2 Replies Latest reply on May 18, 2018 10:56 AM by j2me-ee

    Error retrieving value from Vault using SecurityVaultUtil

    j2me-ee
    j2me-ee May 17, 2018 8:51 AM

      Hello,

      I'm trying to get a value out of the Vault within my code and getting an error.

       

      I'm using JBoss EAP 6.4 in standalone mode.  I have a functional Vault added to the configuration.

      I know it's working because my datasource passwords are using values from the vault and are connecting.    

       

      The code for getting the value from the vault looks like this:

       

      try {

           decryptedPassword = SecurityVaultUtil.getValueAsString("VAULT::ldap::password::1");

       

           log.debug("Got password from the vault: {}", decryptedPassword);

      } catch (SecurityVaultException e) {

           e.printStackTrace();

      }

       

      And here is the error i'm getting.  Complaining about a second Security Vault but there is only one.  I don't understand what this means.

       

      08:10:13,569 WARN  [org.jboss.security] (ServerService Thread Pool -- 133) PBOX000378: Attempt to create the second Security Vault [org.picketbox.plugins.vault.PicketBoxSecurityVault] is invalid. Only one Security Vault is supported. Change your configuration, please.

      08:10:13,569 ERROR [stderr] (ServerService Thread Pool -- 133) org.jboss.security.vault.SecurityVaultException: java.lang.IllegalArgumentException: Null input buffer

       

       

      08:10:13,570 ERROR [stderr] (ServerService Thread Pool -- 133) at org.picketbox.plugins.vault.PicketBoxSecurityVault.retrieve(PicketBoxSecurityVault.java:297)

       

       

      08:10:13,570 ERROR [stderr] (ServerService Thread Pool -- 133) at org.jboss.security.vault.SecurityVaultUtil.getValue(SecurityVaultUtil.java:95)

       

       

      08:10:13,570 ERROR [stderr] (ServerService Thread Pool -- 133) at org.jboss.security.vault.SecurityVaultUtil.getValueAsString(SecurityVaultUtil.java:107)

       

      Any help is greatly appreciated.  Thanks

      • 1112 Views
      • Tags:
        • 1. Re: Error retrieving value from Vault using SecurityVaultUtil
          andey
          andey May 18, 2018 10:38 AM (in response to j2me-ee)
          • A vault property has been specified in the JBoss configuration (either in XML configuration or through CLI), but is not present in the vault in-memory values. This may be because the value has not been stored with bin/vault.sh or that EAP wasn't restarted since the value was added. Vault is only parsed at startup, so if you store a value in vault with EAP running it won't be picked up until next restart.

           

          • Use bin/vault.sh to store the value you want to be masked in the configuration. Then reload through the CLI or restart EAP to pickup the stored value.
            • Actions
          • 2. Re: Error retrieving value from Vault using SecurityVaultUtil
            j2me-ee
            j2me-ee May 18, 2018 10:56 AM (in response to andey)

            In my case the value wasn't actually in the vault due to a scripting error.

             

            The error handling here leaves much to be desired.  Instead of "Null input buffer",

            the Exception should say "value not found for the supplied key" or something aliong those lines.

            Null input buffer makes it seems like a configuration or initialization problem with the vault.

             

            The message about "attempt to create a second Security vault..."  i understand now this is a known issue and an erroneous message that can be ignored.

              • Actions