S
Supabase10h ago
Medlac

Vault Help

I have enabled, ran sql queries, exposed the vault schema but i keep getting the same error: 
{
  code: 'PGRST202',
  details: 'Searched for the function public.vault.create_secret with parameters name, secret or with a single unnamed json/jsonb parameter, but no matches were found in the schema cache.',
  hint: null,
  message: 'Could not find the function public.vault.create_secret(name, secret) in the schema cache'
}
{
  code: 'PGRST202',
  details: 'Searched for the function public.vault.create_secret with parameters name, secret or with a single unnamed json/jsonb parameter, but no matches were found in the schema cache.',
  hint: null,
  message: 'Could not find the function public.vault.create_secret(name, secret) in the schema cache'
}
Any ideas? Here is the code triggering this error: 
    const { data: vaultSecret, error: vaultErr } = await supabaseServiceRole.rpc(
      "vault.create_secret",
      { name: `id:${userId}`, secret: privatePem }
    );
    const { data: vaultSecret, error: vaultErr } = await supabaseServiceRole.rpc(
      "vault.create_secret",
      { name: `id:${userId}`, secret: privatePem }
    );
PS if i run: 
create extension if not exists vault with schema vault;
create extension if not exists vault with schema vault;
I get: 
ERROR:  0A000: extension "vault" is not available
DETAIL:  Could not open extension control file "/usr/lib/postgresql/share/postgresql/extension/vault.control": No such file or directory.
HINT:  The extension must first be installed on the system where PostgreSQL is running.
ERROR:  0A000: extension "vault" is not available
DETAIL:  Could not open extension control file "/usr/lib/postgresql/share/postgresql/extension/vault.control": No such file or directory.
HINT:  The extension must first be installed on the system where PostgreSQL is running.
2 Replies
garyaustin
garyaustin10h ago
You have to use .schema() in your REST query. And you have to add the schema to the API setting. And you have to grant user roles to access.
This seems like a bad idea. Use an RPC call to a security definer function if you must. Vault though is not intended for general user data
Medlac
MedlacOP10h ago
hi gary thanks for the reply, It’s not general user data — a subset of users will need to sign requests with private keys, and I plan to store those keys securely in Vault. this is part of a server side route hat creates key pairs and i wanted to store the private key in vault and then store the vault id on a user table, Im new to vault so sorry for confusion Is this something that would be acceptable?: 
create or replace function public.vault_create_secret(p_name text, p_secret text)
returns uuid
language sql
security definer
as $$
  select id from vault.create_secret(p_name, p_secret);
$$;
create or replace function public.vault_create_secret(p_name text, p_secret text)
returns uuid
language sql
security definer
as $$
  select id from vault.create_secret(p_name, p_secret);
$$;

Did you find this page helpful?