You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
During startup, the Boundary controllers and workers write a few log lines which include the names of the keys that are in use. When using Azure Key Vault KMS, there is a bug that will only output the name of the last configured key, instead of all names.
Example output from my controller:
==> Boundary server configuration:
Azure Environment: AzurePublicCloud
Azure Environment: AzurePublicCloud
Azure Environment: AzurePublicCloud
Azure Key Name: boundary-recovery <--- this one should be boundary-root
Azure Key Name: boundary-recovery <--- this one should be boundary-worker
Azure Key Name: boundary-recovery
Azure Vault Name: keyvault-name
Azure Vault Name: keyvault-name
Azure Vault Name: keyvault-name
Cgo: disabled
Controller Public Cluster Addr: boundary.exampledomain.com:9201
Listener 1: tcp (addr: "0.0.0.0:9200", cors_allowed_headers: "[]", cors_allowed_origins: "[https://boundary.exampledomain.com serve://boundary]", cors_enabled: "true", max_request_duration: "1m30s", purpose: "api")
Listener 2: tcp (addr: "0.0.0.0:9201", max_request_duration: "1m30s", purpose: "cluster")
Listener 3: tcp (addr: "0.0.0.0:9203", max_request_duration: "1m30s", purpose: "ops")
Log Level: trace
Mlock: supported: true, enabled: false
Version: Boundary v0.14.3
Version Sha: de3a3c0c382a4a394ab0d3b349ae855d66463f9f
==> Boundary server started! Log data will stream in below:
Despite using 3 different keys for the root, worker-auth and recovery purposes, only the key name that appeared last in the configuration file will appear in the logs. This issue is not reproducible with AEAD KMS. Here is an abbreviated version of my configuration file:
When I change the order of the kms blocks in my configuration file, the key name displayed in the logs also changes accordingly.
To Reproduce
Run a controller with multiple kms "azurekeyvault" blocks in its configuration
After successful startup, the logs will display only the name of the key that was configured last
Expected behavior
I'd like to see the correct key names in the controller logs. I think everything's running fine and this is only a small oversight, but the log output irritates me.
The text was updated successfully, but these errors were encountered:
sym-stiller
changed the title
Wrong key name in log output when using Azure KMS
Wrong key name in log output when using Azure Key Vault KMS
Jan 16, 2024
Describe the bug
During startup, the Boundary controllers and workers write a few log lines which include the names of the keys that are in use. When using Azure Key Vault KMS, there is a bug that will only output the name of the last configured key, instead of all names.
Example output from my controller:
Despite using 3 different keys for the
root
,worker-auth
andrecovery
purposes, only the key name that appeared last in the configuration file will appear in the logs. This issue is not reproducible with AEAD KMS. Here is an abbreviated version of my configuration file:When I change the order of the kms blocks in my configuration file, the key name displayed in the logs also changes accordingly.
To Reproduce
Expected behavior
I'd like to see the correct key names in the controller logs. I think everything's running fine and this is only a small oversight, but the log output irritates me.
The text was updated successfully, but these errors were encountered: