1

I am trying to write a vault secret which is a file.


PS C:\workspace> vault kv put -address=https://someserver.com -namespace=somenamespace secret/runtime/other/dev value="@test.pwd"
Key                Value
---                -----
created_time       2022-08-22T06:54:50.018110723Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            15
PS C:\workspace> vault kv get -address=https://someserver.com -namespace=somenamespace secret/runtime/other/dev
======= Metadata =======
Key                Value
---                -----
created_time       2022-08-22T06:54:50.018110723Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            15

== Data ==
Key    Value
---    -----
:�<↕zMn�L��T2���홆j����?Н�xil܉

The file is getting stored to vault but the key is null. Is there a way to to attached any key also to it.

Ashu
  • 2,066
  • 3
  • 19
  • 33
  • In your case, the key should be "value" and the value should be the contents of the file "test.pwd". I couldn't understand why it didn't work as expected. Is the test.pwd a binary file? Have you tried to use a text one? – Marcelo Ávila de Oliveira Aug 22 '22 at 14:33
  • try to use `value="$(cat test.pwd)"` – kholisrag Aug 23 '22 at 16:40
  • Sounds like a bug. Can't reproduce in `-dev` mode with Vault 1.11.0 on Linux. Please add the result of `vault version` and `xxd test.pwd`. – ixe013 Aug 24 '22 at 00:26

1 Answers1

0

That is just bad luck. The file test.pwd probably happens to have a carriage return (\r) in it. When Vault command line displays the secret value, the carriage return is interpreted by the shell and it overwrites the key name, which is value in your example.

You can see them both if you output the in JSON format with:

vault kv get -format json -address=https://someserver.com -namespace=somenamespace secret/runtime/other/dev
ixe013
  • 9,559
  • 3
  • 46
  • 77