search

jonasvinther / medusa

A cli tool for importing and exporting Hashicorp Vault secrets
MIT License
472 stars 61 forks source link

Error while reading secret #168

Open stephan2012 opened 1 month ago

stephan2012 commented 1 month ago

My first attempt to export secrets from Vault v1.17.3 with medusa v0.7.2 yields an error even when using a root token (data redacted):

$ medusa export secret -a https://vault.example.com:8200 -t $(<~/.vault-token)  --format yaml
2024/08/14 13:26:10 Error while reading secret
Path:   secret/data//xxx/xxx/xxx/xxx/xxx
Data:   <nil>

2024/08/14 13:26:10 Error while reading secret
Path:   secret/data//xxx/xxx/xxx/xxx/xxx
Data:   <nil>

2024/08/14 13:26:10 Error while reading secret
Path:   secret/data//xxx/xxx/xxx/xxx/xxx
Data:   <nil>

xxx:
  xxx:
    xxx:
      xxx: {}
      xxx: {}
    xxx:
      xxx: {}

So, medusa finds the secrets but cannot read them. The two slashes between secret/data and the secret path look strange. The KV secrets engine is v2:

$ vault secrets list -detailed 
Path             Plugin       Accessor              Default TTL    Max TTL      Force No Cache    Replication    Seal Wrap    External Entropy Access    Options                       Description                                                UUID                                    Version    Running Version          Running SHA256    Deprecation Status
----             ------       --------              -----------    -------      --------------    -----------    ---------    -----------------------    -------                       -----------                                                ----                                    -------    ---------------          --------------    ------------------
secret/          kv           kv_063b078a           system         system       false             replicated     false        false                      map[version:2]                n/a                                                        957a17bc-d9cb-3cf7-0696-78a771f226c1    n/a        v0.19.0+builtin          n/a               supported

What do I miss?

zoeimogen commented 4 weeks ago

Are there any values under that secret or have they all been deleted? If they have all been deleted then this looks like the same issue as #134 and the errors are purely cosmetic. Fix is in https://github.com/jonasvinther/medusa/pull/167 but it hasn't been merged yet.

stephan2012 commented 4 weeks ago

Are there any values under that secret or have they all been deleted?

There are secrets stored in the paths. None of them has ever been deleted.