Exceptions while trying to store secrets using environment variables option

[nboddu009]

Discussed in https://github.com/Kong/kong/discussions/12942

^{Originally posted by **nboddu009** April 25, 2024} Hi Team, Can someone help with below issue, Issue : could not get value from external vault (no value found) **Description:** `Installed Kong enterprise version with database mode (kong-enterprise-edition_3.6.1.1_amd64.deb) Trying use to storing secrets in environment variables(https://docs.konghq.com/gateway/3.6.x/kong-enterprise/secrets-management/backends/env/) But It is giving me error like 'could not get value from external vault (no value found)' **Steps Produce the issue:** 1. export SECRETS_PASSWORD=abc123 2. export KONG_VAULT_ENV_PREFIX=SECRETS_ 3. Created Prefix using Admin API curl -i -X PUT http://hostname:8001/vaults/my-env-vault \ --data name=env \ --data description="Store secrets in environment variables" \ --data config.prefix="SECRETS_" 4. sudo kong reload 5. sudo kong vault get my-env-vault/secrets-password Error: User1:~$ export SECRETS_PASSWORD=abc123 User1:~$ export KONG_VAULT_ENV_PREFIX=SECRETS_ User1:~$ sudo kong reload 2024/04/25 16:10:38 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n" 2024/04/25 16:10:39 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n" Kong reloaded User1:~$ sudo kong vault get my-env-vault/secrets-password 2024/04/25 16:11:49 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n" Error: could not get value from external vault (no value found) Run with --v (verbose) or --vv (debug) for more details User1:~$ sudo kong vault get my-env-vault/password 2024/04/25 16:11:59 [warn] ulimit is currently set to "1024". For better performance set it to at least "4096" using "ulimit -n" Error: could not get value from external vault (no value found) Run with --v (verbose) or --vv (debug) for more details`

[chronolaw]

It seems to be related to this: https://docs.konghq.com/gateway/changelog/#general

[nboddu009]

thank you for your reply @chronolaw, do you have some time to connect via zoom

[chronolaw]

Sorry, I think that we can not do that (zoom meeting), you could add more details in this issue.

[nboddu009]

Okay, Could you please point to me correct version of kong installer. This(https://docs.konghq.com/gateway/changelog/#general ) is more generic. Instead of could you please guide me what needs to be change ?

[Water-Melon]

@chronolaw It is not an issue of ulimit.

@nboddu009 your last step is wrong, it should be kong vault get my-env-vault/password not my-env-vault/secrets-password.

[nboddu009]

@Water-Melon I tried with kong vault get my-env-vault/password as well and getting same error

[Water-Melon]

Installed Kong enterprise version with database mode (kong-enterprise-edition_3.6.1.1_amd64.deb)

Hi @bungle , I verified the vaults on EE 3.6 and master branch according to the steps given by @nboddu009 (I changed secrets-password to password in the 5th step.), and everything is working fine. The password can be retrieved correctly. However the issue author is still unable to retrieve the value of password correctly. Could you take a look at this issue? Thanks.

[nboddu009]

@Water-Melon thank you for your response and is there any chance to have a zoom call on this?

[bungle]

@nboddu009, Could it be the sudo is not preserving your ENV?

[hanshuebner]

By default, sudo is not passing environment variables to the process that it creates except for those that are explicitly configured. The sudoers manual page has all the details. You can use the -E switch to pass all environment variables. Does that solve the problem by any chance?