I wrote a plugin that should be added to the vault server in golang.
I’m compiling the plugin using this command: GOARCH=amd64 GOOS=linux go
The code compiled successfully and I managed to write it to the vault server.
When I’m trying to enable it I’m receiving this error:
secrets.system.system_c3126942: error occurred during enable mount: path=<my_path>/
error=
| invalid backend version: 2 errors occurred:
| \t* Unrecognized remote plugin message:
| This usually means
| the plugin was not compiled for this architecture,
| the plugin is missing dynamic-link libraries necessary to run,
| the plugin is not executable by this process due to file permissions, or
| the plugin failed to negotiate the initial go-plugin protocol handshake
That’s an incomplete command - I assume you’re actually running some flavour of go build. Are you setting GOARCH and GOOS because you’re actually compiling on one platform to run on another, or just redundantly specifying the platform you’re already on?
You’ve only provided one set of OS and platform details - do these refer to the compilation or runtime environment, or both?
The error you have quoted is a really generic one - you can see that it is saying that something went wrong, and then speculating about possible causes, so the next thing to do is to investigate which one it might be.
Vault plugins are regular executables. You should attempt to execute your compiled plugin - in the target server environment - from the command line, with no parameters. A Vault plugin should respond with the message
This binary is a plugin. These are not meant to be executed directly.
Please execute the program that consumes these plugins, which will
load any plugins automatically
which proves the plugin code was at least able to start - but I suspect in your environment it will fail before that, and display some kind of relevant error.
This binary is a plugin. These are not meant to be executed directly.
Please execute the program that consumes these plugins, which will
load any plugins automatically
The compilation is done on the same machine that I’m trying to execute it.
OK… FYI, you’ve really distracted from the actual problem a lot, by bringing up GOOS, GOARCH, and architectures, if you’re compiling the plugin on the same machine the Vault server is running on.
Of all the quoted possible problems,
is now seeming quite likely.
Look into that
Consider raising the Vault server’s log level to TRACE which might provide more information
Try starting a separate Vault dev server using vault server -dev -dev-plugin-dir=/path/to/directory/containing/plugin, and enabling the plugin within that, to test the plugin separately from your existing Vault server setup