You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
As a normal user, without a read capability on sys/mounts I cannot list the mounts I have access to through any public API endpoint that I'm aware of.
There is a UI-specific, internal, API endpoint described here https://www.vaultproject.io/api-docs/system/internal-ui-mounts that does exactly this. So there is clearly a need for this functionality already. The problem with the above endpoint is that it's internal and could change/disappear without prior notice.
There is a prior issue related to this but I don't think the answer is satisfactory for my particular use case (see discussion on alternatives below): #2961
Using the internal endpoint above and hoping that it will not break.
Adding read capability to sys/mounts to all users. This is not an option as that would expose information about existing mounts that the user does not have access to and should perhaps not even be aware of. Even if if it would be OK it would be hard to use as a starting point for exploring the secrets I have access to since, in many of the cases, I'll likely not have access to the actual content of the mount.
Explain any additional use-cases
Additional context
The text was updated successfully, but these errors were encountered:
@tobgu when you experimented back in time with /sys/internal/ui/mounts, was it successful?
For me it was even worse than adding the read permission to sys/mount.
Indeed, to make this endpoint to work, you need to change the listing_visibility of the mount from "hidden" to "unauth" which allow even not authenticates users to list the mounts.
Is your feature request related to a problem? Please describe.
As a normal user, without a read capability on
sys/mounts
I cannot list the mounts I have access to through any public API endpoint that I'm aware of.There is a UI-specific, internal, API endpoint described here https://www.vaultproject.io/api-docs/system/internal-ui-mounts that does exactly this. So there is clearly a need for this functionality already. The problem with the above endpoint is that it's internal and could change/disappear without prior notice.
There is a prior issue related to this but I don't think the answer is satisfactory for my particular use case (see discussion on alternatives below): #2961
Describe the solution you'd like
Make a public endpoint similar to https://www.vaultproject.io/api-docs/system/internal-ui-mounts.
Describe alternatives you've considered
sys/mounts
to all users. This is not an option as that would expose information about existing mounts that the user does not have access to and should perhaps not even be aware of. Even if if it would be OK it would be hard to use as a starting point for exploring the secrets I have access to since, in many of the cases, I'll likely not have access to the actual content of the mount.Explain any additional use-cases
Additional context
The text was updated successfully, but these errors were encountered: