go - Vault Token Helper not being detected?

问题描述

Problem:

I have three files in a vault:0.10.2 docker image at the following locations:

/home/myuser/token_helper: A token helper binary in Go that implements the token helper interface according to this documentation

/home/myuser/vault_start: A Go script that runs os.exec("vault", "operator", "init") and os.exec("vault", "server", "-config=myconfig.hcl")

/home/myuser/.vault: The token helper config file specifying the token helper binary location, and I've exported VAULT_CONFIG_PATH to point to this path. The file reads token_helper = "/home/myuser/token_helper".

The problem I'm seeing is while running the vault_start script, I get the following error:

failed to get token helper: error expanding config path "": exec: "getent": executable file not found in $PATH

Debugging Done So Far:

This error doesn't seem to be correct. which getent returns /usr/bin/getent, and the image $PATH contains it, proving that both exist. In addition, the config path is not "", it's set as /home/myuser/.vault but Vault detects it as empty apparently.

I've traced that error output to this file in Vault's command directory: . According to that block of code, it only errors out when $HOME is not set, but I've confirmed that $HOME is set in the shell.

In addition, I've specified everything that Vault has asked in order to implement the token helper according to this document, but it doesn't seem to be detecting the config file to run it. This seems to be an error with Vault, or am I missing something?

标签： godevopsalpinehashicorp-vault