Support Secret Engine v2

fishi0x01 / vsh

vsh - HashiCorp Vault interactive shell and cli tool

MIT License

284 stars 12 forks source link

Support Secret Engine v2 #105

Closed JulianNeuhaus27 closed 2 years ago

JulianNeuhaus27 commented 2 years ago

It looks like the secret engine version2 is not supported. ls is returning empty Vault from root path.

https://vault.xxx.de /> ls

https://vault.xxx.de />

Even though the Vault is definitely not empty 🙂

fishi0x01 commented 2 years ago

Hi Julian :wave: :)

Are you sure your token has permissions to list on root level?

KV2 should be fully supported and is tested. Here a list of all commands that are tested against KV1 and KV2 https://github.com/fishi0x01/vsh/tree/master/test/suites/commands

fishi0x01 commented 2 years ago

I just tried locally and cannot reproduce the issue.

What I did:

docker-compose.yml

---
version: "3.9"
services:
  vault:
    container_name: vault
    image: "vault:1.5.4"
    environment:
      - VAULT_ADDR=http://127.0.0.1:8200
      - VAULT_TOKEN=root
      - VAULT_DEV_ROOT_TOKEN_ID=root
      - VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
    ports:
      - 8200:8200

docker exec vault /bin/sh -c vault secrets enable -version=2 -path=my-kv2 kv

$ VAULT_ADDR=http://localhost:8200 VAULT_TOKEN=root vsh
http://localhost:8200 /> ls
my-kv2/
http://localhost:8200 />

JulianNeuhaus27 commented 2 years ago

Hm ok I used Vault version 1.9.1, but then the issue might be somewhere else 🙁

fishi0x01 commented 2 years ago

If your token lacks permissions to do ls backends level, but you know that you have access to <your-backend>, then you could also try

VAULT_PATH=<your-backend>/ vsh

That will automatically set <your-backend>/ as current path.

fishi0x01 commented 2 years ago

Tried the same docker-compose.yml file with vault:1.9.1 - also works as expected.

fishi0x01 commented 2 years ago

Will later make a PR to bump the whole test suite to latest vault version though. Its about time again I guess :)

JulianNeuhaus27 commented 2 years ago

When I tried to use VAULT_PATH=<your-backend>/ I always got this:

Error initializing vault client | Is VAULT_ADDR properly set? Do you provide a proper token?
VAULT_PATH is not a valid directory path

I now tried it with our root token (yes its still there 😞 ) and all worked well...so your first guess was right. I will need to check what permission was missing for me 🙂 Thanks for taking a look so quickly! Hope you are all good and we see us next time when Paolo is in town 😬