From d8101f82eef205f163fcc185bc5267c983ae3a82 Mon Sep 17 00:00:00 2001
From: Nick Cabatoff <ncabatoff@hashicorp.com>
Date: Tue, 20 Sep 2022 08:57:08 -0400
Subject: [PATCH] Handle when pluginCatalog.Get returns (nil,nil) during cred
 backend creation (#17204)

---
 changelog/17204.txt | 3 +++
 vault/auth.go       | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 changelog/17204.txt

diff --git a/changelog/17204.txt b/changelog/17204.txt
new file mode 100644
index 000000000..07ea8c02e
--- /dev/null
+++ b/changelog/17204.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Fix panic when the plugin catalog returns neither a plugin nor an error.
+```
diff --git a/vault/auth.go b/vault/auth.go
index 4ec080847..be789c624 100644
--- a/vault/auth.go
+++ b/vault/auth.go
@@ -797,7 +797,8 @@ func (c *Core) setupCredentials(ctx context.Context) error {
 		backend, err = c.newCredentialBackend(ctx, entry, sysView, view)
 		if err != nil {
 			c.logger.Error("failed to create credential entry", "path", entry.Path, "error", err)
-			if plug, plugerr := c.pluginCatalog.Get(ctx, entry.Type, consts.PluginTypeCredential, ""); plugerr == nil && !plug.Builtin {
+			plug, plugerr := c.pluginCatalog.Get(ctx, entry.Type, consts.PluginTypeCredential, "")
+			if plugerr == nil && plug != nil && !plug.Builtin {
 				// If we encounter an error instantiating the backend due to an error,
 				// skip backend initialization but register the entry to the mount table
 				// to preserve storage and path.