--vault-kv-version not applied

[Guchman]

What Im doing. Im run my gatekeeper server with --vault-kv-version 1 flag. But I've get

{"unsealed":true,"error":"The kv backend reported an invalid version. Ensure your kv backend is on version 2."}

just until I'd enable v2 in vault. I need v1 cause spring cloud vault v1.5 doesn't support v2 and I could not use spring boot 2 yet.

Thats my docker run:

docker run --rm -p 9201:9201 -m 128m --cpu-shares=2 --memory-swappiness 0 --name gatekeeper -v /opt/gatekeeper:/opt/gatekeeper nemosupremo/vault-gatekeeper:v1.0.1 server --usage-store vault --schedulers mesos --vault-addr http://test:8200 --mesos-master http://test:5050 --vault-kv-version 1

Thanks

[nemosupremo]

--usage-store vault doesn't support kv version 1. There isn't way to do atomic updates on the v1 secrets API, which means using the v1kv store creates a number of race conditions.

What you could do is mount the v2 secrets path to a seperate location (like /secretv2) and set --usage-store-vault-path to secretv2/data/gatekeeper-store. alternatively you could use --usage-store memory if you only have a single gatekeeper instance.

The --vault-kv-version only applies to policy loading.

I'll make sure to call this out in the documentation.

[Guchman]

Thanks. It would be great to have some log output or even fail-fast with inconsistent options set.