recursively list secrets from Vaults KV2 engine

Overview

vkv

Test golangci-lint Go Report Card Go Reference codecov

recursively list secrets from Vaults KV2 engine

img

Installation

Find the corresponding binaries, .rpm and .deb packages in the release section.

Authentication

vkv supports token based authentication. It is clear that you can only see the secrets that are allowed by your token policy.

In order to authenticate to a Vault instance you have to export VAULT_ADDR and VAULT_TOKEN.

VAULT_ADDR="http://127.0.0.1:8200" VAULT_TOKEN="root" vkv

Furthermore you can export VAULT_SKIP_VERIFY for insecure HTTPS connection. Also vkv respects HTTP_PROXY and HTTPS_PROXY environment variables.

Usage

vkv -h
recursively list secrets from Vaults KV2 engine

Usage:
  vkv [flags]

Flags:
  -h, --help               help for vkv
      --only-keys          print only keys
      --only-paths         print only paths
  -p, --root-path string   root path (default "kv2")
      --show-secrets       print out secrets
  -s, --sub-path string    sub path
  -j, --to-json            print secrets in json format
  -y, --to-yaml            print secrets in yaml format
  -v, --version            display version

Walkthrough

Image we have the following KV2 structure, enabled at path secret:

secret/
secret/demo
secret/sub
secret/sub/demo
secret/sub/sub2/demo

list secrets --root-paths | -p (default kv2)

You can list all secrets recursively by running:

vkv --root-path secret
secret/
secret/demo             foo=***
secret/sub              sub=********
secret/sub/demo         foo=*** password=******** user=****
secret/sub/sub2/demo    foo=*** password=******** user=****

list only paths --only-paths

We can receive only the paths by running

vkv  --root-path secret --only-paths
secret/
secret/demo
secret/sub
secret/sub/demo
secret/sub/sub2/demo

list only secret keys --only-keys

If we want to know just the keys in every directory we can run

vkv --root-path secret --only-keys
secret/
secret/demo             foo
secret/sub              sub
secret/sub/demo         foo password user
secret/sub/sub2/demo    foo password user

list from a sub directory --sub-path | -s

We can get the secrets of a certain sub path, by running

vkv  --root-path secret --sub-path sub --only-keys
secret/sub/
secret/sub/demo         foo password user
secret/sub/sub2/demo    foo password user

show secrets --show-secrets

Per default secret values are masked. Using --show-secrets shows the secrets. Use with Caution

We can get the secrets of a certain sub path, by running

vkv --root-path secret --show-secrets
secret/
secret/demo             foo=bar
secret/sub              sub=password
secret/sub/demo         foo=bar password=password user=user
secret/sub/sub2/demo    foo=bar password=password user=user

export to json --to-json | -j

You can combine all flags and export the result to json by running:

vkv --root-path secret --sub-path sub --show-secrets --to-json | jq .
{
  "secret/sub/demo": {
    "foo": "bar",
    "password": "password",
    "user": "user"
  },
  "secret/sub/sub2/demo": {
    "foo": "bar",
    "password": "password",
    "user": "user"
  }
}

export to yaml --to-yaml | -y

Same applies for yaml:

vkv --root-path secret --sub-path sub --show-secrets --to-yaml
secret/sub/demo:
  foo: bar
  password: password
  user: user
secret/sub/sub2/demo:
  foo: bar
  password: password
  user: user
Comments
  • feat(deps): bump golang from 1.17.13-alpine3.16 to 1.19.4-alpine3.16

    feat(deps): bump golang from 1.17.13-alpine3.16 to 1.19.4-alpine3.16

    Bumps golang from 1.17.13-alpine3.16 to 1.19.4-alpine3.16.

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 4
  • feat(deps): bump github.com/testcontainers/testcontainers-go from 0.14.0 to 0.17.0

    feat(deps): bump github.com/testcontainers/testcontainers-go from 0.14.0 to 0.17.0

    Bumps github.com/testcontainers/testcontainers-go from 0.14.0 to 0.17.0.

    Release notes

    Sourced from github.com/testcontainers/testcontainers-go's releases.

    v0.17.0

    What's Changed

    ⚠️ Breaking Changes

    Given the amount of issues after #476, causing consumers of this library to update their dependencies with multiple replace directives in their go.mod files, we have moved compose code to a separate module. Therefore the majority of the users of the library will only need to replace Docker dependency with the one used in this library, which is simpler in terms of usage. Please see Install instructions for further information.

    replace (
    	github.com/docker/docker => github.com/docker/docker v20.10.3-0.20221013203545-33ab36d6b304+incompatible // 22.06 branch
    )
    

    On the other hand, users of native Docker Compose code will still need all the replace directives, as described in the Compose docs.

    🚀 Features

    🐛 Bug Fixes

    • fix: avoid panics when checking container state and container.raw is nil (#635) @​mdelapenya

    📖 Documentation

    🧹 Housekeeping

    ... (truncated)

    Commits
    • 10c899c chore: move compose code to a separate module (#650)
    • 18a119b docs: refine onboarding process with quickstart guide (#706)
    • 593da80 chore: move redis-specific tests to the example module (#701)
    • 574e1ae chore: bump transitive dependencies (#527)
    • e9fa657 chore: reduce concurrent builds (#702)
    • bb03057 chore: add mysql example (#700)
    • 2de9fb8 chore(deps): bump google.golang.org/api from 0.104.0 to 0.105.0 (#699)
    • 71461a9 chore(deps): bump google.golang.org/api in /examples/firestore (#683)
    • f6b4131 chore(deps): bump cloud.google.com/go/spanner in /examples/spanner (#688)
    • 099b181 chore(deps): bump google.golang.org/api in /examples/pubsub (#685)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 4
  • chore(deps): bump goreleaser/goreleaser-action from 3 to 4

    chore(deps): bump goreleaser/goreleaser-action from 3 to 4

    Bumps goreleaser/goreleaser-action from 3 to 4.

    Release notes

    Sourced from goreleaser/goreleaser-action's releases.

    v4.0.0

    What's Changed

    Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v3...v4.0.0

    v3.2.0

    What's Changed

    • chore: remove workaround for setOutput by @​crazy-max (#374)
    • chore(deps): bump @​actions/core from 1.9.1 to 1.10.0 (#372)
    • chore(deps): bump yargs from 17.5.1 to 17.6.0 (#373)

    Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v3.1.0...v3.2.0

    v3.1.0

    What's Changed

    • fix: dist resolution from config file by @​crazy-max (#369)
    • ci: fix workflow by @​crazy-max (#357)
    • docs: bump actions to latest major by @​crazy-max (#356)
    • chore(deps): bump crazy-max/ghaction-import-gpg from 4 to 5 (#360)
    • chore(deps): bump ghaction-import-gpg to v5 (#359)
    • chore(deps): bump @​actions/core from 1.6.0 to 1.8.2 (#358)
    • chore(deps): bump @​actions/core from 1.8.2 to 1.9.1 (#367)

    Full Changelog: https://github.com/goreleaser/goreleaser-action/compare/v3.0.0...v3.1.0

    Commits
    • 8f67e59 chore: regenerate
    • 78df308 chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#383)
    • 66134d9 Merge remote-tracking branch 'origin/master' into flarco/master
    • 3c08cfd chore(deps): bump yargs from 17.6.0 to 17.6.2
    • 5dc579b docs: add example when using workdir along with upload-artifact (#366)
    • 3b7d1ba feat!: remove auto-snapshot on dirty tag (#382)
    • 23e0ed5 fix: do not override GORELEASER_CURRENT_TAG (#370)
    • 1315dab update build
    • b60ea88 improve install
    • 4d25ab4 Update goreleaser.ts
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 4
  • Fix windows slash

    Fix windows slash

    1.Fixed bug with wrong secret path on windows platform - backslash delimeter

    2.Added ignore rule for macos .DS_Store

    3.Added useful way for run goreleaser

    opened by alekseybb197 4
  • feat(deps): bump github.com/daixiang0/gci from 0.8.2 to 0.9.0

    feat(deps): bump github.com/daixiang0/gci from 0.8.2 to 0.9.0

    Bumps github.com/daixiang0/gci from 0.8.2 to 0.9.0.

    Release notes

    Sourced from github.com/daixiang0/gci's releases.

    v0.9.0

    Breaking changes

    • always put the C import block as first

    What's Changed

    Full Changelog: https://github.com/daixiang0/gci/compare/v0.8.5...v0.9.0

    v0.8.5

    What's Changed

    New Contributors

    Full Changelog: https://github.com/daixiang0/gci/compare/v0.8.4...v0.8.5

    v0.8.4

    What's Changed

    Full Changelog: https://github.com/daixiang0/gci/compare/v0.8.3...v0.8.4

    v0.8.3

    What's Changed

    Full Changelog: https://github.com/daixiang0/gci/compare/v0.8.2...v0.8.3

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 3
  • feat(deps): bump github.com/daixiang0/gci from 0.8.2 to 0.8.3

    feat(deps): bump github.com/daixiang0/gci from 0.8.2 to 0.8.3

    Bumps github.com/daixiang0/gci from 0.8.2 to 0.8.3.

    Release notes

    Sourced from github.com/daixiang0/gci's releases.

    v0.8.3

    What's Changed

    Full Changelog: https://github.com/daixiang0/gci/compare/v0.8.2...v0.8.3

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 3
  • feat(deps): bump github.com/hashicorp/vault/api from 1.8.1 to 1.8.2

    feat(deps): bump github.com/hashicorp/vault/api from 1.8.1 to 1.8.2

    Bumps github.com/hashicorp/vault/api from 1.8.1 to 1.8.2.

    Release notes

    Sourced from github.com/hashicorp/vault/api's releases.

    v1.8.2

    1.8.2

    26 August 2021

    CHANGES:

    • go: Update go version to 1.16.7 [GH-12408]

    BUG FIXES:

    • auth/aws: Fixes ec2 login no longer supporting DSA signature verification [GH-12340]
    • cli: vault debug now puts newlines after every captured log line. [GH-12175]
    • database/couchbase: change default template to truncate username at 128 characters [GH-12300]
    • identity: Fix a panic on arm64 platform when doing identity I/O. [GH-12371]
    • physical/raft: Fix safeio.Rename error when restoring snapshots on windows [GH-12377]
    • plugin/snowflake: Fixed bug where plugin would crash on 32 bit systems [GH-12378]
    • sdk/database: Fix a DeleteUser error message on the gRPC client. [GH-12351]
    • secrets/gcp: Fixes a potential panic in the service account policy rollback for rolesets. [GH-12379]
    • ui: Fixed api explorer routing bug [GH-12354]
    • ui: Fixes metrics page when read on counter config not allowed [GH-12348]
    • ui: fix issue where on MaskedInput on auth methods if tab it would clear the value. [GH-12409]
    Changelog

    Sourced from github.com/hashicorp/vault/api's changelog.

    1.8.12

    June 10, 2022

    BUG FIXES:

    • agent: Redact auto auth token from renew endpoints [GH-15380]
    • core: Prevent changing file permissions of audit logs when mode 0000 is used. [GH-15759]
    • core: fixed systemd reloading notification [GH-15041]
    • core: pre-calculate namespace specific paths when tainting a route during postUnseal [GH-15067]
    • storage/raft (enterprise): Auto-snapshot configuration now forbids slashes in file prefixes for all types, and "/" in path prefix for local storage type. Strip leading prefix in path prefix for AWS. Improve error handling/reporting.
    • transform (enterprise): Fix non-overridable column default value causing tokenization tokens to expire prematurely when using the MySQL storage backend.

    1.8.11

    April 29, 2022

    BUG FIXES:

    • raft: fix Raft TLS key rotation panic that occurs if active key is more than 24 hours old [GH-15156]
    • sdk: Fix OpenApi spec generator to properly convert TypeInt64 to OAS supported int64 [GH-15104]

    1.8.10

    April 22, 2022

    CHANGES:

    • core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
    • core: Bump Go version to 1.16.15. [GH-go-ver-1810]

    IMPROVEMENTS:

    • auth/ldap: Add username_as_alias configurable to change how aliases are named [GH-14324]
    • core: Systemd unit file included with the Linux packages now sets the service type to notify. [GH-14385]
    • sentinel (enterprise): Upgrade sentinel to v0.18.5 to avoid potential naming collisions in the remote installer

    BUG FIXES:

    • api/sys/raft: Update RaftSnapshotRestore to use net/http client allowing bodies larger than allocated memory to be streamed [GH-14269]
    • auth/approle: Add maximum length for input values that result in SHA56 HMAC calculation [GH-14746]
    • cassandra: Update gocql Cassandra client to fix "no hosts available in the pool" error [GH-14973]
    • cli: Fix panic caused by parsing key=value fields whose value is a single backslash [GH-14523]
    • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited integers [GH-15072]
    • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited strings [GH-14522]
    • core: Fix panic caused by parsing policies with empty slice values. [GH-14501]
    • core: Fix panic for help request URL paths without /v1/ prefix [GH-14704]
    • core: fixing excessive unix file permissions [GH-14791]
    • core: fixing excessive unix file permissions on dir, files and archive created by vault debug command [GH-14846]
    • core: report unused or redundant keys in server configuration [GH-14752]
    • core: time.After() used in a select statement can lead to memory leak [GH-14814]
    • metrics/autosnapshots (enterprise) : Fix bug that could cause vault.autosnapshots.save.errors to not be incremented when there is an

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 3
  • feat(deps): bump github.com/golangci/golangci-lint from 1.50.0 to 1.50.1

    feat(deps): bump github.com/golangci/golangci-lint from 1.50.0 to 1.50.1

    Bumps github.com/golangci/golangci-lint from 1.50.0 to 1.50.1.

    Release notes

    Sourced from github.com/golangci/golangci-lint's releases.

    v1.50.1

    Changelog

    • bd7edf31 build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 (#3310)
    • 8926a95f build(deps): bump github.com/daixiang0/gci from 0.8.0 to 0.8.1 (#3309)
    • 98df0492 build(deps): bump github.com/kkHAIKE/contextcheck from 1.1.2 to 1.1.3 (#3296)
    • a760cb12 build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#3298)
    • 2823ec62 build(deps): bump github.com/tomarrell/wrapcheck/v2 from 2.6.2 to 2.7.0 (#3287)
    • 0793063c build(deps): bump github.com/tommy-muehle/go-mnd/v2 from 2.5.0 to 2.5.1 (#3295)
    • 046dce3a build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 (#3312)
    • 2fa3b6f8 chore: update go.mod for gen_github_action_config script (#3300)
    • 6740559b code-climate: add default severity (#3294)
    • d03294f2 fix: remove redundant character escape '/' (#3278)
    • 8a1cf904 lll: skip imports (#3288)
    • 5ef7b413 revive: fix configuration parsing (#3284)
    Changelog

    Sourced from github.com/golangci/golangci-lint's changelog.

    v1.50.1

    1. updated linters
      • contextcheck: from 1.1.2 to 1.1.3
      • go-mnd: from 2.5.0 to 2.5.1
      • wrapcheck: from 2.6.2 to 2.7.0
      • revive: fix configuration parsing
      • lll: skip imports
    2. misc.
      • windows: remove redundant character escape '/'
      • code-climate: add default severity
    Commits
    • 8926a95 build(deps): bump github.com/daixiang0/gci from 0.8.0 to 0.8.1 (#3309)
    • 046dce3 build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 (#3312)
    • bd7edf3 build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 (#3310)
    • 6740559 code-climate: add default severity (#3294)
    • c1e24c1 doc: improved wording (#3302)
    • 9a592fb build(deps): bump parse-url and gatsby-telemetry in /docs (#3306)
    • 98df049 build(deps): bump github.com/kkHAIKE/contextcheck from 1.1.2 to 1.1.3 (#3296)
    • 0793063 build(deps): bump github.com/tommy-muehle/go-mnd/v2 from 2.5.0 to 2.5.1 (#3295)
    • 2fa3b6f chore: update go.mod for gen_github_action_config script (#3300)
    • a760cb1 build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#3298)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 3
  • feat(deps): bump github.com/hashicorp/vault/api from 1.7.2 to 1.8.1

    feat(deps): bump github.com/hashicorp/vault/api from 1.7.2 to 1.8.1

    Bumps github.com/hashicorp/vault/api from 1.7.2 to 1.8.1.

    Release notes

    Sourced from github.com/hashicorp/vault/api's releases.

    v1.8.1

    1.8.1

    August 5th, 2021

    CHANGES:

    • go: Update go version to 1.16.6 [GH-12245]

    IMPROVEMENTS:

    • serviceregistration: add external-source: "vault" metadata value for Consul registration. [GH-12163]

    BUG FIXES:

    • auth/aws: Remove warning stating AWS Token TTL will be capped by the Default Lease TTL. [GH-12026]
    • auth/jwt: Fixes OIDC auth from the Vault UI when using form_post as the oidc_response_mode. [GH-12258]
    • core (enterprise): Disallow autogenerated licenses to be used in diagnose even when config is specified
    • core: fix byte printing for diagnose disk checks [GH-12229]
    • identity: do not allow a role's token_ttl to be longer than the signing key's verification_ttl [GH-12151]

    v1.8.0

    1.8.0

    July 28th, 2021

    CHANGES:

    • agent: Errors in the template engine will no longer cause agent to exit unless explicitly defined to do so. A new configuration parameter, exit_on_retry_failure, within the new top-level stanza, template_config, can be set to true in order to cause agent to exit. Note that for agent to exit if template.error_on_missing_key is set to true, exit_on_retry_failure must be also set to true. Otherwise, the template engine will log an error but then restart its internal runner. [GH-11775]
    • agent: Update to use IAM Service Account Credentials endpoint for signing JWTs when using GCP Auto-Auth method [GH-11473]
    • core (enterprise): License/EULA changes that ensure the presence of a valid HashiCorp license to start Vault. More information is available in the Vault License FAQ

    FEATURES:

    • GCP Secrets Engine Static Accounts: Adds ability to use existing service accounts for generation of service account keys and access tokens. [GH-12023]
    • Key Management Secrets Engine (Enterprise): Adds general availability for distributing and managing keys in AWS KMS. [GH-11958]
    • License Autoloading (Enterprise): Licenses may now be automatically loaded from the environment or disk.
    • MySQL Database UI: The UI now supports adding and editing MySQL connections in the database secret engine [GH-11532]
    • Vault Diagnose: A new vault operator command to detect common issues with vault server setups.

    IMPROVEMENTS:

    • agent/template: Added static_secret_render_interval to specify how often to fetch non-leased secrets [GH-11934]

    ... (truncated)

    Changelog

    Sourced from github.com/hashicorp/vault/api's changelog.

    1.8.12

    June 10, 2022

    BUG FIXES:

    • agent: Redact auto auth token from renew endpoints [GH-15380]
    • core: Prevent changing file permissions of audit logs when mode 0000 is used. [GH-15759]
    • core: fixed systemd reloading notification [GH-15041]
    • core: pre-calculate namespace specific paths when tainting a route during postUnseal [GH-15067]
    • storage/raft (enterprise): Auto-snapshot configuration now forbids slashes in file prefixes for all types, and "/" in path prefix for local storage type. Strip leading prefix in path prefix for AWS. Improve error handling/reporting.
    • transform (enterprise): Fix non-overridable column default value causing tokenization tokens to expire prematurely when using the MySQL storage backend.

    1.8.11

    April 29, 2022

    BUG FIXES:

    • raft: fix Raft TLS key rotation panic that occurs if active key is more than 24 hours old [GH-15156]
    • sdk: Fix OpenApi spec generator to properly convert TypeInt64 to OAS supported int64 [GH-15104]

    1.8.10

    April 22, 2022

    CHANGES:

    • core: A request that fails path validation due to relative path check will now be responded to with a 400 rather than 500. [GH-14328]
    • core: Bump Go version to 1.16.15. [GH-go-ver-1810]

    IMPROVEMENTS:

    • auth/ldap: Add username_as_alias configurable to change how aliases are named [GH-14324]
    • core: Systemd unit file included with the Linux packages now sets the service type to notify. [GH-14385]
    • sentinel (enterprise): Upgrade sentinel to v0.18.5 to avoid potential naming collisions in the remote installer

    BUG FIXES:

    • api/sys/raft: Update RaftSnapshotRestore to use net/http client allowing bodies larger than allocated memory to be streamed [GH-14269]
    • auth/approle: Add maximum length for input values that result in SHA56 HMAC calculation [GH-14746]
    • cassandra: Update gocql Cassandra client to fix "no hosts available in the pool" error [GH-14973]
    • cli: Fix panic caused by parsing key=value fields whose value is a single backslash [GH-14523]
    • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited integers [GH-15072]
    • core: Fix panic caused by parsing JSON integers for fields defined as comma-delimited strings [GH-14522]
    • core: Fix panic caused by parsing policies with empty slice values. [GH-14501]
    • core: Fix panic for help request URL paths without /v1/ prefix [GH-14704]
    • core: fixing excessive unix file permissions [GH-14791]
    • core: fixing excessive unix file permissions on dir, files and archive created by vault debug command [GH-14846]
    • core: report unused or redundant keys in server configuration [GH-14752]
    • core: time.After() used in a select statement can lead to memory leak [GH-14814]
    • metrics/autosnapshots (enterprise) : Fix bug that could cause vault.autosnapshots.save.errors to not be incremented when there is an

    ... (truncated)

    Commits
    • 4b0264f Updates vault-plugin-auth-jwt to v0.10.1 (#12258)
    • 21ecd7d Backport 1.8.1: identity: allow creating a role with a non-existent key (#122...
    • d4269f3 [VAULT-1986] Cap AWS Token TTL based on Default Lease TTL (#12026) (#12252)
    • 062842a Updating SDK version for 1.8.1 (#12247)
    • bd35cc7 Updating go version to 1.16.6 for security fix (#12245) (#12249)
    • c48b322 Forward cert signing requests to the primary on perf secondaries as well as p...
    • 436d893 serviceregistration: add external-source meta value (#12163) (#12241)
    • 7f2cfd0 Backport: Don't use autogenerated licenses in diagnose when config is specifi...
    • 6748c7d backport disk usage print fixes (#12232)
    • f882564 identity: do not allow a role's token_ttl to be longer than verification_ttl ...
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 3
  • feat(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0

    feat(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0

    Bumps github.com/spf13/cobra from 1.5.0 to 1.6.0.

    Release notes

    Sourced from github.com/spf13/cobra's releases.

    v1.6.0

    Summer 2022 Release

    Some exciting changes make their way to Cobra! Command completions continue to get better and better (including adding --help and --version automatic flags to the completions list). Grouping is now possible in your help output as well! And you can now use the OnFinalize method to cleanup things when all "work" is done. Checkout the full changelog below:


    Features 🌠

    Deprecation 👎🏼

    • ExactValidArgs is deprecated (but not being removed entirely). This is abit nuanced, so checkout #1643 for further information and the updated user_guide.md on how this may affect you (and how you can take advantage of the correct behavior in the validators): @​umarcor #1643

    Bug fixes 🐛

    Dependencies 🗳️

    Testing 🤔

    Docs ✏️

    Misc 💭

    Note: Per #1804, we will be moving away from "seasonal" releases and doing more generic point release targets. Continue to track the milestones and issues in the spf13/cobra GitHub repository for more information!

    Great work everyone! Cobra would never be possible without your contributions! 🐍

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 3
  • feat(deps): bump github.com/hashicorp/vault/api from 1.3.1 to 1.4.1

    feat(deps): bump github.com/hashicorp/vault/api from 1.3.1 to 1.4.1

    Bumps github.com/hashicorp/vault/api from 1.3.1 to 1.4.1.

    Changelog

    Sourced from github.com/hashicorp/vault/api's changelog.

    1.4.1 (April 30th, 2020)

    CHANGES:

    • auth/aws: The default set of metadata fields added in 1.4.1 has been changed to account_id and auth_type [GH-8783]
    • storage/raft: Disallow ha_storage to be specified if raft is set as the storage type. [GH-8707]

    IMPROVEMENTS:

    • auth/aws: The set of metadata stored during login is now configurable [GH-8783]
    • auth/aws: Improve region selection to avoid errors seen if the account hasn't enabled some newer AWS regions [GH-8679]
    • auth/azure: Enable login from Azure VMs with user-assigned identities [GH-33]
    • auth/gcp: The set of metadata stored during login is now configurable [GH-92]
    • auth/gcp: The type of alias name used during login is now configurable [GH-95]
    • auth/ldap: Improve error messages during LDAP operation failures [GH-8740]
    • identity: Add a batch delete API for identity entities [GH-8785](hashicorp/vault#8785)
    • identity: Improve performance of logins when no group updates are needed [GH-8795](hashicorp/vault#8795)
    • metrics: Add vault.identity.num_entities metric [GH-8816](hashicorp/vault#8816)
    • secrets/kv: Allow delete-version-after to be reset to 0 via the CLI [GH-8635]
    • secrets/rabbitmq: Improve error handling and reporting [GH-8619]
    • ui: Provide One Time Password during Operation Token generation process [GH-8630](hashicorp/vault#8630)

    BUG FIXES:

    • auth/okta: Fix MFA regression (introduced in GH-8143) from 1.4.0 [GH-8807]
    • auth/userpass: Fix upgrade value for token_bound_cidrs being ignored due to incorrect key provided [GH-8826]
    • config/seal: Fix segfault when seal block is removed [GH-8517]
    • core: Fix an issue where users attempting to build Vault could receive Go module checksum errors [GH-8770]
    • core: Fix blocked requests if a SIGHUP is issued during a long-running request has the state lock held. Also fixes deadlock that can happen if vault debug with the config target is ran during this time. [GH-8755]
    • core: Always rewrite the .vault-token file as part of a vault login to ensure permissions and ownership are set correctly [GH-8867]
    • database/mongodb: Fix context deadline error that may result due to retry attempts on failed commands [GH-8863]
    • http: Fix superflous call messages from the http package on logs caused by missing returns after respondError calls [GH-8796]
    • namespace (enterprise): Fix namespace listing to return key_info when a scoping namespace is also provided.
    • seal/gcpkms: Fix panic that could occur if all seal parameters were provided via environment variables [GH-8840]
    • storage/raft: Fix memory allocation and incorrect metadata tracking issues with snapshots [GH-8793]
    • storage/raft: Fix panic that could occur if disable_clustering was set to true on Raft storage cluster [GH-8784]
    • storage/raft: Handle errors returned from the API during snapshot operations [GH-8861]
    • sys/wrapping: Allow unwrapping of wrapping tokens which contain nil data [GH-8714]

    1.4.0 (April 7th, 2020)

    CHANGES:

    • cli: The raft configuration command has been renamed to list-peers to avoid confusion.

    ... (truncated)

    Commits
    • b2b4ab9 release: stage v1.4.1
    • cb1f373 Merge branch 'release/1.4.x' into rel-1.4.1
    • b4bcaae Fix Makefile
    • 5f0fff3 Merge branch 'release/1.4.x' into rel-1.4.1
    • 51ac267 Makefile: add goimports to CI tools
    • a550fab update GO_VERSION to 1.13.10
    • 123e142 release: stage v1.4.1
    • 216a826 go mod vendor
    • cf1a1cd update go.mod to use sdk version 1.4.1
    • 29fce8f update sdk version to 1.4.1
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 3
  • Roadmap

    Roadmap

    • [x] new output format which shows the token policies recursive for each kv path using self-capabilities api call
    • [x] cli flag for showing secrets version
    • [x] cli flag for showing secrets metadata
    • [ ] cli flag for showing the links to each secret
    • [x] shell completion
    • [x] man page
    • [x] cli flag which lists all kv engines and use can interactively choose
    • [x] cli flag for browsing through kv engines and on right side u see the tree view (maybe using something like bubbletea or fzf)
    • [ ] better github pages https://github.com/alex-shpak/hugo-book
    • [x] create an icon
    • [ ] add template snippet for generating the corresponding tf code that recreates the complete kv engine
    • [x] harmonize gif images and font sizes
    • [x] only build gifs when tag
    • [x] test document behaviour with not sufficient token policy
    • [x] always test against last 3 mayor versions
    • [ ] support KVv1
    • [x] import command which takes vkv json or yaml output (flags: -f, -d, STDIN, --force, dry-run/preview)
    • [x] Separate files in printer dir with tests
    • [x] add commands for encrypting exported secrets with pgp and importing them again (decrypting)
    • [x] Subcommand for mirroring secrets between two emgines in intervalls (daemon) takes a congig file
    • [ ] Flag for showing previous secret versions
    • [x] Warn if masked secrets are imported
    • [ ] Handle Engine path in vkv import
    • [x] encrypt/decrypt secrets using sops and vault
    • [x] Vault backup subcommand (export alle kv engines from all visble ns, flags: namespace, list engines, …)
    • [x] Vault restore - restores all exported kv engines
    • [x] Docker & k8s cronjob integration
    • [ ] #118
    • [x] use conventional commits and group in changelog in goreleaser
    • [x] quick start guide
    • [x] write proper testutils (create/delete ns, engines, spinup vault, ...)
    • [ ] usage with tf for secret importing without being in state
    opened by FalcoSuessgott 0
Releases(v0.2.1)
🔐 Share end-to-end encrypted secrets with others via a one-time URL

If you use this repo, star it ✨ ?? Share end-to-end encrypted secrets with others via a one-time URL Use to securely share API Keys, Signing secrets,

Sniptt 1.6k Dec 26, 2022
Sidecar container for injecting secrets into configuration files from Hashicorp Vault

talebearer noun A person who spreads scandal or tells secrets; gossip Note This code is not being actively developed, and has not seen substantial cha

Alex Forbes 0 Nov 1, 2021
A tool for secrets management, encryption as a service, and privileged access management

Deploy HCP Vault & AWS Transit Gateways via Terraform https://medium.com/hashicorp-engineering/deploying-hcp-vault-using-the-hcp-terraform-provider-5e

Temur Yunusov 0 Nov 23, 2021
Return list of the contract's events logs

Return list of the contract's events logs Return contract's events logs via sending address, from_block and to_block range only as RAW data. Working w

Ali Shokoohi 1 Oct 12, 2021
A utility for the certificate trust list (CTL).

ctlutil A utility for the certificate trust list (CTL) Installation First install Go. If you just want to install the binary to your current directory

Canstand 0 Dec 28, 2021
⚡️Curated list of resources for the development and applications of blockchain.

Awesome Blockchain Curated list of resources for the development and applications of block chain. The blockchain is an incorruptible digital ledger of

null 2.7k Jan 9, 2023
Curated list of resources for the development and applications of block chain

Awesome Blockchain Curated list of resources for the development and applications of block chain. The blockchain is an incorruptible digital ledger of

Rieser Stern 0 Dec 28, 2021
List your dependencies capabilities and monitor if updates require more capabilities.

A take on supply chain security in Go List your dependencies capabilities and monitor if dependency updates require more capabilities. The Problem Rec

Jonas Plum 129 Nov 16, 2022
A phoenix Chain client based on the go-ethereum fork,the new PoA consensus engine is based on the VRF algorithm.

Phoenix Official Golang implementation of the Phoenix protocol. !!!The current version is for testing and developing purposes only!!! Building the sou

g_master 14 Apr 28, 2022
Build apps that run everywhere with Go and a browser engine of your choice (Chrome, Firefox, Epiphany or Android WebView).

hydrapp Build apps that run everywhere with Go and a browser engine of your choice (Chrome, Firefox, Epiphany or Android WebView). Overview ?? This pr

Felix Pojtinger 13 Dec 14, 2022
The Bhojpur Wallet is a platform-as-a-service product used as a Wallet Engine based on the Bhojpur.NET Platform for application delivery.

Bhojpur Wallet - Data Processing Engine The Bhojpur Wallet is a platform-as-a-service used as a Service Engine based on the Bhojpur.NET Platform. It l

Bhojpur Consulting 1 Sep 26, 2022
Powerful Blockchain streaming data engine, based on StreamingFast Firehose technology.

Substreams - A streaming data engine for The Graph - by StreamingFast DEVELOPER PREVIEW OF SUBSTREAMS Think Fluvio for deterministic blockchain data.

StreamingFast 59 Dec 30, 2022
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com

shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br

Paul 3.6k Dec 23, 2022
Simplify Kubernetes Secrets Management with Dockhand Secrets Operator

dockhand-secrets-operator Secrets management with GitOps can be challenging in Kubernetes environments. Often engineers resort to manual secret creati

BoxBoat 15 Sep 28, 2022
Secretsmanager - Secrets management that allows you to store your secrets encrypted in git

I created secretsmanager to store some secrets within a repository. The secrets are encrypted at rest, with readable keys and editable JSON, so you can rename a key or delete it by hand. The cli tool handles the bare minumum of requirements.

Tit Petric 20 May 6, 2022
List all files (recursively) in a directory

typewalk List all files (recursively) in a directory Usage: recursively walk > ./typewalk.exe walk --path "C:\\" merge two files > ./typewalk.exe merg

Drilon Kamberaj 0 Nov 5, 2021
Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more...

Take a list of domains and scan for endpoints, secrets, api keys, file extensions, tokens and more... Coded with ?? by edoardottt. Share on Twitter! P

gilfoyle97 654 Dec 25, 2022
Vaku is a CLI and API for running path- and folder-based operations on the Vault Key/Value secrets engine.

Vaku Vaku is a CLI and API for running path- and folder-based operations on the Vault Key/Value secrets engine. Vaku extends the existing Vault CLI an

Sean Lingren 141 Nov 28, 2022
Go copy directory recursively

copy copy copies directories recursively. Example Usage err := Copy("your/directory", "your/directory.copy") Advanced Usage // Options specifies optio

Hiromu OCHIAI 509 Dec 30, 2022
:runner:runs go generate recursively on a specified path or environment variable and can filter by regex

Package generate Package generate runs go generate recursively on a specified path or environment variable like $GOPATH and can filter by regex Why wo

Go Playgound 28 Sep 27, 2022