hashicorp/vault-action

[FEAT] Support reading temporary database credentials

Closed this issue · 2 comments

Is your feature request related to a problem? Please describe.
If I understand correctly, this action is limited to KV stores and requires one to specific not only a path but also key to retrieve.
For the database secret engine this creates a problem - here one would want to make a single request against Vault and return both the username and password not just either of them.

It would be great if this action would support extracting all keys of a secret as json when providing * as a selector

Describe the solution you'd like

secrets: |
  postgres/creds/foo * | DB_CREDS;

Results in the following json string to be stored in DB_CREDS: {"username": "some-temp-username", "password": "some-temp-password"}

Current result
selector gets wrapped into data."*" which doesn't work.

Describe alternatives you've considered
Writing my own raw get request to Vault

@austingebauer sorry for the direct ping, we have a simple but effective fix ready for this, could you have a look since you last contributed to this repo?

Closing as this should be fixed by #488.

Please feel free to reopen if you feel this was a mistake, or if there is additional information to add. Thanks!