Open sgutwein opened 3 years ago
Hi @sgutwein , thanks for filing this issue! This is definitely a great feature to have, and we are planning to incorporate this functionality into a future release.
Has this feature been added?
The function would be very useful, are there any updates on this matter?
Is your feature request related to a problem? Please describe.
Yes.
I have a kv2 secret engine for our Jenkins, which only the technical Jenkins user has read access to it:
Now, I would like to write a policy for developers, that allows the developers to update the secrets:
Describe the solution you'd like By updating the secrets, it would be really useful to have access to keys/parameters of the secrets.
Example: There is a secret named xyz in the jenkins/technical/ folder with the keys/parameters "password" and "username" in the last version.
I would like wirte a policy that can:
See the keys of each version e.g.:
If I update the secret Vault should take the keys/parameters from the last version e.g.:
Additional context I know that there is an option to set
required_parameters
, but I think this is not a good solution for my problem, as parameters can also change over time. Also is not possible to mark parameters as required by creating a new secret.