From 132b109d7c04d542407f3c9dcea36221c9e7e363 Mon Sep 17 00:00:00 2001
From: Waiariki Koia <waiariki.koia@rvu.co.uk>
Date: Thu, 3 Dec 2020 09:00:32 +0000
Subject: [PATCH 1/2] Add check for nil secret

---
 pkg/vault/manager.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/vault/manager.go b/pkg/vault/manager.go
index e780efe..d5407d4 100644
--- a/pkg/vault/manager.go
+++ b/pkg/vault/manager.go
@@ -154,7 +154,7 @@ func (m *DefaultManager) Save() error {
 
 func (m *DefaultManager) renewSecret(leaseID string) error {
 	secret, err := m.client.Sys().Renew(leaseID, int(m.lease.Seconds()))
-	if err != nil {
+	if err != nil || secret == nil {
 		log.Errorf("error renewing lease: %s", err)
 		fatalError := checkFatalError(err)
 		if fatalError != nil {
@@ -189,7 +189,7 @@ func (m *DefaultManager) renewCertificate() error {
 
 func renewAuth(client *api.Client, renew int) error {
 	secret, err := client.Auth().Token().RenewSelf(renew)
-	if err != nil {
+	if err != nil || secret == nil {
 		log.Errorf("error renewing token: %s", err)
 		fatalError := checkFatalError(err)
 		if fatalError != nil {

From b27a6d0d30527579bc73a72d2bd37a91ed3ea92a Mon Sep 17 00:00:00 2001
From: Waiariki Koia <waiariki.koia@rvu.co.uk>
Date: Thu, 3 Dec 2020 12:05:30 +0000
Subject: [PATCH 2/2] Set error if error is nil

---
 pkg/vault/manager.go   |  6 ++++++
 pkg/vault/providers.go | 10 ++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/pkg/vault/manager.go b/pkg/vault/manager.go
index d5407d4..57f8503 100644
--- a/pkg/vault/manager.go
+++ b/pkg/vault/manager.go
@@ -155,6 +155,9 @@ func (m *DefaultManager) Save() error {
 func (m *DefaultManager) renewSecret(leaseID string) error {
 	secret, err := m.client.Sys().Renew(leaseID, int(m.lease.Seconds()))
 	if err != nil || secret == nil {
+		if err == nil {
+			err = fmt.Errorf("secret is nil")
+		}
 		log.Errorf("error renewing lease: %s", err)
 		fatalError := checkFatalError(err)
 		if fatalError != nil {
@@ -190,6 +193,9 @@ func (m *DefaultManager) renewCertificate() error {
 func renewAuth(client *api.Client, renew int) error {
 	secret, err := client.Auth().Token().RenewSelf(renew)
 	if err != nil || secret == nil {
+		if err == nil {
+			err = fmt.Errorf("secret is nil")
+		}
 		log.Errorf("error renewing token: %s", err)
 		fatalError := checkFatalError(err)
 		if fatalError != nil {
diff --git a/pkg/vault/providers.go b/pkg/vault/providers.go
index b500790..0cf99e4 100644
--- a/pkg/vault/providers.go
+++ b/pkg/vault/providers.go
@@ -49,7 +49,10 @@ func (c *VaultSecretsProvider) newCertificate() (*Certificate, error) {
 	}
 
 	secret, err := c.client.Logical().Write(c.path, params)
-	if err != nil {
+	if err != nil || secret == nil {
+		if err == nil {
+			return nil, fmt.Errorf("secret is nil")
+		}
 		return nil, err
 	}
 
@@ -73,7 +76,10 @@ func (c *VaultSecretsProvider) newCertificate() (*Certificate, error) {
 
 func (c *VaultSecretsProvider) newCredentials() (*Credentials, error) {
 	secret, err := c.client.Logical().Read(c.path)
-	if err != nil {
+	if err != nil || secret == nil {
+		if err == nil {
+			return nil, fmt.Errorf("secret is nil")
+		}
 		return nil, err
 	}