Vault web UI: How to search for keys?

We’re using the KMaaS Vault web interface (default I guess?). My first impression: it seems to be quite limited for users.

Question: How can I search for a key name recursively in all sub-paths?

If simply not possible: Are you planning to enable users to do so?
If this sounds like a feature request: Where to address that?

Example: I have 2 different paths below my “root” path (path1 and path2) and a sub-path below path3, each containing a key with the same name “foo” as follows:

Minimum expectation: I have a search bar. When I search for “foo” I want to receive the list of paths containing this key as follows (same for parts of the key name like “fo” or “oo” and case insensitive):

^^ Each path is a link that I can click in order to access my secrets stored in key name “foo”.

Even better: Next to each result (the path I can click) I see shortcuts to the the copy button (copies the secret to my clipboard) and eye button (views the secret’s value). This would not require the user to click the path and find the row containing the key. Instead, the user could instantly copy/view the secret from the search result.

Many thanks.

Almost a week and still no reply :disappointed_relieved: Does anyone have an idea how to solve this (search for keys) or has a workaround, maybe using API? Or if not possible, how to do a feature request?

Thanks a lot.

It is possible to recursively list all kv paths you can access (for example via KV Engine: Recursively list keys · Issue #5275 · hashicorp/vault · GitHub) which you could then filter using grep.

I have implemented a GUI (of sorts) with this type of feature, it uses a cache based system; its quite an involved setup however.

It uses a reverse proxy to overlay a GUI on top of the standard Vault GUI using an iframe, and implements a Javascript based recursive search (caches results in encrypted form on login pre-load or adhoc search process on the client browser). It certainty not perfect, but with Hashicorp not implementing a recursive search (for reasons of performance?) then its difficult to wedge something else in place. Once results are cached, the future searches are then compared on the client machine. Cached results will also be refreshed after a period of time (30mins I think).

There are security concerns about this method… but solves an implementation limitation for end users.

If there is interest on releasing my hack, then I’ll look into packaging it up. The solution is 99% Javascript/Jquery so software dependencies is very low.

1 Like

Web based GUI with recursive search:

1 Like