Following getting started guide, when I try to authenticate I get some errors with authentication information.
Error reading auth token from system credential store: The name org.freedesktop.secrets was not provided by any .service files
Authentication information:
Account ID: apw_piahOowtIg
Auth Method ID: ampw_1234567890
Expiration Time: Thu, 22 Oct 2020 09:18:27 UTC
Token:
at_XTZ16p14Dm_s13B8JPWw3tKjrriT7VVUe8wmtuj7fHPymWeiYPw13LR8zMfZyozqrDya9hjkV1ziVfMGXyAZdnpTLm8kJGHqQqPACaeSaXvGN7Xu2VDe15dc2h8zq
User ID: u_1234567890
Error saving auth token to system credential store: The name org.freedesktop.secrets was not provided by any .service files
Subsequent boundary commands fail with Unauthenticated message.
Error reading auth token from system credential store: The name org.freedesktop.secrets was not provided by any .service files
Error from controller when performing read on target:
Error information:
Code: Unauthenticated
Message: Unauthenticated, or invalid token.
Status: 401
Error reading auth token from system credential store: exit status 36
Error from controller when performing authorize-session against target:
Error information:
Code: Unauthenticated
Message: Unauthenticated, or invalid token.
Status: 401
If you open a new tab, then run the same command. It is fine.
Itâs expected that the default collection login exists in the keyring, because itâs the default in most distros. If it doesnât exist, you can create it through the keyring frontend program Seahorse:"
I donât think I have a âdefault collectionâ in centos, since gnome-keyring just gives âError saving auth token to system credential store: failed to unlock correct collection â/org/freedesktop/secrets/aliases/defaultââ.
A simple workaround seems to be to take your token and insert into an enviromnment var: export BOUNDARY_TOKEN=yourtoken
Sorry for confusion here. The Secret Service dbus interface is implemented by GNOME Keyring, Seahorse, KWallet, and others. Iâm definitely wanting to figure out a better way to handle these errors â note that they donât affect authentication, you got a token back! â but itâs a bit complicated to know the right thing to do. Pasting from myself from 404 attempting to authenticate ¡ Issue #696 ¡ hashicorp/boundary ¡ GitHub :
âŚwe thought about a Vault-style storing of the token in a local file as a backup method but over time weâve had complaints around that approach from people that didnât realize it was being stored in plaintext on disk. Since itâs relatively easy to make an alias that will store the token in a file for you on authentication and read it on other commands, or to send the token to some other preferred secrets mechanism we decided to leave it up to the user for the moment if the built-in integration isnât working for them or is disabled.
You can disable os credential storage by using -token-name=none at authentication time, and if you pass a token in directly via env var or -token to other calls we donât attempt to look it up. Weâre also working on getting some specific guides around helping you get set up once we figure out the right invocation â see Issue with secrets storage on Ubuntu ¡ Issue #697 ¡ hashicorp/boundary ¡ GitHub
One thing that isnât helping is that even on some machines with desktop environments installed, all of which have implementations of the secret service dbus service, some people are seeing this error. Weâre still working through itâŚ
One other thing relevant to (at least) the OP is that a change went into Boundary that it turns out just barely didnât make the 0.1 cutoff that causes a failure here to return a status code of 0 and a warning as opposed to a status code of 1. That will at least help with scripting workflows.