Unable to use wildcard/* when running rvault read commands

[ramrajkonuganti]

I'm trying to read the secret from vault using rvault read commands following the instructions provided in the documentations.

I'm able to read secrets for a specified path ex: rvault read secret -f json -k 2 -p "A/B/"

{"A/B/test":{"test":"value"},"A/B/test2":{"test2":"value"},"A/B/test3":{"test3":"value"}, "A/B/sample":{"sample":"value"}}

but I'm not able to run this command using a wildcard / so that I don't have to enter the full path. Ex: rvault read secret -f json -k 2 -p "A/B/" ADDRESS IS https:// I0228 20:21:17.652282 1756279 list.go:48] No secrets found for path A/B/* {}

also I'm getting parse errors when I'm using this command as per the document.

rvault read secret -f json -k 2 -p secret/A/* 2>/dev/null | jq .

Is there anyway that I could read the secrets just based on key instead of providing the full path? like it works for rvault list

[kir4h]

Thanks for reporting it @ramrajkonuganti , I will take a look at it over the week-end and let you know.

In the meantime:

I'm able to read secrets for a specified path ex: rvault read secret -f json -k 2 -p "A/B/" .... but I'm not able to run this command using a wildcard /* so that I don't have to enter the full path. Ex: rvault read secret -f json -k 2 -p "A/B/"

What´s the difference? Both commands are the same (maybe second one is missing a *?)

also I'm getting parse errors when I'm using this command as per the document. rvault read secret -f json -k 2 -p secret/A/* 2>/dev/null | jq .

Reading the doc, I don´t see wildcards are allowed in the path. They can be used for the include-filters and exclude-filters though.

What is that you want to achieve? I mean, read is recursive. Meaning that rvault read .... A/ will read every secret under A, no need to put a wildcard in there.

If you can, show me a tree of your secret structure and what you would like to be returned by the read command to better understand it.

[ramrajkonuganti]

What´s the difference? Both commands are the same (maybe second one is missing a *?)

I've included a * but I guess it is not showing up on the mobile. I was able to see it in the browser though. The problem is we have a lot of secrets under subpaths like under A/B/, so let's say there are 3 secrets under B folder

1. gce-secret
2. test-secret
3. test-secret2

And I want to just read the key and value for gce-secret, then I would like to search it like A/B/gce instead of typing the absolute path. Because in our vault there 100s of secrets under sun directories and we would like to just list out few with common names using wildcards or

[kir4h]

I think the include-paths (-i) argument might suit your needs

# full contents
~  rvault list secret -v=0
/andalucia/almeria/ssh.key
/andalucia/malaga/passwd.conf
/barcelona/dev.null
/madrid/file1.txt
/madrid/leganes/file2.txt

# listing only secrets whose path match /andalucia*
~  rvault list secret -v=0 -i "/andalucia*"
/andalucia/almeria/ssh.key
/andalucia/malaga/passwd.conf

# reading those secrets 
~  rvault read secret -v=0 -i "/andalucia*" -f json | jq .
{
  "/andalucia/almeria/ssh.key": {
    "value": "This is \n another multiline \n file"
  },
  "/andalucia/malaga/passwd.conf": {
    "value": "This is \n a multiline \n file"
  }
}
# Another example filtering by secret name
# /andalucia contents 
~  rvault list secret -v=0 -p /andalucia
/andalucia/almeria/ssh.key
/andalucia/malaga/passwd.conf

# filtering to list only secrets like *ssh*
 ~  rvault list secret -v=0 -p /andalucia -i "*ssh*"
/andalucia/almeria/ssh.key

# filtering to read oly secrets like "*ssh*"
rvault read secret -f json -v=0 -p /andalucia -i "*ssh*" | jq .
{
  "/andalucia/almeria/ssh.key": {
    "value": "This is \n another multiline \n file"
  }
}

In your example it should be something like

rvault read secret -f json -v=0 -p /A/B -i "gce*"