Hi everyone,
I have a problem when following this tutorial OSS Vault Credential Brokering Quickstart | Boundary | HashiCorp Developer when create vault credential store after i input the token that have been created before i got this problem
before this i got problem when testing connection to database
boundary connect postgres -target-id ***** -username **** -keyring-type=none Can anyone help me ?
Did you setup Vault exactly as shown in the tutorial?
If so, then your Credential Store is probably using the wrong token.
In the tutorial when setting up vault it use vault dev i’m using vault with my own config for it. When the tutorial ask to create new token i generate it. After it ask to authenticate its still normal when i need to connect i got this first problem
-token env://BOUNDARY_TOKEN but i dont know what is the token. when i try do the -keyring-type=none i got that problem
These are 2 different errors.
The one from the Boundary UI where you see the Vault URL (http://127.0.0.1:8200/v1/auth/token/lookup-self), that’s one. My previous response was based on this error.
The one from Boundary CLI, that’s because you didn’t set the BOUNDARY_TOKEN environment variable. You can do that with the following command (assuming you’re using bash on linux and you have jq installed):
export BOUNDARY_TOKEN=$(boundary authenticate -keyring-type none -format json |jq -r .item.attributes.token)
After i run the export command i got this error message
parse error: Invalid numeric literal at line 1, column 7
Depending on your auth method, your boundary authenticate command may need more parameters, such as -login-name, -password, -auth-method-id or -scope-id and/or a subcommand such as password or oidc.
I use oidc as the primary auth method so I don’t need to provide any extra parameters.
Thank you for helping me with that. Right now i want to implement this on accessing an ubuntu machine how can i do it ?
Hello @gundar,
Hope you are doing well!
In regards to the previous error, do you still experience them, or they are now resolved?
In regards to the connection to the Ubuntu machine, we do not have a specific guide for this, but the following guide which is meant for HCP Boundary demonstrates the SSH configuration steps which should be valid as well for OSS Boundary that I assume you are using.
Hello @martinhristov90 ,
Hope you are doing well too
For my previous problem i solve it with re-inserting the vault ip address and all the step work. Right now i want to use the dynamic credential for accessing ubuntu machine is it possible or not ?
After i follow the guide i got this problem
I made a few change based on the guideline before that i got this problem
path "auth/token/lookup-self" {
capabilities = ["read"]
}
path "auth/token/renew-self" {
capabilities = ["update"]
}
path "auth/token/revoke-self" {
capabilities = ["update"]
}
path "sys/leases/renew" {
capabilities = ["update"]
}
path "sys/leases/revoke" {
capabilities = ["update"]
}
path "sys/capabilities-self" {
capabilities = ["update"]
}
path "sys/leases/renew" {
capabilities = ["update"]
}
path "sys/leases/revoke" {
capabilities = ["update"]
}
path "sys/capabilities-self" {
capabilities = ["update"]
}
kv-read policy
path "secret/data/my-ubuntu admin" {
capabilities = ["read"]
}
path "secret/data/my-ubuntu-user" {
capabilities = ["read"]
}
I’m not sure what is client policy is…
Update for this problem i manage to solve it
But i still stuck with the first problem error 3015
Sorry for the tag @macmiranda @martinhristov90 but is there any update on my problem cause i search for it only 3 web that show it but have different error code
Hi Gundar,
Reading the error message, it says “vault secret is empty”. Does the Vault secret you’re trying to use have a value, or is it empty?
Its have a value
path "secret/data/my-ubuntu-user" {
capabilities = ["read"]
}
In the tutorial referenced earlier, there’s a step, Broker credentials via Vault where you authorise the session via CLI. You then decode the base64 credentials in the next step to validate them.
If you follow these to try and display the plaintext password via CLI, what errors are you running into?
Thanks for the reply i already finish that tutorial and its work just fine after i have a new question martinhristov90 give me another tutorial for what i need Inject SSH credentials with HCP Boundary | Boundary | HashiCorp Developer
In regards to the connection to the Ubuntu machine, we do not have a specific guide for this, but the following guide which is meant for HCP Boundary demonstrates the SSH configuration steps which should be valid as well for OSS Boundary that I assume you are using.