Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Namespace Support #75

Open
d0dg3r opened this issue Mar 30, 2021 · 5 comments
Open

Namespace Support #75

d0dg3r opened this issue Mar 30, 2021 · 5 comments

Comments

@d0dg3r
Copy link

d0dg3r commented Mar 30, 2021

Hello, a shot question.
How do i open a secret in a namespace. Let's say namespace is org1 and secrets is test.
e.g http://.../vault/secrets/kv/show/test?namespace=org1
Didn't find anything about that in your documentation, maybe you can give me a hint in the right direction.
Thanks and greetings Joe
@owenfarrell
Copy link
Owner

👋 Hi @d0dg3r,

It's tough to tell exactly what the path to the secret is in your example above (i.e. I would assume that /vault gets stripped off). So I'm not sure that I can provide an accurate response on how to reformat the above URL.

But the Vault docs provide a pretty good example of how a namespace can be provided in different ways to create logically equivalent requests. In theory, you should be able to prefix the path based on the namespace.

Have you given that a try yet?

What I'm not clear on is how namespaces impact the typical functions that are available through the API. I'll do some digging and see if I can recreate this scenario.

~Owen

@adammike
Copy link

I tried this path prefix and I get a 404.

@jbayer
Copy link

jbayer commented Nov 14, 2022

Typically a namespace is passed as an HTTP header to the API like so:

curl \
    -H "X-Vault-Token: hvs.sometokenvalue" \
    -H "X-Vault-Namespace: admin" \
    -X GET \
    http://127.0.0.1:8200/v1/secret/foo

Vault namespace considerations are described in the Vault API docs. HCP Vault uses namespaces for tenant isolation, so the VSCode plugin won't work with HCP Vault until it has namespace support.

@owenfarrell owenfarrell mentioned this issue Nov 16, 2022
Merged
@owenfarrell
Copy link
Owner

Hey all - for whatever reason, I was hyper-focused on implementing namespace support through massaging URL paths (as an alternative to the request header). But I'm honestly not sure why I was focused on that approach. Whatever the reason was, it probably wasn't good.

Given that there's been some recent traction on node-vault, I took a fresh crack at this and just merged in the changes as part of #97.

If anyone is interested in taking this for a test drive, I've published the latest build to the VSCode pre-release channel. I've noticed a couple of smaller issues that I want to resolve as I've been testing against HCP, but I'd love this group's feedback on the latest build.

@jbayer
Copy link

jbayer commented Nov 17, 2022

I tried out the pre-release with Namespaces with HCP Vault and it seemed to work well with the "admin" namespace. Thanks for making the pre-release available.

I did have one issue getting the name/value pair updates working for KVv2 secret. Using JSON worked fine, but the Key Value pair gave me an error: "Must be JSON or key/value pairs".

I tried entering the following into the input box, and this didn't work without an error:
foo=bar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jbayer @d0dg3r @owenfarrell @adammike