How to set specific key/value become invisible

I am trying to make some specific key/value stored under kv secret engine become invisible.

1.If it possible to make “copy” and “see” component disable in WebUI page? Please refer to the attachment

  1. How to make abc’s value become visible meanwhile def’s value can not see.
    l have create a EGP however it doesn’t work
import "strings"

# A list of valid keys for this path
param valid_keys default ["abc"]

is_valid_key = func() {
  # Print some debugging info
  print("Namespace path:", namespace.path)
  print("Request path:", request.path)
  print("Request data:",

  for as key {
    if !(valid_keys contains key) {
      print(key, "not contained within", valid_keys)
      # Found an invalid key name - mark update as invalid
      return false
  return true
precond = rule {
  # Only apply the rule when writing a secret
   request.operation == "read" or request.operation == "list"

main = rule when precond {
  # Call function to determine validity of the keys in the request

This isn’t possible, because as far as Vault is concerned, you have a single value that contains some JSON:

  "abc": "....",
  "def": "...."

All of Vault’s policy works on paths in your example you appear to have a path kv within a secret engine also called kv.

If you want to apply different access policies to different bits of data, they need to be stored at different paths in the KV secrets engine.

(The language here is quite awkward to use - the KV secrets engine has “keys” (paths) that contain “values” which are JSON and therefore contain (sub)keys and values of their own.)

1 Like

Hi Maxb,

Thanks for your reply and advice.
Then l will try to store the key/value under another path and set it invisible.