N8N issues with Hashicorp Vault connection

Questions
1

Hello,

When I try to connect our Hashicorp Vault as an external credential, I’ve the following error :
image

This is my settings :

image
image806×751 21 KB

This is my docker compose file :

volumes:
  n8n_data:
    driver: local
    driver_opts:
      o: bind
      type: none
      device: /data/n8n_data

services:
  n8n:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: n8n_ui
    user: 1002:1002
    restart: always
    ports:
      - 443:443
    environment:
      - NODE_TLS_REJECT_UNAUTHORIZED=0
# N8N Config
      - N8N_HOST=***************
      - N8N_PORT=443
      - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
# N8N Ssl
      - N8N_PROTOCOL=https
      - N8N_SSL_CERT=/home/n8n/cert******
      - N8N_SSL_KEY=/home/n8n/cert******
# N8N Logs
      - N8N_LOG_LEVEL=debug
      - N8N_LOG_OUTPUT=file
      - N8N_LOG_FILE_LOCATION=/home/n8n/test.log
# N8N Monitoring
      - N8N_METRICS=true
      - QUEUE_HEALTH_CHECK_ACTIVE=true
# N8N Database
      - DB_TYPE=postgresdb
      - DB_POSTGRESDB_DATABASE=n8n
      - DB_POSTGRESDB_HOST=*********
      - DB_POSTGRESDB_PORT=5432
      - DB_POSTGRESDB_USER=postgres
      - DB_POSTGRESDB_PASSWORD=******
# N8N SMTP
      - N8N_EMAIL_MODE=smtp
      - N8N_SMTP_HOST=******-smtp
      - N8N_SMTP_PORT=25
      - N8N_SMTP_SENDER=n8n_dev@*****.com
      - N8N_SMTP_SSL=false

    volumes:
      - n8n_data:/home/n8n/.n8n

I’ve tried with my root token and at the moment, I’m using an ApprRole that I used for an other client and still get the same error.
I don’t have any logs in my Vault server and I checked my network streams, all seems good…

Information on your n8n setup

  • **n8n version: 1.77.3
  • **Database : Postgres 16.3
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • **Running n8n via : Docker
  • **Operating system: AlmaLinux release 9.3 (Shamrock Pampas Cat)
2

When I tried to do a CURL to Vault :
curl --request POST --data '{"role_id": "YOUR_ROLE_ID", "secret_id": "YOUR_SECRET_ID"}' http://your-vault-server:8200/v1/auth/approle/login
I get my client token.
But if I do the same on my UI, I still get the error and no log in vault.

4

Hi @JoeyG

Did you try to test the connection to your vault from within the n8n container?
You could do so using the HTTP Request Node in n8n.
This would hopefully output a more detailed error message.

Thanks for sharing your findings! :raised_hands:

5

I had the same issue yesterday.

Seems “invalid credentials” errors happens also if there are no mounts (kv) allowed in current role (in the logs I saw “failed to update vault” or something like that)

So I have allowed read sys/mounts to “my-role” and I’ve created one kv mounts.