Azure Key Vault not getting Vault information from the store path #39
Comments
|
Thanks for taking the time to create this issue Robert. There is a limitation of the Command platform that only allows the store path value to be returned from discovery jobs, but the vault name field, specifically, is no longer required. The value for this is always retrieved from the store path. |
|
When we ran vault discovery and created the discovered vaults, future KV operations failed w/ errors that the vault was not found or null. |
|
If your store types are set up according to versions prior to 3.0 (if they have the vault name field), that field will need to be populated, otherwise you could see that error. If it is missing entirely from the store type definition (as in store type spec for version 3.0+), it will pull the value from the store path. |
|
Ok, so we need to update the store type to remove vaultname and it should work as you described. We'll try that. Thank you. |
Robert Colbert @ Assurant explained in a call that Orchestrator Azure Keyvault extension for Keyfactor requires optional fields in cert store and it's not getting those details from the store path as needed (during Discovery). Workaround is manually adding the vault name.
See below email from Robert Colbert @ Assurant for details on version tested and his feedback on how to fix:
I just looked at the code for 3.1.2 and it does NOT address the AKV bug where the VaultName property is used for constructing the VaultURL instead of deriving it from the storePath.
There are 2 options for resolving this:
Change how vaultURL is derived to construct it from the storePath provided during discovery
Change discovery to populate the VaultName property pushed to Control as part of the discovery process.
In my opinion, deriving the URL from the immutable storePath attribute is a cleaner implementation but option 2 is less likely to impact customers.
-Robert
The text was updated successfully, but these errors were encountered: