When I try to get the secret from Hashicorp vault I get the following error:
[2024-05-20 13:17:22,589] INFO {LogMediator} - {proxy:vault-proxy-service} To: /services/vault-proxy-service?wsdl2, MessageID: urn:uuid:b4193935-d7ed-4ad1-967f-00e66d6cd526, correlation_id: b4193935-d7ed-4ad1-967f-00e66d6cd526, Direction: request, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Body/></soapenv:Envelope>
[2024-05-20 13:17:22,590] ERROR {SynapseXPath} - Evaluation of the XPath expression hashicorp:vault-lookup('secret/test', 'key1') resulted in an error org.jaxen.FunctionCallException: Error while initializing the secure vault configs
at org.wso2.micro.integrator.mediation.security.vault.external.hashicorp.HashiCorpVaultLookupFunction.call(HashiCorpVaultLookupFunction.java:101)
at org.jaxen.expr.DefaultFunctionCallExpr.evaluate(DefaultFunctionCallExpr.java:181)
at org.jaxen.expr.DefaultXPathExpr.asList(DefaultXPathExpr.java:102)
at org.jaxen.BaseXPath.selectNodesForContext(BaseXPath.java:675)
at org.jaxen.BaseXPath.selectNodes(BaseXPath.java:215)
at org.jaxen.BaseXPath.evaluate(BaseXPath.java:175)
at org.apache.synapse.util.xpath.SynapseXPath.stringValueOf(SynapseXPath.java:411)
at org.apache.synapse.mediators.builtin.PropertyMediator.getResultValue(PropertyMediator.java:410)
at org.apache.synapse.mediators.builtin.PropertyMediator.mediate(PropertyMediator.java:133)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:101)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:71)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:228)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:375)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:434)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:182)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.wso2.micro.integrator.mediation.security.vault.external.ExternalVaultException: Error while initializing the secure vault configs
at org.wso2.micro.integrator.mediation.security.vault.external.hashicorp.HashiCorpVaultLookupHandlerImpl.<init>(HashiCorpVaultLookupHandlerImpl.java:76)
at org.wso2.micro.integrator.mediation.security.vault.external.hashicorp.HashiCorpVaultLookupHandlerImpl.getDefaultSecurityService(HashiCorpVaultLookupHandlerImpl.java:82)
at org.wso2.micro.integrator.mediation.security.vault.external.hashicorp.HashiCorpVaultLookupFunction.call(HashiCorpVaultLookupFunction.java:98)
... 20 more
Caused by: org.wso2.micro.integrator.mediation.security.vault.external.ExternalVaultException: Required configurations of the hashicorp secure vault can not found
at org.wso2.micro.integrator.mediation.security.vault.external.hashicorp.HashiCorpVaultLookupHandlerImpl.initialize(HashiCorpVaultLookupHandlerImpl.java:98)
at org.wso2.micro.integrator.mediation.security.vault.external.hashicorp.HashiCorpVaultLookupHandlerImpl.<init>(HashiCorpVaultLookupHandlerImpl.java:74)
... 22 more
Code responsible for obtaining the secret:
<?xml version="1.0" encoding="UTF-8"?>
<proxy name="vault-proxy-service" startOnLoad="true" transports="http https" xmlns="http://ws.apache.org/ns/synapse">
<target>
<inSequence>
<log level="full"/>
<property expression="hashicorp:vault-lookup('secret/test', 'key1')" name="HashiCorpSecret" scope="default" type="STRING"/>
<payloadFactory media-type="json">
<format>{"message": "success", "secret_value":"$1"}</format>
<args>
<arg evaluator="xml" expression="$ctx:HashiCorpSecret"/>
</args>
</payloadFactory>
<respond/>
</inSequence>
<outSequence/>
<faultSequence/>
</target>
</proxy>
File configuration: deployment.toml responsible for connecting to Hashicorp vault:
[synapse_properties]
'synapse.rest.CORSConfig.enabled' = "true"
'synapse.rest.CORSConfig.Access-Control-Allow-Origin' = "*"
'synapse.rest.CORSConfig.Access-Control-Allow-Headers' = "content-type"
'synapse.xpath.dom.failover.enabled'="true"
'opentracing.enable' = "true"
'synapse.commons.json.output.xmloutMultiplePI'="true"
'synapse.json.to.xml.processing.instruction.enabled'="true"
'synapse.xpath.func.extensions'="org.wso2.micro.integrator.mediation.security.vault.xpath.SecureVaultLookupXPathFunctionProvider,org.wso2.micro.integrator.mediation.security.vault.external.hashicorp.HashiCorpVaultLookupXPathFunctionProvider"
[[external_vault]]
name = "hashicorp"
address = "http://127.0.0.1:8200"
rootToken = "myroot"
cacheableDuration = 15000
engineVersion = 2
trustStoreFile = "${carbon.home}/repository/resources/security/client-truststore.jks"
keyStoreFile = "${carbon.home}/repository/resources/security/wso2carbon.jks"
keyStorePassword = "wso2carbon"
An example of working Java code for obtaining a secret from a Hashicorp vault using the library specified in the WSO2 documentation, vault-java-driver-5.1.0.jar:
final VaultConfig config = new VaultConfig()
.address("http://localhost:8200")
.token("myroot")
.openTimeout(5)
.readTimeout(30)
.build();
final Vault vault = new Vault(config, 2);
String value = vault.logical()
.read("secret/test")
.getData()
.get("key1");
An example of a working Postman request to obtain a secret via the API:
enter image description here
New contributor
Илья Воробьев is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.