vault backend should support multiple base paths

Question

vault backend should support multiple base paths

Opened this issue 4 years ago · 2 comments

right now, it just has base_path as the path configuration option. If base_paths is implemented, the List() function should enumerate values under each of them.

add base_paths as a Vault configuration option
have base_paths default value be a single member, secret/
if base_paths is not specified but base_path is, use the value in base_path as the single value in the list.

Answer 1 · 2021-02-26T17:35:03.000Z

it's worth considering the case in which the operator has base_path and base_paths specified. You could just append and de-dup the value in base_path to base_paths, but its probably safer to just complain that its a misconfiguration, because its almost certainly an oversight on the operator's behalf.

Answer 2 · 2022-07-06T15:26:39.000Z

Vault "secrets list" will give the list of secret engine backends. We could also run this command and generate a list of 'KV' secret engines. We can then use those paths. If a path is not accessible, we would generate a warning and move on. The default value would be false to continue using base_path(s) options.

auto_paths: [false|true]