Comments (15)
0x234
commented on August 30, 2024
vault status
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 5
Threshold 3
Version 1.2.0
Cluster Name vault-cluster-41b32c41
Cluster ID 3a9a120f-544f-a6d9-8af3-93bf94eafbff
HA Enabled true
HA Cluster https://10.20.2.228:8201
HA Mode active
from vault-ethereum.
0x234
commented on August 30, 2024
./vault-ethereum
This binary is a plugin. These are not meant to be executed directly.
Please execute the program that consumes these plugins, which will
load any plugins automatically
from vault-ethereum.
0x234
commented on August 30, 2024
This is the condition that raises this error: https://github.com/hashicorp/vault/blob/master/vendor/github.com/hashicorp/go-plugin/client.go#L684
from vault-ethereum.
0x234
commented on August 30, 2024
Any thoughts @cypherhat?
from vault-ethereum.
cypherhat
commented on August 30, 2024
So, this message:
2019-08-13T11:17:26.508-0400 [WARN] received Unrecognized remote plugin message:
This usually means that the plugin is either invalid or simply
needs to be recompiled to support the latest protocol. attempting as db plugin, attempting as auth/secret plugin
When you write a plugin to the catalog, the default behavior from vault is to treat the plugin as a "secret" type plugin. So if you:
vault write sys/plugins/catalog/eth-plugin ...
Vault will treat the plugin as a secret plugin. However, if you do that in vault 1.2.1, it chirps. so the fix is to:
vault write sys/plugins/catalog/secret/eth-plugin ...
from vault-ethereum.
0x234
commented on August 30, 2024
Thanks @cypherhat. That still doesn't let me enable the plugin though:
/app # vault write sys/plugins/catalog/secret/ethereum-plugin \
> sha_256=eb5f0057893e3444b9d2022563a2a241f96593e310de1890d3626b147ab4fe4e \
> command="vault-ethereum --ca-cert=/app/root.crt --client-cert=/app/vault.crt --client-key=/app/vault.key"
Success! Data written to: sys/plugins/catalog/secret/ethereum-plugin
/app # vault secrets enable -path=ethereum-plugin -description="Immutability's Ethereum Wallet" -plugin-name=ethereum-plugin plugin
Error enabling: Error making API request.
URL: POST https://127.0.0.1:8200/v1/sys/mounts/ethereum-plugin
Code: 400. Errors:
* Unrecognized remote plugin message:
This usually means that the plugin is either invalid or simply
needs to be recompiled to support the latest protocol.
from vault-ethereum.
cypherhat
commented on August 30, 2024
Ok, let me test with Vault 1.2.1. I may have to rebuild.
from vault-ethereum.
cypherhat
commented on August 30, 2024
My test was on MacOS Mojave 10.14.6. I downloaded this release.
My vault config for this quick test was:
$ cat ~/etc/vault.d/vault.hcl
"default_lease_ttl" = "24h"
"disable_mlock" = "true"
"max_lease_ttl" = "24h"
"backend" "file" {
"path" = "/Users/cypherhat/etc/vault.d/data"
}
"api_addr" = "https://localhost:8200"
"ui" = "true"
"listener" "tcp" {
"address" = "localhost:8200"
"tls_cert_file" = "/Users/cypherhat/etc/vault.d/vault.crt"
"tls_client_ca_file" = "/Users/cypherhat/etc/vault.d/root.crt"
"tls_key_file" = "/Users/cypherhat/etc/vault.d/vault.key"
}
"plugin_directory" = "/Users/cypherhat/etc/vault.d/vault_plugins"I installed the plugin as follows:
$ vault secrets disable vault-ethereum
$ vault delete sys/plugins/catalog/secret/vault-ethereum
$ mv vault-ethereum $HOME/etc/vault.d/vault_plugins/vault-ethereum
$ export SHA256=$(shasum -a 256 "$HOME/etc/vault.d/vault_plugins/vault-ethereum" | cut -d' ' -f1)
$ vault write sys/plugins/catalog/secret/vault-ethereum \
sha_256="${SHA256}" \
command="vault-ethereum --ca-cert=$HOME/etc/vault.d/root.crt --client-cert=$HOME/etc/vault.d/vault.crt --client-key=$HOME/etc/vault.d/vault.key"
$ vault secrets enable -path=vault-ethereum -plugin-name=vault-ethereum pluginWatching the Vault log messages... I saw a few warnings, but the plugin loaded.
2019-08-14T08:02:11.961-0400 [WARN] secrets.vault-ethereum.vault-ethereum_cab3d845.vault-ethereum: error closing client during Kill: metadata=true err="rpc error: code = Canceled desc = grpc: the client connection is closing"
2019-08-14T08:02:11.961-0400 [WARN] secrets.vault-ethereum.vault-ethereum_cab3d845.vault-ethereum: plugin failed to exit gracefully: metadata=true
2019-08-14T08:02:11.965-0400 [INFO] core: successful mount: namespace= path=vault-ethereum/ type=vault-ethereumThen I interacted with the plugin as follows:
$ vault write vault-ethereum/config api_key=$MY_COINMARKETCAP_API_KEY
Key Value
--- -----
api_key REDACTED
bound_cidr_list <nil>
chain_id 4
rpc_url https://rinkeby.infura.io
$ vault write vault-ethereum/convert unit_from=usd amount=1400 unit_to=eth
Key Value
--- -----
amount_from 1400
amount_to 6.7750703015583604
unit_from usd
unit_to etherfrom vault-ethereum.
0x234
commented on August 30, 2024
Ah, the Dockerfile clones github.com/immutability-io/vault-ethereum which has 4 commits since that release. Perhaps one of those has introduced a regression. I'll try a build from that specific release.
from vault-ethereum.
0x234
commented on August 30, 2024
Looking at the commits there doesn't seem to be anything that would stop this working. Hey @zambien - were you able to load & enable the plugin from that Dockerfile?
from vault-ethereum.
0x234
commented on August 30, 2024
I'm unable to exec the binary built from goreleaser. Looks like it needs glibc:
/app # ldd vault-ethereum_SNAPSHOT-b8ba0d6
/lib64/ld-linux-x86-64.so.2 (0x7f2f85305000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7f2f85305000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7f2f85305000)
/app # file vault-ethereum_SNAPSHOT-b8ba0d6
vault-ethereum_SNAPSHOT-b8ba0d6: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, Go BuildID=6p31EtFuG9KZrQ0QADHT/1O1GVQC3r6Y9Z3R3Zzfs/oIfBGOtGZSSGXsQdOgOf/GL_bbzooVwwzmhVkGYWe, BuildID[sha1]=aa0400b652073b52af8303c15fa6ccc488421f81, stripped
from vault-ethereum.
0x234
commented on August 30, 2024
CGO_ENABLED=0 kills the build with:
⨯ release failed after 145.63s error=failed to build for linux_amd64: go build github.com/ethereum/go-ethereum/crypto/secp256k1: build constraints exclude all Go files in /go/pkg/mod/github.com/ethereum/[email protected]/crypto/secp256k1
# github.com/ethereum/go-ethereum/rpc
/go/pkg/mod/github.com/ethereum/[email protected]/rpc/endpoints.go:96:19: undefined: ipcListen
/go/pkg/mod/github.com/ethereum/[email protected]/rpc/ipc.go:50:10: undefined: newIPCConnection
from vault-ethereum.
cypherhat
commented on August 30, 2024
Can't use CGO_ENABLED=0 as you stated due to the secp256k1 dependency... as you mentioned.
from vault-ethereum.
0x234
commented on August 30, 2024
I have the plugin enabled and I observed the same behaviour as you @cypherhat with the RPC connection closing. However after three attempts:
Success! Enabled the ethereum-plugin secrets engine at: ethereum-plugin/
I built vault and vault-ethereum from source with libc instead of musl. The trade off is a massive build artefact and a much larger attack surface due to the bloat pulled in. If you'd like I can provide this Dockerfile? I suspect the best path here would be to get Alpine & musl builds operational though. Thanks for your help.
from vault-ethereum.
cypherhat
commented on August 30, 2024
@JBunCE Please provide the Dockerfile. Thanks!
from vault-ethereum.
Related Issues (20)
- Unable to use Self Signed Certificate
- Can we save string data inside ethereum HOT 1
- How to pass hex string data to sign-tx HOT 7
- Finding Logs for the ethereum plugin HOT 3
- Error when installing vault-ethereum plugin HOT 9
- Error in path_blocks.go HOT 1
- Feature questions: importing ABI, filtering, and logging HOT 2
- Error writing data to ethereum-plugin/config: Error making API request. HOT 2
- Error when setting config HOT 1
- When "address_to" is not mentioned during the transaction signing, the funds are transferred to NULL address. HOT 1
- Can I use vault plugin for quorum? HOT 1
- unusable message signing (ethereum/accounts/:name/sign and ethereum/accounts/:name/verify) HOT 9
- unable to install
- sign-tx function sign transaction incorrectly.
- Sign message & verify signed message are not working properly HOT 1
- Unable to modify gas_limit parameter on sign-tx request HOT 1
- Curl not working properly for Erc20, Erc721 HOT 1
- How to backup data
- Unable to enable secrets path using newer version of Vault and ethereum plugin binary
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vault-ethereum.