Unable to retrieve secret value, metadata works


I just came across a problem in our vault cluster (1.13). If I do a kv list on a certain path, I get the correct list of secrets in this path. If I try to get the secret values with kv get, I receive a “no value found…” error. However, kv metadata get works and the data seems ok.
I double checked the permissions, no issue there. If I create a new secret in the same path, I can retrieve it with kv get just fine.
This only applies to a single path in the whole namespace.

Any ideas what could have happened and how to fix it?

Sounds like normal behaviour to me, when a data version is deleted.

Yes, it is a bit confusing/unhelpful that there is only one list API, which still includes deleted items that haven’t been fully purged with a metadata delete operation.

If the secrets are deleted, would that not be visible in the metadata? From the metadata they look like created and never touched again.