Environment
- Version: v0.4.0-beta.1
- Target: --target local
- OS: Ubuntu 24.04 (OCI VM)
Reproduction
- sudo ./install.sh --version v0.4.0-beta.1
- At the prompt, enter a team name that contains uppercase letters, hyphens, or is ≥ 20 chars (e.g. PLDEV-GO-MIGRATION).
- Install completes "successfully" with ✓ systemd service enabled and started.
- Service immediately fails and enters auto-restart loop.
Logs (core)
runevault: ensuring team index index=PLDEV-GO-MIGRATION
runevault: server: ensure vault: ensure index: envector: create_index:
server returned Fail: Invalid index name.
Index name must be alphanumeric, lowercase and less than 20 characters.
systemd: runevault.service: Main process exited, code=exited, status=1/FAILURE
systemd: runevault.service: Failed with result 'exit-code'.
systemd: runevault.service: Scheduled restart job, restart counter is at 51.
(loops indefinitely at ~5s intervals)
Root cause
install.sh:1027 reads the team name with no validation:
read -r -p "Team name (vault index identifier): " team_name
The same applies to the non-interactive path (RUNEVAULT_TEAM_NAME env var, line 1015) and the CSP prompt at line 309. None of them check against enVector's index naming constraints, so the value flows
straight into keys.index_name of the rendered runevault.conf (line 1079).
Impact
- "Installation successful" message is misleading — daemon never serves a single request.
- User has to dig through journalctl to find the real cause; the failure mode looks like an enVector outage at first glance.
- systemd restart counter climbs unbounded, spamming logs.
Suggested fix
Validate the team name at prompt time (and for RUNEVAULT_TEAM_NAME) against the enVector rule, with re-prompting on failure:
validate_team_name() {
[[ "$1" =~ ^[a-z0-9]{1,19}$ ]] || return 1
}
while ! validate_team_name "$team_name"; do
printf 'ERROR: team name must be lowercase alphanumeric, 1-19 chars (got: %q)\n' "$team_name" >&2
[[ "$NON_INTERACTIVE" -eq 1 ]] && exit 1
team_name=""
read -r -p "Team name (vault index identifier): " team_name
done
Apply at:
- install.sh:309 (CSP prompt)
- install.sh:334 (CSP non-interactive)
- install.sh:1027 (local prompt)
- install.sh:1015–1041 (local non-interactive RUNEVAULT_TEAM_NAME validation)
참고
example config 에
keys:
path: /opt/rune-vault/vault-keys
index_name: my-team # 하이픈 포함되어있음
Environment
Reproduction
Logs (core)
(loops indefinitely at ~5s intervals)
Root cause
install.sh:1027 reads the team name with no validation:
read -r -p "Team name (vault index identifier): " team_name
The same applies to the non-interactive path (RUNEVAULT_TEAM_NAME env var, line 1015) and the CSP prompt at line 309. None of them check against enVector's index naming constraints, so the value flows
straight into keys.index_name of the rendered runevault.conf (line 1079).
Impact
Suggested fix
Validate the team name at prompt time (and for RUNEVAULT_TEAM_NAME) against the enVector rule, with re-prompting on failure:
Apply at:
참고
example config 에