Boundary and Vault K/V wrong output

Hi everyone,

I need help to know if my problem is solvable somehow.

I’m trying to integrate a vault into a boundary. Now I just have a K/V secret engine setup in vault, a token created for boundary and a policy that grant access to the desired user:password I want.

In boundary I setup a credential store successfully and a credential library with the correct path successfully.

In the desktop boundary app when I click on “connect” the credential doesn’t come the way I want to :

You can see that Key is data and metadata from the K/V secret engine instead of the Key/value I would like to see here.

Is that normal ? Did I miss something ?

Here’s the setup of the credential library with the path used and the vault full path :


I’m pretty sure I’ve done this in the past and it worked – is your k/v secret a k/v-v1 or k/v-v2 secret?

Seems like this could be a UI rendering bug, we recently added support for KV-v2, before this secrets would generally be in the format of string: string. However, KV-v2 embedded the secret in a data struct, and therefore does have two top level objects data and metadata.

This should definitely be displaying correctly on the CLI.

@fabien.bellay I can reproduce your issue, while we work on a fix you can always look at the raw API output and then look at to see the credential data stored within the Vault KV-v2 secret.

1 Like

Hi there and thanks for using Boundary Desktop. Desktop currently supports credentials JSON up to one level deep. We realise that not all credential types will display fully, which is why Desktop can also display the raw API output. There is room for improvement here. Thanks for raising it.

1 Like

Morning everyone,

Thanks for all the answers. I’ll wait for the fix then.
Do you have an eta to provide or some kind of roadmap for the boundary desktop ?


Facing this issue when trying to connect to boundary through vault

boundary connect ssh -target-id ttcp_1234567890
Error from controller when performing authorize-session action against given target

Error information:
Kind: Internal
Message: targets.(Service).AuthorizeSession: vault.(Repository).Issue: vault.(client).get: vault: https//…com: external system issue: error #3014: Error
making API request.

Code: 403. Errors:

  • 1 error occurred:
  • permission denied

Status: 500
context: Error from controller when performing authorize-session action against given target

I replied to your other post about this, just letting you know here too.

Sorry to reply to an older thread… did a fix for this come out as mentioned? Running into exactly the same problem. My secrets are one layer deep and rendering exactly the same way as shown in the first screenshot in the thread. I can see the secrets in the raw output as mentioned, but curious if there is a better way I’m missing. Thank you all.