Vault kv version1 creates extra secret by replacing "dash" with "underscore"

ajaygk95 commented 3 weeks ago

Describe the bug

Creating a kv (version-1) secret which has a "-" in the path, creates a new hidden secret by replacing "-" with "_" (underscore).

To Reproduce Steps to reproduce the behaviour:

Enable kv (version-1) secrets in vault vault secrets enable -path=secret kv
Create a secret with "-" in its path vault kv put secret/1/secret-1/test foo=world

List and fetch the secret

  bash-4.4$ vault kv list secret/1/
  Keys
  ----
  secret-1/

  bash-4.4$ vault kv get secret/1/secret-1/test
  === Data ===
  Key    Value
  ---    -----
  foo    world

As expected only "secret-1" is listed

Run vault list for "secret/1/secret_1" (--> underscore)

bash-4.4$ vault kv list secret/1/secret_1
Keys
----
logical/

Expected behavior Is this an expected behaviour? Why is there a new secret with "_" being listed/created

Environment:

Vault Server Version (retrieve with vault status): 1.15.5
Vault CLI Version (retrieve with vault version): Vault v1.15.5 (73cfdf39dabd01c85aab3c76eee57b9b0f474fb9), built 2024-05-15T17:43:46Z
Server Operating System/Architecture: Linux-Rocky8/x86_64

ajaygk95 commented 2 weeks ago

The same issue is not observed in kv-v2

miagilepner commented 3 days ago

Hi, unfortunately I can't reproduce your issue with the steps you've outlined. If you can provide a full repro, including how you've started and configured the vault server, then I'd be happy to take another look.

hashicorp / vault

Vault kv version1 creates extra secret by replacing "dash" with "underscore" #27495