argocd-vault-plugin: [Issue] Manifest generation error

Hi all

I follow the instruction .

When i deploy a simply like below

kind: Secret
apiVersion: v1
metadata:
  name: example-secret
  annotations:
    avp_path: "path/to/mysecret"
type: Opaque
stringData:
  mykey_invault: <mykey_invault>

Argo side appear error shows…

rpc error: code = Unknown desc = Manifest generation error (cached): argocd-vault-plugin generate ./ failed exit status 1: Error: Must provide a supported Vault Type Usage: argocd-vault-plugin generate <path> [flags] Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD) Must provide a supported Vault Type

What i am missing ? any hints?

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 3
  • Comments: 17 (6 by maintainers)

Most upvoted comments

Hi everybody, I have followed the instruction on How to Use HashiCorp Vault and Argo CD for GitOps on OpenShift and Solving ArgoCD Secret Management with the argocd-vault-plugint

The secret is: kind: Secret apiVersion: v1 metadata: name: argocd-vault-plugin-credentials namespace: argocd type: Opaque stringData: AVP_VAULT_ADDR: 'http://vault:8200' AVP_VAULT_TOKEN: 'root' AVP_TYPE: 'vault' AVP_AUTH_TYPE: 'token'

Threre are all environment variables on argocd-repo-server, but I have the following error:

rpc error: code = Unknown desc = Manifest generation error (cached): argocd-vault-plugin generate ./ failed exit status 1: (0x1682740,0xc0004ec6b0)Error: ToYAML: could not convert replaced template into : error unmarshaling JSON: while decoding JSON: Object 'Kind' is missing in '{"resources":["example-secret.yaml"]}' Usage: argocd-vault-plugin generate <path> [flags] Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD) ToYAML: could not convert replaced template into : error unmarshaling JSON: while decoding JSON: Object 'Kind' is missing in '{"resources":["example-secret.yaml"]}'

example-secret.yam is: kind: Secret apiVersion: v1 metadata: name: example-secret annotations: avp_path: "secret/data/vplugin/supersecret" type: Opaque stringData: username: <username> password: <password>

Can anyone help me?

@yaochaoutokyo that error happens when the plugin does not get a valid AVP_TYPE. So make sure you are providing a type we support, and make sure that environment variable exists in the repo server or in a secret that Argo CD can read. If you have any new problems please create a new issue so we can better help.

Hi, I have the same issue: Unable to create application: application spec is invalid: InvalidSpecError: Unable to generate manifests in ira: rpc error: code = Unknown desc = argocd-vault-plugin generate ./ failed exit status 1: Error: Must provide a supported Vault Type Usage: argocd-vault-plugin generate <path> [flags] Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD)

I ran the following manually on argocd-repo-server pod: argocd@argocd-repo-server-6bc4999f9-7pt9x:~$ argocd-vault-plugin generate ./ Error: Must provide a supported Vault Type Usage: argocd-vault-plugin generate <path> [flags]

Flags: -c, --config-path string path to a file containing Vault configuration (YAML, JSON, envfile) to use -h, --help help for generate -s, --secret-name string name of a Kubernetes Secret containing Vault configuration data in the argocd namespace of your ArgoCD host (Only available when used in ArgoCD)

I have AVP_TYPE and all other required env on the repo-server pod: argocd@argocd-repo-server-6bc4999f9-7pt9x:~$ printenv | grep AVP AVP_SECRET_ID=c4… AVP_TYPE=vault AVP_AUTH_TYPE=approle AVP_ROLE_ID=73…