search

rajanadar / VaultSharp

A comprehensive cross-platform .NET Library for HashiCorp's Vault, a secret management tool
http://rajanadar.github.io/VaultSharp
Apache License 2.0
488 stars 130 forks source link

kv2/metadata: `ReadSecretPathsAsync` allows empty path value to list all secrets on the `mountPoint` #337

Closed konidev20 closed 1 week ago

konidev20 commented 10 months ago

In the implementation of 

public async Task<Secret<ListInfo>> ReadSecretPathsAsync(string path, string mountPoint = null, string wrapTimeToLive = null)

the path is required which was built referencing -> https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2#list-secrets

However, as reported in gh-334, it seems like path can be empty, if you want to list all the secrets on the mount point.

I tried this with Vault v1.15.2, below are the results of my test.

Sample Request

curl --header "X-Vault-Token: …” --request LIST http://127.0.0.1:8200/v1/secret/metadata

Response

{
  "request_id": "34a153dc-0fef-b717-25da-1f54e77ab581",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "keys": [
      "bye",
      "hello/",
      "world"
    ]
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}

considering the above results, I felt removing the strict null check and adding a simple guard rail would be a better solution.

fixes #334