Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Metadata LIST #334

Open
FinHorsley opened this issue Nov 15, 2023 · 3 comments · May be fixed by #337
Open

Support Metadata LIST #334

FinHorsley opened this issue Nov 15, 2023 · 3 comments · May be fixed by #337

Comments

@FinHorsley
Copy link

Describe the feature request or question
Support for listing all keys at mount-path.

e.g.

curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    https://127.0.0.1:8200/v1/secret/metadata/my-secret

Link to the Vault API Docs that support this feature
https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#list-secrets

Additional context
N/A
@konidev20
Copy link
Contributor

Hey @FinHorsley,

public async Task<Secret<ListInfo>> ReadSecretPathsAsync(string path, string mountPoint = null, string wrapTimeToLive = null)

Here is a link to it's usage and documentation: https://github.com/rajanadar/VaultSharp#list-secrets

Hey there is this method already available, can you validate if this works?

Thanks,
@konidev20

@FinHorsley
Copy link
Author

@konidev20 Ah, sorry i sent the wrong request 🤦‍♂️

I meant to use the following, to get a list of all keys at the mountPath (rather than just all keys for a given secret path, within a mountPath)

curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    https://127.0.0.1:8200/v1/kv-clients/metadata

which gives a response of

{"request_id":"6a7fb8b6-ce32-86cc-5075-16c3403418c4","lease_id":"","renewable":false,"lease_duration":0,"data":{"keys":["client:x","client:y","client:q","client:z"]},"wrap_info":null,"warnings":null,"auth":null}

However, I can't do the same with VaultSharp as ReadSecretPathsAsync requires the path and mountPath. I tried passing null (and string.Empty), see below, but that errored with a Vault exception

await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretPathsAsync(
    null, 👈 // causes Vault exception
    mountPoint: "kv-clients");

Got it working with the following, but I'm not sure if this is abusing the VaultSharp methods?

await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretPathsAsync(
    "/",  👈 // returns all keys in mountPath "kv-clients"
    mountPoint: "kv-clients");

@konidev20
Copy link
Contributor

konidev20 commented Nov 22, 2023
edited

However, I can't do the same with VaultSharp as ReadSecretPathsAsync requires the path and mountPath. I tried passing null (and string.Empty), see below, but that errored with a Vault exception

You're right, this is because we have an Checker.NotNull("path"), in the KeyValueSecretsEngineV2Provider.

Got it working with the following, but I'm not sure if this is abusing the VaultSharp methods?

The code snippet you provided would certainly work. And IMO is not a misuse.

I think we can do without the Checker.NotNull("path"). I will raise a PR with that change. According to the API reference, it must be allowed.

[Edit]
Vault documentation shows that the path values is <required>.

path (string: ) – Specifies the path of the secrets to list. This is specified as part of the URL.

I would recommend you to continue the second method you have shown above.

[/Edit]

@konidev20 konidev20 linked a pull request Nov 22, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@konidev20 @FinHorsley