Vault env: Secret that may or may not be there

[ewjoachim]

vault env -p 'secret?' -- env
vault env -p 'secret=BLA?' -- env

will omit the environment variable altogether if an error happens when trying to read the secret.

[ewjoachim]

Soooo

I think that one of the few things we should do is model the "Secret not found" in a better way. This would change the api, though, but if path1 is ok and path2 not ok:

s = client.get_secrets("")
# I think we should get something like:
{
    "path1": {"key": "value"},
    "path2": InvalidSecret(),
}

Now what I'm not sure is what the expected this is:

• In the lib, if I ask for client.get_secret("path1", "path2"), what should I get ?
• In the cli, if I ask for vault get-all, what should I get ?
• In the cli, if I ask for vault get-all path1 path2, what should I get ?
• Depending on the answer above, vault env -p '' -- env, what should I get ?
• what about vault env -p path1 -p path2 -- env?