Mock secert plugin

When executing the commands in the readme :vault-guides/plugins/vault-plugin-secrets-mock at master · hashicorp/vault-guides · GitHub I get the following error trying to write :

vault write mock-secrets/test hello="world"

secrets-mock: plugin tls init: error="error during token unwrap request: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/wrapping/unwrap
Code: 403. Errors:

* permission denied" timestamp=2021-02-24T13:27:06.232+0200
2021-02-24T13:27:06.233+0200 [ERROR] core: failed to run existence check: error="Unrecognized remote plugin message:

This usually means that the plugin is either invalid or simply
needs to be recompiled to support the latest protocol."

I used:

VAULT_API_ADDR=http://127.0.0.1:8200
VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200

VAULT_API_ADDR is used to advertise to clients. Since the plugin always run on the same “machine” as Vault itself, it uses the VAULT_ADDR variable which is https://localhost:8200 by default (notice the S).

export VAULT_ADDR=http://localhost:8200

should fix it.

+Shameless plug : I found Hashicorp’s example a little short. Have a look at this Enigma machine plug in I wrote. It is self contained, modular, it can be tested, the plugin can be ugraded…

2 Likes