Comments (9)
I got this to work by passing the request options.
var options = {
apiVersion: 'v1',
endpoint: 'https://127.0.0.1',
token: '0123456789',
requestOptions: {
ca: fs.readFileSync('/etc/ssl/certs/cabundlefile.crt'),
}
};
var vault = require("node-vault")(options);
from node-vault.
Are the VAULT_CACERT and VAULT_CAPATH environment variables supported ?
from node-vault.
Hi @Constantin07, are you by chance the same Constantine who was facing a similar issue with the other node Vault driver back in March?
https://gitter.im/chiefy/vaulted/archives/2017/03/08
If so, then I am starting to worry that we have the only two Node apps on earth trying to connect with Vault using CA cert verification!
Have you found any solutions or workarounds yet? I'm to point of eschewing "drivers", and just using low-level REST calls to Vault's HTTP API directly.
from node-vault.
Hi @steve-perkins, unfortunately I'm another Constantin :-)
For testing purposes I tried to use a self signed cert by placing it in the same directory with Node JS code but I get:
{ RequestError: Error: self signed certificate in certificate chain
at new RequestError (/opt/node_modules/request-promise/lib/errors.js:11:15)
at Request.RP$callback [as _callback] (/opt/node_modules/request-promise/lib/rp.js:60:32)
at self.callback (/opt/node_modules/request/request.js:186:22)
at emitOne (events.js:96:13)
at Request.emit (events.js:188:7)
at Request.onRequestError (/opt/node_modules/request/request.js:878:8)
at emitOne (events.js:96:13)
at ClientRequest.emit (events.js:188:7)
at TLSSocket.socketErrorListener (_http_client.js:310:9)
at emitOne (events.js:96:13)
at TLSSocket.emit (events.js:188:7)
at emitErrorNT (net.js:1277:8)
at _combinedTickCallback (internal/process/next_tick.js:80:11)
at process._tickCallback (internal/process/next_tick.js:104:9)
name: 'RequestError',
message: 'Error: self signed certificate in certificate chain',
cause:
{ Error: self signed certificate in certificate chain
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:610:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38) code: 'SELF_SIGNED_CERT_IN_CHAIN' },
error:
{ Error: self signed certificate in certificate chain
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1092:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:610:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38) code: 'SELF_SIGNED_CERT_IN_CHAIN' },
options:
{ json: true,
resolveWithFullResponse: true,
simple: false,
strictSSL: true,
followAllRedirects: true,
path: '/*******/*******/*******',
method: 'GET',
headers: { 'X-Vault-Token': '*************' },
uri: 'https://****.*****.***:8200/v1/******/****/*********',
callback: undefined,
transform: undefined },
response: undefined }
No workaround at the moment yet. I don't have strong Node JS experience but looking at source code it doesn't look to long.
from node-vault.
I will try to fix this in the future.
from node-vault.
@alexraddas do you know what the accepted encoding formats for that option are?
from node-vault.
@alexraddas do you know what the accepted encoding formats for that option are?
Since node-vault is based on the request-promise module, it would be dependent on which formats are supported by request-promise. For my specific use case its x509 PEM. You can always convert your CA bundle to another format using openssl. https://www.sslshopper.com/article-most-common-openssl-commands.html.
from node-vault.
Request-promise will be changed soon in favor of another (see #150)
I will have this in mind for when we will select the correct solution.
Closing the issue for now
from node-vault.
Feature request -> allow settings root/intermediate CA cert
from node-vault.
Related Issues (20)
- Missing 'rewrap' and 'keys' command HOT 1
- Use root token always get 404 response code HOT 3
- V2 KV engine support HOT 1
- Missing ldapLogin from index.d.ts HOT 2
- Missing certificate authentication mechanism HOT 1
- Add example of transit secret usage. HOT 1
- How to unseal a vault that is already initialized? HOT 2
- unable to write new secrets HOT 2
- Vault.write overwrite old secret to new HOT 1
- Vulnerability in request library HOT 2
- Update dependencies HOT 1
- Create npm deployment CI mechanism
- Next release inquiry HOT 2
- SSL Error After Upgrading Application To Node 18 HOT 4
- Add support for KV v2 "destroy" command
- Import error on index.d.ts HOT 2
- [Question] Generate certs
- How to create ACL Policy?
- Question - is there a way to read a versioned secret ?
- WARNING : node-vault > postman-request > [email protected]: this library is no longer supported
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-vault.