Skip to content

Vault deploy hook ignores vault API errors and always succeeds #6316

Closed
Closed
Vault deploy hook ignores vault API errors and always succeeds#6316
@alindt

Description

@alindt
alindt
opened on Apr 17, 2025

The vault deploy hook doesn't verify the actual API response from Vault.

# export VAULT_ADDR="https://vault.example.com"
# export VAULT_TOKEN="invalid-token"
# export VAULT_PREFIX="kv/tls-certificates/example"
# export VAULT_KV_V2="true"
# acme.sh --deploy --ecc --domain example.com --deploy-hook vault
Writing certificate to https://vault.example.com/v1/kv/tls-certificates/example.com/cert.pem
Writing key to https://vault.example.com/v1/kv/tls-certificates/example.com/cert.key
Writing CA certificate to https://vault.example.com/v1/kv/tls-certificates/example.com/ca.pem
Writing full-chain certificate to https://vault.example.com/v1/kv/tls-certificates/example.com/fullchain.pem
Success

Fix in PR #6315.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions