config.ssl_pem_file doesn't work

[hunter86bg]

According to README.md the construct config.ssl_pem_file should work by providing the path to the pem file, yet I got only:

Running handlers:
[2022-08-31T11:21:05+03:00] ERROR: Running exception handlers
Running handlers complete
[2022-08-31T11:21:05+03:00] ERROR: Exception handlers complete
Infra Phase failed. 0 resources updated in 04 seconds
[2022-08-31T11:21:05+03:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2022-08-31T11:21:05+03:00] FATAL: ---------------------------------------------------------------------------------------
[2022-08-31T11:21:05+03:00] FATAL: PLEASE PROVIDE THE CONTENTS OF THE stacktrace.out FILE (above) IF YOU FILE A BUG REPORT
[2022-08-31T11:21:05+03:00] FATAL: ---------------------------------------------------------------------------------------
[2022-08-31T11:21:05+03:00] FATAL: OpenSSL::PKey::RSAError: read_vault[Read secret at secret/my-app] (secret::create_secret line 38) had an error: OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: nested asn1 error

Maybe I'm missing something but so far I managed to make it work with ENV['SSL_CERT_FILE'].

NOT WORKING:

# Needed due to https://github.com/hashicorp/vault-ruby/issues/273 
require 'tempfile'
temp_cert_file = Tempfile.new('tempfile')
Dir.glob(['/etc/ssl/certs/*.crt',
          '/etc/ssl/certs/*.pem',
          '/etc/chef/trusted_certs/*.crt',
          '/etc/chef/trusted_certs/*.pem']).each do |ca_cert|
  IO.copy_stream(ca_cert, temp_cert_file)
end

require 'vault'

Vault.configure do |config|
  config.ssl_pem_file = temp_cert_file.path
end

resource_name :read_vault
provides :read_vault
unified_mode true

property :path, String, required: true
property :address, String, required: true
property :token, String, required: true
property :role_name, String, required: false

action :read do
  # Need to set the vault address
  Vault.address = new_resource.address

  # Authenticate with the token
  Vault.token = new_resource.token
  if property_is_set?(:role_name) # Authenticate to Vault using the role_id
    approle_id = Vault.approle.role_id(new_resource.role_name)
    secret_id = Vault.approle.create_secret_id(new_resource.role_name).data[:secret_id]
    Vault.auth.approle(approle_id, secret_id)
  end
  # Attempt to read the secret
  secret = Vault.logical.read(new_resource.path)
  if secret.nil?
    raise "Could not read secret '#{new_resource.path}'!"
  end
  # Store the secret in memory only
  node.run_state[new_resource.path] = secret
  new_resource.updated_by_last_action(true)
end

WORKING:

# Needed due to https://github.com/hashicorp/vault-ruby/issues/273
require 'tempfile'
temp_cert_file = Tempfile.new('tempfile')
Dir.glob(['/etc/ssl/certs/*.crt',
          '/etc/ssl/certs/*.pem',
          '/etc/chef/trusted_certs/*.crt',
          '/etc/chef/trusted_certs/*.pem']).each do |ca_cert|
  IO.copy_stream(ca_cert, temp_cert_file)
end

ENV['SSL_CERT_FILE'] = temp_cert_file.path

require 'vault'

resource_name :read_vault
provides :read_vault
unified_mode true

property :path, String, required: true
property :address, String, required: true
property :token, String, required: true
property :role_name, String, required: false

action :read do
  # Need to set the vault address
  Vault.address = new_resource.address

  # Authenticate with the token
  Vault.token = new_resource.token
  if property_is_set?(:role_name) # Authenticate to Vault using the role_id
    approle_id = Vault.approle.role_id(new_resource.role_name)
    secret_id = Vault.approle.create_secret_id(new_resource.role_name).data[:secret_id]
    Vault.auth.approle(approle_id, secret_id)
  end
  # Attempt to read the secret
  secret = Vault.logical.read(new_resource.path)
  if secret.nil?
    raise "Could not read secret '#{new_resource.path}'!"
  end
  # Store the secret in memory only
  node.run_state[new_resource.path] = secret
  new_resource.updated_by_last_action(true)
end

[hunter86bg]

Chef Client OS: RHEL9
Chef Infra Client: 17.10.3