Skip to content
This repository has been archived by the owner on May 23, 2019. It is now read-only.

not able to view all secrets #20

Open
warroyo opened this issue Oct 15, 2016 · 8 comments
Open

not able to view all secrets #20

warroyo opened this issue Oct 15, 2016 · 8 comments

Comments

@warroyo
Copy link

warroyo commented Oct 15, 2016

I have a user with the "root" policy however i am only able to see one of my generic secret backends secrets. I am able to see all mounts and users, etc. however when i try to view secrets it only lists one of the backends secrets. is there a way to switch backends? when making rest calls directly from postman i am able to see the missing secrets
@nyxcharon
Copy link
Owner

I'm assuming this is because you have another backend(s) mounted at another location other than "secret", which this currently specifically keys too. See:
https://github.com/nyxcharon/vault-ui/blob/master/vault.py#L42

This could be probably be fixed by querying for a list of secret backends first, then running that method for each.

@jasonmcintosh
Copy link

This should be fixed with pull request #23

@warroyo
Copy link
Author

warroyo commented Oct 18, 2016

@jasonmcintosh im not sure this will fix the issue. The problem is as @nyxcharon described above. there are multiple secret backends, these would need to be looped through, or have the ability to select a mounted backend to browse.

@jasonmcintosh
Copy link

Whoops mis-read this... yeah need to loop over the secret backends to do this.

@nyxcharon nyxcharon mentioned this issue Oct 24, 2016
Closed
@rlueckl
Copy link

rlueckl commented Dec 6, 2016

+1 for this. We have multiple "namespaces" and each user is only allowed to access their specific namespace with their specific ACLs.

I have to do something like this to access my secrets:

curl -H "X-Vault-Token: ***-***-***" https://vault.address.lan:8200/v1/$company/$team/secrets/path/username

$company is always the same.
$team is for each team their own.

Or I guess you could call "$company/$team" the "namespace".

@nyxcharon
Copy link
Owner

I have an initial fix on the secret-view branch, and I'd like some testing from others if possible. I went ahead and built a docker container for it as well - nyxcharon/vault-ui:secret-view

@warroyo @rlueckl can you guys test please? I tested with two secret backends mounted, but I might be missing a use case.

@rlueckl
Copy link

rlueckl commented Dec 13, 2016

Hi,

I did a quick test, unfortunately I don't see the secrets.

Started with docker run -p 80:80 -e VAULT_ADDR=https://vault.address.lan:8200/ -e AUTH_METHODS=LDAP -e VAULT_SKIP_VERIFY=true nyxcharon/vault-ui:secret-view

Then I logged in with my credentials.

All pages (Secrets, Mounts, Users, Policies) are completely empty. :( I don't see any errors or debug output, so this is all I've got.

@warroyo
Copy link
Author

warroyo commented Dec 13, 2016

I am able to see secrets from one of my generic backends, however it seems to be limiting the number of paths displayed. it also is not displaying any of the other backends secrets.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@warroyo @jasonmcintosh @nyxcharon @rlueckl