Does vault work with an internally hosted github server yet?

Andy Lee

unread,

Feb 11, 2016, 6:53:46 PM2/11/16

to Vault

Was just trying to use github auth on my cluster and noticed that I could not seem to change the API endpoint when trying to authenticate using my github token.

I stumbled upon this thread.

https://groups.google.com/forum/#!searchin/vault-tool/github$20auth$20url/vault-tool/4Hr-gQuvwG4/e-DFtGGdsT4J


# vault auth -method=github token=<redacted>

Error making API request.

URL: PUT https://127.0.0.1:8200/v1/auth/github/login

Code: 500. Errors:

* GET https://api.github.com/user: 401 Bad credentials []

I'm configuring github auth like this

vault write auth/github/config organization=my_org
vault write auth/github/config base_url=github.example.com
vault write auth/github/map/teams/Owners value=root

vault auth -method=github token=c1d344c1af859ab65f668afbb241f2940102d458

Does vault not respect the base_url or is that for something else?

I'm using Vault v0.2.1-dev. Does the latest version support the ability to configure the API endpoint?

Thanks,

Andy

Armon Dadgar

unread,

Feb 11, 2016, 9:10:36 PM2/11/16

to vault...@googlegroups.com, Andy Lee

Andy,

The base_url feature was added in Vault 0.3, and we’ve recently announced Vault 0.5.

You are running a very old version at this point, and I would recommend upgrading as

there have been many features, bug fixes, and security enhancements since 0.2.1.

Best Regards,

Armon Dadgar

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/f2ec017d-0657-43dd-804d-c4eeb3029337%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Andy Lee

unread,

Feb 12, 2016, 10:12:51 AM2/12/16

to Vault, andy....@gmail.com

Thanks Armon, I'll give that a try.

Andy Lee

unread,

Feb 12, 2016, 12:05:52 PM2/12/16

to Vault, andy....@gmail.com

Okay upgraded to 0.5.0 but still not able to authenticate to my internal github. What am I doing wrong?

# vault write auth/github/config organization=my_org
Success! Data written to: auth/github/config

# vault write auth/github/config base_url=github.example.com
Success! Data written to: auth/github/config

# vault write auth/github/map/teams/Owners value=root
Success! Data written to: auth/github/map/teams/Owners

# vault auth -method=github token=c1d344c1af859ab65f668afbb241f2940102d458

Error making API request.

URL: PUT https://127.0.0.1:8200/v1/auth/github/login

Code: 400. Errors:

* configure the github credential backend first

On Thursday, February 11, 2016 at 6:10:36 PM UTC-8, Armon Dadgar wrote:

Armon Dadgar

unread,

Feb 12, 2016, 12:59:03 PM2/12/16

to vault...@googlegroups.com, Andy Lee, andy....@gmail.com

Hey Andy,

Vault is doing a full key write on “auth/github/config” so the second write of base_url is overwriting the first write of organization.

Try doing a single:

$ vault write auth/github/config organization=my_org base_url=github.examble.com

Hope that helps!

Best Regards,

Armon Dadgar

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/b46ac348-9985-4990-aa88-b22bab740b03%40googlegroups.com.

Andy Lee

unread,

Feb 12, 2016, 1:10:10 PM2/12/16

to Vault, andy....@gmail.com

Now I get this

# vault auth -method=github token=c1d344c1af859ab65f668afbb241f2940102d458
Error making API request.

URL: PUT https://127.0.0.1:8200/v1/auth/github/login

Code: 500. Errors:

* Get /user: unsupported protocol scheme ""

Armon Dadgar

unread,

Feb 12, 2016, 1:12:41 PM2/12/16

to vault...@googlegroups.com, Andy Lee, andy....@gmail.com

Andy,

My guess is that the base URL parameter must actually be a URL with a scheme (e.g. https://github.example.com)

Best Regards,

Armon Dadgar

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/6984bc36-748f-4bfc-982d-b0edf84a3d98%40googlegroups.com.

Andy Lee

unread,

Feb 12, 2016, 1:41:50 PM2/12/16

to Vault, andy....@gmail.com

Didn't like that either.

Error making API request.

URL: PUT https://127.0.0.1:8200/v1/auth/github/login
Code: 500. Errors:

* invalid character '<' looking for beginning of value

Tried forming it with and without quotes.


# vault write auth/github/config organization=my_org base_url='https://github.example.com'

Jeff Mitchell

unread,

Feb 12, 2016, 1:57:05 PM2/12/16

to vault...@googlegroups.com, andy....@gmail.com

On Fri, Feb 12, 2016 at 1:41 PM, Andy Lee <andy....@gmail.com> wrote:
> Didn't like that either.
>
> Error making API request.
>
> URL: PUT https://127.0.0.1:8200/v1/auth/github/login
> Code: 500. Errors:
>
> * invalid character '<' looking for beginning of value

Hi Andy,

This happens when the API endpoint is incorrect; GitHub returns an
HTML body instead of JSON, hence the character '<'.

From the developer docs (https://developer.github.com/v3/enterprise/)
your base URL needs to be in the form of 'http(s)://hostname/api/v3/'.
So you need to add /api/v3 to your base_url.

--Jeff

Andy Lee

unread,

Feb 12, 2016, 3:24:04 PM2/12/16

to Vault, andy....@gmail.com

Great! That did it! Thanks guys!

Reply all

Reply to author

Forward