getversionkey-valuehashicorp-vaulthashicorp

unable to get specific version of key-value from Hashicorp Vault

https://developer.hashicorp.com/vault/tutorials/secrets-management/versioned-kv

I'm referring to hashicorp documentation above to read a specific version of key-value from the vault.

Step 3: Retrieve a specific version of the secret

curl --header "X-Vault-Token: $VAULT_TOKEN" \
      $VAULT_ADDR/v1/secret/data/customer/acme\?version=1 | jq -r ".data"

which in my case translates to:

C:\Users\meuser>curl --header "X-Vault-Token: s.r8JA4TzlDd8Ps8GtCnmolSHJ" -H "X-Vault-Namespace: vault-poc/" https://eng-mybank.com/v1/kv/data/tool-common/dev\?version=1  | jq -r ".data"

Output:

% Total % Received % Xferd Average Speed Time Time Time Current

                             Dload  Upload   Total   Spent    Left  Speed

100 14 100 14 0 0 10 0 0:00:01 0:00:01 --:--:-- 10

null

As you can see instead of returning version 1 of the key-value I get null

The 4 versions of key-value exist and is also evident from the UI snapshot below:

enter image description here

If I simply remove /?version=4 I get the latest version 4 key-value pair as below.

C:\Users\meuser>curl --header "X-Vault-Token: s.r8JA4TzlDd8Ps8GtCnmolSHJ" -H "X-Vault-Namespace: vault-poc/" https://eng-mybank.com/v1/kv/data/tool-common/dev  | jq -r ".data"

% Total % Received % Xferd Average Speed Time Time Time Current

                             Dload  Upload   Total   Spent    Left  Speed

100 358 100 358 0 0 246 0 0:00:01 0:00:01 --:--:-- 247

{

"data": {

"mykey1": "myvalue1",

"mykey2": "myvalue2",

"mykey3": "myvalue3",

"mykey4": "myvalue4"

},

"metadata": {

"created_time": "2023-06-06T18:21:49.815786014Z",

"deletion_time": "",

"destroyed": false,

"version": 4

}

}

Can you please suggest how can I get a specific version of key-value?

I would also like all the versions of the key-values to be displayed. If it is possible please suggest how?

Solution

  • The API endpoint should be updated to not include the escape character \ for the specified version ?version=1:

    C:\Users\meuser>curl --header "X-Vault-Token: s.r8JA4TzlDd8Ps8GtCnmolSHJ" -H "X-Vault-Namespace: vault-poc/" https://eng-mybank.com/v1/kv/data/tool-common/dev?version=1  | jq -r ".data"

    That should GET the response from the Vault API for the specified secret version.