Add option for searching all KV stores
Closed this issue · 13 comments
sometimes I need to search all kv stores for a key and it gets a bit tedious starting multiple searches
instead It would be nice if vault-kv-search had a --all-kv-stores options which starts by querying /sys/mounts for type == "kv" mountpoints and performed the search against each of these
@hoerup want to give https://github.com/xbglowx/vault-kv-search/tree/search-all-kv a try?
I didn't use a flag, but instead assumed that if you only use one positional argument, you would want to search all KV stores. I documented this in the help output.
Works fine for KVv2 but a minor detail that slipped my mind when I wrote the original suggestion:
Old KVv1 are represented in sys/mounts as "type": "identity"
So this check should probably be changed accordingly
vault-kv-search/cmd/vault-kv-search.go
Line 141 in fde9e8d
Works fine for KVv2 but a minor detail that slipped my mind when I wrote the original suggestion:
Old KVv1 are represented in sys/mounts as "type": "identity"
So this check should probably be changed accordingly
vault-kv-search/cmd/vault-kv-search.go
Line 141 in fde9e8d
I did a test and type is still kv with v1, unless I am doing something wrong?
vault server -dev
vault secrets enable -version=1 -path=bglogower kv
curl -s -H "X-Vault-Token: $VAULT_TOKEN" 127.0.0.1:8200/v1/sys/mounts | jq -r '."bglogower/".type'
kv
a KVv1 created after KVv2 was introduced will be presented as a type == "kv" - but kv stores created back when KVv1 was the only option - they will present as "generic"
a KVv1 created after KVv2 was introduced will be presented as a type == "kv" - but kv stores created back when KVv1 was the only option - they will present as "generic"
- Can you supply the api output for such a KVv1 store, since I can't reproduce locally?
- Is the type
genericoridentity?
Sure, here is an example
"test-keys/": {
"accessor": "generic_425ca2dd",
"config": {
"default_lease_ttl": 0,
"force_no_cache": false,
"max_lease_ttl": 0
},
"description": "",
"external_entropy_access": false,
"local": false,
"options": null,
"plugin_version": "",
"running_plugin_version": "v1.14.8+builtin.vault",
"running_sha256": "",
"seal_wrap": false,
"type": "generic",
"uuid": "3bc61101-acf7-d149-9602-b0770e097d32"
},
Can you please refresh your local branch and try again?
Well a bit closer - it now detects legacy/generic, new kvv1 and kvv2
it seems like it might have a problem with determining the version? But it's not consistent between runs ??
Start path: test-keys/ <--- "generic"
!!Warning!! search-path test-keys/metadata/ doesn't have any contents. Skipping.
Start path: tohtest/ <---- new KVv1
!!Warning!! search-path tohtest/metadata/ doesn't have any contents. Skipping.
Update
https://github.com/xbglowx/vault-kv-search/blob/search-all-kv/cmd/vault-kv-search.go#L103
Seems you only probe for version first iteration in the loop and then stick with that version - which is not ideal when there's both legacy, v1 and v2 in the set
This is the problem with not having tests. Let me see what I can do.
Can you please try again?
Can you please try again?
Think I found a bug. Still working on creating tests.
OK, everything should be all set now. Please give it a try when you can.