You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
path "app-secrets/data/application_1/*" {
capabilities = ["create", "update", "read", "delete", "list"]
}
# required so that users can navigate in the UI - related to https://github.com/hashicorp/vault/issues/5362
path "app-secrets/*" {
capabilities = ["list"]
}
is able to create and edit secrets (as expected) only under application_1 path in app-secrets engine. Delete is not possible - option is missing in UI menu:
Hi @lukpep! This is fixed in version 1.9. It was not backported to 1.8, because so much work went into the kv revamp in 1.9 that it would have been difficult to get all of those updates in 1.8. Please try 1.9 and let me know if it fixes the issue for you. Thanks!
Yep - upgraded my clusters and now it works as expected ;-) Thank You!
Although #5362 is still there - the user has to be able to list all secret paths / or now exactly what to look for:
Describe the bug
user with policy:
is able to create and edit secrets (as expected) only under
application_1
path inapp-secrets
engine. Delete is not possible - option is missing in UI menu:only after I add this to a user policy:
option in UI appears:
To Reproduce
create user with the above policy and verify options available in the UI
Expected behavior
Users should be allowed to delete secrets under the specific paths with this first policy.
Environment:
The text was updated successfully, but these errors were encountered: