Unable to retrieve secret value, metadata works

noidic · August 22, 2023, 10:15am

Hi,

I just came across a problem in our vault cluster (1.13). If I do a kv list on a certain path, I get the correct list of secrets in this path. If I try to get the secret values with kv get, I receive a “no value found…” error. However, kv metadata get works and the data seems ok.
I double checked the permissions, no issue there. If I create a new secret in the same path, I can retrieve it with kv get just fine.
This only applies to a single path in the whole namespace.

Any ideas what could have happened and how to fix it?
Thanks

maxb · August 22, 2023, 7:36pm

Sounds like normal behaviour to me, when a data version is deleted.

Yes, it is a bit confusing/unhelpful that there is only one list API, which still includes deleted items that haven’t been fully purged with a metadata delete operation.

noidic · August 22, 2023, 8:29pm

If the secrets are deleted, would that not be visible in the metadata? From the metadata they look like created and never touched again.

Topic		Replies	Views
Vault kv list not returning key/value Vault	4	2145	August 11, 2022
Unable LIST secrets Vault vault	7	433	November 8, 2023
Invalid path for a versioned K/V secrets engine Vault	2	21026	April 28, 2020
KV Secret Engine - API Not working Vault	10	3648	May 5, 2020
Understanding Vault policies behavior Vault	2	368	November 16, 2019

Unable to retrieve secret value, metadata works

Related topics