A simple question, but I haven’t been able to get a definitive answer looking on the internet. Is it ok if I use dashes in vault paths (so vault mounts)? I see that in the hashicorp documentation pki_int is given as an example. Is there anything wrong in using something like pki-int?
Thanks!
That’s absolutely fine.
Actually you can put all sorts of characters that really you probably shouldn’t into Vault mounts - it’s excessively over-permissive there - but simple dashes are definitely fine, as they are the character of choice in Vault’s own APIs. Here is a small selection of paths from core Vault APIs like this:
auth/token/lookup-self
auth/token/renew-accessor
auth/token/revoke-self
identity/entity-alias/id
identity/group-alias/id
sys/audit-hash/{path}
sys/capabilities-self
sys/step-down
Meanwhile, when it comes to not mounts, but configuration objects created via the API, Vault generally restricts these (via a piece of code called framework.GenericNameRegex) to:
A-Z, a-z)0-9)_)-) – not allowed as first or last character.) – not allowed as first or last character