Vault Plugin Functional in Development Server but Not in Production Environment


I’m attempting to use a Vault plugin available at this GitHub repository. On a development server, the plugin operates correctly when I start the server with the following command:


vault server -dev -dev-root-token-id=root -dev-plugin-dir=./etc/vault.d/plugins

After initiating the server, I execute these steps:


vault secrets enable boundary

vault write boundary/config \
    addr="http://hcp-boundary-address:9200" \
    login_name=admin-username \
    password=admin-password \

However, when I try to use the plugin on my production instance with the same plugin binary and Vault binary, setting the plugin directory as:

Hcl (Vault config file)

plugin_directory = "/etc/vault.d/plugins"

And registering the plugin with:


vault plugin register -version=v1.0.2 -sha256=eef52103d13ce6fc3d777a1a3a5784f51493f883474ab96fee07c5b70b091f17 secret /boundary

Following the same steps as in the development environment, I encounter an error when running the vault write boundary/config command:


2024-01-07T15:54:50.026Z [ERROR] rollback: error rolling back: path=boundary/
  | Unrecognized remote plugin message:
  | Failed to read any lines from plugin's stdout
  | This usually means
  |   the plugin was not compiled for this architecture,
  |   the plugin is missing dynamic-link libraries necessary to run,
  |   the plugin is not executable by this process due to file permissions, or
  |   the plugin failed to negotiate the initial go-plugin protocol handshake
  | Additional notes about plugin:
  |   Path: /etc/vault.d/plugins/boundary
  |   Mode: -rwxrwxrwx
  |   Owner: 0 [root] (current: 0 [root])
  |   Group: 0 [root] (current: 0 [root])
  |   ELF architecture: EM_X86_64 (current architecture: amd64)

I’m looking for advice on how to resolve this error and successfully utilize the plugin in my production environment.

1 Like