Vault secret not found by Drone but exists

Vault Setup:

  • Vault installed at the same host as Drone
  • Created token with policies same to root token
  • Created kv secret which can be accessed with new token
export VAULT_TOKEN=s.6T7LCYoEDY1vvmaN5KUESiTp
vault kv get drone/test
==== Data ====
Key      Value
 ---      -----
 hello    world

I can see vault listening on port

netstat -ntlp
tcp        0      0 127.0.0.1:8200          0.0.0.0:*               LISTEN      54696/vault 

Drone setup

docker run -d \
 --publish=3000:3000 \
 --env=DRONE_DEBUG=true \
 --env=DRONE_SECRET=8c9ad78dfacb082a161db431d8195102 \
 --env=VAULT_ADDR=http://127.0.0.1:8200 \
 --env=VAULT_TOKEN=s.6T7LCYoEDY1vvmaN5KUESiTp \
 --restart=always \
 --name=drone-vault drone/vault

The Problem:

Secret couldn’t be found with CLI as well as during build

drone plugins secret get drone/test hello --repo schain/frontend --endpoint http://127.0.0.1:3000 --secret 8c9ad78dfacb082a161db431d8195102

Logs in docker container

docker logs drone-vault
time="2020-11-01T01:57:16Z" level=debug msg="secrets: cannot find secret hello: secret not found"

Hi,

Have you tried to update the runner configuration to include the extension endpoint and token?
DRONE_SECRET_PLUGIN_ENDPOINT=http://1.2.3.4:3000
DRONE_SECRET_PLUGIN_TOKEN=XXXX…XXX