Github Auth Backend for Vault

We are planning to use Github auth backend to manage permissions for individual users in vault instead of creating a separate user using userpass auth method

We are using Github enterprise version.

I am getting the following error when i am trying to login to vault using Github Auth backend

“errors”: [
“Get “https://hostname/api/v3/user”: dial tcp hostname: i/o timeout”

When i try this on my local system i am getting different error

“x509: certificate signed by unknown authority”

But when i am trying access the same endpoint from Postman by providing Authorization header with personal access token, i am getting response as 200.

Can any one help me in resolving this issue

Sounds like your outbound is either blocked or has a proxy in between that the vault server doesn’t have the cert for.

But from the vault running on my local system i am able to communicate using auth backend github but i get a different error “x509: certificate signed by unknown authority".Is there a way to bypass this error or how should i register the cert for github auth backend

Sounds like you have bigger issues. GitHub uses digicert certificate, if you’re missing a root cert CA in your trusted list you need to fix that first. You can tell Vault to ignore SSL warnings from clients but I’m not sure you can do the same thing for the server. Try using -tls-skip-verify as an inline param or VAULT_SKIP_VERIFY=1 as an environment variable.

VAULT_SKIP_VERIFY is already set. Not sure why i am getting this error.

VAULT_SKIP_VERIFY is a client side config that stops vault cli from validating Vault server https certificate, so this won’t apply here.

From the error you posted, it looks like the server that’s running vault doesn’t have trusted CA installed but it is installed on the local machine, that’s why the vault running locally on your machine doesn’t complain.

you should ask your server admin to install the CA.

Thanks. This is very helpful