elan
November 23, 2021, 6:27pm
1
Hi All,
I am trying to write a policy for kv secret engine to show the path and key and deny the value
For example :
secret Path :
Policy :
expected in the UI is, I would like to see the everything except the value.
i.e, kv/path1/path2/key
but i can see only the path but can’'t able to see the key. could you please help me with the policy of how to get the key with the value
Hi @elan ,
I don’t believe it’s possible to create a policy to view partial secret content.
When viewing a secret in the UI, your browser fetches the entire secret content (all keys and associated values) and the just masks the values by default.
Well, it looks I had exactly the same question two days later:
Hi,
(I am talking about kv2)
In trying to give the least possible access to our team to manage their secrets I wanted to let them only write/update secrets.
However, this brings us to the point that when they would like update a secret they will effectively need to know all the key/value pairs of that secret.
If you have r/w access to a secret then the GUI fills everything nicely in and you know which keys there are.
It would be nice if it would be possible to give access that it lists the …
1 Like