search

Keeper-Security / secrets-manager

Keeper Secrets Manager is a cloud-based, zero-knowledge platform for securing infrastructure secrets. Provides automatic password rotation and integration into popular DevOps CI/CD tools.
https://www.keepersecurity.com/secrets-manager.html
MIT License
83 stars 46 forks source link

Hashicorp Vault integration error #572

Open juranir opened 4 months ago

juranir commented 4 months ago

I'm trying to integrate the Keeper Secrets manager with the Hashicorp Vault. I'm using this documentation: https://docs.keeper.io/secrets-manager/secrets-manager/integrations/hashicorp-vault Versions used:

The basic integration is working fine, through the CLI I can get secrets but it's not working through the API, so I can't get secrets in a VaultDynamicSecret, for example.

When I'm trying to test the API by API Explorer this specific endpoint doesn't have a parameter, but when I call it an error is returned as it's missing a parameter: image

After some debugging (sorry if it was superficial) I realized it may be a problem in the integration API. Let me try to explain: Keeper's API is working well through the CLI that uses the pattern http://127.0.0.1:8200/v1/ksm/record?uid=_SecretUID_, but when we try to use the Vault object (instead CLI) the request is made with a different structure: http://Vault-Address:8200/v1/ksm/record/_SecretUID_

CLI: image

Vault Object: image

Example of a Vault object: image

Based on that I would like to understand if it may be a bug or if I'm doing something wrong.

idimov-keeper commented 3 months ago

Try adding params: in the spec: section

  mount: ksm
  path: record
  params:
    uid: "_SecretUID_"
juranir commented 3 months ago

Even with your suggestion, the behavior remains the same.

image

idimov-keeper commented 3 months ago

This feature request will be implemented in the next release - addressing a limitations of API Explorer which can work only with path parameters. You can use PR#505 to track progress