Vault web UI: How to search for keys?

droptix · March 12, 2021, 8:26pm

We’re using the KMaaS Vault web interface (default I guess?). My first impression: it seems to be quite limited for users.

Question: How can I search for a key name recursively in all sub-paths?

If simply not possible: Are you planning to enable users to do so?
If this sounds like a feature request: Where to address that?

Example: I have 2 different paths below my “root” path (path1 and path2) and a sub-path below path3, each containing a key with the same name “foo” as follows:

https://vault.acme.com/ui/vault/secrets/secret/list/my/root/path1/foo
https://vault.acme.com/ui/vault/secrets/secret/list/my/root/path2/foo
https://vault.acme.com/ui/vault/secrets/secret/list/my/root/path3/subpath31/foo

Minimum expectation: I have a search bar. When I search for “foo” I want to receive the list of paths containing this key as follows (same for parts of the key name like “fo” or “oo” and case insensitive):

https://vault.acme.com/ui/vault/secrets/secret/list/my/root/path1
https://vault.acme.com/ui/vault/secrets/secret/list/my/root/path2
https://vault.acme.com/ui/vault/secrets/secret/list/my/root/path3/subpath31

^^ Each path is a link that I can click in order to access my secrets stored in key name “foo”.

Even better: Next to each result (the path I can click) I see shortcuts to the the copy button (copies the secret to my clipboard) and eye button (views the secret’s value). This would not require the user to click the path and find the row containing the key. Instead, the user could instantly copy/view the secret from the search result.

Many thanks.

droptix · March 19, 2021, 7:08am

Almost a week and still no reply Does anyone have an idea how to solve this (search for keys) or has a workaround, maybe using API? Or if not possible, how to do a feature request?

Thanks a lot.

stuart-c · March 19, 2021, 8:32am

It is possible to recursively list all kv paths you can access (for example via KV Engine: Recursively list keys · Issue #5275 · hashicorp/vault · GitHub) which you could then filter using grep.

sdetoni · August 25, 2022, 4:33am

I have implemented a GUI (of sorts) with this type of feature, it uses a cache based system; its quite an involved setup however.

It uses a reverse proxy to overlay a GUI on top of the standard Vault GUI using an iframe, and implements a Javascript based recursive search (caches results in encrypted form on login pre-load or adhoc search process on the client browser). It certainty not perfect, but with Hashicorp not implementing a recursive search (for reasons of performance?) then its difficult to wedge something else in place. Once results are cached, the future searches are then compared on the client machine. Cached results will also be refreshed after a period of time (30mins I think).

There are security concerns about this method… but solves an implementation limitation for end users.

If there is interest on releasing my hack, then I’ll look into packaging it up. The solution is 99% Javascript/Jquery so software dependencies is very low.

sdetoni · August 29, 2022, 10:22am

Web based GUI with recursive search:

Topic		Replies	Views
Efficiently Searching for Specific Secrets in HashiCorp Vault Vault vault	1	21	November 15, 2024
Vault policy to show the path and key and deny the value Vault vault	2	1648	November 25, 2021
KV v2 list policy to hide all subpaths except for one Vault vault	4	1792	November 27, 2020
Vault kv list not returning key/value Vault	4	1831	August 11, 2022
Trying to understand the path to my secret Vault	0	123	October 10, 2023

Vault web UI: How to search for keys?

Related topics