Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Transit Secrets Engine BatchedEncryption key_version field throws a Vault casting error from Json.Number to int

See original GitHub issue

Describe the bug Getting VaultSharp.Core.VaultApiException with errors saying key_version and nonce are unconvertible type’\u003cnil\u003e’ when not set and trying to use defaults (using code similar to what you have in sample and in readme). If Nonce and KeyVersion are manually set in EncryptionItem then I only get the error for KeyVersion (as shown in code snippet below).

VaultSharp Version 1.6.2.1

Vault Version 1.5.5 Enterprise

Does this work with Vault CLI? Have not tried

Sample Code Snippet

public async Task<IEnumerable<string>> EncryptBatchAsync(Dictionary<string, string> plainTextWithDerivationContext)
{
            var nonce = Convert.ToBase64String(Enumerable.Range(0, 12).Select(i => (byte)i).ToArray());
            var batchedEncryptionItems = new List<EncryptionItem>();
            foreach(KeyValuePair<string, string> entry in plainTextWithDerivationContext)
            {
                var encodedPlainText = Convert.ToBase64String(Encoding.UTF8.GetBytes(entry.Key));
                var encryptionItem = new EncryptionItem {Base64EncodedPlainText = encodedPlainText};
                encryptionItem.Nonce = nonce;
                encryptionItem.KeyVersion = 1;
                if (entry.Value != null)
                {
                    var encodedContext = Convert.ToBase64String(Encoding.UTF8.GetBytes(entry.Value));
                    encryptionItem.Base64EncodedContext = encodedContext;
                }
                batchedEncryptionItems.Add(encryptionItem);
            };
            var encryptOptions = new EncryptRequestOptions
            {
                BatchedEncryptionItems = batchedEncryptionItems
            };

            Secret<EncryptionResponse> encryptionResponse = await VaultClient.V1.Secrets.Transit.EncryptAsync(vaultKeyRingName, encryptOptions);

            return encryptionResponse.Data.BatchedResults.Select(r => r.CipherText);
}

Exception Details/Stack Trace/Error Message … threw exception: VaultSharp.Core.VaultApiException: {“errors”:[“1 error occurred:\n\t* failed to parse batch input: 3 error(s) decoding:\n\n* ‘[0].key_version’ expected type ‘int’, got unconvertible type ‘json.Number’\n* ‘[1].key_version’ expected type ‘int’, got unconvertible type ‘json.Number’\n* ‘[2].key_version’ expected type ‘int’, got unconvertible type ‘json.Number’\n\n”]}

Any additional info Nope

Issue Analytics

State:
Created 2 years ago
Comments:8 (7 by maintainers)

Top GitHub Comments

1reaction

rajanadarcommented, Mar 25, 2021

will have a look this weekend.

0reactions

rajanadarcommented, Jun 27, 2021

@bentdan

The Vault team has fixed this issue in Vault 1.7 onwards. https://github.com/hashicorp/vault/issues/10232 Feel free to get rid of the “string substitution logic” when you upgrade vault.