hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
31.12k stars 4.2k forks source link

Feature Request: aws/static-roles should support LIST verb #21645

Open isometry opened 1 year ago

isometry commented 1 year ago

Describe the solution you'd like

The aws/static-roles endpoint needs to support the LIST verb to allow enumeration/audit of configured AWS static-roles. The output would ideally list path:access_key tuples.

Describe alternatives you've considered

Alternatively, static-roles could be included within the existing aws/roles endpoint.

Additional context

The new AWS static-roles feature is great, but there's currently no way to enumerate/audit configured static-roles, meaning that it's currently far too easy to lose track of static-roles that may have been configured on an ad-hoc basis.

isometry commented 1 year ago

cc. @kpcraig

kpcraig commented 6 months ago

Hello! Sorry this slipped through the cracks. While I can't promise timelines, the simple case as you've describe should be straightforward to do, and i'm gonna look to put it on the schedule.

isometry commented 6 months ago

@kpcraig thank you. Please check the other two bugs I opened against the AWS static tiles engine too. They're a little more serious :-)