-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vault kv get fails with trailing whitespace #14990
Comments
Hi there, @paalbra - is there a specific use case that you'd like to talk about with this issue? I suspect, having spent a chunk of time as a devops/SRE person that it's an "... oh no" that made it into production, but I wanted to check and see if there was another that I hadn't thought of. Thanks! :) |
@hsimon-hashicorp Personally I think that trailing and leading whitespace should be considered invalid (which is kind of the topic in #6714 ?). I have no use case for it. This CLI behavior is just an observation after some users, in an instance I manage, have (by mistake, I assume) created secrets with trailing whitespace. That said: If this whitespace isn't considered invalid and it's possible to create them in the web-UI, the CLI should also behave the same/work. |
Hi @paalbra , we discussed this request in our engineering team sync today. While the request is reasonable, we'd like to take some time to dig into the implementation details and validate that there won't be the potential for unintended consequences. In this case, we also have concerns around maintaining backwards compatibility, while making sure we prevent folks from unintentionally having trailing spaces in their secret paths. As a result, it may take longer for a final decision to be made. We'll keep this issue thread updated with any decisions we make along the way. Thanks in advance for your patience! |
Hello! Thank you for bringing this issue to our attention. I was able to reproduce the behavior you mentioned and fixed in the PR linked above. We now honor trailing spaces in the |
Describe the bug
vault kv get
fails to get secrets with trailing whitespace, e.g."secret/fail "
To Reproduce
Steps to reproduce the behavior:
curl -X PUT -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" -d '{"data":{"foo":"bar"},"options":{}}' http://127.0.0.1:8200/v1/secret/data/fail%20
vault kv list -format=json secret
(you will see that it's stored like:"fail "
)vault kv get "secret/fail "
responds with:No value found at secret/data/fail
Expected behavior
The secret should be returned.
Environment:
I've tested with a plain container:
I also use vault/curl from inside the container:
Additional context
This works:
curl -H "X-Vault-Request: true" -H "X-Vault-Token: $(vault print token)" http://127.0.0.1:8200/v1/secret/data/fail%20
You won't be able to create the secret with
vault kv put
. The command seems to trim the trailing whitespace.This looks similar to #6213
Trailing whitespace is also mentioned here #6714
The text was updated successfully, but these errors were encountered: