I see, that makes sense.
If I understand correctly, providing the authentication credentials to the Vault only needs to be done once in Kumo and is recommended to use environment variables.
I’ve taken this approach, but the DKIM Signer Policy Helper method doesn’t seem to pass in the Vault credentials, throwing errors when trying to sign messages.
@free-spirited-yorksh Can you take a look at my configuration files to see if I’m doing anything wrong? Perhaps there’s something missing somewhere?
I think it’s just that .key issue. You can either upgrade to the fix I pushed, or explicitly set filename to the full vault path you want to use for that domain
your original issue showed that you were successfully talking to the vault server and receiving a 404 from it
that shows that the auth is probably correct!
Good news, it looks like that fix was the issue all along.
When I set the Vault path to the secret using the filename, I no longer get the error or the missing VAULT_ADDR and VAULT_TOKEN variables.
In the interim, here’s a working example until the fix in commit f210a95 is available in the latest Docker dev image:
vault_mount = "secret"
vault_path_prefix = "dkim"
selector = "default"
headers = ["From", "To", "Subject"]
[domain."example.test"]
headers = ["From", "To", "Subject", "Date", "Sender"]
filename = "dkim/example.test"
it should already be available in docker; it typically takes about 20 minutes after a commit is pushed to be published to both the apt, yum and container repositories
You’re right, I just had to pull the latest container image from GitHub packages down.
$ docker pull ghcr.io/kumocorp/kumomta-dev:latest
A sincere thanks to both of you — @free-spirited-yorksh and @yearning-hyena — for getting this bug fixed so quickly. 