Troubleshooting

VPP CLI

Key not found

The VPP CLI uses your private key file to authenticate with the Vault++ server. When you created your Vault++ account, the private key file was automatically downloaded to your Downloads folder. You can copy this private key to the location specified in the VPP CLI error message.

For detailed instructions, please refer to our Getting Started Guide.

Scan Checkpoints

Vault++ uses the repository remote URL to remember scan checkpoints. Repositories created locally may not have a remote location, which can be verified by running the following command:

git remote -v

If no remote is set, you can add a remote repository using the following command:

# example for GitHub
git remote set-url origin 'git@github.com:YOUR-COMPANY/YOUR-PROJECT.git'

Custom Git Link

Vault++ currently supports generating links to GitHub, Bitbucket, and GitLab from detected secrets. This feature allows you to quickly locate the scan result in your code.

If you don't use any of these three git providers, Vault++ does not currently support generating direct links to your repository. However, you are welcome to raise a feature request by getting in touch with us.

Git Not Found

Vault++ requires the Git CLI to perform deep scans within your repository history. Please refer to the following external guide to install Git on your machine: Install Git.

Agent Conflict

The VPP CLI runs a background agent to securely store and manage your decrypted private key. The agent listens on port 19458 on your local network interface. If another application is already using this port, the agent will not be able to start.

CICD Integrations

GitHub: Authenticating

To install the Vault++ GitHub app, you must have admin permissions for your GitHub account or organization. If you are not an admin and attempt to install the GitHub app, the installation will fail even if later approved by a GitHub admin.

For detailed instructions to install the Vault++ GitHub app, please refer to our Live Environment Guide.

GitHub: Access Denied

This error occurs when Vault++ receives an access denied error from GitHub while attempting to trigger your CICD pipeline. To fix the authentication issue, you need to reinstall the Vault++ GitHub app. When reinstalling the app, it may appear that the app is already installed. In this case, you need to uninstall the GitHub app before reinstalling it.

For detailed instructions to install the Vault++ GitHub app, please refer to our Live Environment Guide.

GitHub: Missing tokens

Vault++ requires the CI job token (GITHUB_TOKEN) to write comments, reject, and approve pull requests. By default, GitHub Actions pipelines do not provide a job token unless it is explicitly granted using the following permissions property in the job:

on:
  pull_request:
    branches:
    - main
jobs:
  vpp:
    permissions:
      contents: read
      pull-requests: write
    name: VPP PR Check
    runs-on: ubuntu-latest
    #### rest of the pipeline ...

For more information about integrating Vault++ in pull requests, please refer to our PR Check Guide.

BitBucket: Missing tokens

Vault++ requires the CI job token (BITBUCKET_REPO_TOKEN) to write comments, reject, and approve pull requests. You will need to create and add the required token into the CICD secrets for VPP CLI to consume.

For detailed instructions on how to do this, please refer to our PR Check Guide.

GitLab: Missing tokens

Vault++ requires the CI job token (GITHUB_TOKEN) to write comments, reject, and approve pull requests. You will need to create and add the required token into the CICD secrets for VPP CLI to consume.

For detailed instructions on how to do this, please refer to our PR Check Guide.

Invalid Service Account

Vault++ CLI is unable to authenticate using the provided service account key and password combination. To resolve this issue, you need to create a new service account and grant it the necessary access in the Application Settings page.

For detailed instructions on creating a service account, please refer to our Live Environment Guide.

VaultPlusPlus UI

Merge Request Key Not Found

Vault++ uses end-to-end encryption to protect all secrets stored in it. This ensures that neither Vault++ nor anyone without access to the encryption key can decrypt the secrets.

As a result, when a Merge Request is raised, the new secrets must be encrypted using the public keys of the admins who can approve and apply the changes. If a user's access is later upgraded to admin, they were not part of the original list of admins when the Merge Request was created. Therefore, the keys required to decrypt the Merge Request will not be available to the newly appointed admin, and they will encounter an error message when this issue occurs.

To resolve it, the original requester can re-raise the Merge Request, or any existing admin with access can approve and apply the request.

For more information about Vault++ cryptographic properties, please refer to our Security page.

VPP CLI​

Key not found​

Scan Checkpoints​

Custom Git Link​

Git Not Found​

Agent Conflict​

CICD Integrations​

GitHub: Authenticating​

GitHub: Access Denied​

GitHub: Missing tokens​

BitBucket: Missing tokens​

GitLab: Missing tokens​

Invalid Service Account​

VaultPlusPlus UI​

Merge Request Key Not Found​