The problem

There is no scroll bar when running the application on windows. This is quite annoying if you have long, multiline secrets.

Also, there is no close button (or minimize/maximize) on top right hand corner.

Environment

• Cryptr version (or git revision) that exhibits the issue: 0.6.0
• Desktop OS/version used to run Cryptr: Windows 10
• Vault version: 1.10.4

This ticket is to enhance the UI for the right side pane, which manages the secret data.

Currently the docs show that policies must be readable by the user. This isn't necessarily correct, although it definitely assists in providing access to secrets that are not at the top directory.

Update docs and code the reflect the following:

1. All policies will be queried as first priority.
2. If no policy is defined, individual secret policies will be queried as needed

The problem

LDAP has a mount point in Hashcorp vault. The default is ldap. Perhaps the mount point could be a pulldown, or, could be specified as a string with a default of ldap.

Environment

• Cryptr login screen for ldap

Details

Login using ldap. A screen shot it attached. There is no place to put the ldap mount point. The default ldap is used.

Possible fixes.

The api posts to:

/v1/auth/ldap/login/

It would be helpful if the string ldap could be input from login screen allowing for other mount points.

Notes.

The login-form.html could collect the ldapmount with a default value of 'ldap', then, when creating the login post:

this.authURL = this.url + 'v1/auth/' + this.ldappath + '/login/' + this.username;

The problem

When logging in via OIDC, cryptr hard-codes the path so that OIDC backends at other paths do not work.

Environment

• Cryptr version (or git revision) that exhibits the issue: 0.5.0
• Desktop OS/version used to run Cryptr: Linux
• Vault version: 1.8.2

Details

The path used by the application is hard coded as v1/auth/oidc/oidc/auth_url. The login screen should accept the OIDC backend location and then use something more like 'v1/auth/' + path + '/oidc/auth_url'.

Other information

I have very little experience with Node programming. I tried (unsuccessfully) to build and run the package locally to make the necessary changes and test them out. The developer console says something about Failed to load resource: net::ERR_FILE_NOT_FOUND webcomponents-lite.js:1 and Failed to load resource: net::ERR_FILE_NOT_FOUND fuse.min.js:1. I'm attaching a diff of the code changes I made in the hope that you can correct any mistakes I made and complete the changes.

diff --git a/app/elements/login-form.html b/app/elements/login-form.html
index 9a43621..3969f33 100644
--- a/app/elements/login-form.html
+++ b/app/elements/login-form.html
@@ -169,6 +169,8 @@ limitations under the License.
                                </div>
                                <div>
                                        <iron-a11y-keys target="[[targetrole]]" keys="enter" on-keys-pressed="_login"></iron-a11y-keys>
+                                       <iron-a11y-keys target="[[targetpath]]" keys="enter" on-keys-pressed="_login"></iron-a11y-keys>
+                                       <paper-input id="pathfield" value="{{path}}" label="Path (optional)" disabled="{{loading}}"></paper-input>
                                        <paper-input id="rolefield" value="{{role}}" label="Role (optional)" disabled="{{loading}}"></paper-input>
                                </div>
                        </iron-pages>
@@ -214,6 +216,9 @@ limitations under the License.
                                        targetpass: {
                                                value: function() { return this.$.passfield; }
                                        },
+                                       targetpath: {
+                                               value: function() { return this.$.pathfield; }
+                                       },
                                        targetrole: {
                                                value: function() { return this.$.rolefield; }
                                        },
@@ -238,6 +243,10 @@ limitations under the License.
                                        password: String,
                                        authURL: String,
                                        listMountsURL: String,
+                                       path: {
+                                               type: String,
+                                               value: ''
+                                       },
                                        role: {
                                                type: String,
                                                value: ''
@@ -334,7 +343,7 @@ limitations under the License.
                                        else if (this.page === 0) this.$.passfieldldap.autofocus = true;
                                        else if (this.page === 2) this.$.passfield.autofocus = true;
                                        else if (this.page === 3) {
-                                               this.$.rolefield.autofocus = true;
+                                               this.$.pathfield.autofocus = true;
                                                if (!(this.oidcStarted)) this.$.oidctoast.open();
                                        }
                                },
@@ -379,7 +388,7 @@ limitations under the License.
                                                        this.body = {"password": this.password };
                                                } else if (this.page == 3) {
                                                        if (this.oidcStarted) {
-                                                               this.oidcURL = this.url + 'v1/auth/oidc/oidc/auth_url'
+                                                               this.oidcURL = this.url + 'v1/auth/' + this.path + '/oidc/auth_url'
                                                                this.oidcBody = {"redirect_uri": "http://localhost:8250/oidc/callback", "role": this.role}
                                                                this.loading = true;
                                                                this.$.oidcReq.generateRequest();

Use case: when using a root token, it is not "renewable". Error is provided when renew button is clicked: {"errors":["lease not found or lease is not renewable"]}

When selecting an item in Search, the secret is not navigated to in the folder structure.

The problem

Requiring HTTPS for non-localhost vault addresses is "too much safety" in certain valid secure network configurations.

Details

Create a vault server somewhere, and setup both machines to be connected via a secure VPN like WireGuard.

Example vault.hcl:

listener "tcp" {
  address = "10.13.37.100:8200"
  tls_disable = 1
}

HTTP traffic over the WireGuard network is encrypted and strongly authenticated, perfectly safely, yet cryptr won't allow this type of connection.

The problem

In our Vault installation our team is using a Vault namespace.
Can cryptr be configured to use this?
thanks

The problem

When pasting PEM formatted files the UI does not retain the newline format causing the file format to be incorrect

Environment

• Cryptr version (or git revision) that exhibits the issue:
• Desktop OS/version used to run Cryptr: v0.3.0
• Vault version: v1.3.0

Details

When trying to store ssl files

• csr
• crt
• private key

the pem format \n is lost when pasting into the cryptr app

One workaround was to regex the \n into the output of the file

awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' cert-name.crt
--

then paste that into the json view of cryptr. When using the other UI an extra \ is appended with \\n as the output.

Steps to Reproduce

1. Have a pem formated file
2. copy paste the output to cryptr UI
3. then copy paste that saved information to another file or editor and see the format change.

The problem

So in your README, you say:

NOTE: This policy addition is critical to discovering available secrets. Without this, there is no programatic way for Cryptr to know what secrets it can query to show the user. (Also, for that matter, there is no way for a human using the CLI to discover secrets, except for blindly attempting to list potential folders). As such, it is highly recommended to do this for all policies. All policies without this ability must necessarily be ignored by Cryptr.

(emphasis added)

Turns out this is false. If you hit https://<YOUR_VAULT_URI/v1/sys/internal/ui/mounts as a normal API endpoint, you get a list of all the mounted secrets engines that your current accessor has access to. (This is actually ...mostly exactly how the web UI does it internally.) From there, as long as you have read/list access inside that mount (depending on the engine) then you can enumerate paths/secrets and key names.

Here it is from a vault server -dev:

{
  "request_id": "c0396842-2e5c-6da3-742c-0aab805b539f",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "auth": {
      "token/": {
        "accessor": "auth_token_f28431af",
        "config": {
          "default_lease_ttl": 0,
          "force_no_cache": false,
          "max_lease_ttl": 0,
          "token_type": "default-service"
        },
        "description": "token based credentials",
        "external_entropy_access": false,
        "local": false,
        "options": null,
        "seal_wrap": false,
        "type": "token",
        "uuid": "92e41154-64cc-4ae9-7a85-4fbe03113eff"
      }
    },
    "secret": {
      "cubbyhole/": {
        "accessor": "cubbyhole_7b6fb8f7",
        "config": {
          "default_lease_ttl": 0,
          "force_no_cache": false,
          "max_lease_ttl": 0
        },
        "description": "per-token private secret storage",
        "external_entropy_access": false,
        "local": true,
        "options": null,
        "seal_wrap": false,
        "type": "cubbyhole",
        "uuid": "7c232094-ed29-360e-0d61-68371f45db6c"
      },
      "identity/": {
        "accessor": "identity_b6cf69d0",
        "config": {
          "default_lease_ttl": 0,
          "force_no_cache": false,
          "max_lease_ttl": 0
        },
        "description": "identity store",
        "external_entropy_access": false,
        "local": false,
        "options": null,
        "seal_wrap": false,
        "type": "identity",
        "uuid": "824ff726-13d8-c838-e49c-a65755a3ac27"
      },
      "secret/": {
        "accessor": "kv_4cb63ca3",
        "config": {
          "default_lease_ttl": 0,
          "force_no_cache": false,
          "max_lease_ttl": 0
        },
        "description": "key/value secret storage",
        "external_entropy_access": false,
        "local": false,
        "options": {
          "version": "2"
        },
        "seal_wrap": false,
        "type": "kv",
        "uuid": "343bd975-37e5-011e-7e2f-b17c727c1b03"
      },
      "sys/": {
        "accessor": "system_ac495bc9",
        "config": {
          "default_lease_ttl": 0,
          "force_no_cache": false,
          "max_lease_ttl": 0,
          "passthrough_request_headers": [
            "Accept"
          ]
        },
        "description": "system endpoints used for control, policy and debugging",
        "external_entropy_access": false,
        "local": false,
        "options": null,
        "seal_wrap": false,
        "type": "system",
        "uuid": "bc5c987a-48e3-549f-eb2d-4aeb85cbf5d4"
      }
    }
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}

As shown, currently mounted engines are at .data.secrets.

If you want example policies to demo this and add it as a feature, let me know but it should be relatively easy to figure them out.

The problem

It's not possible to search using key in K/V secret engine

Environment

• Cryptr version (or git revision) that exhibits the issue: 0.4
• Desktop OS/version used to run Cryptr: Windows 2019 Version 1809
• Vault version: 1.5.4

Details

When a secret is created with this K/V :
<my_username> : <my_username's_password>
Cryptr is not able to search path / secret associate to <my_username>

Steps to Reproduce

Create a secret in K/V v2, with key / value :

• my_username:my_password
• Search my_username

Secret path should be found

This ticket is to provide multiple URL support, likely via a dropdown box.

Currently we are managing secrets across 2 different vault instances and 2 different namespaces. That makes a lot of logging out and logging back in continually with the other namespace (manually typing it in each time). I would like to see the namespace be combined with the saved endpoints so you can just select something like:

• vault1.com (no namespace)
• vault1.com (my-namespace)
• vault2.com (my-namespace)
• etc...

It would also make it a lot easier if we could run multiple cryptr's at a time, but that's probably outside of the scope of this. I'm happy to help out with adding this functionality if you gave me some pointers on development.

The windows menu bar has found its way back into the code. Let's remove this.

The problem

Unable to build Cryptr from Source(Master) on Windows 10 but works in Ubuntu 18.04.

Environment

• Cryptr 0.4.0 or Master whichever is latest.
• Desktop OS/version used to run Cryptr: Windows 10/ Ubuntu 18.04
• Vault version: Vault v1.6.0

Details

node version - v15.8.0
npm version - 7.5.1

I tried to build the source code from master branch in Windows and Ubuntu and used the above version to install its dependencies. Here are the steps -

1. git clone https://github.com/jcrowthe/cryptr.git
2. cd cryptr
3. npm install
4. npm run dev
   You will get 56 odd errors, a majority would be -
   "Uncaught ReferenceError: Polymer is not defined"
   "Failed to load resource: net::ERR_FILE_NOT_FOUND" (..../cryptr/app/bower_components/app-storage/app-localstorage/some.html)

So the above issues are resolved when you install bower and its dependencies and add fuse.js and granite-html.

and then when I tried to run "npm run dev" again I got below error and blank screen with no UI-

iron-selectable.html:301 Uncaught TypeError: Cannot read property 'NaN' of undefined
at HTMLElement._valueToItem (iron-selectable.html:301)
at HTMLElement._selectSelected (iron-selectable.html:288)
at HTMLElement._updateSelected (iron-selectable.html:284)
at HTMLElement._complexObserverEffect (polymer.html:1640)
at HTMLElement._effectEffects (polymer.html:1475)
at HTMLElement._propertySetter (polymer.html:1459)
at HTMLTemplateElement.__setProperty (polymer.html:1468)
at HTMLTemplateElement._applyEffectValue (polymer.html:1951)
at HTMLTemplateElement._annotationEffect (polymer.html:1614)
at HTMLTemplateElement._effectEffects (polymer.html:1475)

Now I don't see a way to resolve this one in windows but in ubuntu, if you replace this file with
https://raw.githubusercontent.com/Polymer/polymer-modulizer/master/fixtures/packages/paper-button/source/bower_components/iron-selector/iron-selectable.html

the error will go away.

Since I am using the same steps/dependency manager version in Linux & windows. I am not sure what's different in windows.

If I tried to replace this file in windows with the above as mentioned I got a separate error -
iron-menu-behavior.html:230 Uncaught TypeError: item.setAttribute is not a function
at HTMLElement._applySelection (iron-menu-behavior.html:230)
at Polymer.IronSelection.setItemSelected (iron-selection.html:84)
at Polymer.IronSelection.select (iron-selection.html:103)
at HTMLElement._selectSelected (iron-selectable.html:288)
at HTMLElement._updateSelected (iron-multi-selectable.html:96)
at HTMLElement._complexObserverEffect (polymer.html:1640)
at HTMLElement._effectEffects (polymer.html:1475)
at HTMLElement._propertySetter (polymer.html:1459)
at HTMLElement.__setProperty (polymer.html:1468)
at HTMLElement._applyConfig (polymer.html:2081)

Hence I thought, since it is working in ubuntu I can actually build the app using the docker run command as mentioned in RELEASING.md docs in Linux and build executable for Windows 10 & Ubuntu from Linux. This way I don;t have to worry fixing the above error mentioned. Unfortunately, the executable produced(Cryptr Setup 0.4.0.exe) is not working for Windows 10. But Cryptr-0.4.0.AppImage works in Ubuntu without any issues.

This is the error I got after I successfully logged on to our Vault server using LDAP mechanism.

USER

• New
  my-user

So when I click on either of the above choices it says...

Can't find file:////C:/Users/abkhande/AppData/Local/Programs/cryptr/resources/app.sasr/index.html#!/. Redirected to Home Page OK.

Conclusion: It would be great if I am able to build it for windows by fixing any of the issues I mentioned above. Thanks.

Steps to Reproduce

1. Edit package.json
   "dist": "electron-builder -wl --x64"
2. $ docker run --rm -ti
   --env-file <(env | grep -iE 'DEBUG|NODE_|ELECTRON_|YARN_|NPM_|CI|CIRCLE|TRAVIS_TAG|TRAVIS|TRAVIS_REPO_|TRAVIS_BUILD_|TRAVIS_BRANCH|TRAVIS_PULL_REQUEST_|APPVEYOR_|CSC_|GH_|GITHUB_|BT_|AWS_|STRIP|BUILD_')
   --env ELECTRON_CACHE="/root/.cache/electron"
   --env ELECTRON_BUILDER_CACHE="/root/.cache/electron-builder"
   -v ${PWD}:/project
   -v ${PWD##*/}-node-modules:/project/node_modules
   -v ~/.cache/electron:/root/.cache/electron
   -v ~/.cache/electron-builder:/root/.cache/electron-builder
   electronuserland/builder:wine

$ yarn dist

The problem

The example policy in the readme doesn't work with the new v2 KV secret store in Vault. Cryptr just displays a load animation, and I have to quit Cryptr and start over again.

Environment

• Cryptr version (or git revision) that exhibits the issue: 0.3.0-alpha
• Desktop OS/version used to run Cryptr: macOS 10.14.2
• Vault version: 1.0.1

Details

The example policy in the readme doesn't work with the new v2 KV secret store in Vault. I have found this to work - I hope you can use it:

path "secret/data/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "secret/metadata/*" {
  capabilities = ["list", "read", "delete", "update", "create"]
}

path "secret/delete/*" {
  capabilities = ["update"]
}

path "secret/undelete/*" {
  capabilities = ["update"]
}

As the Vault documentation about the delete/undelete part is a bit cryptic, I'm not sure if it's correctly configured above. But to delete secrets in Cryptr, I had to define the delete path at least and the undelete path seems to work fine with the restore function in Cryptr.

After the restructuring of code, the search box does not currently have ability to actually search.

The problem

Fresh pull of master then npm audit fix to update to latest versions. Upon npm run dev the electron window shows black (no content) and the dev tools emits a bunch of errors, no content is ever shown in the electron window. The following errors are emitted by the dev tools plugin.

"Uncaught ReferenceError: Polymer is not defined"

"Failed to load resource: net::ERR_FILE_NOT_FOUND"

"Uncaught (in promise) Error: Could not instantiate: ProductRegistryImpl.Registry"

"Electron Security Warning (Insecure Content-Security-Policy)"
"Electron[13369:68080] *** WARNING: Textured window <AtomNSWindow: 0x7fc179546ba0> is getting an implicitly transparent titlebar. This will break when linking against newer SDKs. Use NSWindow's -titlebarAppearsTransparent=YES instead"

Environment

• Cry ptr version (or git revision) that exhibits the issue: latest master + local updates to packages in package.json via npm outed suggestions.

• Desktop OS/version used to run Cryptr: mac mojave 10.14.3

• Vault version: ? - not linked up just trying to do first run of project to see the UI. The UI should load even without a vault backend setup/defined shouldn't it?

The problem

When I want to use the Vault connection using google OIDC I get an error message

Environment

• Cryptr version (or git revision) that exhibits the issue: 0.5.0
• Desktop OS/version used to run Cryptr: Ubuntu 20.0.4
• Vault version: 1.9.2

Details

We have configured our Vault according to the manufacturer's recommendations ( https://learn.hashicorp.com/tutorials/vault/oidc-auth?in=vault/auth-methods#enable-oidc-auth-method )

We have configured :

allowed_redirect_uris="http://localhost:8250/oidc/callback"

And we have the following error message when we use Cryptr:

Steps to Reproduce

Configure Vault with OIDC authentication using Google

🚨 You need to enable Continuous Integration on Greenkeeper branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.

Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.

If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.

Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please click the 'fix repo' button on account.greenkeeper.io.

The problem

Cryprt doesn't display secrets tree

Environment

• 2.0
• Windows 10 Enterprise x64
• Vault version: Vault v0.9.6

Details

I suppose that I miss configured the policies.

Steps to Reproduce

Starting the server:

vault server -dev -log-level=trace
vault secrets enable -path="develop" kv

vault policy write develop develop

vault auth enable ldap
vault write auth/ldap/config^
 url=XXX^
 userattr=userPrincipalName^
 insecure_tls=true^
 starttls=false^
 upndomain=XXX^
 binddn=""^
 userdn="XXX"

vault write auth/ldap/groups/developers policies=develop

vault write auth/ldap/users/<mylogin> groups=developers

vault write develop/login  value=developDbLogin
vault write develop/password  value=developDbPass 

develop policy file:

path "develop/*" {
  capabilities = ["read", "list", "update", "create", "delete"]
}

path "sys/policy/develop" {
    capabilities  = ["read", "list"]
}

When I login via LDAP I am able to search the secrets, there is nothing is secrets tree.

To Do:

• Modify HTTPS client-side check to account for accidental space as first character instead of "https"
• Add a final / to the end of the URL

The problem

Secrets successfully created with Cryptr for Windows are lost at next login.

Environment

Cryptr version (or git revision) that exhibits the issue: 0.4.0
Desktop OS/version used to run Cryptr: Windows 10
Vault version: 1.4.2

Details

I was able to create secrets using Cryptp for Windows against a dev vault.
However, after logout I couldn't se the created secrets anymore, even though I have confirmed that the secrets are recorded in the vault using the Hashicorp UI

Steps to Reproduce

Run Hashicorp Vault 1.4.2 dev server
Configure a KV secrets engine unser default path "kv/"
Create a new authentiation method of type "Username & Password"
Add a test user and "default" policy
Ad the following entry to "default" policy
path "kv/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
Access the vault using Cryptr 0.4.0 for Windows
Login with created user
Create a few secrets.
Logout from Cryptr
Login again with Cryptr
The created secrets are missing.

Further observation revealed that even without logoff just clicking the refresh button makes the created secrets disappear.

The problem

Github Authentication missing.

Environment

• Cryptr version (or git revision) that exhibits the issue: all
• Desktop OS/version used to run Cryptr: all
• Vault version: all

Details

This is one of the only tools that don't seem to require vault superuser access, so it is an ideal tool for an end user to manage it's secrets. My organization has vault configured to use Github authentication, so it would be great if that was one option.

Steps to Reproduce

No Github authenticaiton option on the start menu.

One use case: with a root token, by default there are no "rules" attached to the token. As such, no secrets are "discovered" even though they exist.

Request is to be able to manually crawl an endpoint to see if the user has access to them.

Can we have the support to move entire folder to some other location? At present the support is there for secrets.

The problem

• New does not preserve the path to New Secret.

Environment

• Cryptr version (or git revision) that exhibits the issue: 0.2.0
• Desktop OS/version used to run Cryptr: openSUSE Leap 42.3
• Vault version: v0.9.1 (cgo)

Details

i want to create a sibling for an existing value so i navigate the tree and click New; unfortunately, New Secret shows just secret/.

Steps to Reproduce

1. launch cryptr.
2. login to a vault server.
3. use the tree navigator on the left to find an existing value.
4. verify Location shows the full path to the value.
5. click + New above the existing value.
6. notice Location shows secret/; it SHOULD show secret/path/to/parent.

This is a task to investigate import ability.

Sometimes, a valid URL is marked as invalid. Let's make this check more robust.

Add a right click menu to the sidebar. https://github.com/vaadin/vaadin-context-menu may be a good choice.

The problem

Error trying to connect to Vault 0.10.0 Cluster.

Environment

• Cryptr version (or git revision) that exhibits the issue: 0.2.0
• Desktop OS/version used to run Cryptr: Windows 10 & Debian 9
• Vault version: 0.10.0

Details

I tried to connect to a Vault HA Cluster via Cryptr. After entering the URL a error notification (toast like message) pops up that says: "No supported Vault instance found at the this URL".

As Connection endpoint I'm using the Vault Active Node Address: https://X.X.X.X:8200

Steps to Reproduce

• Start Cryptr
• Enter connection details
• Error shows up

The problem

When updating a secret that is a json dictionary, the UI shows the secrets in a parsed tree, which is very helpful in editing existing values. However, it is not possible to add a new key to the value and update the config without switching on the "json" mode. It would be nice to have the functionality to add keys to existing dictionaries.

E.g adding a "warning" field to the formatters is not possible through this view

Environment

• Cryptr version (or git revision) that exhibits the issue: 0.6.0
• Desktop OS/version used to run Cryptr: Windows 10
• Vault version: 1.10.4

The problem

If you create secret with "" char in the path, Cryptr cannot view that secret (although it's discoverable).

Environment

• Cryptr version (or git revision) that exhibits the issue: 0.3.0
• Desktop OS/version used to run Cryptr: Windows 10
• Vault version: 1.2.3

Details

Obviously, "" is getting replaced to "/", just as "space" is replaced with underscore.

The problem

It would be great to have Cryptr natively compiled for Apple M series processors. Some users to not use Rosetta at all which completely blocks them from using Cryptr on newer Macbooks.

Environment

• Nothing specific

Steps to Reproduce

Install and run Mac OS version of Cryptr and see a request for Rosetta to be installed to run it

The problem

When viewing the contents of Cryptr, my sidebar has quite a few top-level folders (the "SECRETS" value in the image in the README).
Those top-level folders also have quite a few entries in them, requiring me to scroll very far to get to the content I'm looking for.
It would be nice to be able to click and open/close those top-level folders to shrink the space used in the sidebar, much like how the inner folders can be opened/closed on click.

The problem

Unable to logon with cryptr when Vault is configured with Okta API authentication method

Environment

• Cryptr version (or git revision) that exhibits the issue: latest
• Desktop OS/version used to run Cryptr: windows & mac
• Vault version: Currently 1.1.5. Moving to 1.3+

Details

Vault is currently utilizing Okta API auth method w/ Verify-Push MFA required for all logins

Steps to Reproduce

Okta credentials do not work with "Username+Password" or "LDAP"

Work around is to logon to Vault UI and 'copy token' and then use token method in cryptr

The problem

I was excited about the possibility of having a keepass-like-tool that would tie into Vault but was disappointed that no matter what I tried I can't even login to vault. The error I get on Windows or Mac is consistent: "An error occurred while connecting to the provided URL.". We do use namespaces in our environment but my testing has been against a root vault namespace.

Environment

• Cryptr version 0.4.0
• Desktop OS/version used to run Cryptr: Windows 10 (latest patch), Windows server 2019 (1809), OS X 10.15.7
• Vault version: Vault 1.4.1+prem.hsm

Details

We have users that would prefer some sort of desktop client vs the web interface. They are not developers so the API/CLI just wouldn't be appropriate.

Steps to Reproduce

Describe how to reproduce this issue. What did you click? What were you trying to do?

• Launch executable from either OS and the login window appears.
• Add a URL pointing to vault, tried with/without vault's default port
• The error appears immediately after trying to add a URL
• The error appears if I populate LDAP's user name/password and attempt to login
• The error appears when using Token and trying to populate URL & Token value as well.

Feature request: OpenID Connect login option

Having tried out Cryptr with token login, i would love to see OIDC as an login option. As our users sign in with their Google Cloud account to access the vault.

Current state allows the user to view the first level of a multi-level JSON secret, but nothing else.

There doesn't seem to be any way to contact you except through an issue, so I figured I'd mention it here, I wrote a POSIX shell cmd line version of your GUI tool: https://bitbucket.org/zie/vpw

They work well together! :)

Anyways, feel free to close this. Just thought I'd give you an FYI sort of thing.

The problem

Build the Crypter source code. And after fixing the initial issues, I was able to list secrets for ldap user in linux and mac but windows throw an error when I click on the LDAP username.
I attached the screenshot of the error:

Environment

• Cryptr: Master branch source code checkout
• OS: Windows 10
• Vault version: v1.6.0

Details

Build the source code and install the dependencies.
Connect to the vault-url and login via ldap user pass.
I am able to login and see the username but when I click on username it is unable to list the secrets and throws error. Basically not able to parse the folder structure. I can see it is generating the structure in secters-init.hmlt correctly but not able to parse in windows machine. However, it is able to do that in mac and linux. I am going to attach screenshot for both windows and linux.
Any help is appreciated.

Steps to Reproduce

Click on the username once login via ldap user to vault server.

I can share the code if needed, please let me know. Thanks.