Utility for Reorganizing KV Secrets


Are there plans to add utilities for reorganizing secrets in a KV engine? For example, let’s say I have 500 secrets strewn throughout a complex, faux-pathing structure:


and I have a eureka and realize I want to reorganize it:


Is there going to be a command or utility that will allow me to do that without manually or programmatically deleting and re-adding each affected secret?

If the answer is no, can you help me understand the thinking behind that design decision? It would make me wonder if I’m using the KV Secrets engine in the way it was intended.


I’m just a community member, so I can’t speak for anyone else’s future plans, but thinking of how Vault is implemented, the most likely way to produce such a tool would literally just be a thin wrapper over programmatically deleting and re-adding each affected secret. At which point… users who want that could just do that instead?

Reorganising like this is likely to be a fairly complex task for a running system, involving updating Vault policies and potentially needing to store the same secrets at both old and new paths at the same time for a transitional period, unless the system using them can be shut down for a while.

Therefore, it seems to me, that a first-class “move” operation would be a rather niche function.