Closed selimyanat closed 5 years ago
I haven't tested with the latest release of Vault yet. I will this weekend. Possibly, I will have to re-release the plugin based on changes to Vault.
My suggestion is to use a version of Vault < 1.1.0. I will let you know my experience with 1.1.0 later.
all right thank you, i will let you know about my progress as well.
Hello there,
I have downgraded Vault to the version 0.11.3 and i managed to go further in the installation but i could not enable the plugin. Running the command down below
vault secrets enable -path=ethereum -description="Immutability's Ethereum Wallet" -plugin-name=ethereum-plugin plugin
produces the following log
2019-03-22T15:33:10.250+0100 [DEBUG] secrets.plugin.plugin_d024ecf4.ethereum-plugin: starting plugin: metadata=true path=/Users/selim/etc/vault/file/plugins/vault-ethereum args="[/Users/selim/etc/vault/file/plugins/vault-ethereum --tls-skip-verify --ca-cert=/Users/selim/etc/vault/file/root.crt --client-cert=/Users/selim/etc/vault/file/vault.crt \
--client-key=/Users/selim/etc/vault/file/vault.key]"
2019-03-22T15:33:10.253+0100 [DEBUG] secrets.plugin.plugin_d024ecf4.ethereum-plugin: waiting for RPC address: metadata=true path=/Users/selim/etc/vault/file/plugins/vault-ethereum
2019-03-22T15:33:10.285+0100 [DEBUG] secrets.plugin.plugin_d024ecf4.ethereum-plugin.vault-ethereum: plugin address: metadata=true address=/var/folders/p0/kyz821fx23dfh2wq6wgk67_w0000gn/T/plugin722266914 network=unix timestamp=2019-03-22T15:33:10.285+0100
2019-03-22T15:33:10.285+0100 [TRACE] secrets.plugin.plugin_d024ecf4.ethereum-plugin: setup: transport=gRPC status=started
2019-03-22T15:33:15.290+0100 [TRACE] secrets.plugin.plugin_d024ecf4.ethereum-plugin: setup: transport=gRPC status=finished err="rpc error: code = Unknown desc = timeout waiting for connection info" took=5.005082611s
2019-03-22T15:33:15.290+0100 [ERROR] secrets.system.system_a10c9e43: mount failed: path=ethereum-plugin/ error="rpc error: code = Unknown desc = timeout waiting for connection info"
The audit log produces:
{
"time": "2019-03-22T14:33:15.291436Z",
"type": "response",
"auth": {
"client_token": "hmac-sha256:c3a13acb2a66d323030857c0d846a06fc62b540c310f923cb981de0aba5a18e7",
"accessor": "hmac-sha256:82721cb10bdb40d1b7773adcd53d0a12bfaf738df2e53d8396a8b50b2129ba25",
"display_name": "root",
"policies": [
"root"
],
"token_policies": [
"root"
],
"metadata": null,
"entity_id": ""
},
"request": {
"id": "2d9b217f-de92-9c47-0fcc-a7d909c8e724",
"operation": "update",
"client_token": "hmac-sha256:c3a13acb2a66d323030857c0d846a06fc62b540c310f923cb981de0aba5a18e7",
"client_token_accessor": "hmac-sha256:82721cb10bdb40d1b7773adcd53d0a12bfaf738df2e53d8396a8b50b2129ba25",
"namespace": {
"id": "root",
"path": ""
},
"path": "sys/mounts/ethereum-plugin",
"data": {
"plugin_name": "hmac-sha256:d56d111ae02d61148b2da5b2615581272cfd93aa035e96558d9b62ada0c196ca",
"type": "hmac-sha256:842f9fd3eebbcca077043da0c637575dcbd4f45c400ccad531f58bd487ba2c75"
},
"policy_override": false,
"remote_address": "127.0.0.1",
"wrap_ttl": 0,
"headers": {
}
},
"response": {
"data": {
"error": "hmac-sha256:5af5367a3b685ce3e4e29d36e86621f25b497d79b2343c4983793c672aaf443a"
}
},
"error": "1 error occurred:\n\n* invalid request"
}
You can see that the messages in the logs are not the same, one is arguing that the request is invalid whereas the other is complaining about a timeout connection. Note that am using for my tests the root token.
Let me know if you need more clarification.
Thank you
I tested this afternoon:
OS:Mojave 10.14.3 Golang: go1.12 darwin/amd64 Vault: Vault v1.1.0 ('36aa8c8dd1936e10ebd7a4c1d412ae0e6f7900bd')
I built the plugin after I pulled the latest vault and go-ethereum code.
$ vault write sys/plugins/catalog/ethereum-plugin \
sha_256="$(shasum -a 256 "$HOME/etc/vault.d/vault_plugins/vault-ethereum" | cut -d' ' -f1)" \
command="vault-ethereum --ca-cert=$HOME/etc/vault.d/root.crt --client-cert=$HOME/etc/vault.d/vault.crt --client-key=$HOME/etc/vault.d/vault.key"
$ vault secrets enable -path=ethereum/prod -description="Immutability's Ethereum Wallet - PROD" -plugin-name=ethereum-plugin plugin
$ vault write ethereum/prod/config rpc_url="https://mainnet.infura.io" chain_id="1" api_key=$MY_API_KEY
Everything worked.
$ vault write ethereum/prod/convert unit_from=eth amount=1 unit_to=usd
Key Value
--- -----
amount_from 1
amount_to 137.737830017
unit_from ether
unit_to usd
I will re-release the binary today.
Hello there,
I have updated the source and give another try, unfortunately i always have the same error described in my original message. Am not a vault expert but it s like vault is not able to communicate with the plugin ?? is there an issue with the certificate generation ? or am i missing something ? Note that the warning message down below appears whenever invoking the command to write the plugin in vault:
received plugin exited before we could connect attempting as db plugin, attempting as auth/secret plugin
So it turned out that the command to register a plugin in vault > 1.0 should include the plugin type
vault write sys/plugins/catalog/secret/ethereum-plugin \
command="vault-ethereum --ca-cert=/Users/selim/etc/vault/file/root.crt --client-cert=/Users/selim/etc/vault/file/vault.crt \
--client-key=/Users/selim/etc/vault/file/vault.key" sha_256=9c60deec1d20264d69e88bd6e42dcc75a323fee9bd699fdc70ffe93d731f3032
Success! Data written to: sys/plugins/catalog/secret/ethereum-plugin
However, the command to enable the plugin is not working it gives the a 400 http code
vault secrets enable -path=ethereum-api -description="Immutability's Ethereum Wallet" ethereum-plugin
Error enabling: Error making API request.
URL: POST https://localhost:8200/v1/sys/mounts/ethereum-api
Code: 400. Errors:
* rpc error: code = Unknown desc = timeout waiting for connection info
The logs
2019-03-25T19:53:32.046+0100 [TRACE] secrets.ethereum-plugin.ethereum-plugin_58936b78.ethereum-plugin: setup: transport=gRPC status=started
2019-03-25T19:53:37.048+0100 [TRACE] secrets.ethereum-plugin.ethereum-plugin_58936b78.ethereum-plugin: setup: transport=gRPC status=finished err="rpc error: code = Unknown desc = timeout waiting for connection info" took=5.001443042s
2019-03-25T19:53:37.048+0100 [ERROR] secrets.system.system_4ba6fc24: mount failed: path=ethereum-api/ error="rpc error: code = Unknown desc = timeout waiting for connection info"
The audit log
{
"time": "2019-03-25T18:53:37.049039Z",
"type": "response",
"auth": {
"client_token": "hmac-sha256:e6d899de896cf18f232bae0f4d1c96495296c89536e58cd7aa28c80359ec8ae3",
"accessor": "hmac-sha256:eaebdc29a3400595b1e77cc667545c1c80c6d0ab4c09181d73941fc5a0ce4960",
"display_name": "root",
"policies": [
"root"
],
"token_policies": [
"root"
],
"metadata": null,
"entity_id": "",
"token_type": "service"
},
"request": {
"id": "59f69044-cc0f-5b3f-2c4d-d12f90985e2c",
"operation": "update",
"client_token": "hmac-sha256:e6d899de896cf18f232bae0f4d1c96495296c89536e58cd7aa28c80359ec8ae3",
"client_token_accessor": "hmac-sha256:eaebdc29a3400595b1e77cc667545c1c80c6d0ab4c09181d73941fc5a0ce4960",
"namespace": {
"id": "root",
"path": ""
},
"path": "sys/mounts/ethereum-api",
"data": {
"config": {
"default_lease_ttl": "hmac-sha256:8955ad6bac76f49f628889c71625b44a2ab3823be867320ff1007d2cc2bb6d61",
"force_no_cache": false,
"max_lease_ttl": "hmac-sha256:8955ad6bac76f49f628889c71625b44a2ab3823be867320ff1007d2cc2bb6d61",
"options": null
},
"description": "hmac-sha256:5d0d9bc126695aad21be6d2574942684f1d67db7a27aa581c6577725dd44c6b8",
"local": false,
"options": null,
"seal_wrap": false,
"type": "hmac-sha256:c906fe92c4ced2164320c0707ead2a5c73f29f4e3c98e1a31762ee44feb5d86d"
},
"policy_override": false,
"remote_address": "127.0.0.1",
"wrap_ttl": 0,
"headers": {
}
},
"response": {
"data": {
"error": "hmac-sha256:fbc5664a6bdcf4a463839d2dd6c6aae54d4dd0b0b01c86a555e9c73f75998bae"
},
"headers": null
},
"error": "1 error occurred:\n\t* invalid request\n\n"
}
Update on the issue: I have managed to install and enable the plugin through the following command:
vault write sys/plugins/catalog/secret/ethereum-plugin \
command="vault-ethereum --ca-cert=/Users/selim/etc/vault/file/root.crt --client-cert=/Users/selim/etc/vault/file/vault.crt \
--client-key=/Users/selim/etc/vault/file/vault.key" sha_256="${SHASUM256}"
vault secrets enable ethereum-plugin
Success! Enabled the ethereum-plugin secrets engine at: ethereum-plugin/
In order to enable the plugin with Vault 1.1.0 you need to update the go-plugin dependency to the latest version to overcome a bug introduced in the previous versions.
Once i have everything up and running i will issue a PR.
Detailed Description
I am trying to test vault-ethereum as a solution to replace a home made app that sign and send transaction to the blockchain. In this context, i have checkout the source code vault-ethereum then built it. However, i am not able to install it in vault. Am getting the following error when i run the command:
The log file says that the CA is unknown, though i have added and trusted it in keychain
I have used the materials in vault-ethereum/helper/install_vault.sh to generate the certifcates.
The request traced in the audit log down below
Your Environment
MacOS Mojave Vault 1.1.0 The vault config file:
The env variables : env | grep VAULT