Open ghost opened 1 year ago
I'm not sure what the "me too" etiquette is here, but we're encountering the same issue. Everything works great from Linux clients, but vault.exe
on Windows just breezes past the TOTP prompt as though you hit <Enter>
when you didn't, so you never even get a chance to input your TOTP code.
Environment
vault status
): 1.13.1vault version
): 1.14.1Issue comes from c.UI.AskSecret not waiting for input on windows in command/base.go , didn't chase this further.. It's actually in github.com/mitchellh/cli package In case anyone wants a quick fix
--- vault-1.15.5/command/base.go 2024-01-31 16:02:10.000000000 +0200
+++ vault-1.15.5-new/command/base.go 2024-02-13 16:29:56.649820386 +0200
@@ -4,6 +4,8 @@
package command
import (
+ pwd "github.com/hashicorp/go-secure-stdlib/password"
+ "runtime"
"bytes"
"flag"
"fmt"
@@ -269,6 +271,12 @@
var err error
if methodInfo.usePasscode {
passcode, err = c.UI.AskSecret(fmt.Sprintf("Enter the passphrase for methodID %q of type %q:", methodInfo.methodID, methodInfo.methodType))
+ if len(passcode) == 0 && runtime.GOOS == "windows" {
+ passcode, err = pwd.Read(os.Stdin)
+ fmt.Fprintf(os.Stderr, "\n")
+ if err != nil {
+ return nil, err
+ }
if err != nil {
return nil, fmt.Errorf("failed to read passphrase: %w. please validate the login by sending a request to sys/mfa/validate", err)
}
any news of this bug ?
Environment: Vault Server Version (retrieve with vault status): 1.16.2 Vault CLI Version (retrieve with vault version): 1.17.1 Server Operating System/Architecture: Windows 11
Describe the bug Can't authenticate using login with MFA from Windows to receive the token, and executing same auth from linux I can.
To Reproduce Steps to reproduce the behavior: From Linux:
From Windows:
Expected behavior Get a token from Windows using vault.exe or add an argument like passcode=xxxxxx to can send from stdin directly
Environment:
vault status
): 1.13.2vault version
): 1.13.2Vault server configuration file(s):
Additional context Test it client from 1.11.x , 1.12.x and 1.13.x and got same error. can't interactive to send passcode