KV v2 policy and UI - "View secret" dialog until refresh of page

Vault
1

Hi Community!

hope you can help me solving a little problem :slight_smile:

I’m using the following KV v2 policy to create a private area for each OIDC user:

## Make the KV visible for all users
path "secret/personal" { capabilities = ["list"] } 

## Allow listing all folders within personal
path "secret/personal/+/" { capabilities = ["list"] } 

## Allow full access to users private dir including glob for "data/metadata" and sub direcories
path "secret/personal/+/{{identity.entity.aliases.auth_oidc_IDENTIFIER.name}}/+" { capabilities = ["create", "read", "update", "delete", "list"] }

Users can only list/edit their private secret, which works fine and as expected.

The problem starts as soon as users navigate to a path they don’t have access to.

vault

The “View secret” dialog appears and when navigating back to a path one has access to, the dialog persists and secrets are not shown until a refresh of the page via browser.

I’m wondering if this is related to a mistake in my policy or something else possibly?

Thanks a lot in advance!

PS: Disabled proxy cache for nginx, which sits in front of vault.

2

I believe there is a patch to address this issue. Which version of Vault are you running?

Edit: I believe ui: Fix kv engine access bug [GH-13872] was the related issue.

3

I’m running version 1.9.3!

4

Yea, 1.9.4. resolves the issue.

2 Likes
5

Perfect, thanks a lot for the prompt help! :slight_smile:

6

I can confirm 1.9.4 resolves the problem!