Not resolving Vault Secrets

[chipmanc]

I am running GoCD installed via Helm in my kubernetes cluster. My configuration looks like:

id: vault
Vault URL: https://myvaultserver.com
Vault Path: /my/path/to/secrets
Auth Method: Token
Token: MY_AUTH_TOKEN
Rules:
Allow All *

However when I assign a secret {{SECRET:[vault][password]}} to an environment variable my jobs fail after agent registration with this error:

com.thoughtworks.go.plugin.access.exceptions.SecretResolutionFailureException: Expected plugin to resolve secret param(s) `password` using secret config `vault` but plugin failed to resolve secret param(s) `password`. Please make sure that secret(s) with the same name exists in your secret management tool.

I can retrieve this just fine with vault CLI:

=========== Data ===========
Key                    Value
---                    -----
password               My_Password

What am I missing?

[kouata]

Hi, This work for me:

On my vault: test/secret/ "my_password": "pass1234" "myh_user": "user"

gocd pipeline: var= {{SECRET:[vault][my_password]}}

gocd job: echo $var

Can you share your gocd config (like mine) and yout vault data tree view?

[chadlwilson]

Other than this, you'd need to look at/share the log from the plugin from the gocd server logs directory. There should be something logged there to say what the reason for the error is. Perhaps the plugin can't authenticate with your Vault correctly?

[chadlwilson]

Closing for inactivity - can re-open if there is additional info supplied.