Unable to retrieve secret value, metadata works

noidic · August 22, 2023, 10:15am

Hi,

I just came across a problem in our vault cluster (1.13). If I do a kv list on a certain path, I get the correct list of secrets in this path. If I try to get the secret values with kv get, I receive a “no value found…” error. However, kv metadata get works and the data seems ok.
I double checked the permissions, no issue there. If I create a new secret in the same path, I can retrieve it with kv get just fine.
This only applies to a single path in the whole namespace.

Any ideas what could have happened and how to fix it?
Thanks

maxb · August 22, 2023, 7:36pm

Sounds like normal behaviour to me, when a data version is deleted.

Yes, it is a bit confusing/unhelpful that there is only one list API, which still includes deleted items that haven’t been fully purged with a metadata delete operation.

noidic · August 22, 2023, 8:29pm

If the secrets are deleted, would that not be visible in the metadata? From the metadata they look like created and never touched again.