vault-ui icon indicating copy to clipboard operation
vault-ui copied to clipboard

Published 20 hours ago verified publisher icon nyxcharon

not able to view all secrets

Open warroyo opened this issue 8 years ago • 8 comments

I have a user with the "root" policy however i am only able to see one of my generic secret backends secrets. I am able to see all mounts and users, etc. however when i try to view secrets it only lists one of the backends secrets. is there a way to switch backends? when making rest calls directly from postman i am able to see the missing secrets

warroyo avatar Oct 15 '16 21:10 warroyo

I'm assuming this is because you have another backend(s) mounted at another location other than "secret", which this currently specifically keys too. See: https://github.com/nyxcharon/vault-ui/blob/master/vault.py#L42

This could be probably be fixed by querying for a list of secret backends first, then running that method for each.

nyxcharon avatar Oct 17 '16 18:10 nyxcharon

This should be fixed with pull request https://github.com/nyxcharon/vault-ui/pull/23

jasonmcintosh avatar Oct 18 '16 21:10 jasonmcintosh

@jasonmcintosh im not sure this will fix the issue. The problem is as @nyxcharon described above. there are multiple secret backends, these would need to be looped through, or have the ability to select a mounted backend to browse.

warroyo avatar Oct 18 '16 21:10 warroyo

Whoops mis-read this... yeah need to loop over the secret backends to do this.

jasonmcintosh avatar Oct 19 '16 13:10 jasonmcintosh

+1 for this. We have multiple "namespaces" and each user is only allowed to access their specific namespace with their specific ACLs.

I have to do something like this to access my secrets:

curl -H "X-Vault-Token: ***-***-***" https://vault.address.lan:8200/v1/$company/$team/secrets/path/username

$company is always the same. $team is for each team their own.

Or I guess you could call "$company/$team" the "namespace".

rlueckl avatar Dec 06 '16 15:12 rlueckl

I have an initial fix on the secret-view branch, and I'd like some testing from others if possible. I went ahead and built a docker container for it as well - nyxcharon/vault-ui:secret-view

@warroyo @rlueckl can you guys test please? I tested with two secret backends mounted, but I might be missing a use case.

nyxcharon avatar Dec 12 '16 20:12 nyxcharon

Hi,

I did a quick test, unfortunately I don't see the secrets.

Started with docker run -p 80:80 -e VAULT_ADDR=https://vault.address.lan:8200/ -e AUTH_METHODS=LDAP -e VAULT_SKIP_VERIFY=true nyxcharon/vault-ui:secret-view

Then I logged in with my credentials.

All pages (Secrets, Mounts, Users, Policies) are completely empty. :( I don't see any errors or debug output, so this is all I've got.

rlueckl avatar Dec 13 '16 08:12 rlueckl

I am able to see secrets from one of my generic backends, however it seems to be limiting the number of paths displayed. it also is not displaying any of the other backends secrets.

warroyo avatar Dec 13 '16 16:12 warroyo