You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I need to enable persistence at the cluster level for vault and postgres and for that vault needs to be in production mode not in dev mode.
I managed to create all the initialization and unseal and pass those values as secrets to the control plane and identity hub but when I try to seed the dataspace ie. create the participant, I get this error:
SEVERE 2026-05-05T21:12:32.058077043 JerseyExtension: Unexpected exception caught java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because the return value of "org.eclipse.edc.identityhub.spi.authentication.ServicePrincipal.getCredential()" is null at org.eclipse.edc.identityhub.api.ParticipantServicePrincipalResolver.findByCredential(ParticipantServicePrincipalResolver.java:58) at org.eclipse.edc.identityhub.api.authentication.filter.ServicePrincipalAuthenticationFilter.filter(ServicePrincipalAuthenticationFilter.java:65) at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:108) at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:44) at org.glassfish.jersey.process.internal.Stages.process(Stages.java:173) at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:266) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) at org.glassfish.jersey.internal.Errors.process(Errors.java:292) at org.glassfish.jersey.internal.Errors.process(Errors.java:274) at org.glassfish.jersey.internal.Errors.process(Errors.java:244) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:266) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:253) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:696) at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:397) at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:349) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:358) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:312) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205) at org.eclipse.jetty.ee10.servlet.ServletHolder.handle(ServletHolder.java:736) at org.eclipse.jetty.ee10.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1622) at org.eclipse.jetty.ee10.servlet.ServletHandler$MappedServlet.handle(ServletHandler.java:1555) at org.eclipse.jetty.ee10.servlet.ServletChannel.dispatch(ServletChannel.java:823) at org.eclipse.jetty.ee10.servlet.ServletChannel.handle(ServletChannel.java:440) at org.eclipse.jetty.ee10.servlet.ServletHandler.handle(ServletHandler.java:470) at org.eclipse.jetty.server.handler.ContextHandler.handle(ContextHandler.java:1071) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:181) at org.eclipse.jetty.server.Server.handle(Server.java:182) at org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:678) at org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConnection.java:416) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:480) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:443) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:293) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:195) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:981) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1211) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1166) at java.base/java.lang.Thread.run(Unknown Source) DEBUG 2026-05-05T21:12:54.417665391 [CredentialWatchdog] checking 0 credentials
In the identity hub configuration, I use the parameter EDC_IH_API_SUPERUSER_KEY to configure the API KEY. Do I need to now add some additional keys to vault when running in production mode ?
On identity hub startup I get this warning WARNING 2026-05-05T21:11:49.033307076 [Hashicorp Vault] Failed to parse renewable flag from token look up response {request_id=19078032-134d-f732-7558-1de0aa9735c8, lease_id=, renewable=false, lease_duration=0, data={accessor=IT11Gu5SMtzEf136u0XiT072, creation_time=1778015425, creation_ttl=0, display_name=root, entity_id=, expire_time=null, explicit_max_ttl=0, id=hvs.SsMiih6i6UbHzkwCke1wasSO, meta=null, num_uses=0, orphan=true, path=auth/token/root, policies=[root], ttl=0, type=service}, wrap_info=null, warnings=null, auth=null, mount_type=token} with reason: Key 'renewable' does not exist java.lang.IllegalArgumentException: Key 'renewable' does not exist at org.eclipse.edc.vault.hashicorp.client.HashicorpVaultTokenRenewService.getValueFromMap(HashicorpVaultTokenRenewService.java:227) at org.eclipse.edc.vault.hashicorp.client.HashicorpVaultTokenRenewService.parseRenewable(HashicorpVaultTokenRenewService.java:202) at org.eclipse.edc.vault.hashicorp.client.HashicorpVaultTokenRenewService.isTokenRenewable(HashicorpVaultTokenRenewService.java:108) at org.eclipse.edc.vault.hashicorp.client.HashicorpVaultTokenRenewTask.initialize(HashicorpVaultTokenRenewTask.java:102) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.base/java.util.concurrent.FutureTask.run(Unknown Source) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source) WARNING 2026-05-05T21:11:49.036810937 [Hashicorp Vault] Initial token look up failed with reason: Token look up response could not be parsed: Failed to parse renewable flag from token look up response {request_id=19078032-134d-f732-7558-1de0aa9735c8, lease_id=, renewable=false, lease_duration=0, data={accessor=IT11Gu5SMtzEf136u0XiT072, creation_time=1778015425, creation_ttl=0, display_name=root, entity_id=, expire_time=null, explicit_max_ttl=0, id=hvs.SsMiih6i6UbHzkwCke1wasSO, meta=null, num_uses=0, orphan=true, path=auth/token/root, policies=[root], ttl=0, type=service}, wrap_info=null, warnings=null, auth=null, mount_type=token} with reason: Key 'renewable' does not exist
Those errors were not happening when vault in dev mode, and everything worked fine, does the behaviour of identity hub and control plane change when vault in production mode ?
Also mention that when vault is unsealed I use the variable EDC_VAULT_HASHICORP_TOKEN to configure to root token in identity hub and ds2controlplane.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I need to enable persistence at the cluster level for vault and postgres and for that vault needs to be in production mode not in dev mode.
I managed to create all the initialization and unseal and pass those values as secrets to the control plane and identity hub but when I try to seed the dataspace ie. create the participant, I get this error:
SEVERE 2026-05-05T21:12:32.058077043 JerseyExtension: Unexpected exception caught java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because the return value of "org.eclipse.edc.identityhub.spi.authentication.ServicePrincipal.getCredential()" is null at org.eclipse.edc.identityhub.api.ParticipantServicePrincipalResolver.findByCredential(ParticipantServicePrincipalResolver.java:58) at org.eclipse.edc.identityhub.api.authentication.filter.ServicePrincipalAuthenticationFilter.filter(ServicePrincipalAuthenticationFilter.java:65) at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:108) at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:44) at org.glassfish.jersey.process.internal.Stages.process(Stages.java:173) at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:266) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248) at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244) at org.glassfish.jersey.internal.Errors.process(Errors.java:292) at org.glassfish.jersey.internal.Errors.process(Errors.java:274) at org.glassfish.jersey.internal.Errors.process(Errors.java:244) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:266) at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:253) at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:696) at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:397) at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:349) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:358) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:312) at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205) at org.eclipse.jetty.ee10.servlet.ServletHolder.handle(ServletHolder.java:736) at org.eclipse.jetty.ee10.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1622) at org.eclipse.jetty.ee10.servlet.ServletHandler$MappedServlet.handle(ServletHandler.java:1555) at org.eclipse.jetty.ee10.servlet.ServletChannel.dispatch(ServletChannel.java:823) at org.eclipse.jetty.ee10.servlet.ServletChannel.handle(ServletChannel.java:440) at org.eclipse.jetty.ee10.servlet.ServletHandler.handle(ServletHandler.java:470) at org.eclipse.jetty.server.handler.ContextHandler.handle(ContextHandler.java:1071) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:181) at org.eclipse.jetty.server.Server.handle(Server.java:182) at org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:678) at org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConnection.java:416) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99) at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:480) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:443) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:293) at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:195) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:981) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1211) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1166) at java.base/java.lang.Thread.run(Unknown Source) DEBUG 2026-05-05T21:12:54.417665391 [CredentialWatchdog] checking 0 credentialsIn the identity hub configuration, I use the parameter EDC_IH_API_SUPERUSER_KEY to configure the API KEY. Do I need to now add some additional keys to vault when running in production mode ?
On identity hub startup I get this warning
WARNING 2026-05-05T21:11:49.033307076 [Hashicorp Vault] Failed to parse renewable flag from token look up response {request_id=19078032-134d-f732-7558-1de0aa9735c8, lease_id=, renewable=false, lease_duration=0, data={accessor=IT11Gu5SMtzEf136u0XiT072, creation_time=1778015425, creation_ttl=0, display_name=root, entity_id=, expire_time=null, explicit_max_ttl=0, id=hvs.SsMiih6i6UbHzkwCke1wasSO, meta=null, num_uses=0, orphan=true, path=auth/token/root, policies=[root], ttl=0, type=service}, wrap_info=null, warnings=null, auth=null, mount_type=token} with reason: Key 'renewable' does not exist java.lang.IllegalArgumentException: Key 'renewable' does not exist at org.eclipse.edc.vault.hashicorp.client.HashicorpVaultTokenRenewService.getValueFromMap(HashicorpVaultTokenRenewService.java:227) at org.eclipse.edc.vault.hashicorp.client.HashicorpVaultTokenRenewService.parseRenewable(HashicorpVaultTokenRenewService.java:202) at org.eclipse.edc.vault.hashicorp.client.HashicorpVaultTokenRenewService.isTokenRenewable(HashicorpVaultTokenRenewService.java:108) at org.eclipse.edc.vault.hashicorp.client.HashicorpVaultTokenRenewTask.initialize(HashicorpVaultTokenRenewTask.java:102) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.base/java.util.concurrent.FutureTask.run(Unknown Source) at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source) WARNING 2026-05-05T21:11:49.036810937 [Hashicorp Vault] Initial token look up failed with reason: Token look up response could not be parsed: Failed to parse renewable flag from token look up response {request_id=19078032-134d-f732-7558-1de0aa9735c8, lease_id=, renewable=false, lease_duration=0, data={accessor=IT11Gu5SMtzEf136u0XiT072, creation_time=1778015425, creation_ttl=0, display_name=root, entity_id=, expire_time=null, explicit_max_ttl=0, id=hvs.SsMiih6i6UbHzkwCke1wasSO, meta=null, num_uses=0, orphan=true, path=auth/token/root, policies=[root], ttl=0, type=service}, wrap_info=null, warnings=null, auth=null, mount_type=token} with reason: Key 'renewable' does not existThose errors were not happening when vault in dev mode, and everything worked fine, does the behaviour of identity hub and control plane change when vault in production mode ?
Also mention that when vault is unsealed I use the variable EDC_VAULT_HASHICORP_TOKEN to configure to root token in identity hub and ds2controlplane.
Thanks and Best Regards
Beta Was this translation helpful? Give feedback.
All reactions