augi
commented
6 years ago Thanks! Will be released as 0.9.3 ASAP.
Closed kalak closed 6 years ago
augi
commented
6 years ago Thanks! Will be released as 0.9.3 ASAP.
Hi Avast,
In marathon-vault-plugin/src/main/scala/com/avast/marathon/plugin/vault/VaultPlugin.scala:31 you set a Vault config, but you do not allow for users to optionally set an SSL cert. Since we run Vault entirely in SSL mode, our secret fetching fails with:
[2017-12-28 20:28:49,020] ERROR Secret docker_pass in /holding/application/test2 application cannot be read from Vault (source: secret/shared/docker_pass@docker_pass) (com.avast.marathon.plugin.vault.VaultPlugin:marathon-akka.actor.default-dispatcher-25) com.bettercloud.vault.VaultException: com.bettercloud.vault.rest.RestException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
In https://github.com/BetterCloud/vault-java-driver, it specifies how to build a SSL config that the Vault Driver can use.