Secrets fetched from Vault appear empty - what am I missing?

HI all,

I’m trying to fetch secrets from my Hashicorp Vault (as described in this walkthrough). However, secrets appear empty (i.e., contain <nil>).

Policy, role & the secret itself are all in place:

vault kv get secret/foo
=== Data ===
Key    Value
---    -----
bar    baz

When running the CI:

secret-via-keyword:
  stage: dummy
  tags:
    - some-tag  
  variables:
    VAULT_AUTH_PATH: jwt
    VAULT_AUTH_ROLE: readonly
    VAULT_SERVER_URL: https://some.host:8200
  secrets:
    BAR:
      vault: foo/bar@secret
  script:
    - echo 'Hello, world!'
    - echo $BAR
    - cat $BAR
Executing "step_script" stage of the job script
00:00
$ echo 'Hello, world!'
Hello, world!
$ echo $BAR
/home/gitlab-runner/builds/twdnURp8/0/some-host/some-repo.tmp/BAR
$ cat $BAR
<nil>
Cleaning up file based variables
00:00
Job succeeded

It seems /home/gitlab-runner/builds/twdnURp8/0/some-host/some-repo.tmp/BAR is empty - but how come?

Any help would be greatly appreciated.

Best,
Claude

Having the same problem currently, but it’s kind of unpredictable as some variables sometimes work and some not. Do you have any update on that issue?

We now know that GitLab sends no or completely malformed requests, as none of these are in the audit log of Vault. Another problem we have is, that GitLab parsed the path completely wrong which ends up in permission denied errors.

Any updates on this? I am getting nil values as well