secrets-manager
secrets-manager copied to clipboard
Keeper-Security
Hashicorp Vault integration error
I'm trying to integrate the Keeper Secrets manager with the Hashicorp Vault. I'm using this documentation: https://docs.keeper.io/secrets-manager/secrets-manager/integrations/hashicorp-vault Versions used:
- Hashicorp Vault: 1.15.2
- Hashicorp Vault Operator: 0.5.0 (Helm Chart version)
- Keeper Secret plugin: 1.0.2
The basic integration is working fine, through the CLI I can get secrets but it's not working through the API, so I can't get secrets in a VaultDynamicSecret, for example.
When I'm trying to test the API by API Explorer this specific endpoint doesn't have a parameter, but when I call it an error is returned as it's missing a parameter:
After some debugging (sorry if it was superficial) I realized it may be a problem in the integration API. Let me try to explain:
Keeper's API is working well through the CLI that uses the pattern http://127.0.0.1:8200/v1/ksm/record?uid=_SecretUID_, but when we try to use the Vault object (instead CLI) the request is made with a different structure: http://Vault-Address:8200/v1/ksm/record/_SecretUID_
CLI:
Vault Object:
Example of a Vault object:
Based on that I would like to understand if it may be a bug or if I'm doing something wrong.
Try adding params: in the spec: section
mount: ksm
path: record
params:
uid: "_SecretUID_"
This feature request will be implemented in the next release - addressing a limitations of API Explorer which can work only with path parameters. You can use PR#505 to track progress