79563798

Date: 2025-04-09 08:13:41
Score: 1
Natty:
Report link

When you're using HashiCorp Vault's KV Version 2 secrets engine, fetching a specific key from within a path like /mysecrets is not done by appending the key name to the path.The entire secret (ie, all key-value pairs under that path) is fetched at one using the API:

GET /v1/kv/data/mysecrets

This returns a structure like:

{
 "data":{
     "data":{
       "key1":"value1",
       "key1":"value1"
        }
        ,
       "metadate"{
         ...
       }
   }
}

So if you want just key1, you need to fetch the whole secret and extract the key1 from data.data.object programatically

why the below does not work?

GET /v1/kv/data/mysecrets/key1

That path would be valid only if you stored the secret directly at /mysecrets/key1 as below:

vault kv put kv/mysecrets/key1
value=somevalue

Then you could do

GET /v1/kv/data/mysecrets/key1

and receive

{
 "data":{
     "data":{
       "value":"somevalue",
        }
        ,
       "metadate"{
         ...
       }
   }
}
Reasons:
  • Long answer (-0.5):
  • Has code block (-0.5):
  • Contains question mark (0.5):
  • Starts with a question (0.5): When you
  • Low reputation (1):
Posted by: Abijith Kamath