Skip to content

Debugging

This page covers useful commands for debugging the plugin using HashiCorp Vault.

Start a Dev Vault Server

vault server -dev

Create an AppRole

vault write auth/approle/role/my-role \
    token_policies="default,web-app" \
    token_ttl=1h \
    token_max_ttl=4h \
    secret_id_ttl=24h \
    secret_id_num_uses=10

Retrieve the Role ID

vault read auth/approle/role/my-role/role-id

For automation:

vault read -format=json auth/approle/role/my-role/role-id \
  | jq -r .data.role_id

Get the Secret ID

vault write -f auth/approle/role/my-role/secret-id

Login with AppRole

vault write auth/approle/login \
    role_id="192e9220-f35c-c2e9-2931-464696e0ff24" \
    secret_id="4e46a226-fdd5-5ed1-f7bb-7b92a0013cad"

Write and Attach Policy

vault policy write db-policy ./db-policy.hcl

vault write auth/approle/role/my-role \
    token_policies="db-policy"

Set and Get KV Secrets

vault kv put secret/database/mysql \
    root_password=admin \
    user_password=admin

vault kv get secret/database/mysql

Debug the Plugin

sudo journalctl -u docker.service -f \
  | grep plugin_id

or

sudo journalctl -u docker.service -f | grep "$(docker plugin ls --format '{{.ID}}')"