Illegal character(s) in message header; Vault response returned 0 for secret path

[jdhines]

Jenkins and plugins versions report

Environment

```text Jenkins: 2.387.1 OS: Linux - 5.4.0-144-generic Java: 11.0.18 - Ubuntu (OpenJDK 64-Bit Server VM) --- ant:1.13 antisamy-markup-formatter:155.v795fb_8702324 apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5 authentication-tokens:1.4 bootstrap4-api:4.6.0-3 bootstrap5-api:5.2.2-2 bouncycastle-api:2.26 branch-api:2.1071.v1a_188a_562481 build-timeout:1.28 build-with-parameters:1.6 caffeine-api:2.9.3-65.v6a_47d0f4d1fe checks-api:2.0.0 cloudbees-folder:6.815.v0dd5a_cb_40e0e command-launcher:90.v669d7ccb_7c31 commons-lang3-api:3.12.0-36.vd97de6465d5b_ commons-text-api:1.10.0-36.vc008c8fcda_7b_ conditional-buildstep:1.4.1 config-file-provider:3.11.1 credentials:1224.vc23ca_a_9a_2cb_0 credentials-binding:523.vd859a_4b_122e6 data-tables-api:1.13.3-3 declarative-pipeline-migration-assistant:1.5.6 declarative-pipeline-migration-assistant-api:1.5.6 display-url-api:2.3.7 docker-commons:1.19 docker-workflow:1.28 durable-task:504.vb10d1ae5ba2f echarts-api:5.4.0-1 email-ext:2.95 envinject:2.839.v52c702c10635 envinject-api:1.180.v98d833b_27470 external-monitor-job:203.v683c09d993b_9 font-awesome-api:6.3.0-2 git:5.0.0 git-client:4.2.0 git-parameter:0.9.17 git-server:1.10 github-api:1.301-378.v9807bd746da5 gradle:1.38 hashicorp-vault-plugin:360.v0a_1c04cf807d instance-identity:116.vf8f487400980 ionicons-api:45.vf54fca_5d2154 jackson2-api:2.14.2-319.v37853346a_229 jakarta-activation-api:2.0.1-2 jakarta-mail-api:2.0.1-2 javadoc:217.v905b_86277a_2a_ javax-activation-api:1.2.0-5 javax-mail-api:1.6.2-8 jaxb:2.3.7-1 jdk-tool:63.v62d2fd4b_4793 jnr-posix-api:3.1.7-2 job-import-plugin:3.6 jquery:1.12.4-1 jquery3-api:3.6.4-1 jsch:0.1.55.2 junit:1189.v1b_e593637fa_e ldap:2.8 lockable-resources:1131.vb_7c3d377e723 mailer:448.v5b_97805e3767 mapdb-api:1.0.9.0 matrix-auth:3.1.5 matrix-project:785.v06b_7f47b_c631 maven-plugin:3.16 mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a nodejs:1.6.0 nvm-wrapper:0.1.7 okhttp-api:4.9.3-105.vb96869f8ac3a pam-auth:1.7 parameterized-trigger:2.45 pipeline-build-step:488.v8993df156e8d pipeline-github-lib:36.v4c01db_ca_ed16 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:629.vb_5627b_ee2104 pipeline-input-step:466.v6d0a_5df34f81 pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2125.vddb_a_44a_d605e pipeline-model-definition:2.2125.vddb_a_44a_d605e pipeline-model-extensions:2.2125.vddb_a_44a_d605e pipeline-rest-api:2.32 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2125.vddb_a_44a_d605e pipeline-stage-view:2.32 plain-credentials:143.v1b_df8b_d3b_e48 plugin-util-api:3.2.0 popper-api:1.16.1-2 popper2-api:2.11.6-2 resource-disposer:0.17 run-condition:1.5 scm-api:631.v9143df5b_e4a_a script-security:1229.v4880b_b_e905a_6 show-build-parameters:1.0 snakeyaml-api:1.29.1 ssh-credentials:305.v8f4381501156 ssh-slaves:1.25 sshd:3.249.v2dc2ea_416e33 structs:324.va_f5d6774f3a_d subversion:2.15.5 thinBackup:1.10 timestamper:1.17 token-macro:321.vd7cc1f2a_52c8 trilead-api:2.84.v72119de229b_7 variant:59.vf075fe829ccb workflow-aggregator:596.v8c21c963d92d workflow-api:1208.v0cc7c6e0da_9e workflow-basic-steps:1010.vf7a_b_98e847c1 workflow-cps:3653.v07ea_433c90b_4 workflow-cps-global-lib:588.v576c103a_ff86 workflow-durable-task-step:1241.v1a_63e465f943 workflow-job:1289.vd1c337fd5354 workflow-multibranch:733.v109046189126 workflow-scm-step:408.v7d5b_135a_b_d49 workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:839.v35e2736cfd5c ws-cleanup:0.40 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu 20

Reproduction steps

1. Create a freestyle job
2. Check the box for Vault plugin
3. Provide Vault path and credentials
4. Provide secrets path
5. Store the secret in a variable
6. Use script to echo the variable

Expected Results

Expected the job to run and use the credentials pulled. Confirmed the paths are correct (as they can be pulled from the same API URI outside of Jenkins).

Actual Results

The job failed due to being unable to get credentials.

Console output:

Running as SYSTEM
[EnvInject] - Loading node environment variables.
Building in workspace /var/lib/jenkins/jobs/test_vault_plugin/workspace
Retrieving secret: <secret URL redacted>
FATAL: Vault response returned 0 for secret path <secret path redacted>
java.lang.IllegalArgumentException: Illegal character(s) in message header value: <this spits out the Vault token>

    at java.base/sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(HttpURLConnection.java:559)
    at java.base/sun.net.www.protocol.http.HttpURLConnection.isExternalMessageHeaderAllowed(HttpURLConnection.java:494)
    at java.base/sun.net.www.protocol.http.HttpURLConnection.setRequestProperty(HttpURLConnection.java:3189)
    at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.setRequestProperty(HttpsURLConnectionImpl.java:312)
    at com.bettercloud.vault.rest.Rest.get(Rest.java:278)
Caused: com.bettercloud.vault.rest.RestException
    at com.bettercloud.vault.rest.Rest.get(Rest.java:288)
    at com.bettercloud.vault.api.Logical.read(Logical.java:94)
Caused: com.bettercloud.vault.VaultException
    at com.bettercloud.vault.api.Logical.read(Logical.java:120)
    at com.bettercloud.vault.api.Logical.read(Logical.java:76)
    at com.datapipe.jenkins.vault.VaultAccessor.read(VaultAccessor.java:117)
    at com.datapipe.jenkins.vault.VaultAccessor.retrieveVaultSecrets(VaultAccessor.java:169)
Caused: com.datapipe.jenkins.vault.exception.VaultPluginException: Vault response returned 0 for secret path <secret path redacted>
    at com.datapipe.jenkins.vault.VaultAccessor.retrieveVaultSecrets(VaultAccessor.java:188)
    at com.datapipe.jenkins.vault.VaultBuildWrapper.provideEnvironmentVariablesFromVault(VaultBuildWrapper.java:99)
    at com.datapipe.jenkins.vault.VaultBuildWrapper.setUp(VaultBuildWrapper.java:73)
    at jenkins.tasks.SimpleBuildWrapper.setUp(SimpleBuildWrapper.java:294)
    at hudson.model.Build$BuildExecution.doRun(Build.java:158)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:526)
    at hudson.model.Run.execute(Run.java:1900)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:44)
    at hudson.model.ResourceController.execute(ResourceController.java:101)
    at hudson.model.Executor.run(Executor.java:442)
Finished: FAILURE

Anything else?

No response

[jdhines]

Downgrading to v336.v182c0fbaaeb7 worked.