[jira] [Created] (NIFI-15152) Error getting Hashicorp Vault Secrets

Koldo (Jira) Wed, 29 Oct 2025 07:17:31 -0700

Koldo created NIFI-15152:
----------------------------

             Summary: Error getting Hashicorp Vault Secrets
                 Key: NIFI-15152
                 URL: https://issues.apache.org/jira/browse/NIFI-15152
             Project: Apache NiFi
          Issue Type: Bug
          Components: Docker, NiFi API
    Affects Versions: 2.6.0
            Reporter: Koldo
         Attachments: imagen.png


I am trying to retrieve the secrets I have stored in Hashicorp Vault using 
HashicorpVaultParameterProvider's Parameter Providers. 

In this Vault, I have created a secret called secret/test with the following 
content:

 
{code:java}
[root@xxxx~]# vault kv get -format=json  secret/test
{
"request_id": "",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
   "data": {
     "foo": "bar"
   },
   "metadata": {
     "created_time": "2025-10-06T13:13:02.158170743Z",
     "custom_metadata": null,
     "deletion_time": "",
     "destroyed": false,
     "version": 2
   }
},
"warnings": null,
"mount_type": "kv"
}{code}

 If I enter `test` in the Secret Name Pattern property, Nifi finds the secret. 
The following logs can be seen from Vault, and it arrives correctly.


 
{code:java}
 test --> OK 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":["",""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"list","path":"secret/metadata/","remote_address":"","remote_port":},"time":"2025-10-29T13:47:57.382337725Z","type":"request"}
 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":["",""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"list","path":"secret/metadata/","remote_address":"","remote_port":},"response":{"data":{"keys":["hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:"]},"mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_plugin_version":"v0.24.0+builtin","mount_type":"kv"},"time":"2025-10-29T13:47:57.382919771Z","type":"response"}
 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":["",""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"read","path":"secret/data/test","remote_address":"","remote_port":},"time":"2025-10-29T13:47:57.389998021Z","type":"request"}
 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":["",""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"e97617c1-c62c-9012-3316-52bc74de6f49","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"read","path":"secret/data/test","remote_address":"","remote_port":},"response":{"data":{"data":{"foo":"hmac-sha256:"},"metadata":{"created_time":"hmac-sha256:","custom_metadata":null,"deletion_time":"hmac-sha256:","destroyed":false,"version":2}},"mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_plugin_version":"v0.24.0+builtin","mount_type":"kv"},"time":"2025-10-29T13:47:57.390356894Z","type":"response"}
 
{code}
 


Now I want to access a folder called suma/. In this folder, there is a secret 
called secret/suma/nifi with the following content:



{code:java}
[root@xxx ~]# vault kv get -format=json  secret/suma/nifi
{
  "request_id": "40229dc6-a962-e064-1ba8-a0890f6f64ce",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "data": {
      "PASSWORD": "abcd",
      "USER": "admin"
    },
    "metadata": {
      "created_time": "2025-10-29T13:23:40.47500718Z",
      "custom_metadata": null,
      "deletion_time": "",
      "destroyed": false,
      "version": 2
    }
  },
  "warnings": null,
  "mount_type": "kv"
}{code}

If I enter suma/.* in the Secret Name Pattern property, I do not receive any 
secrets and I get these logs:



 
{code:java}
suma/.* --> KO 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":[""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"list","path":"secret/metadata/","remote_address":"","remote_port":},"time":"2025-10-29T13:48:56.701121989Z","type":"request"}
 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":[""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"list","path":"secret/metadata/","remote_address":"","remote_port":},"response":{"data":{"keys":["hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:"]},"mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_plugin_version":"v0.24.0+builtin","mount_type":"kv"},"time":"2025-10-29T13:48:56.701611366Z","type":"response"}
 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":[""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"read","path":"secret/data/suma/","remote_address":"","remote_port":},"time":"2025-10-29T13:48:56.709238292Z","type":"request"}
 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":[""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"read","path":"secret/data/suma/","remote_address":"","remote_port":},"response":{"data":{"http_content_type":"hmac-sha256:","http_raw_body":"hmac-sha256:","http_status_code":404},"mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_plugin_version":"v0.24.0+builtin","mount_type":"kv"},"time":"2025-10-29T13:48:56.70951782Z","type":"response"}{code}
 
If I enter suma/nifi, I do not receive any secrets and I get these logs:
 
{code:java}
suma/nifi --> KO 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":[""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"list","path":"secret/metadata/","remote_address":"","remote_port":},"time":"2025-10-29T13:49:17.621899297Z","type":"request"}
 
{"auth":{"accessor":"hmac-sha256:","client_token":"hmac-sha256:","display_name":"","entity_id":"","identity_policies":[""],"metadata":{"role":""},"policies":[""],"policy_results":{"allowed":true,"granting_policies":[{"type":""},{"name":"policy-admin","namespace_id":"root","type":"acl"}]},"token_policies":["default"],"token_issue_time":"2025-10-17T13:05:25Z","token_ttl":2764800,"token_type":"service"},"request":{"client_id":"","client_token":"hmac-sha256:","client_token_accessor":"hmac-sha256:","headers":{"user-agent":["okhttp/5.1.0"]},"id":"","mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_version":"v0.24.0+builtin","mount_type":"kv","namespace":{"id":"root"},"operation":"list","path":"secret/metadata/","remote_address":"","remote_port":},"response":{"data":{"keys":["hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:","hmac-sha256:"]},"mount_accessor":"kv_ab700f9b","mount_class":"secret","mount_point":"secret/","mount_running_plugin_version":"v0.24.0+builtin","mount_type":"kv"},"time":"2025-10-29T13:49:17.622434369Z","type":"response"}{code}
 

Can you review it or give me a solution?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (NIFI-15152) Error getting Hashicorp Vault Secrets

Reply via email to