vault backend should support multiple base paths
Opened this issue · 2 comments
right now, it just has base_path
as the path configuration option. If base_paths
is implemented, the List() function should enumerate values under each of them.
- add
base_paths
as a Vault configuration option - have
base_paths
default value be a single member,secret/
- if
base_paths
is not specified butbase_path
is, use the value inbase_path
as the single value in the list.
it's worth considering the case in which the operator has base_path and base_paths specified. You could just append and de-dup the value in base_path to base_paths, but its probably safer to just complain that its a misconfiguration, because its almost certainly an oversight on the operator's behalf.
Vault "secrets list" will give the list of secret engine backends. We could also run this command and generate a list of 'KV' secret engines. We can then use those paths. If a path is not accessible, we would generate a warning and move on. The default value would be false to continue using base_path(s) options.
auto_paths: [false|true]