Closed Basil-V-Jose closed 4 weeks ago
robmonte
commented
8 months ago Hi @Basil-V-Jose
Thanks for reporting this. If you are still having this issue, can you possibly provide more context such as the output of the KV secret read? That will help us investigate what may have occurred.
Basil-V-Jose
commented
1 month ago @robmonte
I am still having this issue.
Run hashicorp/vault-action@v2.5.0
with:
method: jwt
url: https://vaultserver.company.com
namespace: testNamespace
role: read-access
secrets:
mountpoint/data/TEST 'ldap.username' | ldapUsername ;
mountpoint/data/TEST 'ecsAppId' | ecsAppId;
tlsSkipVerify: true
kubernetesTokenPath: /var/run/secrets/kubernetes.io/serviceaccount/token
exportEnv: true
exportToken: false
jwtTtl: 3600
**Error: Unable to retrieve result for data.data."'ecsAppId'". No match data was found. Double check your Key or Selector.**if I change ecsAppId to ecs.AppId , its able to fetch it. So that means ecsAppId is treated as single word and vault action failed to retrieve if key contains only single word.
fairclothjm
commented
4 weeks ago @Basil-V-Jose Hello, can you please provide the output from the kv commands:
vault kv list mountpoint
vault kv get mountpoint/TESTWe need more information about your configuration to debug further. I am unable to reproduce the issue. I tried the following with v2.5.0, v2.7.4 and v3:
- name: Import Secrets
uses: hashicorp/vault-action@v2.5.0
with:
url: http://localhost:8200
method: token
token: testtoken
secrets: |
secret/data/foo bar | OUT1;
secret/data/foo 'bar.2' | OUT2;
- name: test
run: |
if [ -z "$OUT1" ];then
echo "1 failed" && exit 1
fi
if [ -z "$OUT2" ];then
echo "2 failed" && exit 1
fiHere is my kv output from Vault:
$ vault kv list -mount=secret
Keys
----
foo
$ vault kv get -mount=secret foo
= Secret Path =
secret/data/foo
======= Metadata =======
Key Value
--- -----
created_time 2024-10-10T15:35:14.704078668Z
custom_metadata <nil>
deletion_time n/a
destroyed false
version 1
==== Data ====
Key Value
--- -----
bar baz
bar.2 baz.2@fairclothjm
Please find my kv output from Vault:
vault kv list mountpoint
Keys
----
TEST
cwrvault kv get -mount=mountpoint TEST
=== Secret Path ===
mountpoint/data/TEST
======= Metadata =======
Key Value
--- -----
created_time 2024-10-10T15:34:28.17682695Z
custom_metadata <nil>
deletion_time n/a
destroyed false
version 8
======================= Data =======================
Key Value
--- -----
ldap.username uyhg78654
ecsAppId appIdsdjsdh
ecs.AppId appIdsdjsdhVault server version : v1.17.5 Vault action : v2.5.0
fairclothjm
commented
4 weeks ago @Basil-V-Jose Thanks for that. Can you try removing the single quotes for the keys that don't contain dot characters?
-mountpoint/data/TEST 'ecsAppId' | ecsAppId;
+mountpoint/data/TEST ecsAppId | ecsAppId;@fairclothjm , I removed the single quotes for the keys that don't contain dot characters and its able to fetch the secrets now.
fairclothjm
commented
4 weeks ago @Basil-V-Jose Glad to hear the issue is resolved! :)
Vault server version
v1.14.1
vault-action version
v2.7.4
Describe the bug
I'm unable to retrieve secrets where key does not contains a dot via this action
To Reproduce
Expected behavior
I expect the secret to be retrieved and put in env as needed. If I modify the key in vault to username.workaround, and edit the above yaml, action fetches the secret.
Log Output
Error: Unable to retrieve result for data.data."'username'". No match data was found. Double check your Key or Selector.