Skip to content

Refactor Vault backend to properly handle KV v1 and KV v2

Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 23 Sep 19:46
· 5 commits to refs/heads/main since this release

Overview

This commit is NOT backwards compatible with Vault KV v2 configurations that include /data/ in the key path.

I have broadly refactored the Vault backend to improve K/V lookup for both KV v1 and KV v2. The change enables the proper use of the prefix configuration for the KV path and accommodates the differences between the KV v1 and KV v2 endpoints, specifically the use of data in the secret path. This returns the Vault backend back to pathing parity with the other backends.

Previous
in this configuration kv-v2 is the Secrets Engine path and data was necessary for the v2 endpoint.

[template]
mode = "0644"
src = "nested.conf.tmpl"
dest = "/tmp/confd-nested-test.conf"
keys = [
  "kv-v2/data/nested",
]

Current
In this configuration the kv-v2 Secrets Engine path is prefixed and data is handled by the backend when necessary.

[template]
mode = "0644"
src = "nested.conf.tmpl"
dest = "/tmp/confd-nested-test.conf"
prefix = "/kv-v2"
keys = [
  "/nested",
]

Changes

Major Changes

Minor Changes