无法从HashiCorp Vault获取特定版本的键值。

huangapple go评论59阅读模式
英文:

unable to get specific version of key-value from Hashicorp Vault

问题

我参考了上面的HashiCorp文档,以从Vault中读取特定版本的键值。

步骤 3:检索特定版本的秘密

curl --header "X-Vault-Token: $VAULT_TOKEN" \
      $VAULT_ADDR/v1/secret/data/customer/acme\?version=1 | jq -r ".data"

在我的情况下,翻译为:

C:\Users\meuser>curl --header "X-Vault-Token: s.r8JA4TzlDd8Ps8GtCnmolSHJ" -H "X-Vault-Namespace: vault-poc/" https://eng-mybank.com/v1/kv/data/tool-common/dev\?version=1  | jq -r ".data"

输出:

>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
> 
>                                  Dload  Upload   Total   Spent    Left  Speed
> 
> 100    14  100    14    0     0     10      0  0:00:01  0:00:01
> --:--:--    10
> 
> null

正如您所见,我得到了null而不是返回版本1的键值。

有4个版本的键值存在,从下面的UI快照也可以看出:

无法从HashiCorp Vault获取特定版本的键值。

如果我简单地删除/?version=4,我会得到最新版本4的键值对,如下所示。

C:\Users\meuser>curl --header "X-Vault-Token: s.r8JA4TzlDd8Ps8GtCnmolSHJ" -H "X-Vault-Namespace: vault-poc/" https://eng-mybank.com/v1/kv/data/tool-common/dev  | jq -r ".data"

输出:

>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
> 
>                                  Dload  Upload   Total   Spent    Left  Speed
> 
> 100   358  100   358    0     0    246      0  0:00:01  0:00:01
> --:--:--   247
> 
> {
> 
>   "data": {
> 
>     "mykey1": "myvalue1",
> 
>     "mykey2": "myvalue2",
> 
>     "mykey3": "myvalue3",
> 
>     "mykey4": "myvalue4"
> 
>   },
> 
>   "metadata": {
> 
>     "created_time": "2023-06-06T18:21:49.815786014Z",
> 
>     "deletion_time": "",
> 
>     "destroyed": false,
> 
>     "version": 4
> 
>   }
> 
> }

请问如何获取特定版本的键值?我还希望显示所有版本的键值,如果可能的话,请提供建议。

英文:

https://developer.hashicorp.com/vault/tutorials/secrets-management/versioned-kv

I'm referring to hashicorp documentation above to read a specific version of key-value from the vault.

Step 3: Retrieve a specific version of the secret

curl --header "X-Vault-Token: $VAULT_TOKEN" \
      $VAULT_ADDR/v1/secret/data/customer/acme\?version=1 | jq -r ".data"

which in my case translates to:

C:\Users\meuser>curl --header "X-Vault-Token: s.r8JA4TzlDd8Ps8GtCnmolSHJ" -H "X-Vault-Namespace: vault-poc/" https://eng-mybank.com/v1/kv/data/tool-common/dev\?version=1  | jq -r ".data"

Output:

> % Total % Received % Xferd Average Speed Time Time Time
> Current
>
> Dload Upload Total Spent Left Speed
>
> 100 14 100 14 0 0 10 0 0:00:01 0:00:01
> --:--:-- 10
>
> null

As you can see instead of returning version 1 of the key-value I get null

The 4 versions of key-value exist and is also evident from the UI snapshot below:

无法从HashiCorp Vault获取特定版本的键值。

If I simply remove /?version=4 I get the latest version 4 key-value pair as below.

C:\Users\meuser>curl --header "X-Vault-Token: s.r8JA4TzlDd8Ps8GtCnmolSHJ" -H "X-Vault-Namespace: vault-poc/" https://eng-mybank.com/v1/kv/data/tool-common/dev  | jq -r ".data"

> % Total % Received % Xferd Average Speed Time Time Time
> Current
>
> Dload Upload Total Spent Left Speed
>
> 100 358 100 358 0 0 246 0 0:00:01 0:00:01
> --:--:-- 247
>
> {
>
> "data": {
>
> "mykey1": "myvalue1",
>
> "mykey2": "myvalue2",
>
> "mykey3": "myvalue3",
>
> "mykey4": "myvalue4"
>
> },
>
> "metadata": {
>
> "created_time": "2023-06-06T18:21:49.815786014Z",
>
> "deletion_time": "",
>
> "destroyed": false,
>
> "version": 4
>
> }
>
> }

Can you please suggest how can I get a specific version of key-value?

I would also like all the versions of the key-values to be displayed. If it is possible please suggest how?

答案1

得分: 1

API端点应更新,以不包括指定版本?version=1的转义字符\

C:\Users\meuser>curl --header "X-Vault-Token: s.r8JA4TzlDd8Ps8GtCnmolSHJ" -H "X-Vault-Namespace: vault-poc/" https://eng-mybank.com/v1/kv/data/tool-common/dev?version=1 | jq -r ".data"

这应该会获取Vault API的响应,获取指定秘密版本的数据。

英文:

The API endpoint should be updated to not include the escape character \ for the specified version ?version=1:

C:\Users\meuser>curl --header "X-Vault-Token: s.r8JA4TzlDd8Ps8GtCnmolSHJ" -H "X-Vault-Namespace: vault-poc/" https://eng-mybank.com/v1/kv/data/tool-common/dev?version=1  | jq -r ".data"

That should GET the response from the Vault API for the specified secret version.

huangapple
  • 本文由 发表于 2023年6月12日 20:01:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/76456466.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定