What is the recommended way on upgrading custom vault plugins?

Hi there! We are using custom plugin with vault (fork of https://github.com/immutability-io/vault-ethereum if it’s relevant) and we were wondering whats the right flow on upgrading binaries for custom plugins in vault HA setup.

Right now we do like this:

  1. Replace old binary with new one
  2. Register plugin with new sha
  3. Tune secret mount

Is this the right way?

Sometimes we face an issue that during plugin register applications that use this plugin get permission denied errors, and we have to deregister plugin completely and register it again. Sometimes everything works just fine.

Hi there!

I think the best way to upgrade a plugin is to register the plugin with a different name but I think that is what you already did, right?

Did you check the local filesystem permissions for the binary before the registration?
It is important that the Vault user has execution permissions for this binary file.

Cheers,
Michel