image to attempt to install the vault ethereum plugin:

FROM vault:latest

# Make new directory for plugins
RUN mkdir /vault/plugins && \

# Download binary for Ethereum plugin
RUN wget https://github.com/immutability-io/vault-ethereum/releases/download/v0.0.3/vault-ethereum_0.0.3_linux_amd64.zip && \
    unzip ./vault-ethereum_0.0.3_linux_amd64.zip && \
    rm ./vault-ethereum_0.0.3_linux_amd64.zip && \
    mv ./vault-ethereum /vault/plugins/vault-ethereum && \
    chown -R vault:vault /vault/plugins

I then perform the following operations (this is a fresh install of vault with consul as the backend).

docker exec -it development_vault_1 vault init
docker exec -it development_vault_1 vault unseal
....
docker exec -it development_vault_1 vault login token=...
docker exec -it development_vault_1 sha256sum /vault/plugins/vault-ethereum
Output:
fc4734c431ae0333fad4aa480f539aa8b9b4ddcfec89907c3577a8c3de70399e  /vault/plugins/vault-ethereum
vault write sys/plugins/catalog/ethereum-plugin sha_256="fc4734c431ae0333fad4aa480f539aa8b9b4ddcfec89907c3577a8c3de70399e" command="vault-ethereum"
Output:
Success! Data written to: sys/plugins/catalog/ethereum-plugin
docker exec -it development_vault_1 vault secrets enable -path=ethereum -plugin-name=ethereum-plugin plugin

Error:
Error enabling: Error making API request.

URL: POST http://192.168.1.60:9200/v1/sys/mounts/ethereum
Code: 400. Errors:

* fork/exec /vault/plugins/vault-ethereum: no such file or directory

ls -lrt /vault/ output

drwxr-xr-x    2 root     root             0 Feb 17 12:19 logs
drwxr-xr-x    2 root     root             0 Feb 17 12:19 data
drwxr-xr-x    2 root     root             0 Feb 19 19:15 config
drwxr-xr-x    1 vault    vault         4096 Feb 20 09:05 plugins
drwxr-xr-x    2 vault    vault         4096 Feb 20 09:09 file

ls -lrt /vault/plugins output

-rwxr-xr-x    1 root     root      19384144 Feb 20 09:05 vault-ethereum

Your Environment

Host OS: Windows 10
Docker: 17.12.0-ce-win47 stable
Vault Docker: 0.9.3
Vault Ethereum: v0.0.3

Finding Logs for the ethereum plugin

Want to see the exceptions/logs that vault is throwing when I use the /debit endpoint.

Detailed Description

Ethereum plugin returns 500 error when /debit endpoint is used. Strange thing is, that this behaviour is not stable. Sometimes it throws the error sometimes not with same input data. I now want to debug it by first having a look at some log output, but I cannot find any logs.

Can you tell me are there any logs that I can use to debug the problem?
Thank you in advance!

Error while enabling secrets

Detailed Description

While running this command:

vault secrets enable -path=ethereum -plugin-name=ethereum-plugin plugin

Getting this error:

[ERR] plugin: plugin acceptAndServe error: strconv.Parselnt: parsing ““: invalid syntax
[ERROR] sys: mount failed: path=ethereum/ error=rpc error: code = Unknown desc = timeout waiting for connection info

Kindly suggest the resolution

Incorrect signature length (wanted 65, got 132)

I'm trying to make a geth node call out to Vault for generating private keys and signing transactions. The key pieces are bridged up, but I'm not getting back signatures of the right size -- test cases are failing saying that the signature has size 132 when it needs size 65. Size 65 also seems correct if the signature formula is two length-32 sequences followed by a recovery byte.

This seems like it must be a configuration issue given that you're using it successfully, though. What am I missing here? Probably an encoding issue somewhere down the line.

Detailed Description

I'm connecting vault-ethereum to a fork of quorum in two key places:

  1. /accounts/key#newKey() - This is already behaving -- Vault generates the keys and, for now, hands them back for quorum to put into its keystore.
  2. /crypto/crypto#Sign() is being called without issue, the data is being signed, but the resulting signatures are too large. My replacement implementation makes a barebones call to this library's sign endpoint:
func (v *VaultDriver) Sign(txHash []byte) (signature []byte, err error) {
	vault := v.client.Logical()
	resp, err := vault.Write(
		v.scopedPath("sign"),
		map[string]interface{}{
			"data": txHash,
		})
	if err != nil {
		fmt.Println("err on Sign:", err.Error())
		return nil, err
	}
	signature = []byte(resp.Data["signature"].(string))
	return
}

The txHash is, as you might expect, the already-hashed transaction. I've tried a few different versions of that sign call and run into different bugs.

  1. The above call ("data": txHash) successfully returns a signature, but it is too large.
  2. If I add "raw": true to the call, then the call fails with a hex string without 0x prefix error
  3. If I then change txHash to append([]string{"0x"}, string(txHash)), then the call fails with error converting input [0x �N�axoCA��t�hnU�J�����#�)����qg�] for field "data": '' expected type 'string', got unconvertible type '[]interface {}'

I've been trying alternate approaches to get around the hex string without 0x prefix error, but nothing's working. Would appreciate any guidance!

Context

I'm trying to plug vault-ethereum into a forked version of quorum so that the node can sign transactions without ever actually holding the private keys itself. If this was easy, people could easily spin up nodes without worrying about safely managing the private credentials on them.

Environment

  • Running current latest vault-ethereum version, commit 9163110
  • Vault version used: v0.10.1 ('756fdc4587350daf1c65b93647b2cc31a6f119cd')
  • GNU bash, version 4.3.48(1)-release (x86_64-pc-linux-gnu)
  • Running on Win10 via the Windows Linux Subsystem

Curl not working properly for Erc20, Erc721

Detailed Description

hi, I was trying to check balanceOf using :
https://localhost:9200/v1/vault-ethereum/accounts/bob/erc20/balanceOf
Its giving me error: :

"errors": [
      "1 error occurred:\n\t* no contract code at given address\n\n"
  ]

But when i was using Vault command :
vault read -format=json vault-ethereum/accounts/bob/erc20/balanceOf contract='0x337610d27c682E347C9cD60BD4b3b107C9d34dDd'

got data

{
"request_id": "76020c80-38b5-dc20-3362-39358f5a6176",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
 "balance": "1",
 "contract": "0x337610d27c682E347C9cD60BD4b3b107C9d34dDd",
 "name": "USDT Token",
 "symbol": "USDT"
},
"warnings": null
}

Context

I got an error when calling erc20 / balanceOf API using curl / post man, but when I call with Vault command get the data, I also want to get the same data using postman / curl

Your Environment

  • OS: Debian 11
  • VAULT_VERSION :1.9.2

Unrecognized remote plugin message

Detailed Description

Attempting to enable the plugin via a build from https://github.com/immutability-io/vault-ethereum/blob/master/Dockerfile results in:

Error enabling: Error making API request.

URL: POST https://127.0.0.1:8200/v1/sys/mounts/ethereum
Code: 400. Errors:

* Unrecognized remote plugin message:

This usually means that the plugin is either invalid or simply
needs to be recompiled to support the latest protocol.

I've attempted to load this via:

vault write sys/plugins/catalog/secret/ethereum-plugin

and

vault write sys/plugins/catalog/ethereum-plugin

Both vault writes are successful. But when I try to enable the plugin the above message is returned.

Feature questions: importing ABI, filtering, and logging

Firstly, I think this is a fantastic project. Thanks :). I have a couple of questions around functionality that I'm not able to determine from the documentation. Apologies if this is in the docs I have missed it.

  1. Signing a transaction that calls a function in a smart contract with data

I have a use case for Vault where I'd like to sign a transaction that calls a function in a smart contract, and passes this function a data object. It looks like the paths are defined here: https://github.com/immutability-io/vault-ethereum/blob/master/path_accounts.go#L57 which would enable me to create a :mount-path/accounts/:name/sign-tx-data API. If I proceed with implementing this where would be the best place to store the ABI for the contract I wish to interact with? Presumably I'd need to pass the ABI reference and method in the API call too?

  1. Is there a way to filter RPC calls that don't match a pattern/regex? This would be great to add another layer that prevents malicious/incorrect use.

  2. Are there per-RPC call logs?

Error for deploy smart contract

I use the deploy smart API, the contract can be deployed to rinkeby, but from the rinkeby exploerer, the 'TxReceipt Status' for this transaction has error.

Detailed Description

ethereum plugin version: 0.2.6
vault version:1.0.1

I use API ethereum/deploy/:account_name/contracts/:contract_name to deploy smart contract, the deploy can be ok, but there is error shown in explorer that there is error in smart contact execution.

This is the output in rinkeby explorer(https://rinkeby.etherscan.io/tx/0x08eb68cc8c9c5df210f80b930e97bc88f538095e9fb1e143ae1ea114a9a690ae)

TxHash:0x08eb68cc8c9c5df210f80b930e97bc88f538095e9fb1e143ae1ea114a9a690ae
TxReceipt Status:FailBlock
Height:3698370 (3 Block Confirmations)
TimeStamp:1 min ago (Jan-16-2019 02:07:59 AM +UTC)
From:0x74bc468c663f9c76ac18c3b53f5b78966fe420c7
To:[Contract 0x44c5b242e0205ef1b4e21936d5c7dda572d5f067 Created]
Warning! Error encountered during contract execution [gas uint64 overflow]

Value:0
Ether ($0.00)
Gas Limit: 3500000
Gas Used By Transaction:3500000 (100%)
Gas Price:0.000000001
Ether (1 Gwei)
Actual Tx Cost/Fee:0.0035
Ether ($0.000000)

I checked everything and suspect it is related to transaction_data field which is not correct.

So my question is:
In my code, the transaction_data field in deploy API is the compiled data read of smart contract from bytecode in utf8 format, is it correct?

How to backup data

Detailed Description

Hi, good morning, i want to backup data like postgresql or some database. My way is to copy config folder and next time paste overwrite, is that the correct way to backup data ?, because sometimes vault is seal and cannot unseal

Context

Possible Implementation

Your Environment

  • Version used:
    Vault : 1.9. 2
  • Environment :
    Debian 11

unusable message signing (ethereum/accounts/:name/sign and ethereum/accounts/:name/verify)

Detailed Description

I'm currently trying to sign an EIP712 payload with vault-ethereum. I'm using a lib that is properly signing and verifying payloads that can also be verified by the EVM (https://github.com/ticket721/e712).

Right now I am unable to properly verify the signatures generated by vault-ethereum. When using e712 or eth-sig-util, I end up with a failed verification.

Also the verify route does not seem to work on vault-ethereum.

Why is there no encoding argument like on the sign-tx route ?

Context

Signing messages (and more precisely encoded EIP712 payloads) is primordial as this EIP is becoming the standard for signing. I still cannot identify where the issue is coming from (maybe the format of the data is not good, adding an 'hex' encoding option might be the solution as I'm currently send some binary unreadable strings hoping it gets properly evaluated on vault-ethereum's side).

Possible Implementation

Maybe it can work by reusing what you done in the sign-tx encoding section. Maybe it's coming from something else (differing keccak256 implems, differing signing algorithms). But I'm pretty confident that the tools cited above are properly working as the signatures can get properly verified on-chain.

Your Environment

How to pass hex string data to sign-tx

When I set "data" property to hex string it seems that hex string is interpreted as utf8 byte array instead of simply setting "data" of ethereum transaction to original hex string. This makes it impossible to encode contract call on client side. This is a MAJOR ISSUE. Any workarounds?

When "address_to" is not mentioned during the transaction signing, the funds are transferred to NULL address.

Detailed Description

When "address_to" is not mentioned during the transaction signing, the funds are transferred to 0x0 address.

I have signed below transaction and made the debit request.
Payload for signing:

{
"amount":"200000000000000000",
"to": "0x36D1F896E55a6577C62FDD6b84fbF74582266700",
"data": "666f6f626172",
"encoding": "hex"
}

Signing Request:

curl -s --cacert ~/etc/vault.d/root.crt --header "X-Vault-Token: $VAULT_TOKEN"
--request POST
--data @payload.json
https://localhost:8200/v1/ethereum/dev/accounts/test2/sign-tx | jq .

Signed Transaction:

{
"request_id": "9470677c-00e3-2d8d-2c37-31f207680524",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": {
"address_from": "0xff93ff615bb9c9a354b3e5e29b416aab58b502d2",
"address_to": "0x0000000000000000000000000000000000000000",
"amount": "200000000000000000",
"amount_in_usd": "0",
"gas_limit": "21000",
"gas_price": "1000000000",
"signed_transaction": "0xf87102843b9aca008252089400000000000000000000000000000000000000008802c68af0bb14000086666f6f6261722ba088931d4492778dbf51474a05e286121d74017465587b5aadc946aae760f84f7ea07add37951665a703a17992586df632f5bb03d6b7f730a3b6bb4640fc60bab999",
"starting_balance": 18350958000000000000,
"starting_balance_in_usd": "0",
"total_spend": "1600000000000000000",
"transaction_hash": "0x00d310b7be5e4b565b8dc8982070a0fc9a410751ebc78e83c929d1b69c426114"
},
"wrap_info": null,
"warnings": null,
"auth": null
}

Context

This if not fixed could be a serious lapse, as the funds will be lost. Mostly in the dev testing this will be caught, but better to provide additional checks in the plugin itself.

Possible Implementation

Additional checks while signing the transaction.

Your Environment

  • Version used: Latest
  • Environment name and version (e.g. Chrome 39, node.js 5.4):
  • Operating System and version (desktop or mobile): MacOS Desktop
  • Link to your project:

unable to install

Description

I asm trying to use the vault-ethereum plugin but cannot install it. Every time i install it the vault server keeps repeating :

2020-03-19T11:38:37.212+0700 [INFO]  expiration: revoked lease: lease_id=sys/wrapping/wrap/h66def96317ed5b8c029b9c2b513ee711a663e404ac398f957f7c5e0391f22041
2020-03-19T11:38:41.361+0700 [ERROR] secrets.ethereum-plugin.ethereum-plugin_4e079605.ethereum-plugin.vault-ethereum: plugin tls init: error="error during token unwrap request: Put https://localhost:8200/v1/sys/wrapping/unwrap: http: server gave HTTP response to HTTPS client" timestamp=2020-03-19T11:38:41.360+0700
2020-03-19T11:38:41.364+0700 [ERROR] rollback: error rolling back: path=ethereum/ error="Unrecognized remote plugin message: 

This usually means that the plugin is either invalid or simply
needs to be recompiled to support the latest protocol."

or when i use vaut 0.10.3:

2020-03-19T13:55:05.703+0700 [INFO ] expiration: revoked lease: lease_id=sys/wrapping/wrap/877def536752b790b5627b8e4213cf434e3e1704
2020-03-19T13:55:09.806+0700 [ERROR] secrets.plugin.plugin_01a467aa.ethereum-plugin.vault-ethereum: plugin tls init: error="error during token unwrap request: Put https://localhost:8200/v1/sys/wrapping/unwrap: http: server gave HTTP response to HTTPS client" timestamp=2020-03-19T13:55:09.805+0700
2020-03-19T13:55:09.809+0700 [ERROR] rollback: error rolling back: path=ethereum/ error="plugin exited before we could connect"

Process

I downloaded the release with:

 wget --progress=bar:force -O ./darwin.zip https://github.com/immutability-io/vault-ethereum/releases/download/v0.2.11/vault-ethereum_0.2.11_darwin_amd64.zip

I unzip it move vault-ethereum to etc/vault.d/vault_plugins.

I launch the vault, unseal it and install the plugin with:

vault write sys/plugins/catalog/ethereum-plugin sha_256="$(cat SHA256SUM)" command="vault-ethereum"
Success! Data written to: sys/plugins/catalog/ethereum-plugin

e3nable the plugin:

vault secrets enable -path=ethereum -plugin-name=ethereum-plugin plugin
Success! Enabled the ethereum-plugin plugin at: ethereum/

everything seems to work but the server starts to send the message in the description. About once per minute.

I tried with several different versions of the vault and the plugin but the only difference is the error message for the 0.10.3. version of vault (see description)

context

my vault.hlc file is:

"backend" "file" {
  "path" = "/Users/infoatato/etc/vault.d/data"
}

"api_addr" = "https://localhost:8200"

"listener" "tcp" {
  "address" = "localhost:8200"
  "tls_disable"="true"
}

"plugin_directory" = "/Users/infoatato/etc/vault.d/vault_plugins"

I am on macOs Catalina version 10.15.3

/accounts/:name/sign not producing valid signed transactions

Detailed Description

I would like to use vault-ethereum to sign raw transactions that can then be broadcast.
I am trying to sign my transaction like this:

curl -k --header "X-Vault-Token: $TOKEN" \
    --request POST \
    --data '{"to":"0xSOME_ADDRESS","value":"100000","gas":"2000000","gasPrice":"234567897654321","nonce":"0","chainId":"3"}' \
    https://localhost:8200/v1/ethereum/accounts/test/sign

unfortunately no matter what i put in the data field i always get the same signature

0xdaf75853fd0dff6da264b99f0d5f03dcd3d50e5f3ad01c05a20acdc08dc7f0b635d4ca71d3d3560d1a1878c948c32baec8c30965a75b500fb1d5c80e61ddcab700

and when i try to broadcast it using myetherwallet i get the error:

invalid rlp: total length is larger than the data

anyone got an idea what the issue here is or how i can proceed?

Error when installing vault-ethereum plugin

Detailed Description

I am trying to test vault-ethereum as a solution to replace a home made app that sign and send transaction to the blockchain.
In this context, i have checkout the source code vault-ethereum then built it. However, i am not able to install it in vault. Am getting the following error when i run the command:

vault write sys/plugins/catalog/ethereum-plugin \
   sha_256="${SHASUM256}" \
   command="vault-ethereum --ca-cert=$HOME/etc/vault/file/root.crt --client-cert=$HOME/etc/vault/file/vault.crt --client-key=$HOME/etc/vault/file/vault.key" 
Error writing data to sys/plugins/catalog/ethereum-plugin: Error making API request.

URL: PUT https://127.0.0.1:8200/v1/sys/plugins/catalog/ethereum-plugin
Code: 500. Errors:

* 1 error occurred:
	* rpc error: code = Unknown desc = timeout waiting for connection info

The log file says that the CA is unknown, though i have added and trusted it in keychain

2019-03-21T14:55:01.027+0100 [INFO]  http: TLS handshake error from 127.0.0.1:59317: EOF
2019-03-21T14:55:01.030+0100 [INFO]  http: TLS handshake error from 127.0.0.1:59318: EOF
2019-03-21T14:55:54.459+0100 [INFO]  core: vault is unsealed
2019-03-21T14:55:54.459+0100 [INFO]  core.cluster-listener: starting listener: listener_address=127.0.0.1:8201
2019-03-21T14:55:54.460+0100 [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=127.0.0.1:8201
2019-03-21T14:55:54.460+0100 [INFO]  core: post-unseal setup starting
2019-03-21T14:55:54.460+0100 [INFO]  core: loaded wrapping token key
2019-03-21T14:55:54.461+0100 [INFO]  core: upgrading plugin information: plugins=[]
2019-03-21T14:55:54.461+0100 [INFO]  core: successfully setup plugin catalog: plugin-directory=/Users/selim/etc/vault/file/plugins
2019-03-21T14:55:54.461+0100 [INFO]  core: successfully mounted backend: type=system path=sys/
2019-03-21T14:55:54.461+0100 [INFO]  core: successfully mounted backend: type=identity path=identity/
2019-03-21T14:55:54.462+0100 [INFO]  core: successfully mounted backend: type=cubbyhole path=cubbyhole/
2019-03-21T14:55:54.463+0100 [INFO]  core: successfully enabled credential backend: type=token path=token/
2019-03-21T14:55:54.536+0100 [WARN]  auth.example-auth-plugin.auth_example-auth-plugin_c2d56764.example-auth-plugin: error closing client during Kill: metadata=true err="rpc error: code = Canceled desc = grpc: the client connection is closing"
2019-03-21T14:55:54.537+0100 [INFO]  core: successfully enabled credential backend: type=example-auth-plugin path=example/
2019-03-21T14:55:54.537+0100 [INFO]  rollback: starting rollback manager
2019-03-21T14:55:54.537+0100 [INFO]  core: restoring leases
2019-03-21T14:55:54.538+0100 [INFO]  expiration: lease restore complete
2019-03-21T14:55:54.538+0100 [INFO]  identity: entities restored
2019-03-21T14:55:54.538+0100 [INFO]  identity: groups restored
2019-03-21T14:55:54.538+0100 [INFO]  core: post-unseal setup complete
2019-03-21T14:56:20.283+0100 [INFO]  http: TLS handshake error from 127.0.0.1:59324: remote error: tls: unknown certificate authority
2019-03-21T14:56:32.541+0100 [WARN]  received plugin exited before we could connect attempting as db plugin, attempting as auth/secret plugin
2019-03-21T14:56:54.665+0100 [INFO]  expiration: revoked lease: lease_id=sys/wrapping/wrap/h171b892f8ff7e2dd5554da672b16eb89bb4d9670144204d9690179f83a2d62ab
2019-03-21T15:04:27.634+0100 [WARN]  received plugin exited before we could connect attempting as db plugin, attempting as auth/secret plugin

I have used the materials in vault-ethereum/helper/install_vault.sh to generate the certifcates.

The request traced in the audit log down below

{
  "time": "2019-03-21T17:13:12.269035Z",
  "type": "request",
  "auth": {
    "client_token": "hmac-sha256:e6d899de896cf18f232bae0f4d1c96495296c89536e58cd7aa28c80359ec8ae3",
    "accessor": "hmac-sha256:eaebdc29a3400595b1e77cc667545c1c80c6d0ab4c09181d73941fc5a0ce4960",
    "display_name": "root",
    "policies": [
      "root"
    ],
    "token_policies": [
      "root"
    ],
    "metadata": null,
    "entity_id": "",
    "token_type": "service"
  },
  "request": {
    "id": "010a5627-32b1-2ddf-3c8a-392c2b09232d",
    "operation": "update",
    "client_token": "hmac-sha256:e6d899de896cf18f232bae0f4d1c96495296c89536e58cd7aa28c80359ec8ae3",
    "client_token_accessor": "hmac-sha256:eaebdc29a3400595b1e77cc667545c1c80c6d0ab4c09181d73941fc5a0ce4960",
    "namespace": {
      "id": "root",
      "path": ""
    },
    "path": "sys/plugins/catalog/ethereum-plugin",
    "data": {
      "command": "hmac-sha256:d8e3a02e349f030613315e9c49d2030ff1c6a44c064acc78b67a9fa66807b975",
      "sha_256": "hmac-sha256:62999780515d3a938c2b8a0d57eec9ef6588b859c7153b9dc09bb1c2b5355af7"
    },
    "policy_override": false,
    "remote_address": "127.0.0.1",
    "wrap_ttl": 0,
    "headers": {
      
    }
  },
  "error": ""
}{
  "time": "2019-03-21T17:13:17.458343Z",
  "type": "response",
  "auth": {
    "client_token": "hmac-sha256:e6d899de896cf18f232bae0f4d1c96495296c89536e58cd7aa28c80359ec8ae3",
    "accessor": "hmac-sha256:eaebdc29a3400595b1e77cc667545c1c80c6d0ab4c09181d73941fc5a0ce4960",
    "display_name": "root",
    "policies": [
      "root"
    ],
    "token_policies": [
      "root"
    ],
    "metadata": null,
    "entity_id": "",
    "token_type": "service"
  },
  "request": {
    "id": "010a5627-32b1-2ddf-3c8a-392c2b09232d",
    "operation": "update",
    "client_token": "hmac-sha256:e6d899de896cf18f232bae0f4d1c96495296c89536e58cd7aa28c80359ec8ae3",
    "client_token_accessor": "hmac-sha256:eaebdc29a3400595b1e77cc667545c1c80c6d0ab4c09181d73941fc5a0ce4960",
    "namespace": {
      "id": "root",
      "path": ""
    },
    "path": "sys/plugins/catalog/ethereum-plugin",
    "data": {
      "command": "hmac-sha256:d8e3a02e349f030613315e9c49d2030ff1c6a44c064acc78b67a9fa66807b975",
      "sha_256": "hmac-sha256:62999780515d3a938c2b8a0d57eec9ef6588b859c7153b9dc09bb1c2b5355af7"
    },
    "policy_override": false,
    "remote_address": "127.0.0.1",
    "wrap_ttl": 0,
    "headers": {
      
    }
  },
  "response": {
    "headers": null
  },
  "error": "1 error occurred:\n\t* rpc error: code = Unknown desc = timeout waiting for connection info\n\n"
}

Your Environment

MacOS Mojave
Vault 1.1.0
The vault config file:

"default_lease_ttl" = "24h"
"disable_mlock" = "true"
"max_lease_ttl" = "24h"
"ui" = "true"

"backend" "file" {
  "path" = "/Users/selim/var/lib/vault/file/data"
}

"api_addr" = "https://localhost:8200"

listener "tcp" {
 "address"     = "127.0.0.1:8200"
 "tls_cert_file" = "/Users/selim/etc/vault/file/vault.crt"
 "tls_client_ca_file" = "/Users/selim/etc/vault/file/root.crt"
 "tls_key_file" = "/Users/selim/etc/vault/file/vault.key"
}

"plugin_directory" = "/Users/selim/etc/vault/file/plugins"

The env variables : env | grep VAULT

VAULT_HOME=/Users/selim/opt/vault
VAULT_ADDR=https://127.0.0.1:8200
VAULT_CACERT=/Users/selim/etc/vault/file/root.crt

Can we save string data inside ethereum

As hashicorp majorly used to save secrets inside secure encrypted storage using vault. Is there anyway we can save the text data inside Ethereum using this vault ethereum plugin.

Unable to enable secrets path using newer version of Vault and ethereum plugin binary

/etc/vault.d/vault-plugins # vault secrets enable -path=ethereum -plugin-name=ethereum-plugin plugin
Error enabling: Error making API request.

URL: POST http://0.0.0.0:8200/v1/sys/mounts/ethereum
Code: 400. Errors:

* invalid backend version: 2 errors occurred:
        * fork/exec /etc/vault.d/vault-plugins/vault-ethereum: no such file or directory
        * fork/exec /etc/vault.d/vault-plugins/vault-ethereum: no such file or directory

Detailed Description

Context

Possible Implementation

Your Environment

  • Version used:
  • Environment name and version (e.g. Chrome 39, node.js 5.4):
  • Operating System and version (desktop or mobile):
  • Link to your project:

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.