-
-
Notifications
You must be signed in to change notification settings - Fork 811
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for GetAllSecrets in Vault kv1? #3518
Comments
hey @nick-knowlson-alayacare, GetAllSecrets supports two types:
The latter isn't supported due to a limitation in Vault kv v1 because it doesn't support metadata. |
Ah excellent, that's good to hear! Fortunately I have no need to list by tags, just by name! I can take a look at the implementation and see about contributing for that use case. I am not very familiar with Go but as long as there's nothing inherently limiting it from the Vault side it seems like it shouldn't be too bad. Unless you think someone else would be available and willing to make those changes? Am leaning on you for knowledge of process, contributors, other ongoing work etc. to know if this is likely. If not it is no problem, I can take a look. |
I don't think someone else is available, we'd be happy to review a PR :) external-secrets/pkg/provider/vault/client_get_all_secrets.go Lines 37 to 39 in 06e1342
|
No worries I'll take a look then!
Thanks! I was kind of hoping it would be something along those lines. I'll try out some changes and test it. |
Hello! Other work tasks took priority, but I am coming back to this now. I've created a PR with a first pass at getting this working: #3790 It probably needs a few more things before merging, but I think it is pretty close? |
Problem
The documentation describes the ability to fetch multiple secrets:
But when I try to use this with Vault kv version v1, I get the following error:
Question
Is this because of a fundamental limitation with Vault kv1 that makes it unsuitable for this? Or was it more of a cost/benefit analysis - where it is possible but would take time and not enough people want it?
Possible Solutions
Implement support for GetAllSecrets for Vault kv version v1?
or
Update Vault-specific documentation to say this functionality is limited to kv2 and why?
Additional Context
Thank you! Any time is appreciated.
The text was updated successfully, but these errors were encountered: