search

cruise-automation / daytona

A Vault client, but for containers and servers.
Apache License 2.0
301 stars 33 forks source link

Prevent inconsistencies when reading singular secrets paths that contain multiple keys #91

Closed broamski closed 2 years ago

broamski commented 2 years ago

Previously, when reading a singular secret definition and a singular output destination was specified, if more than one data key was returned, a data key value would be chosen at random, causing inconsistencies in the secret data being written. The new behavior defaults to always reading the default of value unless explicitly overwritten by VAULT_VALUE_KEY_.

The value standard is written to /vault/secret-value:

VAULT_SECRET_TEST=secret/path/testing
DAYTONA_SECRET_DESTINATION_TEST=/vault/secret-value

"data": {
    "value": "standard",
    "password": "nonstandard"
}

The value nonstandard is written to /vault/secret-value:

VAULT_SECRET_TEST=secret/path/testing
DAYTONA_SECRET_DESTINATION_TEST=/vault/secret-value
VAULT_VALUE_KEY_TEST=password

"data": {
    "value": "standard",
    "password": "nonstandard"
}