Is it possible to store a mix of encrypted and unencrypted key-value pairs in hashicorp vault?

Asked May 03 '19 at 14:54

Active May 03 '19 at 14:54

Viewed 147 times

I'm trying to find a solution to store a mix of encrypted and un-encrypted key-value pairs in vault with consul as the storage backend.

I am aware that I can directly use consul's kv store to store un-encrypted key-value pairs and use vault only when I need encryption at rest.

But, I wanted a common interface (for example, python-hvac) for my app to read/write both encrypted and un-encrypted key-value pairs.

One solution I can think of is to write a secrets-plugin for vault which does not do encryption (passthrough ?)

Another solution is to simply store the key-value pairs that do not require encryption in vault anyway, but I wish to avoid the encryption-decryption cost if possible.

asked May 03 '19 at 14:54

varun

If you want a consistent experience, I'd say just eat the costs of doing the crypto. Even at moderate scale, it won't be noticeable. – sethvargo May 07 '19 at 01:22
Thanks @sethvargo. That seems like a reasonable thing to do. – varun May 08 '19 at 02:09

Is it possible to store a mix of encrypted and unencrypted key-value pairs in hashicorp vault?

0 Answers0