A way to list all administrative settings

phine · February 29, 2024, 4:43am

The use case here is assist with my learning, but mainly for me to see what has been set. you have vault read but the admin needs to know what path has been set.
It also has some advantages in backup settings, for rebuilding.

But how do you know what setting paths exist. To find what roles had been configured and how to update them for the new server, took some googling.

My next issue is someone has hooked YubiKey into the vault. That someone has left the organization. We have MFA using keycloak. We want the YubiKey setting gone.

Where could it be? Being able to list all settings (not necessarily secrets) would help a lot.

Thinks in advance.
Peter

jonathanfrappier · March 11, 2024, 1:27pm

Hi @phine

As far as I know, there is no catch all view. Assuming you have admin level access to see everything in your Vault cluster, you should however be able to list all enabled auth methods:

Once you know what auth methods are enabled, and at which path, you could review what the settings are for each auth method, what roles have been created, etc.

Joffrey · March 12, 2024, 10:24am

Thanks you terraform: all my Vault configuration is an Infra As Code.
No one use the vault CLI to configure Vault. I have a Gitlab projet to audit all permissions.