search

spring-projects / spring-vault

Provides familiar Spring abstractions for HashiCorp Vault
https://spring.io/projects/spring-vault
Apache License 2.0
283 stars 186 forks source link

Support for custom_metadata in `Versioned.Metadata` #789

Closed commjoen closed 1 year ago

commjoen commented 1 year ago

Hi there, love the Hashicorp Vault support build here! Now I was wondering: can we please have support for the custom_metadata as part of org.springframework.vault.support.Versioned.Metadata? I would love to use that in a challenge we are building at OWASP WrongSecrets (See https://github.com/OWASP/wrongsecrets/issues/719 for more details).

Or is there already another way in which I would be able to retrieve the custom_metadata for a secrets entry?

mp911de commented 1 year ago

Currently, Versioned.Metadata doesn't have a field to hold custom_metadata. You could use the plain read and write API on VaultTemplate to work around this limitation.

It would make sense to extend Metadata with the custom metadata. Feel free to submit a pull request.

commjoen commented 1 year ago

Thank you @mp911de ! I hope to have a look somewhere this month to try to make something out of a first PR.

commjoen commented 1 year ago

Can you please assign the issue to me good sir? So I will not forget about it ;-).

commjoen commented 1 year ago

Sorry for being a bit slower than expected. It looks like the customMetadata in https://developer.hashicorp.com/vault/api-docs/secret/kv/kv-v2 lives next to the versions (so extending VaultMetadataResponse makes more sense i guess :) ?)

commjoen commented 1 year ago

Would the approach in #808 make sense? (or what would you rather prefer me to do instead?)