Create a policy to list & read (on the UI) specific secrets

Using Vault v2.
Trying to create ACL policy to allow read-only to specific secrets.
By doing this -

path "kv/data/specific_secret" {
  capabilities=["read", "list"]
}

I was able to curl it but not see it on the UI.
By doing this -

path "kv/metadata" {
  capabilities=["list"]
}
path "kv/data/specific_secret" {
  capabilities=["read", "list"]
}

I was able to see ALL secrets on the UI but read only the specific_secret one.
I was wondering if there’s a way to specify the secret I want to show.
I tried doing kv/metadata/specific_secret but that didn’t work…
Thanks!

Have you already tried the following?

path "kv/metadata/specific_secret" {
  capabilities=["list"]
}
path "kv/data/specific_secret" {
  capabilities=["read", "list"]
}

@Wolfsrudel
yes… unfortunately, didn’t work :confused:

apparently, it’s an 18 months old known issues.
still no fix.
link to issue - https://github.com/hashicorp/vault/issues/5362