Issue finding secret in Conjur

Hello, I am having an issue using secretless provider when using Conjur as my secrets management tool. When I run my application I get an error in the secretless broker logs, error 404 variable not found. I use the conjur cli to verify that the secret exists, and it does. The application works when using a secretless.yml file that has the password hardcoded. Any suggestions on what to check?

The following are details on my setup.

Docker command used to run container:
docker run --network host --env CONJUR_AUTHN_LOGIN=host/secretlessBrokerApp/secretlessBrokerApp-01 --env CONJUR_AUTHN_API_KEY=apiKey --env CONJUR_ACCOUNT=conjuraccount --env CONJUR_APPLIANCE_URL=http://ec2.us-east-2.compute.amazonaws.com -it cyberark/secretless-broker -debug

Logs from secretless broker:
2020/02/11 00:05:18 Secretless v1.5.0-4dfeef3 starting up…
2020/02/11 00:05:18 Initializing health check on :5335…
2020/02/11 00:05:18 Initialization of health check done. You can access the endpoint at /live and /ready.
2020/02/11 00:05:18 [WARN] Plugin hashes were not provided - tampering will not be detectable!
2020/02/11 00:05:18 Trying to load ./secretless.yml…
2020/02/11 00:05:18 Configuration file ./secretless.yml loaded
2020/02/11 00:05:18 [INFO] Waiting for new configuration…
2020/02/11 00:05:18 [DEBUG] Got new configuration
2020/02/11 00:05:18 Registering reload signal listeners…
2020/02/11 00:05:18 [INFO] Validating config against available plugins: ssh,ssh-agent,mssql,pg,mysql,basic_auth,conjur,generic_http,aws
2020/02/11 00:05:18 [WARN] Starting TCP listener on 0.0.0.0:3306…
2020/02/11 00:05:18 [INFO] mysqlDB: Starting service
2020/02/11 00:05:18 [INFO] Waiting for new configuration…
2020/02/11 00:06:10 Instantiating provider ‘literal’
2020/02/11 00:06:10 Instantiating provider ‘conjur’
2020/02/11 00:06:10 Info: Conjur provider using API key-based authentication
2020/02/11 00:06:11 ERROR: Resolving credential ‘secretlessBrokerSecrets/DBPassword’ from provider ‘conjur’ failed: 404 Not Found. Variable ‘secretlessBrokerSecrets/DBPassword’ not found in account ‘conjuraccount’.
2020/02/11 00:06:11 [ERROR] mysqlDB: Failed on handle connection: failed on retrieve credentials: ERROR: Resolving credential ‘secretlessBrokerSecrets/DBPassword’ from provider ‘conjur’ failed: 404 Not Found. Variable ‘secretlessBrokerSecrets/DBPassword’ not found in account ‘conjuraccount’.

output from conjur cli verifying secret exists:
PS C:\Users\Louis.Cervantes> conjur init -u ec2.us-east-2.compute.amazonaws.com -a conjuraccount
File C:/Users/Louis.Cervantes/.conjurrc exists. Overwrite (yes/no): yes
Wrote configuration to C:/Users/Louis.Cervantes/.conjurrc
PS C:\Users\Louis.Cervantes> conjur authn login -p password -u user
Logged in
PS C:\Users\Louis.Cervantes> conjur variable value secretlessBrokerSecrets/DBPassword
Password

secretless.yml:

I found my issue. I misspelled the variable name in the conjur policy I created to hold the variable. I corrected my misspelling and everything worked. So my solution is to check everything is spelled correctly

Hi Louis - glad you were able to find the solution! In any case, thanks for reaching out, and feel free to do so again in the future if you need anything!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.