search

BetterCloud / vault-java-driver

Zero-dependency Java client for HashiCorp's Vault
https://bettercloud.github.io/vault-java-driver/
334 stars 224 forks source link

How to perform update operation for specific keys instead of overwriting existing other keys through java driver just like, vault kv patch in vault CLI? #217

Open Rupesh-Chaudhari-93 opened 4 years ago

Rupesh-Chaudhari-93 commented 4 years ago

Whenever, I am trying to update specific existing keys, its overwriting the other keys as well and there is data loss. I need to update existing keys or add new keys without affecting existing keys. This scenario can be achieved by using vault CLI. But, I am not sure how to implement it using Vault Java Driver.

For e.g. using vault CLI : vault kv put secret/partner name="Example Co." partner_id="123456789111111" Keys stored in Vault : ======= Data ======= Key Value === ===== name Example Co. partner_id 123456789111111

vault kv patch secret/partner contact=889765412 Keys stored in Vault : ======= Data ======= Key Value === ===== contact 889765412 name Example Co. partner_id 123456789111111

Using Vault Java Driver : Map<String, Object> secretMap = new HashMap<String, Object>(); secretMap.put("name","Example Co."); secretMap.put("partner_id","123456789111111"); final LogicalResponse writeResponse = vault.logical() .write("secret/partner", secretMap); Keys stored in Vault : ======= Data ======= Key Value === ==== name Example Co. partner_id 123456789111111

Map<String, Object> m = new HashMap<String, Object>(); secretMap.put("contact","889765412"); final LogicalResponse writeResponse = vault.logical() .write("secret/partner", m); Keys stored in Vault : ======= Data ======= Key Value === ==== contact 889765412

Hence, it's overwriting the existing data. Can anybody please help me to achieve this thing with Vault Java Driver.

yuanlu-0 commented 3 years ago

Have you found a solution? I ran into the same issue.

siepkes commented 3 years ago

As far as I can tell the patch command the Vault CLI offers is not based on a special Vault patch API. It is "just" a convenience offered by the CLI tool. It basically downloads the old values, adds the new value and then uploads the entire thing (old and new values) to Vault.

You can see it here: https://github.com/hashicorp/vault/blob/a24653cc5cca475962b27b71dcba29a4aa94d6ee/command/kv_patch.go