-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault UI will not display Recovery Keys or Initial Root Token if initialized with pre-configured pkcs11 backend #22561
Comments
@MarkusBauerFS I'm investigating this bug, and trying to determine if it's a regression. Have you done this flow successfully using this same environment in a past Vault version and if so can you tell me what version? |
@Monkeychip I don't have any notes on it, so let's assume that no I did not. I have done lots of lab experiments on 1.13.x and don't recall running into this issue but as I said, I have no notes, so I might have had it initialized manually once. I have the setup automated, so I can run the tests if you want me to. |
@MarkusBauerFS got it. We've tested in on 1.14.x and we can reproduce it, but we believe updating a related component has fixed it in 1.15.x—PR here. Unfortunately, we cannot backport this "fix" because of the number of files it changes. Is upgrading to 1.15.x a potential solution for you? |
@Monkeychip Yes, that does work for me, thank you. Thank you for looking into it as well. |
This issue is fixed in 1.15.x. |
In my case I had to decrypt the seal keys first using # From an env var
echo ${ENCRYPTED_KEY} | base64 -d | GPG_TTY=$(tty) gpg --batch --yes --pinentry-mode loopback --passphrase ${PASSPHRASE} --decrypt
# From a file
echo ${ENCRYPTED_KEY} | base64 -d | gpg --pinentry-mode loopback --passphrase-file ${PASSPHRASE_FILE} --decrypt |
Describe the bug
When initializing via the UI, Vault does not display the recovery keys and initial root token when configured with a PKCS11 backend.
To Reproduce
Expected behavior
A clear and concise description of what you expected to happen.
Environment:
vault status
): 1.14.1+ent.hsmvault version
): Vault v1.13.0 (not relevant as this is a UI problem but hey)Vault server configuration file(s):
Additional context
The CLI will properly output the recovery keys and initial root token - so this looks like a UI problem.
The text was updated successfully, but these errors were encountered: