Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kv2/metadata: ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint #337

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

kv2/metadata: ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint #337

wants to merge 3 commits into from

Conversation

konidev20
Copy link
Contributor

@konidev20 konidev20 commented Nov 22, 2023
edited

In the implementation of

public async Task<Secret<ListInfo>> ReadSecretPathsAsync(string path, string mountPoint = null, string wrapTimeToLive = null)

the path is required which was built referencing -> https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#list-secrets

However, as reported in gh-334, it seems like path can be empty, if you want to list all the secrets on the mount point.

I tried this with Vault v1.15.2, below are the results of my test.

Sample Request

curl --header "X-Vault-Token: …” --request LIST http://127.0.0.1:8200/v1/secret/metadata

Response

{
  "request_id": "34a153dc-0fef-b717-25da-1f54e77ab581",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "keys": [
      "bye",
      "hello/",
      "world"
    ]
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}

considering the above results, I felt removing the strict null check and adding a simple guard rail would be a better solution.

fixes #334

@konidev20
remove null check for path, in list secrets API
11d68a9 
the path is required in the API documentation of vault
but if you manually run the API like
curl --header "X-Vault-Token: …” --request LIST http://127.0.0.1:8200/v1/secret/metadata
it would work

therefore, removing the strict null check and adding a simple guard rail
@konidev20
update IKeyValueSecretsEngineV2 documentation
f0c6cb6
@konidev20 konidev20 changed the title remove null check for path, in list secrets API ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint Nov 22, 2023
@konidev20 konidev20 changed the title ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint kv2/metadata: ReadSecretPathsAsync allows empty path value to list all secrets on the mountPoint Nov 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support Metadata LIST
1 participant
@konidev20